Author Topic: Problems with Microsoft Net. Framework Error shim errors after trojan aleron  (Read 3457 times)

0 Members and 1 Guest are viewing this topic.

Offline PKwhite21

  • Jr. Member
  • **
  • Posts: 16
    • View Profile
I had one of trojan Aleron virus with root kits on my HP Pavilion dv6 running 64bit Windows.  I was able to seemingly get the virus off by running various security sweeps, rootkit removers, and registry fixers.  My scans are coming up clean now but my computer is still acting strange.  I getting messages popping up, that register as microsoft net. Framework shims in task manager, saying various programs have stopped working: windows is searching for a solution, and then nothing happens.  The most obvious, and devastating, program is my Sims3Launcher.  Also I have notice drop down menu, particularly the shut down menu options on the Start Menu.  Please help!!

Offline PKwhite21

  • Jr. Member
  • **
  • Posts: 16
    • View Profile
Here' my checkuptxt.

Results of screen317's Security Check version 0.99.57 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Microsoft Security Essentials   
Avanquest Fix-It               
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````[/u]
 FixCleaner     
 Java(TM) 6 Update 31 
 Java 7 Update 13 
 Java version out of Date!
 Adobe Flash Player 11.5.502.146 
 Google Chrome 24.0.1312.56 
 Google Chrome 24.0.1312.57 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````[/u]

Here's my DDStxt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.13.2
Run by PKwhite at 20:02:43 on 2013-02-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3563.2203 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Avanquest Fix-It *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avanquest Fix-It *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\FixCleaner\FixCleaner.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskhost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\System32\cscript.exe
.

Here's my Attatch.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/20/2011 12:16:48 PM
System Uptime: 2/8/2013 4:00:57 PM (4 hours ago)
.
Motherboard: Hewlett-Packard |  | 358B
Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | Socket FS1 | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 490.855 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.6 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP240: 2/7/2013 3:00:12 AM - Windows Update
RP241: 2/7/2013 8:55:48 AM - Windows Update
RP242: 2/7/2013 9:13:07 AM - Windows Update
RP243: 2/7/2013 9:13:37 AM - Windows Update
RP244: 2/7/2013 9:43:04 AM - Windows Update
RP245: 2/7/2013 10:02:35 AM - Windows Update
RP246: 2/7/2013 10:05:03 AM - Windows Update
RP247: 2/7/2013 10:22:00 AM - Windows Update
RP248: 2/7/2013 11:00:48 AM - Uniblue RegistryBooster installation
RP249: 2/7/2013 11:38:14 AM - Windows Update
RP250: 2/7/2013 4:20:31 PM - Windows Update
RP251: 2/7/2013 8:43:34 PM - Windows Update
RP252: 2/7/2013 9:48:19 PM - Windows Update
RP253: 2/8/2013 7:56:52 PM - Removed Delta Chrome Toolbar
.
==== Installed Programs ======================
.
Able2Extract 7.0
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader X MUI
Adobe Shockwave Player 11.5
aioscnnr
Amazon MP3 Downloader 1.0.17
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD System Monitor
AMD VISION Engine Control Center
AOL Computer Checkup
AOL Toolbar

Offline PKwhite21

  • Jr. Member
  • **
  • Posts: 16
    • View Profile
I saw what it said about Java and tried to update Java and ran the check again.  Its still saying Java is out of date.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 13937
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Hi, PKwhite21.  Welcome to LandzDown Forum.

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.   

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Neither the DDS.txt nor the Attach.txt logs posted properly.  Please copy/paste both logs again. 



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline PKwhite21

  • Jr. Member
  • **
  • Posts: 16
    • View Profile
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.13.2
Run by PKwhite at 11:22:01 on 2013-02-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3563.2133 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Avanquest Fix-It *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avanquest Fix-It *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/






.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/20/2011 12:16:48 PM
System Uptime: 2/9/2013 10:58:06 AM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 358B
Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | Socket FS1 | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 509.926 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.6 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP241: 2/7/2013 8:55:48 AM - Windows Update
RP242: 2/7/2013 9:13:07 AM - Windows Update
RP243: 2/7/2013 9:13:37 AM - Windows Update
RP244: 2/7/2013 9:43:04 AM - Windows Update
RP245: 2/7/2013 10:02:35 AM - Windows Update
RP246: 2/7/2013 10:05:03 AM - Windows Update
RP247: 2/7/2013 10:22:00 AM - Windows Update
RP248: 2/7/2013 11:00:48 AM - Uniblue RegistryBooster installation
RP249: 2/7/2013 11:38:14 AM - Windows Update
RP250: 2/7/2013 4:20:31 PM - Windows Update
RP251: 2/7/2013 8:43:34 PM - Windows Update
RP252: 2/7/2013 9:48:19 PM - Windows Update
RP253: 2/8/2013 7:56:52 PM - Removed Delta Chrome Toolbar
RP254: 2/8/2013 8:44:40 PM - Removed Java 7 Update 13
RP255: 2/8/2013 8:45:51 PM - Installed Java 7 Update 13
RP256: 2/9/2013 11:16:24 AM - Removed FixCleaner
RP257: 2/9/2013 11:18:58 AM - Removed DriverUpdate
.
==== Installed Programs ======================
.
Able2Extract 7.0
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader X MUI
Adobe Shockwave Player 11.5
aioscnnr
Amazon MP3 Downloader 1.0.17
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD System Monitor
AMD VISION Engine Control Center
AOL Computer Checkup
AOL Toolbar
Apple Application Support
Ask Toolbar
Ask Toolbar Updater
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
center
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DIRECTV Player
Download Updater (AOL LLC)
Energy Star Digital Logo
essentials
ESU for Microsoft Windows 7
Evernote v. 4.2.2
Fix-It
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Granny Crowd Scene 2.8.52.0
Granny Viewer 2.8.52.0
Hewlett-Packard ACLM.NET v1.2.1.1
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
IDT Audio
IObit Apps Toolbar v6.7
Java 7 Update 13
Java Auto Updater
Java(TM) 6 Update 31
JetMP3
Junk Mail filter update
KODAK AiO Software
Loki ActiveX Control
Mah Jong Medley
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Photoshop Plug-ins 64 bit
ocr
OpenOffice.org 3.4
OpenOffice.org 3.4.1
Origin
PC Helper 360
PDF Settings CS5
PictureTools
PlayReady PC Runtime x86
PreReq
PrintMaster 2011 Platinum
QZ School Management
Realtek Ethernet Controller All-In-One Windows Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recovery Manager
RoxioNow Player
s3pe - Sims3 Package Editor
Scholastic eReader Support Files
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Word 2010 (KB2345000)
SlimDX Redistributable (March 2009)
SlimDX Runtime .NET 2.0 (January 2012)
Storia
TeacherTools
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Create a Pattern Tool
The Sims™ 3 Create a World Tool - Beta
TSR RigFix
TSR Workshop
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2583935)
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
2/7/2013 9:58:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800b0100: Update for Windows 7 for x64-based Systems (KB2779562).
2/7/2013 9:41:09 PM, Error: Service Control Manager [7030]  - The Advanced SystemCare Service 6 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
2/6/2013 5:06:21 AM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
2/5/2013 9:35:29 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
2/5/2013 9:35:29 PM, Error: Service Control Manager [7000]  - The HP Support Assistant Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/5/2013 9:33:01 PM, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The WMI request could not be completed and should be retried.
2/5/2013 9:32:59 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Kodak AiO Network Discovery Service service to connect.
2/5/2013 9:32:59 PM, Error: Service Control Manager [7000]  - The Kodak AiO Network Discovery Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/5/2013 12:50:55 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.143.1463.0     Update Source: Microsoft Update Server     Update Stage: Download     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9103.0     Error code: 0x80240022     Error description: The program can't check for definition updates.
2/5/2013 12:50:55 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.143.1463.0     Update Source: Microsoft Update Server     Update Stage: Download     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9103.0     Error code: 0x80240022     Error description: The program can't check for definition updates.
2/5/2013 10:54:07 PM, Error: Service Control Manager [7034]  - The Fix-It Utilities Process Monitor service terminated unexpectedly.  It has done this 1 time(s).
2/3/2013 6:50:41 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.143.1423.0     Update Source: Microsoft Update Server     Update Stage: Install     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9103.0     Error code: 0x80240016     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/3/2013 6:50:41 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.143.1423.0     Update Source: Microsoft Update Server     Update Stage: Install     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9103.0     Error code: 0x80240016     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/3/2013 6:50:41 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.143.1423.0     Update Source: Microsoft Update Server     Update Stage: Download     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9103.0     Error code: 0x80240016     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/3/2013 2:44:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0xfffff8a002f94f98, 0x0000000000000002, 0x0000000000000000, 0xfffff80002ebc69b). A dump was saved in: C:\Windows\Minidump\020313-31886-01.dmp. Report Id: 020313-31886-01.
2/2/2013 12:08:37 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871).
2/2/2013 11:22:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2533523).
2/2/2013 10:36:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217).
2/2/2013 10:17:14 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.143.1283.0     Update Source: Microsoft Update Server     Update Stage: Install     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9103.0     Error code: 0x80240016     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/2/2013 10:17:14 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.143.1283.0     Update Source: Microsoft Update Server     Update Stage: Install     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9103.0     Error code: 0x80240016     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/2/2013 10:17:14 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.143.1283.0     Update Source: Microsoft Update Server     Update Stage: Download     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9103.0     Error code: 0x80240016     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/2/2013 1:59:08 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.143.1283.0     Update Source: Microsoft Update Server     Update Stage: Install     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9103.0     Error code: 0x80240016     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/2/2013 1:59:08 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.143.1283.0     Update Source: Microsoft Update Server     Update Stage: Install     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9103.0     Error code: 0x80240016     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/2/2013 1:59:08 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.143.1283.0     Update Source: Microsoft Update Server     Update Stage: Download     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9103.0     Error code: 0x80240016     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================

Offline PKwhite21

  • Jr. Member
  • **
  • Posts: 16
    • View Profile
I updated Java because I didn't want to be the idiot that that just didn't update Java.

Offline PKwhite21

  • Jr. Member
  • **
  • Posts: 16
    • View Profile
I don't mean to be offensive.  I have had problems on other forums with people being a bit rude in replies.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 13937
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Hi, PKwhite21.

I am sure you will find that I will not be rude, nor would I refer to you or anyone else coming here for assistance an idiot or any similar term.  That is most certainly not a way for the person being helped to have any sort of confidence in the person responding.

Something strange is going on and one of your logs still didn't completely post -- of course it is the most important log too.  :(  See how it cut off after one one line from the "Pseudo HJT Report" section.   LandzDown was recently moved to a new hosting service, which resulted in a couple of changes that SpyDie needed to make.  I'm going to check with him to find out if there was a change made in the number of characters that can be posted.

In the meantime, so I don't waste too much of your time, I'll provide a starting point and then request a fresh DDS.txt log at the end.  I won't need another Attach.txt.  That log posted completely. 



1.  Java

Regarding Java, I suspect the same thing happened to you as it did to so many other people when Oracle released Java 7.  You updated but, unlike had been happening for recent updates, it left behind the version 6 of Java.  The "left behind" version that you need to uninstall is Java(TM) 6 Update 31.

Because you use OpenOffice and play games, unfortunately, you need Java.  I suggest that you consider keeping Java disabled via the Java Control Panel when it isn't needed.  Instructions are available in my article at Java, The Never-Ending Saga.

2.  Registry Cleaners

I realize that there are many people who use registry cleaners regularly and have no problems.  Personally, I do not recommend them as I have seen more damage than good.  This is particularly the case with Windows 7. 

Avanquest Fix-It and IObit both have a reputation for causing damage and I suggest you uninstall them. 

3.  You might want to uninstall Ask first and then do the following.

Please download AdwCleaner by Xplode to your Desktop.
  • Double-click AdwCleaner.exe to run the tool.
  • Click Delete.
  • Everything that was found will be deleted.
  • Save any open files and approve the reboot.  A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., S1

4.  Please double-click dds.scr on your desktop to run it again.  When the logs appear, please only post the log for DDS.txt

Thank you!


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline PKwhite21

  • Jr. Member
  • **
  • Posts: 16
    • View Profile
The only version of Java appearing on uninstall program panel is Java 7 Update 13.



Adware Cleaner

# AdwCleaner v2.111 - Logfile created 02/09/2013 at 20:11:00
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : PKwhite - PKWHITE-HP
# Boot Mode : Normal
# Running from : C:\Users\PKwhite\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\adapter@babylontc.com
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ocr@babylon.com
Folder Deleted : C:\Program Files (x86)\Smartdl
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\PKwhite\AppData\Local\APN
Folder Deleted : C:\Users\PKwhite\AppData\Local\Conduit
Folder Deleted : C:\Users\PKwhite\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Deleted : C:\Users\PKwhite\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\PKwhite\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\PKwhite\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\PKwhite\AppData\Roaming\Babylon
Folder Deleted : C:\Users\PKwhite\AppData\Roaming\iWin
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\96de88e63cec13
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Key Deleted : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Wow6432Node\96de88e63cec13
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\PKwhite\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=119351&tt=140612_cup&ba[...]
Deleted [l.38] : icon_url = "hxxp://www.delta-search.com/favicon.ico",
Deleted [l.41] : keyword = "delta-search.com",
Deleted [l.44] : search_url = "hxxp://www.delta-search.com/?q={searchTerms}&affID=119351&tt=140612_cup&babsrc=[...]
Deleted [l.2024] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=119351&tt=140612_cup&babsr[...]

