I'm posting from another computer, but laptop was infected by the same attachment in an email. Before I found your forum I ran MSE, Malwarebytes Anti-rootkit beta and TDSSKiller but something keeps reinfecting system. dllhost.exe used to run many version of itself and use up cpu and memory until the system would BSOD. But I think MSE catches dllhost.exe and closes it. Anyway here are the log files.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.21.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Brenda Williams :: BRENDAWILLIAMS [administrator]
2/21/2014 6:12:02 PM
mbam-log-2014-02-21 (18-12-02).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234062
Time elapsed: 27 minute(s), 58 second(s)
Memory Processes Detected: 3
C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbrmon.exe (PUP.Optional.MindSpark) -> 3348 -> Delete on reboot.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.Optional.MindSpark) -> 3456 -> Delete on reboot.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe (PUP.Optional.MindSpark) -> 3672 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 24
HKLM\SYSTEM\CurrentControlSet\Services\BibleTriviaTime_4lService (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\TelevisionFanaticService (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\TotalRecipeSearch_14Service (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{33119133-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.SkinLauncher.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.SkinLauncher (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{03119103-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\Interface\{23119123-0854-469D-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.SkinLauncherSettings.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.SkinLauncherSettings (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{ab56dfde-0c14-45b3-9df6-7b0eba617870} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCR\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCR\CLSID\{df22384f-cf68-4d19-969f-10423715528b} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCR\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF22384F-CF68-4D19-969F-10423715528B} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF22384F-CF68-4D19-969F-10423715528B} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF22384F-CF68-4D19-969F-10423715528B} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKLM\Software\InstallIQ (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
Registry Values Detected: 9
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.Optional.MindSpark) -> Data: N H+\G¨*€ïØN£> -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.Optional.MindSpark) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{8A7D2060-824D-4B17-B00A-759B1B5F30D9} (PUP.Optional.MindSpark) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Know the Bible? Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\BIBLET~2\bar\1.bin\4lsrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BibleTriviaTime_4l Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\BIBLET~2\bar\1.bin\4lbrmon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TotalRecipeSearch Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TotalRecipeSearch_14 Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\TOTALR~2\bar\1.bin\14brmon.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Program Files\PC Optimizer Pro (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\Languages (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
Files Detected: 28
C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbarsvc.exe (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14sknlcr.dll (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
C:\Users\Brenda Williams\Downloads\DTLite4461-0327.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Brenda Williams\Local Settings\sfplagwv.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Brenda Williams\AppData\Local\sfplagwv.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\PCOptProTrays.exe (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\data.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe.manifest (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\StartApps.exe (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\uninst.exe (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\UpdatesDll_s.dll (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\Languages\DE.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\Languages\EN.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\Languages\ES.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\Languages\FR.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\Languages\IT.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lSrchMn.exe (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbrmon.exe (PUP.Optional.MindSpark) -> Delete on reboot.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.Optional.MindSpark) -> Delete on reboot.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe (PUP.Optional.MindSpark) -> Delete on reboot.
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518
Run by Brenda Williams at 19:08:21 on 2014-02-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3819.1963 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\AppIntegrator64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
svchost.exe
C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
svchost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Users\Brenda Williams\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uDefault_Page_URL = hxxp://acer.msn.com
uURLSearchHooks: <No Name>: {3f2ae504-aa17-4805-90e8-56e48f98731c} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lSrcAs.dll
uURLSearchHooks: <No Name>: {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Search Assistant BHO: {09df68da-2acf-4828-9320-6d999a0834a3} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lSrcAs.dll
BHO: &Inbox.com Toolbar Helper: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Inbox\ctbr.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Toolbar BHO: {4f426332-14d3-4383-abd6-ab0af916a73c} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbar.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Know the Bible?: {7ABEAB51-07BE-42C5-89B4-C7F1A3A31816} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbar.dll
TB: TelevisionFanatic: {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
TB: &Inbox.com Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Inbox\ctbr.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
TB: Know the Bible?: {7abeab51-07be-42c5-89b4-c7f1a3a31816} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbar.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: &Inbox.com Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Inbox\ctbr.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Brenda Williams\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Orb] "C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe" /background
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN238BS0Z305KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [dhopexwo] "C:\Users\Brenda Williams\AppData\Local\ogtjvcnc.exe"
uRun: [ohtudlpl] "C:\Users\Brenda Williams\AppData\Local\qmssihoq.exe"
uRun: [Cobian Backup 11] "C:\Program Files (x86)\Cobian Backup 11\Cobian.exe"
uRun: [oeqpdeor] "C:\Users\Brenda Williams\AppData\Local\rsfhgkcr.exe"
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PPort14reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
mRun: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe
mRun: [SpeetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Inbox Search - tbr:iemenu
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{5AE2F5D2-5E07-4EAE-B5A4-E9A83D25C33B} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{84670C98-929C-4756-9249-6B826807D230} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{84670C98-929C-4756-9249-6B826807D230}\C474D205736393021323 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{84670C98-929C-4756-9249-6B826807D230}\E4544574541425 : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Inbox\ctbr.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [TotalRecipeSearch Home Page Guard 64 bit] "C:\PROGRA~2\TOTALR~2\bar\1.bin\AppIntegrator64.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 46368]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-24 283200]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-8-16 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-8-16 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-8-16 62776]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2014-2-20 67584]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-8-16 114704]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-8-16 76912]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-10-10 47232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-8-16 246376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-12 1255736]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-16 204288]
S4 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
S4 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
S4 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-10-10 198784]
S4 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-16 353360]
S4 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
S4 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-10-10 872552]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
S4 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-16 255376]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
S4 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-9-20 138600]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S4 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-9 1771544]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-02-22 00:59:16 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EFFE047B-5832-4C8C-884D-5494B194CF26}\mpengine.dll
2014-02-22 00:17:01 141312 ----a-w- C:\Users\Brenda Williams\AppData\Local\rsfhgkcr.exe
2014-02-22 00:14:58 68945 ----a-w- C:\Users\Brenda Williams\AppData\Local\lujghcqc.exe
2014-02-22 00:13:57 68945 ----a-w- C:\Users\Brenda Williams\AppData\Local\essgelvr.exe
2014-02-22 00:11:43 68945 ----a-w- C:\Users\Brenda Williams\AppData\Local\koffxdtk.exe
2014-02-22 00:10:14 -------- d-----w- C:\Users\Brenda Williams\AppData\Roaming\Malwarebytes
2014-02-22 00:09:45 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-22 00:09:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-22 00:09:12 -------- d-----w- C:\Users\Brenda Williams\AppData\Local\Programs
2014-02-20 23:27:07 -------- d-----w- C:\Windows 7 Backup
2014-02-20 23:26:41 -------- d-----w- C:\Users\Brenda Williams\New folder
2014-02-20 23:11:35 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2014-02-17 15:46:22 208216 ----a-w- C:\Windows\System32\drivers\21884856.sys
2014-02-17 05:41:39 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-16 22:04:07 155648 ------w- C:\Users\Brenda Williams\AppData\Local\qmssihoq.exe
2014-02-16 18:40:45 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-16 18:39:18 155648 ------w- C:\Users\Brenda Williams\AppData\Local\ogtjvcnc.exe
2014-02-16 18:35:36 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-02-12 22:12:09 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{587D0609-1A80-4C53-8DA7-3D900118454E}\gapaengine.dll
2014-02-12 22:11:59 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-12 21:46:13 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-02-12 21:46:06 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-02-12 21:23:41 -------- d-----w- C:\Users\Brenda Williams\AppData\Roaming\Deaceg
2014-02-12 19:41:40 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-12 19:41:39 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-12 19:38:01 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-12 19:38:00 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-12 18:58:41 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-24 01:17:34 -------- d-----w- C:\Users\Brenda Williams\.freescreensharing
2014-01-24 01:17:25 -------- d-----w- C:\Users\Brenda Williams\AppData\Local\FreeScreenSharing
.
==================== Find3M ====================
.
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 05:52:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 05:52:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-11-26 03:47:22 196376 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-11-26 03:47:20 243480 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-26 03:47:20 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
.