*************************

AdwCleaner[R1].txt - [19879 octets] - [09/02/2013 20:10:11]
AdwCleaner[S1].txt - [19948 octets] - [09/02/2013 20:11:00]

########## EOF - C:\AdwCleaner[S1].txt - [20009 octets] ##########




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.13.2
Run by PKwhite at 20:22:57 on 2013-02-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3563.2214 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Avanquest Fix-It *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avanquest Fix-It *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.privitize.com/?aff=7
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: {0DAE081B-BEB6-484B-A09C-38399A38035E} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [GoogleChromeAutoLaunch_29ED7E310C63D54B783793FF4D321BDC] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun: [SMessaging] C:\Users\PKwhite\AppData\Local\Strongvault Online Backup\SMessaging.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoThumbnailCache = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{C7559CA6-5A46-4481-ABDE-8A8D01748039} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-1-16 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-1-16 42624]
R0 amdide64;amdide64;C:\Windows\System32\drivers\amdide64.sys [2013-1-16 11904]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2012-11-3 57976]
R1 SbTis;SbTis;C:\Windows\System32\drivers\sbtis.sys [2012-11-3 94296]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2010-6-14 64600]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2013-1-16 106664]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-7-8 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2013-1-16 226984]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-1-16 96896]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-1-16 339600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-16 708200]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-7-8 1145960]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-9-14 760168]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-9-14 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-9-14 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-9-14 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-1-16 57512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AQFileRestore;AQFileRestore;C:\Windows\System32\drivers\AQFileRestore.sys [2012-11-3 21120]
S3 bcm;WiMAX Network Adapter;C:\Windows\System32\drivers\drxvi314_64.sys [2009-11-3 318336]
S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\System32\drivers\BcmBusCtr_64.sys [2009-11-3 62976]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2009-11-9 43032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-2 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-1-16 15712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-2 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-2 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-22 1255736]
S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-1-16 89600]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-1 204288]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-1 365568]
S4 AOL Computer Checkup;AOL Computer Checkup;C:\Program Files (x86)\AOL Computer Checkup\sdcService.exe [2012-11-5 406976]
S4 CACLEARWIRE;Clearwire Con App Svc;C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [2009-11-9 124240]
S4 CLEARWIRERcAppSvc;Clearwire RcAppSvc;C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [2009-11-9 120144]
S4 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]
S4 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S4 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
S4 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-1-16 2451456]
S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-3-9 366000]
S4 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S4 SBAMSvc;Fix-It;C:\Program Files (x86)\Common Files\Antivirus\SBAMSvc.exe [2010-10-11 2763080]
S4 SMSI Device Launch Service;Clearwire Device Launch Service;C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2009-11-9 107856]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-02-09 22:23:22   9161176   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E28B030-9197-448A-B624-D2D618BA859E}\mpengine.dll
2013-02-09 04:46:35   95648   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-09 03:59:28   --------   d-----w-   C:\Users\PKwhite\AppData\Local\Strongvault Online Backup
2013-02-09 03:59:28   --------   d-----w-   C:\Program Files (x86)\Common Files\MSSoap
2013-02-08 19:25:04   9161176   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-08 05:41:04   --------   d-----w-   C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-02-08 05:41:01   --------   d-----w-   C:\ProgramData\IObit
2013-02-08 05:40:59   --------   d-----w-   C:\Users\PKwhite\AppData\Roaming\IObit
2013-02-08 05:40:35   --------   d-----w-   C:\Program Files (x86)\IObit
2013-02-08 05:33:21   --------   d-sh--w-   C:\Windows\SysWow64\AI_RecycleBin
2013-02-08 05:33:11   --------   d-sh--w-   C:\AI_RecycleBin
2013-02-08 05:30:57   --------   d-----w-   C:\Windows\SysWow64\Extensions
2013-02-08 05:30:56   --------   d-----w-   C:\Windows\SysWow64\searchplugins
2013-02-07 19:05:14   --------   d-----w-   C:\Users\PKwhite\AppData\Roaming\DriverCure
2013-02-07 19:05:13   --------   d-----w-   C:\Users\PKwhite\AppData\Roaming\Foresight Software
2013-02-07 19:05:08   --------   d-----w-   C:\Program Files (x86)\Common Files\Foresight Software
2013-02-07 19:05:03   --------   d-----w-   C:\ProgramData\Foresight Software
2013-02-07 19:05:03   --------   d-----w-   C:\Program Files (x86)\Foresight Software
2013-02-07 18:02:54   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2013-02-07 18:02:54   2048   ----a-w-   C:\Windows\System32\tzres.dll
2013-02-07 16:56:03   --------   d-----w-   C:\Windows\CheckSur
2013-02-06 17:41:40   --------   d-----w-   C:\Windows\pss
2013-02-05 23:10:07   --------   d-----w-   C:\Program Files (x86)\Amazon
2013-02-04 02:21:31   --------   d-----w-   C:\Program Files (x86)\TornTV.com
2013-02-03 20:56:56   --------   d-----w-   C:\Users\PKwhite\AppData\Local\Maxiget
2013-02-03 20:09:57   0   ----a-w-   C:\Windows\SysWow64\shoF389.tmp
2013-02-02 22:08:01   3072   ----a-w-   C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-02-02 22:08:00   15360   ----a-w-   C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-02-02 22:08:00   13312   ----a-w-   C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-02-02 22:08:00   13312   ----a-w-   C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-01-29 20:20:24   --------   d-----w-   C:\688c6898ed74eadeed
2013-01-27 22:47:01   0   ----a-w-   C:\Windows\SysWow64\shoD3DE.tmp
2013-01-26 03:40:12   --------   d-----w-   C:\Users\PKwhite\AppData\Roaming\Malwarebytes
2013-01-26 03:39:36   --------   d-----w-   C:\ProgramData\Malwarebytes
2013-01-26 03:39:12   --------   d-----w-   C:\Users\PKwhite\AppData\Local\Programs
2013-01-25 17:39:50   --------   d-----w-   C:\Windows\Microsoft Antimalware
2013-01-25 01:20:14   972264   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1677A6B1-B21E-48F1-9015-3C774477A7BE}\gapaengine.dll
2013-01-25 00:31:32   --------   d-----w-   C:\Program Files (x86)\Microsoft Security Client
2013-01-25 00:31:21   --------   d-----w-   C:\Program Files\Microsoft Security Client
2013-01-22 03:23:05   --------   d-----w-   C:\VIPRERESCUE
2013-01-22 00:09:07   9728   ----a-w-   C:\Windows\System32\Wdfres.dll
2013-01-22 00:09:07   785512   ----a-w-   C:\Windows\System32\drivers\Wdf01000.sys
2013-01-22 00:09:07   54376   ----a-w-   C:\Windows\System32\drivers\WdfLdr.sys
2013-01-22 00:09:07   2560   ----a-w-   C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-01-22 00:07:56   87040   ----a-w-   C:\Windows\System32\drivers\WUDFPf.sys
2013-01-22 00:07:56   84992   ----a-w-   C:\Windows\System32\WUDFSvc.dll
2013-01-22 00:07:56   198656   ----a-w-   C:\Windows\System32\drivers\WUDFRd.sys
2013-01-22 00:07:56   194048   ----a-w-   C:\Windows\System32\WUDFPlatform.dll
2013-01-22 00:07:55   744448   ----a-w-   C:\Windows\System32\WUDFx.dll
2013-01-22 00:07:55   45056   ----a-w-   C:\Windows\System32\WUDFCoinstaller.dll
2013-01-22 00:07:55   229888   ----a-w-   C:\Windows\System32\WUDFHost.exe
2013-01-21 20:49:22   800768   ----a-w-   C:\Windows\System32\usp10.dll
2013-01-21 20:49:22   626688   ----a-w-   C:\Windows\SysWow64\usp10.dll
2013-01-21 20:28:39   226816   ----a-w-   C:\Windows\System32\dhcpcore6.dll
2013-01-21 20:28:39   193536   ----a-w-   C:\Windows\SysWow64\dhcpcore6.dll
2013-01-21 20:28:38   55296   ----a-w-   C:\Windows\System32\dhcpcsvc6.dll
2013-01-21 20:28:38   44032   ----a-w-   C:\Windows\SysWow64\dhcpcsvc6.dll
2013-01-21 20:27:16   1914248   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2013-01-21 20:27:15   569344   ----a-w-   C:\Windows\System32\iphlpsvc.dll
2013-01-21 20:27:15   52224   ----a-w-   C:\Windows\SysWow64\nlaapi.dll
2013-01-21 20:27:15   303104   ----a-w-   C:\Windows\System32\nlasvc.dll
2013-01-21 20:27:15   246272   ----a-w-   C:\Windows\System32\netcorehc.dll
2013-01-21 20:27:15   216576   ----a-w-   C:\Windows\System32\ncsi.dll
2013-01-21 20:27:15   175104   ----a-w-   C:\Windows\SysWow64\netcorehc.dll
2013-01-21 20:27:15   156672   ----a-w-   C:\Windows\SysWow64\ncsi.dll
2013-01-21 20:27:14   70656   ----a-w-   C:\Windows\System32\nlaapi.dll
2013-01-21 20:27:14   45568   ----a-w-   C:\Windows\System32\drivers\tcpipreg.sys
2013-01-21 20:27:14   18944   ----a-w-   C:\Windows\SysWow64\netevent.dll
2013-01-21 20:27:14   18944   ----a-w-   C:\Windows\System32\netevent.dll
2013-01-21 20:13:07   --------   d-----w-   C:\Windows\System32\MpEngineStore
2013-01-21 20:08:05   --------   d-----w-   C:\eea64627e69d5cb2fee774326dfca6
2013-01-21 20:05:35   458712   ----a-w-   C:\Windows\System32\drivers\cng.sys
2013-01-21 20:05:35   340992   ----a-w-   C:\Windows\System32\schannel.dll
2013-01-21 20:05:35   247808   ----a-w-   C:\Windows\SysWow64\schannel.dll
2013-01-21 20:05:34   154480   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2013-01-21 20:05:33   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2013-01-21 20:05:33   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2013-01-21 20:05:33   1448448   ----a-w-   C:\Windows\System32\lsasrv.dll
2013-01-21 20:01:03   503808   ----a-w-   C:\Windows\System32\srcore.dll
2013-01-21 20:01:03   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2013-01-21 20:00:15   67072   ----a-w-   C:\Windows\splwow64.exe
2013-01-21 20:00:15   559104   ----a-w-   C:\Windows\System32\spoolsv.exe
2013-01-21 19:55:14   1659760   ----a-w-   C:\Windows\System32\drivers\ntfs.sys
2013-01-21 19:55:04   46080   ----a-w-   C:\Windows\System32\atmlib.dll
2013-01-21 19:55:04   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
2013-01-21 19:55:03   367616   ----a-w-   C:\Windows\System32\atmfd.dll
2013-01-21 19:55:03   295424   ----a-w-   C:\Windows\SysWow64\atmfd.dll
2013-01-21 19:54:36   245760   ----a-w-   C:\Windows\System32\OxpsConverter.exe
2013-01-21 19:54:08   574464   ----a-w-   C:\Windows\System32\d3d10level9.dll
2013-01-21 19:54:08   490496   ----a-w-   C:\Windows\SysWow64\d3d10level9.dll
2013-01-21 19:53:36   950128   ----a-w-   C:\Windows\System32\drivers\ndis.sys
2013-01-21 19:53:36   41472   ----a-w-   C:\Windows\System32\drivers\RNDISMP.sys
2013-01-21 19:52:42   81408   ----a-w-   C:\Windows\System32\imagehlp.dll
2013-01-21 19:52:42   23408   ----a-w-   C:\Windows\System32\drivers\fs_rec.sys
2013-01-21 19:52:41   5120   ----a-w-   C:\Windows\SysWow64\wmi.dll
2013-01-21 19:52:41   5120   ----a-w-   C:\Windows\System32\wmi.dll
2013-01-21 19:52:41   159232   ----a-w-   C:\Windows\SysWow64\imagehlp.dll
2013-01-21 19:52:02   514560   ----a-w-   C:\Windows\SysWow64\qdvd.dll
2013-01-21 19:52:02   366592   ----a-w-   C:\Windows\System32\qdvd.dll
2013-01-21 19:51:33   209920   ----a-w-   C:\Windows\System32\profsvc.dll
2013-01-21 19:50:56   3216384   ----a-w-   C:\Windows\System32\msi.dll
2013-01-21 19:50:55   2342400   ----a-w-   C:\Windows\SysWow64\msi.dll
2013-01-21 19:44:31   509952   ----a-w-   C:\Windows\System32\ntshrui.dll
2013-01-21 19:44:31   442880   ----a-w-   C:\Windows\SysWow64\ntshrui.dll
2013-01-21 19:43:29   515584   ----a-w-   C:\Windows\System32\timedate.cpl
2013-01-21 19:43:29   478720   ----a-w-   C:\Windows\SysWow64\timedate.cpl
2013-01-21 19:34:26   59392   ----a-w-   C:\Windows\System32\browcli.dll
2013-01-21 19:34:26   41984   ----a-w-   C:\Windows\SysWow64\browcli.dll
2013-01-21 19:34:26   136704   ----a-w-   C:\Windows\System32\browser.dll
2013-01-21 19:32:11   1464320   ----a-w-   C:\Windows\System32\crypt32.dll
2013-01-21 19:32:10   184320   ----a-w-   C:\Windows\System32\cryptsvc.dll
2013-01-21 19:32:10   140288   ----a-w-   C:\Windows\SysWow64\cryptsvc.dll
2013-01-21 19:32:10   140288   ----a-w-   C:\Windows\System32\cryptnet.dll
2013-01-21 19:32:10   1159680   ----a-w-   C:\Windows\SysWow64\crypt32.dll
2013-01-21 19:32:09   103936   ----a-w-   C:\Windows\SysWow64\cryptnet.dll
2013-01-21 19:27:09   --------   d-----w-   C:\Firefox
2013-01-21 19:21:35   861088   ----a-w-   C:\Windows\SysWow64\npDeployJava1.dll
2013-01-21 18:28:02   --------   d-----w-   C:\Users\PKwhite\AppData\Roaming\FixCleaner
2013-01-21 18:27:51   --------   d-----w-   C:\Program Files (x86)\FixCleaner
2013-01-17 06:52:24   5559664   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2013-01-17 06:52:22   3968880   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-17 06:52:22   3914096   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2013-01-17 05:20:54   0   ----a-w-   C:\Windows\SysWow64\sho213.tmp
2013-01-17 03:43:24   655360   ----a-w-   C:\Windows\System32\stapi64.dll
2013-01-17 03:40:37   536064   ----a-w-   C:\Windows\System32\drivers\stwrt64.sys
2013-01-17 03:40:33   448512   ----a-w-   C:\Windows\System32\stcplx64.dll
2013-01-17 03:40:33   1977856   ----a-w-   C:\Windows\System32\stapo64.dll
2013-01-17 03:39:25   --------   d-----w-   C:\Program Files\IDT
2013-01-17 03:23:19   74344   ----a-w-   C:\Windows\System32\RtNicProp64.dll
2013-01-17 03:23:19   708200   ----a-w-   C:\Windows\System32\drivers\Rt64win7.sys
2013-01-17 03:15:26   9888912   ----a-w-   C:\Windows\SysWow64\RtsPStorIcon.dll
2013-01-17 03:15:26   339600   ----a-w-   C:\Windows\System32\drivers\RtsPStor.sys
2013-01-17 03:14:51   --------   d-----w-   C:\ProgramData\AOL Computer Checkup
2013-01-17 02:41:37   57512   ----a-w-   C:\Windows\System32\drivers\usbfilter.sys
2013-01-17 02:40:34   82560   ----a-w-   C:\Windows\System32\drivers\amd_sata.sys
2013-01-17 02:40:34   42624   ----a-w-   C:\Windows\System32\drivers\amd_xata.sys
2013-01-17 02:40:33   226984   ----a-w-   C:\Windows\System32\drivers\amdxhc.sys
2013-01-17 02:40:33   11904   ----a-w-   C:\Windows\System32\drivers\amdide64.sys
2013-01-17 02:40:33   106664   ----a-w-   C:\Windows\System32\drivers\amdhub30.sys
2013-01-17 02:37:57   96896   ----a-w-   C:\Windows\System32\drivers\AtihdW76.sys
2013-01-16 23:18:45   15712   ----a-w-   C:\Windows\System32\drivers\SWDUMon.sys
2013-01-16 23:18:44   --------   d-----w-   C:\Users\PKwhite\AppData\Local\SlimWare Utilities Inc
2013-01-12 19:53:25   --------   d-----w-   C:\Users\PKwhite\AppData\Local\TSR Workshop
2013-01-12 19:50:49   --------   d-----w-   C:\ProgramData\Caphyon
2013-01-12 19:14:14   --------   d-----w-   C:\Users\PKwhite\AppData\Roaming\The Sims Resource
.
==================== Find3M  ====================
.
2013-02-09 04:46:17   782240   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2013-01-30 10:53:22   273840   ------w-   C:\Windows\System32\MpSigStub.exe
2013-01-21 20:15:04   286076   ----a-w-   C:\DUMP5272.tmp
2013-01-14 02:42:34   74248   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-14 02:42:34   697864   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-07 13:20:16   441856   ----a-w-   C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31   2746368   ----a-w-   C:\Windows\System32\gameux.dll
2012-12-07 12:26:17   308736   ----a-w-   C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43   2576384   ----a-w-   C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04   30720   ----a-w-   C:\Windows\System32\usk.rs
2012-12-07 11:20:03   43520   ----a-w-   C:\Windows\System32\csrr.rs
2012-12-07 11:20:03   23552   ----a-w-   C:\Windows\System32\oflc.rs
2012-12-07 11:20:01   45568   ----a-w-   C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01   44544   ----a-w-   C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01   20480   ----a-w-   C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00   20480   ----a-w-   C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59   20480   ----a-w-   C:\Windows\System32\pegi.rs
2012-12-07 11:19:58   46592   ----a-w-   C:\Windows\System32\fpb.rs
2012-12-07 11:19:57   40960   ----a-w-   C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57   21504   ----a-w-   C:\Windows\System32\grb.rs
2012-12-07 11:19:57   15360   ----a-w-   C:\Windows\System32\djctq.rs
2012-12-07 11:19:56   55296   ----a-w-   C:\Windows\System32\cero.rs
2012-12-07 11:19:55   51712   ----a-w-   C:\Windows\System32\esrb.rs
2012-11-30 05:45:35   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35   243200   ----a-w-   C:\Windows\System32\wow64.dll
2012-11-30 05:45:35   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14   215040   ----a-w-   C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07   424448   ----a-w-   C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59   274944   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48   338432   ----a-w-   C:\Windows\System32\conhost.exe
2012-11-30 02:44:06   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59   6144   ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59   4608   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31   3149824   ----a-w-   C:\Windows\System32\win32k.sys
2012-11-23 03:13:57   68608   ----a-w-   C:\Windows\System32\taskhost.exe
2012-11-20 05:48:49   307200   ----a-w-   C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09   220160   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44   2312704   ----a-w-   C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11   1392128   ----a-w-   C:\Windows\System32\wininet.dll
2012-11-14 06:02:49   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46   599040   ----a-w-   C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22   1800704   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27   420864   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 20:24:42.78 ===============

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 13937
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Quote from: PKwhite21
The only version of Java appearing on uninstall program panel is Java 7 Update 13.

Excellent!  You were ahead of me.  :) 

Although I'm not seeing signs of Alureon, I'd like you to do a scan with a tool that is able to detect the rootkit to be sure it is gone.  Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see:  How to change the file extension.
  • Click the Start Scan button.  Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects[/b]" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline PKwhite21

  • Jr. Member
  • **
  • Posts: 16
    • View Profile
It says that no threats found   

10:58:52.0138 3220  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:58:52.0794 3220  ============================================================
10:58:52.0794 3220  Current date / time: 2013/02/10 10:58:52.0794
10:58:52.0794 3220  SystemInfo:
10:58:52.0794 3220 
10:58:52.0794 3220  OS Version: 6.1.7601 ServicePack: 1.0
10:58:52.0794 3220  Product type: Workstation
10:58:52.0794 3220  ComputerName: PKWHITE-HP
10:58:52.0809 3220  UserName: PKwhite
10:58:52.0809 3220  Windows directory: C:\Windows
10:58:52.0809 3220  System windows directory: C:\Windows
10:58:52.0809 3220  Running under WOW64
10:58:52.0809 3220  Processor architecture: Intel x64
10:58:52.0809 3220  Number of processors: 4
10:58:52.0809 3220  Page size: 0x1000
10:58:52.0809 3220  Boot type: Normal boot
10:58:52.0809 3220  ============================================================
10:58:54.0478 3220  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:58:54.0541 3220  ============================================================
10:58:54.0541 3220  \Device\Harddisk0\DR0:
10:58:54.0556 3220  MBR partitions:
10:58:54.0556 3220  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:58:54.0556 3220  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48ACD800
10:58:54.0556 3220  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x48B31800, BlocksNum 0x1CF2800
10:58:54.0556 3220  ============================================================
10:58:54.0603 3220  C: <-> \Device\Harddisk0\DR0\Partition2
10:58:54.0634 3220  D: <-> \Device\Harddisk0\DR0\Partition3
10:58:54.0634 3220  ============================================================
10:58:54.0634 3220  Initialize success
10:58:54.0634 3220  ============================================================
10:58:59.0580 1208  ============================================================
10:58:59.0580 1208  Scan started
10:58:59.0580 1208  Mode: Manual;
10:58:59.0580 1208  ============================================================
10:58:59.0892 1208  ================ Scan system memory ========================
10:58:59.0892 1208  System memory - ok
10:58:59.0907 1208  ================ Scan services =============================
10:59:00.0094 1208  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:59:00.0094 1208  1394ohci - ok
10:59:00.0141 1208  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
10:59:00.0141 1208  Accelerometer - ok
10:59:00.0188 1208  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:59:00.0188 1208  ACPI - ok
10:59:00.0235 1208  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:59:00.0235 1208  AcpiPmi - ok
10:59:00.0344 1208  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:59:00.0360 1208  AdobeFlashPlayerUpdateSvc - ok
10:59:00.0422 1208  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:59:00.0438 1208  adp94xx - ok
10:59:00.0484 1208  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:59:00.0484 1208  adpahci - ok
10:59:00.0531 1208  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:59:00.0531 1208  adpu320 - ok
10:59:00.0562 1208  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:59:00.0562 1208  AeLookupSvc - ok
10:59:00.0672 1208  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
10:59:00.0672 1208  AESTFilters - ok
10:59:00.0718 1208  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:59:00.0734 1208  AFD - ok
10:59:00.0765 1208  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:59:00.0781 1208  agp440 - ok
10:59:00.0796 1208  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:59:00.0812 1208  ALG - ok
10:59:00.0843 1208  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:59:00.0843 1208  aliide - ok
10:59:00.0906 1208  [ 5580856001F78FECEF19202A60334E7E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:59:00.0906 1208  AMD External Events Utility - ok
10:59:00.0937 1208  AMD FUEL Service - ok
10:59:00.0984 1208  [ 118A3DCEE1BD327D3CEEFE645D99712D ] amdhub30        C:\Windows\system32\DRIVERS\amdhub30.sys
10:59:00.0984 1208  amdhub30 - ok
10:59:01.0030 1208  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:59:01.0030 1208  amdide - ok
10:59:01.0077 1208  [ 0DB2DF2B692A3F70443FD14D7920F249 ] amdide64        C:\Windows\system32\DRIVERS\amdide64.sys
10:59:01.0077 1208  amdide64 - ok
10:59:01.0108 1208  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
10:59:01.0108 1208  amdiox64 - ok
10:59:01.0155 1208  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:59:01.0155 1208  AmdK8 - ok
10:59:01.0436 1208  [ 69BC235B7983D67B8967CE634023CED1 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:59:01.0686 1208  amdkmdag - ok
10:59:01.0748 1208  [ 2A8496AF669F282777F9E17D04D0AA22 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
10:59:01.0748 1208  amdkmdap - ok
10:59:01.0795 1208  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:59:01.0810 1208  AmdPPM - ok
10:59:01.0842 1208  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:59:01.0842 1208  amdsata - ok
10:59:01.0857 1208  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:59:01.0873 1208  amdsbs - ok
10:59:01.0888 1208  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:59:01.0888 1208  amdxata - ok
10:59:01.0951 1208  [ A233283CB9D43C6F361BE0DD019B1B7B ] amdxhc          C:\Windows\system32\DRIVERS\amdxhc.sys
10:59:01.0951 1208  amdxhc - ok
10:59:01.0982 1208  [ EE4797DFEBBE8ACDB548DD8E80BE0A88 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
10:59:01.0982 1208  amd_sata - ok
10:59:01.0998 1208  [ D56EAD71A86FD2ACAE2DB47D0A6A3A41 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
10:59:01.0998 1208  amd_xata - ok
10:59:02.0060 1208  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2.0  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:59:02.0060 1208  AODDriver4.2.0 - ok
10:59:02.0154 1208  [ 2D92817A2E345554030142E7CDAFAB39 ] AOL Computer Checkup C:\Program Files (x86)\AOL Computer Checkup\SDCService.exe
10:59:02.0154 1208  AOL Computer Checkup - ok
10:59:02.0200 1208  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:59:02.0200 1208  AppID - ok
10:59:02.0232 1208  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:59:02.0232 1208  AppIDSvc - ok
10:59:02.0247 1208  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
10:59:02.0247 1208  Appinfo - ok
10:59:02.0356 1208  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:59:02.0356 1208  Apple Mobile Device - ok
10:59:02.0419 1208  [ 5E5233137FEEA6055DB8412C8728B39F ] AQFileRestore   C:\Windows\system32\DRIVERS\AQFileRestore.sys
10:59:02.0419 1208  AQFileRestore - ok
10:59:02.0466 1208  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
10:59:02.0466 1208  arc - ok
10:59:02.0497 1208  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:59:02.0497 1208  arcsas - ok
10:59:02.0622 1208  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:59:02.0622 1208  aspnet_state - ok
10:59:02.0668 1208  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:59:02.0668 1208  AsyncMac - ok
10:59:02.0700 1208  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:59:02.0700 1208  atapi - ok
10:59:02.0731 1208  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:59:02.0731 1208  AtiHDAudioService - ok
10:59:02.0793 1208  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:59:02.0871 1208  AudioEndpointBuilder - ok
10:59:02.0949 1208  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:59:02.0965 1208  AudioSrv - ok
10:59:02.0996 1208  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:59:02.0996 1208  AxInstSV - ok
10:59:03.0058 1208  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
10:59:03.0058 1208  b06bdrv - ok
10:59:03.0105 1208  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:59:03.0105 1208  b57nd60a - ok
10:59:03.0168 1208  [ 2BC216938A30981473FFEDB251196095 ] bcm             C:\Windows\system32\DRIVERS\drxvi314_64.sys
10:59:03.0168 1208  bcm - ok
10:59:03.0277 1208  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
10:59:03.0355 1208  BCM43XX - ok
10:59:03.0386 1208  [ D127A82E01D64B6DD6A838DB710CCEA9 ] bcmbusctr       C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys
10:59:03.0386 1208  bcmbusctr - ok
10:59:03.0433 1208  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:59:03.0433 1208  BDESVC - ok
10:59:03.0480 1208  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:59:03.0480 1208  Beep - ok
10:59:03.0542 1208  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
10:59:03.0620 1208  BFE - ok
10:59:03.0667 1208  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
10:59:03.0745 1208  BITS - ok
10:59:03.0792 1208  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
10:59:03.0807 1208  blbdrive - ok
10:59:03.0854 1208  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:59:03.0854 1208  bowser - ok
10:59:03.0901 1208  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
10:59:03.0901 1208  BrFiltLo - ok
10:59:03.0932 1208  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
10:59:03.0932 1208  BrFiltUp - ok
10:59:03.0963 1208  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:59:03.0979 1208  Browser - ok
10:59:04.0010 1208  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:59:04.0026 1208  Brserid - ok
10:59:04.0041 1208  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:59:04.0041 1208  BrSerWdm - ok
10:59:04.0072 1208  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:59:04.0072 1208  BrUsbMdm - ok
10:59:04.0088 1208  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:59:04.0088 1208  BrUsbSer - ok
10:59:04.0104 1208  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:59:04.0104 1208  BTHMODEM - ok
10:59:04.0150 1208  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:59:04.0150 1208  bthserv - ok
10:59:04.0213 1208  [ 36D4CBA0D18A234B7811184285C16A0B ] CACLEARWIRE     C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe
10:59:04.0369 1208  CACLEARWIRE - ok
10:59:04.0416 1208  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:59:04.0416 1208  cdfs - ok
10:59:04.0478 1208  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:59:04.0478 1208  cdrom - ok
10:59:04.0509 1208  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:59:04.0525 1208  CertPropSvc - ok
10:59:04.0572 1208  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:59:04.0572 1208  circlass - ok
10:59:04.0603 1208  [ 37AC79E5E3F818B397C042CCBD8909E7 ] CLEARWIRERcAppSvc C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe
10:59:04.0743 1208  CLEARWIRERcAppSvc - ok
10:59:04.0790 1208  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:59:04.0790 1208  CLFS - ok
10:59:04.0852 1208  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:59:04.0852 1208  clr_optimization_v2.0.50727_32 - ok
10:59:04.0899 1208  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:59:04.0915 1208  clr_optimization_v2.0.50727_64 - ok
10:59:04.0993 1208  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:59:04.0993 1208  clr_optimization_v4.0.30319_32 - ok
10:59:05.0024 1208  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:59:05.0040 1208  clr_optimization_v4.0.30319_64 - ok
10:59:05.0071 1208  clwvd - ok
10:59:05.0102 1208  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
10:59:05.0102 1208  CmBatt - ok
10:59:05.0133 1208  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:59:05.0133 1208  cmdide - ok
10:59:05.0196 1208  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
10:59:05.0196 1208  CNG - ok
10:59:05.0242 1208  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:59:05.0242 1208  Compbatt - ok
10:59:05.0274 1208  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:59:05.0274 1208  CompositeBus - ok
10:59:05.0305 1208  COMSysApp - ok
10:59:05.0336 1208  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:59:05.0336 1208  crcdisk - ok
10:59:05.0383 1208  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:59:05.0383 1208  CryptSvc - ok
10:59:05.0492 1208  [ 344546D11D7E6D9F481E9D3ABC6E76CB ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:59:05.0570 1208  cvhsvc - ok
10:59:05.0617 1208  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:59:05.0632 1208  DcomLaunch - ok
10:59:05.0679 1208  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:59:05.0679 1208  defragsvc - ok
10:59:05.0710 1208  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:59:05.0710 1208  DfsC - ok
10:59:05.0757 1208  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:59:05.0757 1208  Dhcp - ok
10:59:05.0773 1208  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:59:05.0773 1208  discache - ok
10:59:05.0820 1208  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
10:59:05.0820 1208  Disk - ok
10:59:05.0851 1208  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:59:05.0866 1208  Dnscache - ok
10:59:05.0882 1208  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:59:05.0898 1208  dot3svc - ok
10:59:05.0960 1208  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:59:05.0960 1208  DPS - ok
10:59:06.0007 1208  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:59:06.0007 1208  drmkaud - ok
10:59:06.0054 1208  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:59:06.0069 1208  DXGKrnl - ok
10:59:06.0100 1208  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:59:06.0116 1208  EapHost - ok
10:59:06.0116 1208  easytether - ok
10:59:06.0272 1208  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
10:59:06.0381 1208  ebdrv - ok
10:59:06.0428 1208  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:59:06.0428 1208  EFS - ok
10:59:06.0506 1208  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:59:06.0584 1208  ehRecvr - ok
10:59:06.0615 1208  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:59:06.0615 1208  ehSched - ok
10:59:06.0662 1208  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:59:06.0740 1208  elxstor - ok
10:59:06.0771 1208  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:59:06.0787 1208  ErrDev - ok
10:59:06.0849 1208  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:59:06.0849 1208  EventSystem - ok
10:59:06.0896 1208  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:59:06.0896 1208  exfat - ok
10:59:06.0912 1208  ezSharedSvc - ok
10:59:06.0958 1208  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:59:06.0958 1208  fastfat - ok
10:59:07.0005 1208  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:59:07.0083 1208  Fax - ok
10:59:07.0114 1208  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
10:59:07.0114 1208  fdc - ok
10:59:07.0146 1208  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:59:07.0146 1208  fdPHost - ok
10:59:07.0161 1208  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:59:07.0161 1208  FDResPub - ok
10:59:07.0255 1208  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:59:07.0270 1208  FileInfo - ok
10:59:07.0286 1208  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:59:07.0286 1208  Filetrace - ok
10:59:07.0333 1208  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
10:59:07.0333 1208  flpydisk - ok
10:59:07.0364 1208  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:59:07.0364 1208  FltMgr - ok
10:59:07.0504 1208  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
10:59:07.0582 1208  FontCache - ok
10:59:07.0645 1208  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:59:07.0645 1208  FontCache3.0.0.0 - ok
10:59:07.0692 1208  [ 2074A85A6B8F84A5A9C60B915B465FAF ] FPLService      C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
10:59:07.0692 1208  FPLService - ok
10:59:07.0723 1208  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:59:07.0723 1208  FsDepends - ok
10:59:07.0770 1208  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:59:07.0770 1208  Fs_Rec - ok
10:59:07.0863 1208  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:59:07.0863 1208  fvevol - ok
10:59:07.0910 1208  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:59:07.0926 1208  gagp30kx - ok
10:59:07.0972 1208  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:59:08.0050 1208  gpsvc - ok
10:59:08.0144 1208  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:59:08.0160 1208  gupdate - ok
10:59:08.0175 1208  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:59:08.0175 1208  gupdatem - ok
10:59:08.0206 1208  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:59:08.0206 1208  gusvc - ok
10:59:08.0238 1208  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:59:08.0238 1208  hcw85cir - ok
10:59:08.0269 1208  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:59:08.0284 1208  HdAudAddService - ok
10:59:08.0316 1208  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:59:08.0316 1208  HDAudBus - ok
10:59:08.0331 1208  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
10:59:08.0347 1208  HidBatt - ok
10:59:08.0362 1208  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:59:08.0362 1208  HidBth - ok
10:59:08.0394 1208  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:59:08.0409 1208  HidIr - ok
10:59:08.0440 1208  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
10:59:08.0440 1208  hidserv - ok
10:59:08.0472 1208  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
10:59:08.0487 1208  HidUsb - ok
10:59:08.0503 1208  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:59:08.0503 1208  hkmsvc - ok
10:59:08.0581 1208  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:59:08.0596 1208  HomeGroupListener - ok
10:59:08.0612 1208  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:59:08.0628 1208  HomeGroupProvider - ok
10:59:08.0737 1208  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:59:08.0737 1208  HP Support Assistant Service - ok
10:59:08.0784 1208  [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
10:59:08.0784 1208  HPClientSvc - ok
10:59:08.0893 1208  [ C5D2F308E1C12A5C328EF549696DBC05 ] hpCMSrv         C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
10:59:08.0986 1208  hpCMSrv - ok
10:59:09.0018 1208  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
10:59:09.0018 1208  hpdskflt - ok
10:59:09.0096 1208  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:59:09.0174 1208  hpqwmiex - ok
10:59:09.0220 1208  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:59:09.0236 1208  HpSAMD - ok
10:59:09.0267 1208  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv           C:\Windows\system32\Hpservice.exe
10:59:09.0267 1208  hpsrv - ok
10:59:09.0314 1208  [ 491CE9B6321FB74E4B37AF2C47F98434 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
10:59:09.0314 1208  HPWMISVC - ok
10:59:09.0361 1208  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:59:09.0454 1208  HTTP - ok
10:59:09.0470 1208  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:59:09.0470 1208  hwpolicy - ok
10:59:09.0486 1208  hxmgfeiy - ok
10:59:09.0532 1208  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:59:09.0532 1208  i8042prt - ok
10:59:09.0579 1208  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:59:09.0595 1208  iaStorV - ok
10:59:09.0735 1208  [ ABEFA4BD23329FD9BD47496BF2E58774 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
10:59:09.0985 1208  IconMan_R - ok
10:59:10.0063 1208  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:59:10.0141 1208  idsvc - ok