============= FINISH: 19:09:09.92 ===============
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.21.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Brenda Williams :: BRENDAWILLIAMS [administrator]
2/21/2014 6:12:02 PM
mbam-log-2014-02-21 (18-12-02).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234062
Time elapsed: 27 minute(s), 58 second(s)
Memory Processes Detected: 3
C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbrmon.exe (PUP.Optional.MindSpark) -> 3348 -> Delete on reboot.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.Optional.MindSpark) -> 3456 -> Delete on reboot.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe (PUP.Optional.MindSpark) -> 3672 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 24
HKLM\SYSTEM\CurrentControlSet\Services\BibleTriviaTime_4lService (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\TelevisionFanaticService (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\TotalRecipeSearch_14Service (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{33119133-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.SkinLauncher.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.SkinLauncher (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{03119103-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\Interface\{23119123-0854-469D-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.SkinLauncherSettings.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.SkinLauncherSettings (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{ab56dfde-0c14-45b3-9df6-7b0eba617870} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCR\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCR\CLSID\{df22384f-cf68-4d19-969f-10423715528b} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCR\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF22384F-CF68-4D19-969F-10423715528B} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF22384F-CF68-4D19-969F-10423715528B} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF22384F-CF68-4D19-969F-10423715528B} (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
HKLM\Software\InstallIQ (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
Registry Values Detected: 9
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.Optional.MindSpark) -> Data: N H+\G¨*€ïØN£> -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.Optional.MindSpark) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{8A7D2060-824D-4B17-B00A-759B1B5F30D9} (PUP.Optional.MindSpark) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Know the Bible? Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\BIBLET~2\bar\1.bin\4lsrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BibleTriviaTime_4l Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\BIBLET~2\bar\1.bin\4lbrmon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TelevisionFanatic Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TotalRecipeSearch Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TotalRecipeSearch_14 Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\TOTALR~2\bar\1.bin\14brmon.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Program Files\PC Optimizer Pro (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\Languages (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
Files Detected: 28
C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbarsvc.exe (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14sknlcr.dll (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
C:\Users\Brenda Williams\Downloads\DTLite4461-0327.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Brenda Williams\Local Settings\sfplagwv.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Brenda Williams\AppData\Local\sfplagwv.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\PCOptProTrays.exe (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\data.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe.manifest (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\StartApps.exe (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\uninst.exe (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\UpdatesDll_s.dll (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\Languages\DE.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\Languages\EN.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\Languages\ES.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\Languages\FR.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\PC Optimizer Pro\Languages\IT.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lSrchMn.exe (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbrmon.exe (PUP.Optional.MindSpark) -> Delete on reboot.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.Optional.MindSpark) -> Delete on reboot.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe (PUP.Optional.MindSpark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14brmon.exe (PUP.Optional.MindSpark) -> Delete on reboot.