10:59:10.0156 1208  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:59:10.0156 1208  iirsp - ok
10:59:10.0219 1208  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:59:10.0297 1208  IKEEXT - ok
10:59:10.0312 1208  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:59:10.0312 1208  intelide - ok
10:59:10.0344 1208  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
10:59:10.0344 1208  intelppm - ok
10:59:10.0390 1208  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:59:10.0390 1208  IPBusEnum - ok
10:59:10.0406 1208  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:59:10.0406 1208  IpFilterDriver - ok
10:59:10.0468 1208  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:59:10.0546 1208  iphlpsvc - ok
10:59:10.0562 1208  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:59:10.0562 1208  IPMIDRV - ok
10:59:10.0609 1208  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:59:10.0609 1208  IPNAT - ok
10:59:10.0640 1208  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:59:10.0640 1208  IRENUM - ok
10:59:10.0671 1208  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:59:10.0671 1208  isapnp - ok
10:59:10.0718 1208  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:59:10.0718 1208  iScsiPrt - ok
10:59:10.0734 1208  jckeyvsy - ok
10:59:10.0749 1208  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:59:10.0749 1208  kbdclass - ok
10:59:10.0765 1208  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
10:59:10.0765 1208  kbdhid - ok
10:59:10.0796 1208  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:59:10.0796 1208  KeyIso - ok
10:59:10.0890 1208  [ 9249D2ACEC11F8958E0FCA436C5630BD ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
10:59:10.0905 1208  Kodak AiO Network Discovery Service - ok
10:59:10.0936 1208  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:59:10.0936 1208  KSecDD - ok
10:59:10.0983 1208  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:59:10.0999 1208  KSecPkg - ok
10:59:11.0030 1208  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:59:11.0030 1208  ksthunk - ok
10:59:11.0077 1208  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:59:11.0077 1208  KtmRm - ok
10:59:11.0124 1208  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:59:11.0124 1208  LanmanServer - ok
10:59:11.0155 1208  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:59:11.0170 1208  LanmanWorkstation - ok
10:59:11.0311 1208  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:59:11.0311 1208  lltdio - ok
10:59:11.0358 1208  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:59:11.0373 1208  lltdsvc - ok
10:59:11.0420 1208  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:59:11.0420 1208  lmhosts - ok
10:59:11.0467 1208  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:59:11.0467 1208  LSI_FC - ok
10:59:11.0482 1208  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:59:11.0482 1208  LSI_SAS - ok
10:59:11.0514 1208  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:59:11.0514 1208  LSI_SAS2 - ok
10:59:11.0545 1208  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:59:11.0545 1208  LSI_SCSI - ok
10:59:11.0576 1208  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:59:11.0576 1208  luafv - ok
10:59:11.0592 1208  luzonsuy - ok
10:59:11.0654 1208  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:59:11.0654 1208  Mcx2Svc - ok
10:59:11.0685 1208  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:59:11.0685 1208  megasas - ok
10:59:11.0732 1208  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
10:59:11.0732 1208  MegaSR - ok
10:59:11.0779 1208  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:59:11.0779 1208  MMCSS - ok
10:59:11.0810 1208  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:59:11.0826 1208  Modem - ok
10:59:11.0841 1208  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:59:11.0857 1208  monitor - ok
10:59:11.0888 1208  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:59:11.0888 1208  mouclass - ok
10:59:11.0935 1208  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
10:59:11.0935 1208  mouhid - ok
10:59:11.0966 1208  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:59:11.0966 1208  mountmgr - ok
10:59:12.0028 1208  [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
10:59:12.0028 1208  MpFilter - ok
10:59:12.0060 1208  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:59:12.0060 1208  mpio - ok
10:59:12.0106 1208  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:59:12.0106 1208  mpsdrv - ok
10:59:12.0153 1208  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:59:12.0247 1208  MpsSvc - ok
10:59:12.0325 1208  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:59:12.0325 1208  MRxDAV - ok
10:59:12.0372 1208  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:59:12.0372 1208  mrxsmb - ok
10:59:12.0450 1208  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:59:12.0450 1208  mrxsmb10 - ok
10:59:12.0465 1208  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:59:12.0481 1208  mrxsmb20 - ok
10:59:12.0496 1208  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:59:12.0496 1208  msahci - ok
10:59:12.0574 1208  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:59:12.0590 1208  msdsm - ok
10:59:12.0652 1208  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:59:12.0668 1208  MSDTC - ok
10:59:12.0699 1208  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:59:12.0699 1208  Msfs - ok
10:59:12.0715 1208  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:59:12.0715 1208  mshidkmdf - ok
10:59:12.0730 1208  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:59:12.0730 1208  msisadrv - ok
10:59:12.0777 1208  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:59:12.0777 1208  MSiSCSI - ok
10:59:12.0793 1208  msiserver - ok
10:59:12.0840 1208  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:59:12.0840 1208  MSKSSRV - ok
10:59:12.0933 1208  [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:59:12.0933 1208  MsMpSvc - ok
10:59:12.0964 1208  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:59:12.0964 1208  MSPCLOCK - ok
10:59:12.0996 1208  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:59:12.0996 1208  MSPQM - ok
10:59:13.0074 1208  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:59:13.0074 1208  MsRPC - ok
10:59:13.0105 1208  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:59:13.0105 1208  mssmbios - ok
10:59:13.0120 1208  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:59:13.0120 1208  MSTEE - ok
10:59:13.0136 1208  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
10:59:13.0152 1208  MTConfig - ok
10:59:13.0167 1208  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:59:13.0167 1208  Mup - ok
10:59:13.0214 1208  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:59:13.0230 1208  napagent - ok
10:59:13.0308 1208  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:59:13.0323 1208  NativeWifiP - ok
10:59:13.0386 1208  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:59:13.0479 1208  NDIS - ok
10:59:13.0526 1208  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:59:13.0526 1208  NdisCap - ok
10:59:13.0557 1208  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:59:13.0557 1208  NdisTapi - ok
10:59:13.0573 1208  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:59:13.0588 1208  Ndisuio - ok
10:59:13.0666 1208  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:59:13.0666 1208  NdisWan - ok
10:59:13.0682 1208  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:59:13.0698 1208  NDProxy - ok
10:59:13.0713 1208  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:59:13.0713 1208  NetBIOS - ok
10:59:13.0760 1208  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:59:13.0760 1208  NetBT - ok
10:59:13.0791 1208  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:59:13.0791 1208  Netlogon - ok
10:59:13.0838 1208  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:59:13.0854 1208  Netman - ok
10:59:13.0900 1208  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:59:13.0900 1208  NetMsmqActivator - ok
10:59:13.0916 1208  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:59:13.0916 1208  NetPipeActivator - ok
10:59:14.0010 1208  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:59:14.0010 1208  netprofm - ok
10:59:14.0025 1208  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:59:14.0025 1208  NetTcpActivator - ok
10:59:14.0041 1208  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:59:14.0041 1208  NetTcpPortSharing - ok
10:59:14.0088 1208  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:59:14.0088 1208  nfrd960 - ok
10:59:14.0134 1208  [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:59:14.0134 1208  NisDrv - ok
10:59:14.0197 1208  [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
10:59:14.0197 1208  NisSrv - ok
10:59:14.0259 1208  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:59:14.0259 1208  NlaSvc - ok
10:59:14.0290 1208  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:59:14.0290 1208  Npfs - ok
10:59:14.0322 1208  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:59:14.0322 1208  nsi - ok
10:59:14.0337 1208  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:59:14.0337 1208  nsiproxy - ok
10:59:14.0431 1208  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:59:14.0524 1208  Ntfs - ok
10:59:14.0556 1208  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:59:14.0556 1208  Null - ok
10:59:14.0602 1208  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
10:59:14.0618 1208  NVENETFD - ok
10:59:14.0680 1208  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:59:14.0680 1208  nvraid - ok
10:59:14.0758 1208  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:59:14.0758 1208  nvstor - ok
10:59:14.0790 1208  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:59:14.0790 1208  nv_agp - ok
10:59:14.0821 1208  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:59:14.0821 1208  ohci1394 - ok
10:59:14.0852 1208  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:59:14.0868 1208  ose - ok
10:59:15.0102 1208  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:59:15.0242 1208  osppsvc - ok
10:59:15.0289 1208  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:59:15.0289 1208  p2pimsvc - ok
10:59:15.0336 1208  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:59:15.0351 1208  p2psvc - ok
10:59:15.0382 1208  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
10:59:15.0382 1208  Parport - ok
10:59:15.0414 1208  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:59:15.0429 1208  partmgr - ok
10:59:15.0507 1208  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:59:15.0507 1208  PcaSvc - ok
10:59:15.0538 1208  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:59:15.0538 1208  pci - ok
10:59:15.0570 1208  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:59:15.0570 1208  pciide - ok
10:59:15.0601 1208  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:59:15.0601 1208  pcmcia - ok
10:59:15.0663 1208  [ B5D3C24E4EA8E6D4850E83DAD8C510D4 ] PCTINDIS5X64    C:\Windows\system32\PCTINDIS5X64.SYS
10:59:15.0663 1208  PCTINDIS5X64 - ok
10:59:15.0694 1208  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:59:15.0694 1208  pcw - ok
10:59:15.0772 1208  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:59:15.0850 1208  PEAUTH - ok
10:59:15.0944 1208  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:59:15.0944 1208  PerfHost - ok
10:59:16.0022 1208  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:59:16.0116 1208  pla - ok
10:59:16.0162 1208  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:59:16.0178 1208  PlugPlay - ok
10:59:16.0209 1208  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:59:16.0209 1208  PNRPAutoReg - ok
10:59:16.0240 1208  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:59:16.0240 1208  PNRPsvc - ok
10:59:16.0303 1208  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:59:16.0303 1208  PolicyAgent - ok
10:59:16.0350 1208  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:59:16.0365 1208  Power - ok
10:59:16.0396 1208  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:59:16.0412 1208  PptpMiniport - ok
10:59:16.0428 1208  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
10:59:16.0443 1208  Processor - ok
10:59:16.0474 1208  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:59:16.0474 1208  ProfSvc - ok
10:59:16.0490 1208  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:59:16.0506 1208  ProtectedStorage - ok
10:59:16.0537 1208  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:59:16.0537 1208  Psched - ok
10:59:16.0615 1208  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:59:16.0708 1208  ql2300 - ok
10:59:16.0740 1208  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:59:16.0755 1208  ql40xx - ok
10:59:16.0786 1208  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:59:16.0786 1208  QWAVE - ok
10:59:16.0818 1208  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:59:16.0818 1208  QWAVEdrv - ok
10:59:16.0849 1208  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:59:16.0849 1208  RasAcd - ok
10:59:16.0896 1208  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:59:16.0896 1208  RasAgileVpn - ok
10:59:16.0927 1208  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:59:16.0927 1208  RasAuto - ok
10:59:16.0958 1208  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:59:16.0958 1208  Rasl2tp - ok
10:59:16.0989 1208  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:59:17.0005 1208  RasMan - ok
10:59:17.0020 1208  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:59:17.0020 1208  RasPppoe - ok
10:59:17.0052 1208  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:59:17.0067 1208  RasSstp - ok
10:59:17.0098 1208  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:59:17.0098 1208  rdbss - ok
10:59:17.0130 1208  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
10:59:17.0130 1208  rdpbus - ok
10:59:17.0161 1208  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:59:17.0161 1208  RDPCDD - ok
10:59:17.0176 1208  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:59:17.0176 1208  RDPENCDD - ok
10:59:17.0208 1208  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:59:17.0223 1208  RDPREFMP - ok
10:59:17.0270 1208  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:59:17.0270 1208  RdpVideoMiniport - ok
10:59:17.0301 1208  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:59:17.0317 1208  RDPWD - ok
10:59:17.0364 1208  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:59:17.0364 1208  rdyboost - ok
10:59:17.0410 1208  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:59:17.0410 1208  RemoteAccess - ok
10:59:17.0442 1208  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:59:17.0442 1208  RemoteRegistry - ok
10:59:17.0504 1208  [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
10:59:17.0520 1208  RoxioNow Service - ok
10:59:17.0535 1208  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:59:17.0535 1208  RpcEptMapper - ok
10:59:17.0582 1208  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:59:17.0582 1208  RpcLocator - ok
10:59:17.0629 1208  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
10:59:17.0629 1208  RpcSs - ok
10:59:17.0676 1208  [ 7BFDFD1D2244B444D7BBC55087426518 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
10:59:17.0691 1208  RSPCIESTOR - ok
10:59:17.0722 1208  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:59:17.0738 1208  rspndr - ok
10:59:17.0816 1208  [ BD9BA262CF26EFE9A9867EBE32D12164 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
10:59:17.0832 1208  RTL8167 - ok
10:59:17.0910 1208  [ 177963A6EEBAA9EF3B56A2DBE9D5D0FC ] RTL8192Ce       C:\Windows\system32\DRIVERS\rtl8192Ce.sys
10:59:17.0925 1208  RTL8192Ce - ok
10:59:17.0941 1208  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
10:59:17.0941 1208  SamSs - ok
10:59:18.0144 1208  [ ACDF04364F9E824750433E29F1277001 ] SBAMSvc         C:\Program Files (x86)\Common Files\Antivirus\SBAMSvc.exe
10:59:18.0237 1208  SBAMSvc - ok
10:59:18.0284 1208  [ F90431C321F42F0E647B0C6A49644D97 ] sbapifs         C:\Windows\system32\DRIVERS\sbapifs.sys
10:59:18.0284 1208  sbapifs - ok
10:59:18.0331 1208  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:59:18.0331 1208  sbp2port - ok
10:59:18.0378 1208  [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE            C:\Windows\system32\drivers\SBREdrv.sys
10:59:18.0378 1208  SBRE - ok
10:59:18.0409 1208  [ C470FA779D0BD9A2309A04E49DD0EB8C ] SbTis           C:\Windows\system32\drivers\sbtis.sys
10:59:18.0409 1208  SbTis - ok
10:59:18.0456 1208  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:59:18.0471 1208  SCardSvr - ok
10:59:18.0487 1208  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:59:18.0487 1208  scfilter - ok
10:59:18.0596 1208  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:59:18.0690 1208  Schedule - ok
10:59:18.0721 1208  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:59:18.0721 1208  SCPolicySvc - ok
10:59:18.0768 1208  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
10:59:18.0768 1208  sdbus - ok
10:59:18.0799 1208  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:59:18.0799 1208  SDRSVC - ok
10:59:18.0830 1208  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:59:18.0830 1208  secdrv - ok
10:59:18.0861 1208  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:59:18.0861 1208  seclogon - ok
10:59:18.0877 1208  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
10:59:18.0877 1208  SENS - ok
10:59:18.0908 1208  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:59:18.0908 1208  SensrSvc - ok
10:59:18.0955 1208  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
10:59:18.0970 1208  Serenum - ok
10:59:19.0002 1208  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
10:59:19.0002 1208  Serial - ok
10:59:19.0033 1208  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:59:19.0033 1208  sermouse - ok
10:59:19.0095 1208  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:59:19.0095 1208  SessionEnv - ok
10:59:19.0126 1208  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:59:19.0126 1208  sffdisk - ok
10:59:19.0158 1208  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:59:19.0158 1208  sffp_mmc - ok
10:59:19.0173 1208  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:59:19.0173 1208  sffp_sd - ok
10:59:19.0189 1208  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:59:19.0189 1208  sfloppy - ok
10:59:19.0267 1208  [ A40ABFDCB75F835FDF3CE0CC64E4250D ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
10:59:19.0282 1208  Sftfs - ok
10:59:19.0329 1208  [ 08D2B597CC4E26FDE43BE9F104476F65 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:59:19.0345 1208  sftlist - ok
10:59:19.0376 1208  [ 411769ED1CB12D2B44217734347BDB7A ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:59:19.0376 1208  Sftplay - ok
10:59:19.0392 1208  [ A14D0DF34BBB00EA94DA16193D0C7957 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:59:19.0392 1208  Sftredir - ok
10:59:19.0423 1208  [ 393B22ADDD89979EB1C60898F51C3648 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
10:59:19.0423 1208  Sftvol - ok
10:59:19.0501 1208  [ 0EC561D71A733814CFF37712CDEE2A74 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:59:19.0501 1208  sftvsa - ok
10:59:19.0548 1208  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:59:19.0548 1208  SharedAccess - ok
10:59:19.0594 1208  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:59:19.0610 1208  ShellHWDetection - ok
10:59:19.0641 1208  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
10:59:19.0641 1208  SiSRaid2 - ok
10:59:19.0672 1208  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:59:19.0672 1208  SiSRaid4 - ok
10:59:19.0719 1208  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb       

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 13937
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Quote from: PKwhite21
It says that no threats found   

Excellent!  Seeing as how that is the result you received, I won't worry about the log cutting off. 

Now that the concern over Alureon is off my mind, let's take care of the remaining cleanup.  Please follow these instructions carefully.

Download ComboFix from here.

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:
  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click "Yes" to continue scanning for malware.
  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline PKwhite21

  • Jr. Member
  • **
  • Posts: 16
    • View Profile
ComboFix 13-02-07.02 - PKwhite 02/10/2013  13:34:29.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3563.2383 [GMT -8:00]
Running from: c:\users\PKwhite\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8N0F50T2\ComboFix.exe
AV: Avanquest Fix-It *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Avanquest Fix-It *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\PKwhite\AppData\Local\.#
c:\users\PKwhite\AppData\Local\.#\MBX@280C@2DB2770.###
c:\users\PKwhite\AppData\Local\.#\MBX@280C@2DB27A0.###
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-10 to 2013-02-10  )))))))))))))))))))))))))))))))
.
.
2013-02-10 21:43 . 2013-02-10 21:43   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-02-10 20:17 . 2013-02-10 20:17   --------   d-----w-   c:\programdata\boost_interprocess
2013-02-10 19:52 . 2013-01-08 05:32   9161176   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78221E86-0C66-452F-8EB8-FC01E7CAE85B}\mpengine.dll
2013-02-09 22:23 . 2013-01-08 05:32   9161176   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-09 04:46 . 2013-02-09 04:46   95648   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-09 03:59 . 2013-02-09 03:59   --------   d-----w-   c:\users\PKwhite\AppData\Local\Strongvault Online Backup
2013-02-08 05:41 . 2013-02-08 05:41   --------   d-----w-   c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-02-08 05:41 . 2013-02-08 05:42   --------   d-----w-   c:\programdata\IObit
2013-02-08 05:40 . 2013-02-08 05:41   --------   d-----w-   c:\users\PKwhite\AppData\Roaming\IObit
2013-02-08 05:40 . 2013-02-08 05:40   --------   d-----w-   c:\program files (x86)\IObit
2013-02-08 05:33 . 2013-02-09 03:58   --------   d-sh--w-   c:\windows\SysWow64\AI_RecycleBin
2013-02-08 05:33 . 2013-02-09 03:58   --------   d-----w-   C:\AI_RecycleBin
2013-02-08 05:30 . 2013-02-08 05:30   --------   d-----w-   c:\windows\SysWow64\Extensions
2013-02-08 05:30 . 2013-02-08 05:30   --------   d-----w-   c:\windows\SysWow64\searchplugins
2013-02-07 19:05 . 2013-02-07 19:05   --------   d-----w-   c:\users\PKwhite\AppData\Roaming\DriverCure
2013-02-07 19:05 . 2013-02-07 19:05   --------   d-----w-   c:\users\PKwhite\AppData\Roaming\Foresight Software
2013-02-07 19:05 . 2013-02-07 19:05   --------   d-----w-   c:\program files (x86)\Common Files\Foresight Software
2013-02-07 19:05 . 2013-02-07 19:05   --------   d-----w-   c:\programdata\Foresight Software
2013-02-07 19:05 . 2013-02-07 19:05   --------   d-----w-   c:\program files (x86)\Foresight Software
2013-02-07 18:02 . 2012-11-09 05:45   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-02-07 18:02 . 2012-11-09 04:42   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2013-02-07 16:56 . 2013-02-07 16:56   --------   d-----w-   c:\windows\CheckSur
2013-02-05 23:10 . 2013-02-05 23:10   --------   d-----w-   c:\users\PKwhite\AppData\Roaming\Amazon
2013-02-05 23:10 . 2013-02-05 23:10   --------   d-----w-   c:\program files (x86)\Amazon
2013-02-04 02:21 . 2013-02-06 00:46   --------   d-----w-   c:\program files (x86)\TornTV.com
2013-02-03 20:56 . 2013-02-06 16:57   --------   d-----w-   c:\users\PKwhite\AppData\Local\Maxiget
2013-02-03 20:09 . 2013-02-03 20:09   0   ----a-w-   c:\windows\SysWow64\shoF389.tmp
2013-02-02 22:08 . 2012-08-23 15:09   3072   ----a-w-   c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-02-02 22:08 . 2012-08-23 13:41   13312   ----a-w-   c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-02-02 22:08 . 2012-08-23 13:40   13312   ----a-w-   c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-02-02 22:08 . 2012-08-23 13:24   15360   ----a-w-   c:\windows\system32\RdpGroupPolicyExtension.dll
2013-01-29 20:20 . 2013-01-29 20:20   --------   d-----w-   C:\688c6898ed74eadeed
2013-01-27 22:47 . 2013-01-27 22:47   0   ----a-w-   c:\windows\SysWow64\shoD3DE.tmp
2013-01-26 03:40 . 2013-01-26 03:40   --------   d-----w-   c:\users\PKwhite\AppData\Roaming\Malwarebytes
2013-01-26 03:39 . 2013-01-26 03:39   --------   d-----w-   c:\programdata\Malwarebytes
2013-01-26 03:39 . 2013-01-26 03:39   --------   d-----w-   c:\users\PKwhite\AppData\Local\Programs
2013-01-25 17:39 . 2013-01-25 17:39   --------   d-----w-   c:\windows\Microsoft Antimalware
2013-01-25 01:20 . 2013-01-25 01:20   972264   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1677A6B1-B21E-48F1-9015-3C774477A7BE}\gapaengine.dll
2013-01-25 00:31 . 2013-01-25 00:31   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2013-01-25 00:31 . 2013-01-25 00:31   --------   d-----w-   c:\program files\Microsoft Security Client
2013-01-22 00:09 . 2012-07-26 04:55   785512   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2013-01-22 00:09 . 2012-07-26 04:55   54376   ----a-w-   c:\windows\system32\drivers\WdfLdr.sys
2013-01-22 00:09 . 2012-07-26 04:47   2560   ----a-w-   c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-01-22 00:09 . 2012-07-26 02:36   9728   ----a-w-   c:\windows\system32\Wdfres.dll
2013-01-22 00:07 . 2012-07-26 03:08   84992   ----a-w-   c:\windows\system32\WUDFSvc.dll
2013-01-22 00:07 . 2012-07-26 03:08   194048   ----a-w-   c:\windows\system32\WUDFPlatform.dll
2013-01-22 00:07 . 2012-07-26 02:26   87040   ----a-w-   c:\windows\system32\drivers\WUDFPf.sys
2013-01-22 00:07 . 2012-07-26 02:26   198656   ----a-w-   c:\windows\system32\drivers\WUDFRd.sys
2013-01-22 00:07 . 2012-07-26 03:08   229888   ----a-w-   c:\windows\system32\WUDFHost.exe
2013-01-22 00:07 . 2012-07-26 03:08   744448   ----a-w-   c:\windows\system32\WUDFx.dll
2013-01-22 00:07 . 2012-07-26 03:08   45056   ----a-w-   c:\windows\system32\WUDFCoinstaller.dll
2013-01-21 20:49 . 2012-11-22 05:44   800768   ----a-w-   c:\windows\system32\usp10.dll
2013-01-21 20:49 . 2012-11-22 04:45   626688   ----a-w-   c:\windows\SysWow64\usp10.dll
2013-01-21 20:28 . 2012-10-09 18:17   226816   ----a-w-   c:\windows\system32\dhcpcore6.dll
2013-01-21 20:28 . 2012-10-09 17:40   193536   ----a-w-   c:\windows\SysWow64\dhcpcore6.dll
2013-01-21 20:28 . 2012-10-09 18:17   55296   ----a-w-   c:\windows\system32\dhcpcsvc6.dll
2013-01-21 20:28 . 2012-10-09 17:40   44032   ----a-w-   c:\windows\SysWow64\dhcpcsvc6.dll
2013-01-21 20:27 . 2012-10-03 17:56   1914248   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-01-21 20:27 . 2012-10-03 17:44   303104   ----a-w-   c:\windows\system32\nlasvc.dll
2013-01-21 20:27 . 2012-10-03 17:44   246272   ----a-w-   c:\windows\system32\netcorehc.dll
2013-01-21 20:27 . 2012-10-03 17:44   216576   ----a-w-   c:\windows\system32\ncsi.dll
2013-01-21 20:27 . 2012-10-03 17:42   569344   ----a-w-   c:\windows\system32\iphlpsvc.dll
2013-01-21 20:27 . 2012-10-03 16:42   175104   ----a-w-   c:\windows\SysWow64\netcorehc.dll
2013-01-21 20:27 . 2012-10-03 16:42   156672   ----a-w-   c:\windows\SysWow64\ncsi.dll
2013-01-21 20:27 . 2012-01-13 07:12   52224   ----a-w-   c:\windows\SysWow64\nlaapi.dll
2013-01-21 20:27 . 2012-10-03 17:44   70656   ----a-w-   c:\windows\system32\nlaapi.dll
2013-01-21 20:27 . 2012-10-03 17:44   18944   ----a-w-   c:\windows\system32\netevent.dll
2013-01-21 20:27 . 2012-10-03 16:42   18944   ----a-w-   c:\windows\SysWow64\netevent.dll
2013-01-21 20:27 . 2012-10-03 16:07   45568   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2013-01-21 20:13 . 2013-01-21 20:16   --------   d-----w-   c:\windows\system32\MpEngineStore
2013-01-21 20:08 . 2013-01-21 20:08   --------   d-----w-   C:\eea64627e69d5cb2fee774326dfca6
2013-01-21 20:05 . 2012-08-24 18:09   458712   ----a-w-   c:\windows\system32\drivers\cng.sys
2013-01-21 20:05 . 2012-08-24 18:05   340992   ----a-w-   c:\windows\system32\schannel.dll
2013-01-21 20:05 . 2012-08-24 16:57   247808   ----a-w-   c:\windows\SysWow64\schannel.dll
2013-01-21 20:05 . 2012-08-24 18:13   154480   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2013-01-21 20:05 . 2012-08-24 18:03   1448448   ----a-w-   c:\windows\system32\lsasrv.dll
2013-01-21 20:05 . 2012-08-24 16:57   22016   ----a-w-   c:\windows\SysWow64\secur32.dll
2013-01-21 20:05 . 2012-08-24 16:53   96768   ----a-w-   c:\windows\SysWow64\sspicli.dll
2013-01-21 20:01 . 2012-05-05 08:36   503808   ----a-w-   c:\windows\system32\srcore.dll
2013-01-21 20:01 . 2012-05-05 07:46   43008   ----a-w-   c:\windows\SysWow64\srclient.dll
2013-01-21 20:00 . 2012-02-11 06:36   559104   ----a-w-   c:\windows\system32\spoolsv.exe
2013-01-21 20:00 . 2012-02-11 06:36   67072   ----a-w-   c:\windows\splwow64.exe
2013-01-21 19:55 . 2012-08-31 18:19   1659760   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2013-01-21 19:55 . 2012-12-16 17:11   46080   ----a-w-   c:\windows\system32\atmlib.dll
2013-01-21 19:55 . 2012-12-16 14:13   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2013-01-21 19:55 . 2012-12-16 14:45   367616   ----a-w-   c:\windows\system32\atmfd.dll
2013-01-21 19:55 . 2012-12-16 14:13   295424   ----a-w-   c:\windows\SysWow64\atmfd.dll
2013-01-21 19:54 . 2012-08-21 21:01   245760   ----a-w-   c:\windows\system32\OxpsConverter.exe
2013-01-21 19:54 . 2012-08-02 17:58   574464   ----a-w-   c:\windows\system32\d3d10level9.dll
2013-01-21 19:54 . 2012-08-02 16:57   490496   ----a-w-   c:\windows\SysWow64\d3d10level9.dll
2013-01-21 19:53 . 2012-08-22 18:12   950128   ----a-w-   c:\windows\system32\drivers\ndis.sys
2013-01-21 19:53 . 2012-07-04 20:26   41472   ----a-w-   c:\windows\system32\drivers\RNDISMP.sys
2013-01-21 19:52 . 2012-03-01 06:46   23408   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2013-01-21 19:52 . 2012-03-01 06:33   81408   ----a-w-   c:\windows\system32\imagehlp.dll
2013-01-21 19:52 . 2012-03-01 06:28   5120   ----a-w-   c:\windows\system32\wmi.dll
2013-01-21 19:52 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\SysWow64\imagehlp.dll
2013-01-21 19:52 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
2013-01-21 19:52 . 2012-05-04 11:00   366592   ----a-w-   c:\windows\system32\qdvd.dll
2013-01-21 19:52 . 2012-05-04 09:59   514560   ----a-w-   c:\windows\SysWow64\qdvd.dll
2013-01-21 19:51 . 2012-05-01 05:40   209920   ----a-w-   c:\windows\system32\profsvc.dll
2013-01-21 19:50 . 2012-04-07 12:31   3216384   ----a-w-   c:\windows\system32\msi.dll
2013-01-21 19:50 . 2012-04-07 11:26   2342400   ----a-w-   c:\windows\SysWow64\msi.dll
2013-01-21 19:44 . 2012-01-04 10:44   509952   ----a-w-   c:\windows\system32\ntshrui.dll
2013-01-21 19:44 . 2012-01-04 08:58   442880   ----a-w-   c:\windows\SysWow64\ntshrui.dll
2013-01-21 19:43 . 2011-12-30 06:26   515584   ----a-w-   c:\windows\system32\timedate.cpl
2013-01-21 19:43 . 2011-12-30 05:27   478720   ----a-w-   c:\windows\SysWow64\timedate.cpl
2013-01-21 19:42 . 2012-06-09 05:43   14172672   ----a-w-   c:\windows\system32\shell32.dll
2013-01-21 19:34 . 2012-07-04 22:16   73216   ----a-w-   c:\windows\system32\netapi32.dll
2013-01-21 19:34 . 2012-07-04 22:13   59392   ----a-w-   c:\windows\system32\browcli.dll
2013-01-21 19:34 . 2012-07-04 22:13   136704   ----a-w-   c:\windows\system32\browser.dll
2013-01-21 19:34 . 2012-07-04 21:14   41984   ----a-w-   c:\windows\SysWow64\browcli.dll
2013-01-21 19:32 . 2012-06-02 05:41   1464320   ----a-w-   c:\windows\system32\crypt32.dll
2013-01-21 19:32 . 2012-06-02 05:41   184320   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-01-21 19:32 . 2012-06-02 05:41   140288   ----a-w-   c:\windows\system32\cryptnet.dll
2013-01-21 19:32 . 2012-06-02 04:36   140288   ----a-w-   c:\windows\SysWow64\cryptsvc.dll
2013-01-21 19:32 . 2012-06-02 04:36   1159680   ----a-w-   c:\windows\SysWow64\crypt32.dll
2013-01-21 19:32 . 2012-06-02 04:36   103936   ----a-w-   c:\windows\SysWow64\cryptnet.dll
2013-01-21 19:27 . 2013-02-10 03:58   --------   d-----w-   C:\Firefox
2013-01-21 19:21 . 2013-02-09 04:46   861088   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2013-01-21 18:28 . 2013-02-06 05:03   --------   d-----w-   c:\users\PKwhite\AppData\Roaming\FixCleaner
2013-01-21 18:27 . 2013-02-09 19:16   --------   d-----w-   c:\program files (x86)\FixCleaner
2013-01-17 06:52 . 2012-08-30 18:03   5559664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-01-17 06:52 . 2012-08-30 17:12   3968880   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2013-01-17 06:52 . 2012-08-30 17:12   3914096   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2013-01-17 05:20 . 2013-01-17 05:20   0   ----a-w-   c:\windows\SysWow64\sho213.tmp
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 04:46 . 2011-04-29 00:39   782240   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2013-01-30 10:53 . 2010-11-21 03:27   273840   ------w-   c:\windows\system32\MpSigStub.exe
2013-01-21 20:15 . 2011-08-21 02:11   286076   ----a-w-   C:\DUMP5272.tmp
2013-01-14 02:42 . 2012-04-15 00:12   697864   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-14 02:42 . 2011-11-01 18:36   74248   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-17 01:31 . 2012-03-06 20:58   67599240   ----a-w-   c:\windows\system32\MRT.exe
2012-11-30 04:45 . 2013-01-21 20:52   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2012-11-16 06:28 . 2012-11-16 06:28   87960   ----a-r-   c:\users\PKwhite\AppData\Roaming\Microsoft\Installer\{D74EB870-4745-467B-9430-DA53A604A456}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_29ED7E310C63D54B783793FF4D321BDC"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-03-03 2922496]
"SMessaging"="c:\users\PKwhite\AppData\Local\Strongvault Online Backup\SMessaging.exe" [2012-04-05 31664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_SZ            
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 hxmgfeiy;hxmgfeiy;

R1 jckeyvsy;jckeyvsy;

R1 luzonsuy;luzonsuy;

R1 uydjjxkt;uydjjxkt;

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AQFileRestore;AQFileRestore;c:\windows\system32\DRIVERS\AQFileRestore.sys [2012-06-08 21120]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [2009-11-03 318336]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [2009-11-03 62976]
R3 clwvd;CyberLink WebCam Virtual Driver;

R3 easytether;easytether;