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518
Run by Brenda Williams at 19:08:21 on 2014-02-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3819.1963 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\AppIntegrator64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
svchost.exe
C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
svchost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Users\Brenda Williams\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uDefault_Page_URL = hxxp://acer.msn.com
uURLSearchHooks: <No Name>: {3f2ae504-aa17-4805-90e8-56e48f98731c} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lSrcAs.dll
uURLSearchHooks: <No Name>: {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Search Assistant BHO: {09df68da-2acf-4828-9320-6d999a0834a3} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lSrcAs.dll
BHO: &Inbox.com Toolbar Helper: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Inbox\ctbr.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Toolbar BHO: {4f426332-14d3-4383-abd6-ab0af916a73c} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbar.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Know the Bible?: {7ABEAB51-07BE-42C5-89B4-C7F1A3A31816} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbar.dll
TB: TelevisionFanatic: {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
TB: &Inbox.com Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Inbox\ctbr.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll
TB: Know the Bible?: {7abeab51-07be-42c5-89b4-c7f1a3a31816} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lbar.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: &Inbox.com Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Inbox\ctbr.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Brenda Williams\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Orb] "C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe" /background
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN238BS0Z305KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [dhopexwo] "C:\Users\Brenda Williams\AppData\Local\ogtjvcnc.exe"
uRun: [ohtudlpl] "C:\Users\Brenda Williams\AppData\Local\qmssihoq.exe"
uRun: [Cobian Backup 11] "C:\Program Files (x86)\Cobian Backup 11\Cobian.exe"
uRun: [oeqpdeor] "C:\Users\Brenda Williams\AppData\Local\rsfhgkcr.exe"
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PPort14reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
mRun: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe
mRun: [SpeetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Inbox Search - tbr:iemenu
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{5AE2F5D2-5E07-4EAE-B5A4-E9A83D25C33B} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{84670C98-929C-4756-9249-6B826807D230} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{84670C98-929C-4756-9249-6B826807D230}\C474D205736393021323 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{84670C98-929C-4756-9249-6B826807D230}\E4544574541425 : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Inbox\ctbr.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [TotalRecipeSearch Home Page Guard 64 bit] "C:\PROGRA~2\TOTALR~2\bar\1.bin\AppIntegrator64.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 46368]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-24 283200]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-8-16 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-8-16 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-8-16 62776]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2014-2-20 67584]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-8-16 114704]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-8-16 76912]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-10-10 47232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-8-16 246376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-12 1255736]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-16 204288]
S4 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
S4 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
S4 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-10-10 198784]
S4 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-16 353360]
S4 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
S4 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-10-10 872552]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
S4 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-16 255376]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
S4 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-9-20 138600]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S4 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-9 1771544]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-02-22 00:59:16 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EFFE047B-5832-4C8C-884D-5494B194CF26}\mpengine.dll
2014-02-22 00:17:01 141312 ----a-w- C:\Users\Brenda Williams\AppData\Local\rsfhgkcr.exe
2014-02-22 00:14:58 68945 ----a-w- C:\Users\Brenda Williams\AppData\Local\lujghcqc.exe
2014-02-22 00:13:57 68945 ----a-w- C:\Users\Brenda Williams\AppData\Local\essgelvr.exe
2014-02-22 00:11:43 68945 ----a-w- C:\Users\Brenda Williams\AppData\Local\koffxdtk.exe
2014-02-22 00:10:14 -------- d-----w- C:\Users\Brenda Williams\AppData\Roaming\Malwarebytes
2014-02-22 00:09:45 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-22 00:09:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-22 00:09:12 -------- d-----w- C:\Users\Brenda Williams\AppData\Local\Programs
2014-02-20 23:27:07 -------- d-----w- C:\Windows 7 Backup
2014-02-20 23:26:41 -------- d-----w- C:\Users\Brenda Williams\New folder
2014-02-20 23:11:35 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2014-02-17 15:46:22 208216 ----a-w- C:\Windows\System32\drivers\21884856.sys
2014-02-17 05:41:39 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-16 22:04:07 155648 ------w- C:\Users\Brenda Williams\AppData\Local\qmssihoq.exe
2014-02-16 18:40:45 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-16 18:39:18 155648 ------w- C:\Users\Brenda Williams\AppData\Local\ogtjvcnc.exe
2014-02-16 18:35:36 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-02-12 22:12:09 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{587D0609-1A80-4C53-8DA7-3D900118454E}\gapaengine.dll
2014-02-12 22:11:59 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-12 21:46:13 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-02-12 21:46:06 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-02-12 21:23:41 -------- d-----w- C:\Users\Brenda Williams\AppData\Roaming\Deaceg
2014-02-12 19:41:40 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-12 19:41:39 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-12 19:38:01 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-12 19:38:00 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-12 18:58:41 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-24 01:17:34 -------- d-----w- C:\Users\Brenda Williams\.freescreensharing
2014-01-24 01:17:25 -------- d-----w- C:\Users\Brenda Williams\AppData\Local\FreeScreenSharing
.
==================== Find3M ====================
.
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 05:52:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 05:52:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-11-26 03:47:22 196376 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-11-26 03:47:20 243480 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-26 03:47:20 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
.
============= FINISH: 19:09:09.92 ===============