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [2009-11-09 43032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2013-02-09 15712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-22 1255736]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2000-01-01 89600]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-02 204288]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]
R4 CACLEARWIRE;Clearwire Con App Svc;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [2009-11-09 124240]
R4 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [2009-11-09 120144]
R4 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R4 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2000-01-01 2451456]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-03-09 366000]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R4 SBAMSvc;Fix-It;c:\program files (x86)\Common Files\Antivirus\SBAMSvc.exe [2010-10-11 2763080]
R4 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2009-11-09 107856]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2000-01-01 82560]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2000-01-01 42624]
S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys [2000-01-01 11904]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-05-25 57976]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-07-27 94296]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2010-06-14 64600]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2000-01-01 106664]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2000-01-01 226984]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2000-01-01 96896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2000-01-01 339600]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 708200]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-08-29 1145960]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 760168]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2000-01-01 57512]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-30 22:49   1607120   ----a-w-   c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 02:42]
.
2013-02-10 c:\windows\Tasks\Foresight Software Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-02-07 c:\windows\Tasks\Foresight Software Update3.job
- c:\program files (x86)\Common Files\Foresight Software\UUS3\Update3.exe [2013-01-15 21:40]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 23:30]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 23:30]
.
2013-02-10 c:\windows\Tasks\HPCeeScheduleForPKWHITE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-02-10 c:\windows\Tasks\HPCeeScheduleForPKwhite.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-02-08 c:\windows\Tasks\PC Helper 360.job
- c:\program files (x86)\Foresight Software\PC Helper 360\pch360.exe [2013-01-15 21:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-03-03 2922496]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.privitize.com/?aff=7
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: google.com\accounts
Trusted Zone: google.com\mail
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
BHO-{0DAE081B-BEB6-484B-A09C-38399A38035E} - (no file)
Wow6432Node-HKLM-Run-MakiwaraNotify - c:\program files (x86)\AOL Computer Checkup\sdccont.exe
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"=hex:51,66,7a,6c,4c,1d,38,12,a2,ea,69,
   93,b1,e1,86,00,e1,15,a1,39,87,48,a6,c1
"{BA00B7B1-0351-477A-B948-23E3EE5A73D4}"=hex:51,66,7a,6c,4c,1d,38,12,df,b4,13,
   be,63,4d,14,02,c6,5e,60,a3,eb,04,37,c0
"{134DA043-566E-4572-82E6-8978D0ED03D8}"=hex:51,66,7a,6c,4c,1d,38,12,2d,a3,5e,
   17,5c,18,1c,00,fd,f0,ca,38,d5,b3,47,cc
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3EF64538-8B54-4573-B48F-4D34B0238AB2}"=hex:51,66,7a,6c,4c,1d,38,12,56,46,e5,
   3a,66,c5,1d,00,cb,99,0e,74,b5,7d,ce,a6
"{58124A0B-DC32-4180-9BFF-E0E21AE34026}"=hex:51,66,7a,6c,4c,1d,38,12,65,49,01,
   5c,00,92,ee,04,e4,e9,a3,a2,1f,bd,04,32
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,
   81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
   8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}"=hex:51,66,7a,6c,4c,1d,38,12,d8,cf,e9,
   98,0d,61,19,04,eb,fc,4e,6b,77,8d,c0,d5
"{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}"=hex:51,66,7a,6c,4c,1d,38,12,85,b5,89,
   a4,87,7f,22,00,e8,fa,d8,69,48,cc,aa,3e
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
   f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:8e,71,6e,0d,7e,58,cd,01
.
[HKEY_USERS\S-1-5-21-792220486-842809793-2467614242-1001\Software\SecuROM\License information*]
"datasecu"=hex:f5,0d,1f,31,6a,2c,2d,d3,76,6e,86,d1,6e,d1,02,ce,86,85,d2,c3,bc,
   a0,ff,27,29,85,4a,b4,dd,74,c8,8c,a6,3c,ad,cf,d5,f5,6c,52,61,25,bc,a7,35,a4,\
"rkeysecu"=hex:90,58,68,30,61,df,25,43,8b,81,21,e6,1a,a6,77,da
.
[HKEY_USERS\S-1-5-21-792220486-842809793-2467614242-1001\w* ¢*w*]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:0b,1c,8b,a2,81,a1,a4,00
.
[HKEY_USERS\S-1-5-21-792220486-842809793-2467614242-1001\£*"!ò*w*]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:0b,1c,8b,a2,81,a1,a4,00
.
[HKEY_USERS\S-1-5-21-792220486-842809793-2467614242-1001\ó*9 ò*w*]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:0b,1c,8b,a2,81,a1,a4,00
.
[HKEY_USERS\S-1-5-21-792220486-842809793-2467614242-1001\ÿ*9 É*w*]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:0b,1c,8b,a2,81,a1,a4,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-10  13:48:00
ComboFix-quarantined-files.txt  2013-02-10 21:48
.
Pre-Run: 556,146,364,416 bytes free
Post-Run: 556,015,337,472 bytes free
.
- - End Of File - - C220D14DCDC3B66B3FE4765B2BF11C0B

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 13937
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:
Code: [Select]
File::
C:\DUMP5272.tmp
c:\windows\SysWow64\shoD3DE.tmp
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.




  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Considering that I have seen Babylon elements being left behind even after running AdwCleaner, I'd like you to run one more tool.  Please download Junkware Removal Tool to your desktop.
  • Run the tool by double-clicking it.  If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Please let me know if you are still getting the error messages and if the "drop down" you mentioned and, of course, if you can run Sims3 now.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline PKwhite21

  • Jr. Member
  • **
  • Posts: 16
    • View Profile
The same problems still.

ComboFix 13-02-07.02 - PKwhite 02/10/2013  17:51:45.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3563.2347 [GMT -8:00]
Running from: c:\users\PKwhite\Desktop\ComboFix.exe
Command switches used :: c:\users\PKwhite\Desktop\CFScript.txt
AV: Avanquest Fix-It *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Avanquest Fix-It *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\DUMP5272.tmp"
"c:\windows\SysWow64\shoD3DE.tmp"
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-11 to 2013-02-11  )))))))))))))))))))))))))))))))
.
.
2013-02-11 01:57 . 2013-02-11 01:57   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-02-10 20:17 . 2013-02-10 20:17   --------   d-----w-   c:\programdata\boost_interprocess
2013-02-10 19:52 . 2013-01-08 05:32   9161176   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78221E86-0C66-452F-8EB8-FC01E7CAE85B}\mpengine.dll
2013-02-09 22:23 . 2013-01-08 05:32   9161176   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-09 04:46 . 2013-02-09 04:46   95648   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-09 03:59 . 2013-02-09 03:59   --------   d-----w-   c:\users\PKwhite\AppData\Local\Strongvault Online Backup
2013-02-08 05:41 . 2013-02-08 05:41   --------   d-----w-   c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-02-08 05:41 . 2013-02-08 05:42   --------   d-----w-   c:\programdata\IObit
2013-02-08 05:40 . 2013-02-08 05:41   --------   d-----w-   c:\users\PKwhite\AppData\Roaming\IObit
2013-02-08 05:40 . 2013-02-08 05:40   --------   d-----w-   c:\program files (x86)\IObit
2013-02-08 05:33 . 2013-02-09 03:58   --------   d-sh--w-   c:\windows\SysWow64\AI_RecycleBin
2013-02-08 05:33 . 2013-02-09 03:58   --------   d-----w-   C:\AI_RecycleBin
2013-02-08 05:30 . 2013-02-08 05:30   --------   d-----w-   c:\windows\SysWow64\Extensions
2013-02-08 05:30 . 2013-02-08 05:30   --------   d-----w-   c:\windows\SysWow64\searchplugins
2013-02-07 19:05 . 2013-02-07 19:05   --------   d-----w-   c:\users\PKwhite\AppData\Roaming\DriverCure
2013-02-07 19:05 . 2013-02-07 19:05   --------   d-----w-   c:\users\PKwhite\AppData\Roaming\Foresight Software
2013-02-07 19:05 . 2013-02-07 19:05   --------   d-----w-   c:\program files (x86)\Common Files\Foresight Software
2013-02-07 19:05 . 2013-02-07 19:05   --------   d-----w-   c:\programdata\Foresight Software
2013-02-07 19:05 . 2013-02-07 19:05   --------   d-----w-   c:\program files (x86)\Foresight Software
2013-02-07 18:02 . 2012-11-09 05:45   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-02-07 18:02 . 2012-11-09 04:42   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2013-02-07 16:56 . 2013-02-07 16:56   --------   d-----w-   c:\windows\CheckSur
2013-02-05 23:10 . 2013-02-05 23:10   --------   d-----w-   c:\users\PKwhite\AppData\Roaming\Amazon
2013-02-05 23:10 . 2013-02-05 23:10   --------   d-----w-   c:\program files (x86)\Amazon
2013-02-04 02:21 . 2013-02-06 00:46   --------   d-----w-   c:\program files (x86)\TornTV.com
2013-02-03 20:56 . 2013-02-06 16:57   --------   d-----w-   c:\users\PKwhite\AppData\Local\Maxiget
2013-02-03 20:09 . 2013-02-03 20:09   0   ----a-w-   c:\windows\SysWow64\shoF389.tmp
2013-02-02 22:08 . 2012-08-23 15:09   3072   ----a-w-   c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-02-02 22:08 . 2012-08-23 13:41   13312   ----a-w-   c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-02-02 22:08 . 2012-08-23 13:40   13312   ----a-w-   c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-02-02 22:08 . 2012-08-23 13:24   15360   ----a-w-   c:\windows\system32\RdpGroupPolicyExtension.dll
2013-01-29 20:20 . 2013-01-29 20:20   --------   d-----w-   C:\688c6898ed74eadeed
2013-01-27 22:47 . 2013-01-27 22:47   0   ----a-w-   c:\windows\SysWow64\shoD3DE.tmp
2013-01-26 03:40 . 2013-01-26 03:40   --------   d-----w-   c:\users\PKwhite\AppData\Roaming\Malwarebytes
2013-01-26 03:39 . 2013-01-26 03:39   --------   d-----w-   c:\programdata\Malwarebytes
2013-01-26 03:39 . 2013-01-26 03:39   --------   d-----w-   c:\users\PKwhite\AppData\Local\Programs
2013-01-25 17:39 . 2013-01-25 17:39   --------   d-----w-   c:\windows\Microsoft Antimalware
2013-01-25 01:20 . 2013-01-25 01:20   972264   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1677A6B1-B21E-48F1-9015-3C774477A7BE}\gapaengine.dll
2013-01-25 00:31 . 2013-01-25 00:31   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2013-01-25 00:31 . 2013-01-25 00:31   --------   d-----w-   c:\program files\Microsoft Security Client
2013-01-22 00:09 . 2012-07-26 04:55   785512   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2013-01-22 00:09 . 2012-07-26 04:55   54376   ----a-w-   c:\windows\system32\drivers\WdfLdr.sys
2013-01-22 00:09 . 2012-07-26 04:47   2560   ----a-w-   c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-01-22 00:09 . 2012-07-26 02:36   9728   ----a-w-   c:\windows\system32\Wdfres.dll
2013-01-22 00:07 . 2012-07-26 03:08   84992   ----a-w-   c:\windows\system32\WUDFSvc.dll
2013-01-22 00:07 . 2012-07-26 03:08   194048   ----a-w-   c:\windows\system32\WUDFPlatform.dll
2013-01-22 00:07 . 2012-07-26 02:26   87040   ----a-w-   c:\windows\system32\drivers\WUDFPf.sys
2013-01-22 00:07 . 2012-07-26 02:26   198656   ----a-w-   c:\windows\system32\drivers\WUDFRd.sys
2013-01-22 00:07 . 2012-07-26 03:08   229888   ----a-w-   c:\windows\system32\WUDFHost.exe
2013-01-22 00:07 . 2012-07-26 03:08   744448   ----a-w-   c:\windows\system32\WUDFx.dll
2013-01-22 00:07 . 2012-07-26 03:08   45056   ----a-w-   c:\windows\system32\WUDFCoinstaller.dll
2013-01-21 20:49 . 2012-11-22 05:44   800768   ----a-w-   c:\windows\system32\usp10.dll
2013-01-21 20:49 . 2012-11-22 04:45   626688   ----a-w-   c:\windows\SysWow64\usp10.dll
2013-01-21 20:28 . 2012-10-09 18:17   226816   ----a-w-   c:\windows\system32\dhcpcore6.dll
2013-01-21 20:28 . 2012-10-09 17:40   193536   ----a-w-   c:\windows\SysWow64\dhcpcore6.dll
2013-01-21 20:28 . 2012-10-09 18:17   55296   ----a-w-   c:\windows\system32\dhcpcsvc6.dll
2013-01-21 20:28 . 2012-10-09 17:40   44032   ----a-w-   c:\windows\SysWow64\dhcpcsvc6.dll
2013-01-21 20:27 . 2012-10-03 17:56   1914248   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-01-21 20:27 . 2012-10-03 17:44   303104   ----a-w-   c:\windows\system32\nlasvc.dll
2013-01-21 20:27 . 2012-10-03 17:44   246272   ----a-w-   c:\windows\system32\netcorehc.dll
2013-01-21 20:27 . 2012-10-03 17:44   216576   ----a-w-   c:\windows\system32\ncsi.dll
2013-01-21 20:27 . 2012-10-03 17:42   569344   ----a-w-   c:\windows\system32\iphlpsvc.dll
2013-01-21 20:27 . 2012-10-03 16:42   175104   ----a-w-   c:\windows\SysWow64\netcorehc.dll
2013-01-21 20:27 . 2012-10-03 16:42   156672   ----a-w-   c:\windows\SysWow64\ncsi.dll
2013-01-21 20:27 . 2012-01-13 07:12   52224   ----a-w-   c:\windows\SysWow64\nlaapi.dll
2013-01-21 20:27 . 2012-10-03 17:44   70656   ----a-w-   c:\windows\system32\nlaapi.dll
2013-01-21 20:27 . 2012-10-03 17:44   18944   ----a-w-   c:\windows\system32\netevent.dll
2013-01-21 20:27 . 2012-10-03 16:42   18944   ----a-w-   c:\windows\SysWow64\netevent.dll
2013-01-21 20:27 . 2012-10-03 16:07   45568   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2013-01-21 20:13 . 2013-01-21 20:16   --------   d-----w-   c:\windows\system32\MpEngineStore
2013-01-21 20:08 . 2013-01-21 20:08   --------   d-----w-   C:\eea64627e69d5cb2fee774326dfca6
2013-01-21 20:05 . 2012-08-24 18:09   458712   ----a-w-   c:\windows\system32\drivers\cng.sys
2013-01-21 20:05 . 2012-08-24 18:05   340992   ----a-w-   c:\windows\system32\schannel.dll
2013-01-21 20:05 . 2012-08-24 16:57   247808   ----a-w-   c:\windows\SysWow64\schannel.dll
2013-01-21 20:05 . 2012-08-24 18:13   154480   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2013-01-21 20:05 . 2012-08-24 18:03   1448448   ----a-w-   c:\windows\system32\lsasrv.dll
2013-01-21 20:05 . 2012-08-24 16:57   22016   ----a-w-   c:\windows\SysWow64\secur32.dll
2013-01-21 20:05 . 2012-08-24 16:53   96768   ----a-w-   c:\windows\SysWow64\sspicli.dll
2013-01-21 20:01 . 2012-05-05 08:36   503808   ----a-w-   c:\windows\system32\srcore.dll
2013-01-21 20:01 . 2012-05-05 07:46   43008   ----a-w-   c:\windows\SysWow64\srclient.dll
2013-01-21 20:00 . 2012-02-11 06:36   559104   ----a-w-   c:\windows\system32\spoolsv.exe
2013-01-21 20:00 . 2012-02-11 06:36   67072   ----a-w-   c:\windows\splwow64.exe
2013-01-21 19:55 . 2012-08-31 18:19   1659760   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2013-01-21 19:55 . 2012-12-16 17:11   46080   ----a-w-   c:\windows\system32\atmlib.dll
2013-01-21 19:55 . 2012-12-16 14:13   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2013-01-21 19:55 . 2012-12-16 14:45   367616   ----a-w-   c:\windows\system32\atmfd.dll
2013-01-21 19:55 . 2012-12-16 14:13   295424   ----a-w-   c:\windows\SysWow64\atmfd.dll
2013-01-21 19:54 . 2012-08-21 21:01   245760   ----a-w-   c:\windows\system32\OxpsConverter.exe
2013-01-21 19:54 . 2012-08-02 17:58   574464   ----a-w-   c:\windows\system32\d3d10level9.dll
2013-01-21 19:54 . 2012-08-02 16:57   490496   ----a-w-   c:\windows\SysWow64\d3d10level9.dll
2013-01-21 19:53 . 2012-08-22 18:12   950128   ----a-w-   c:\windows\system32\drivers\ndis.sys
2013-01-21 19:53 . 2012-07-04 20:26   41472   ----a-w-   c:\windows\system32\drivers\RNDISMP.sys
2013-01-21 19:52 . 2012-03-01 06:46   23408   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2013-01-21 19:52 . 2012-03-01 06:33   81408   ----a-w-   c:\windows\system32\imagehlp.dll
2013-01-21 19:52 . 2012-03-01 06:28   5120   ----a-w-   c:\windows\system32\wmi.dll
2013-01-21 19:52 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\SysWow64\imagehlp.dll
2013-01-21 19:52 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
2013-01-21 19:52 . 2012-05-04 11:00   366592   ----a-w-   c:\windows\system32\qdvd.dll
2013-01-21 19:52 . 2012-05-04 09:59   514560   ----a-w-   c:\windows\SysWow64\qdvd.dll
2013-01-21 19:51 . 2012-05-01 05:40   209920   ----a-w-   c:\windows\system32\profsvc.dll
2013-01-21 19:50 . 2012-04-07 12:31   3216384   ----a-w-   c:\windows\system32\msi.dll
2013-01-21 19:50 . 2012-04-07 11:26   2342400   ----a-w-   c:\windows\SysWow64\msi.dll
2013-01-21 19:44 . 2012-01-04 10:44   509952   ----a-w-   c:\windows\system32\ntshrui.dll
2013-01-21 19:44 . 2012-01-04 08:58   442880   ----a-w-   c:\windows\SysWow64\ntshrui.dll
2013-01-21 19:43 . 2011-12-30 06:26   515584   ----a-w-   c:\windows\system32\timedate.cpl
2013-01-21 19:43 . 2011-12-30 05:27   478720   ----a-w-   c:\windows\SysWow64\timedate.cpl
2013-01-21 19:42 . 2012-06-09 05:43   14172672   ----a-w-   c:\windows\system32\shell32.dll
2013-01-21 19:34 . 2012-07-04 22:16   73216   ----a-w-   c:\windows\system32\netapi32.dll
2013-01-21 19:34 . 2012-07-04 22:13   59392   ----a-w-   c:\windows\system32\browcli.dll
2013-01-21 19:34 . 2012-07-04 22:13   136704   ----a-w-   c:\windows\system32\browser.dll
2013-01-21 19:34 . 2012-07-04 21:14   41984   ----a-w-   c:\windows\SysWow64\browcli.dll
2013-01-21 19:32 . 2012-06-02 05:41   1464320   ----a-w-   c:\windows\system32\crypt32.dll
2013-01-21 19:32 . 2012-06-02 05:41   184320   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-01-21 19:32 . 2012-06-02 05:41   140288   ----a-w-   c:\windows\system32\cryptnet.dll
2013-01-21 19:32 . 2012-06-02 04:36   140288   ----a-w-   c:\windows\SysWow64\cryptsvc.dll
2013-01-21 19:32 . 2012-06-02 04:36   1159680   ----a-w-   c:\windows\SysWow64\crypt32.dll
2013-01-21 19:32 . 2012-06-02 04:36   103936   ----a-w-   c:\windows\SysWow64\cryptnet.dll
2013-01-21 19:27 . 2013-02-10 03:58   --------   d-----w-   C:\Firefox
2013-01-21 19:21 . 2013-02-09 04:46   861088   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2013-01-21 18:28 . 2013-02-06 05:03   --------   d-----w-   c:\users\PKwhite\AppData\Roaming\FixCleaner
2013-01-21 18:27 . 2013-02-09 19:16   --------   d-----w-   c:\program files (x86)\FixCleaner
2013-01-17 06:52 . 2012-08-30 18:03   5559664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-01-17 06:52 . 2012-08-30 17:12   3968880   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2013-01-17 06:52 . 2012-08-30 17:12   3914096   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2013-01-17 05:20 . 2013-01-17 05:20   0   ----a-w-   c:\windows\SysWow64\sho213.tmp
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 04:46 . 2011-04-29 00:39   782240   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2013-01-30 10:53 . 2010-11-21 03:27   273840   ------w-   c:\windows\system32\MpSigStub.exe
2013-01-21 20:15 . 2011-08-21 02:11   286076   ----a-w-   C:\DUMP5272.tmp
2013-01-14 02:42 . 2012-04-15 00:12   697864   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-14 02:42 . 2011-11-01 18:36   74248   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-17 01:31 . 2012-03-06 20:58   67599240   ----a-w-   c:\windows\system32\MRT.exe
2012-11-30 04:45 . 2013-01-21 20:52   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2012-11-16 06:28 . 2012-11-16 06:28   87960   ----a-r-   c:\users\PKwhite\AppData\Roaming\Microsoft\Installer\{D74EB870-4745-467B-9430-DA53A604A456}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_29ED7E310C63D54B783793FF4D321BDC"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-03-03 2922496]
"SMessaging"="c:\users\PKwhite\AppData\Local\Strongvault Online Backup\SMessaging.exe" [2012-04-05 31664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_SZ            
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 hxmgfeiy;hxmgfeiy;

R1 jckeyvsy;jckeyvsy;

R1 luzonsuy;luzonsuy;

R1 uydjjxkt;uydjjxkt;

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AQFileRestore;AQFileRestore;c:\windows\system32\DRIVERS\AQFileRestore.sys [2012-06-08 21120]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [2009-11-03 318336]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [2009-11-03 62976]
R3 clwvd;CyberLink WebCam Virtual Driver;

R3 easytether;easytether;

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [2009-11-09 43032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2013-02-09 15712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-22 1255736]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2000-01-01 89600]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-02 204288]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]
R4 CACLEARWIRE;Clearwire Con App Svc;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [2009-11-09 124240]
R4 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [2009-11-09 120144]
R4 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R4 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2000-01-01 2451456]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-03-09 366000]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R4 SBAMSvc;Fix-It;c:\program files (x86)\Common Files\Antivirus\SBAMSvc.exe [2010-10-11 2763080]
R4 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2009-11-09 107856]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2000-01-01 82560]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2000-01-01 42624]
S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys [2000-01-01 11904]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-05-25 57976]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-07-27 94296]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2010-06-14 64600]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2000-01-01 106664]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2000-01-01 226984]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2000-01-01 96896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2000-01-01 339600]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 708200]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-08-29 1145960]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 760168]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2000-01-01 57512]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-30 22:49   1607120   ----a-w-   c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 02:42]
.
2013-02-10 c:\windows\Tasks\Foresight Software Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-02-07 c:\windows\Tasks\Foresight Software Update3.job
- c:\program files (x86)\Common Files\Foresight Software\UUS3\Update3.exe [2013-01-15 21:40]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 23:30]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 23:30]
.
2013-02-10 c:\windows\Tasks\HPCeeScheduleForPKWHITE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-02-11 c:\windows\Tasks\HPCeeScheduleForPKwhite.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-02-08 c:\windows\Tasks\PC Helper 360.job
- c:\program files (x86)\Foresight Software\PC Helper 360\pch360.exe [2013-01-15 21:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-03-03 2922496]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.privitize.com/?aff=7
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: google.com\accounts
Trusted Zone: google.com\mail
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0DAE081B-BEB6-484B-A09C-38399A38035E} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"=hex:51,66,7a,6c,4c,1d,38,12,a2,ea,69,
   93,b1,e1,86,00,e1,15,a1,39,87,48,a6,c1
"{BA00B7B1-0351-477A-B948-23E3EE5A73D4}"=hex:51,66,7a,6c,4c,1d,38,12,df,b4,13,
   be,63,4d,14,02,c6,5e,60,a3,eb,04,37,c0
"{134DA043-566E-4572-82E6-8978D0ED03D8}"=hex:51,66,7a,6c,4c,1d,38,12,2d,a3,5e,
   17,5c,18,1c,00,fd,f0,ca,38,d5,b3,47,cc
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3EF64538-8B54-4573-B48F-4D34B0238AB2}"=hex:51,66,7a,6c,4c,1d,38,12,56,46,e5,
   3a,66,c5,1d,00,cb,99,0e,74,b5,7d,ce,a6
"{58124A0B-DC32-4180-9BFF-E0E21AE34026}"=hex:51,66,7a,6c,4c,1d,38,12,65,49,01,
   5c,00,92,ee,04,e4,e9,a3,a2,1f,bd,04,32
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,
   81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
   8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}"=hex:51,66,7a,6c,4c,1d,38,12,d8,cf,e9,
   98,0d,61,19,04,eb,fc,4e,6b,77,8d,c0,d5
"{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}"=hex:51,66,7a,6c,4c,1d,38,12,85,b5,89,
   a4,87,7f,22,00,e8,fa,d8,69,48,cc,aa,3e
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
   f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:8e,71,6e,0d,7e,58,cd,01
.
[HKEY_USERS\S-1-5-21-792220486-842809793-2467614242-1001\Software\SecuROM\License information*]
"datasecu"=hex:f5,0d,1f,31,6a,2c,2d,d3,76,6e,86,d1,6e,d1,02,ce,86,85,d2,c3,bc,
   a0,ff,27,29,85,4a,b4,dd,74,c8,8c,a6,3c,ad,cf,d5,f5,6c,52,61,25,bc,a7,35,a4,\
"rkeysecu"=hex:90,58,68,30,61,df,25,43,8b,81,21,e6,1a,a6,77,da
.
[HKEY_USERS\S-1-5-21-792220486-842809793-2467614242-1001\w* ¢*w*]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:0b,1c,8b,a2,81,a1,a4,00
.
[HKEY_USERS\S-1-5-21-792220486-842809793-2467614242-1001\£*"!ò*w*]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:0b,1c,8b,a2,81,a1,a4,00
.
[HKEY_USERS\S-1-5-21-792220486-842809793-2467614242-1001\ó*9 ò*w*]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:0b,1c,8b,a2,81,a1,a4,00
.
[HKEY_USERS\S-1-5-21-792220486-842809793-2467614242-1001\ÿ*9 É*w*]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:0b,1c,8b,a2,81,a1,a4,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-10  18:01:33
ComboFix-quarantined-files.txt  2013-02-11 02:01
ComboFix2.txt  2013-02-10 22:53
ComboFix3.txt  2013-02-10 21:48
.
Pre-Run: 550,031,937,536 bytes free
Post-Run: 549,735,297,024 bytes free
.
- - End Of File - - 93624B386BCC6EF34144AE404419502C


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Premium x64
Ran by PKwhite on Sun 02/10/2013 at 18:05:42.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\smessaging
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\appid\babylonhelper.exe
Successfully deleted: [Registry Key] hkey_current_user\software\aol toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\aol toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\fixcleaner
Successfully deleted: [Registry Key] hkey_local_machine\software\fixcleaner
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\office\powerpoint\addins\babylonofficeaddin.officeaddin
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\office\word\addins\babylonofficeaddin.officeaddin
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3ef64538-8b54-4573-b48f-4d34b0238ab2}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{3ef64538-8b54-4573-b48f-4d34b0238ab2}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\adobe\reader 10.0\reader\plug_ins\babylon\babylonrpi.api"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.1049.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.1049.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\aol toolbar"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\PKwhite\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\PKwhite\AppData\Roaming\fixcleaner"
Successfully deleted: [Folder] "C:\Users\PKwhite\appdata\local\jetmp3"
Successfully deleted: [Folder] "C:\Users\PKwhite\appdata\local\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\PKwhite\appdata\local\torch"
Successfully deleted: [Folder] "C:\Program Files (x86)\aol toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\fixcleaner"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Chrome

Dumping contents of C:\Users\PKwhite\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\PKwhite\appdata\local\Google\Chrome\User Data\Default\Default\aaggdgdfgcdhgbdcdbdedadidegbddgf
C:\Users\PKwhite\appdata\local\Google\Chrome\User Data\Default\Default\aaggdgdfgcdhgbdcdbdedadidegbddgf\manifest.json

Successfully deleted: [Folder] C:\Users\PKwhite\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/10/2013 at 18:19:37.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~