I may have to take different steps beyond malware removal, but I suspect I may have something(s) starting with Win7x64 that slows down the whole works. Everything seems to eventually operate as I expect. Could one of you fine volunteers have a look? My dds log is below, attach file is included.
Thanks!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by estern at 9:47:38 on 2013-01-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.3958.1967 [GMT -3.5:30]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Dell\Reader 2.1\DVMExportService.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Dell\Reader 2.1\DellBtrEvent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mail.google.com/mail/?shva=1#inbox
uProxyOverride = 127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [DellBtrEvent] C:\Program Files (x86)\Dell\Reader 2.1\DellBtrEvent.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [PUStarter] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe
mRun: [RunPUTasktray] "C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe" --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\estern\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: DisallowRun = dword:1
mPolicies-DisallowRun: 1 = a.exe
mPolicies-DisallowRun: 2 = abc.exe
mPolicies-DisallowRun: 3 = acquisition.exe
mPolicies-DisallowRun: 4 = aMule.exe
mPolicies-DisallowRun: 5 = ants.exe
mPolicies-DisallowRun: 6 = ares.exe
mPolicies-DisallowRun: 7 = aresgalaxy.exe
mPolicies-DisallowRun: 8 = azureus.exe
mPolicies-DisallowRun: 9 = BearShare.exe
mPolicies-DisallowRun: 10 = BitComet.exe
mPolicies-DisallowRun: 11 = BitComet_setup.exe
mPolicies-DisallowRun: 12 = BitLord.exe
mPolicies-DisallowRun: 13 = BitTornado.exe
mPolicies-DisallowRun: 14 = BitTorrent.exe
mPolicies-DisallowRun: 15 = Blubster.exe
mPolicies-DisallowRun: 16 = cabos.exe
mPolicies-DisallowRun: 17 = dcplusplus.exe
mPolicies-DisallowRun: 18 = eMule.exe
mPolicies-DisallowRun: 19 = eMulePlus.exe
mPolicies-DisallowRun: 20 = flashget.exe
mPolicies-DisallowRun: 21 = frostwire.exe
mPolicies-DisallowRun: 22 = gnucleus.exe
mPolicies-DisallowRun: 23 = gnutella.exe
mPolicies-DisallowRun: 24 = grokster.exe
mPolicies-DisallowRun: 25 = gtk-gnutella.exe
mPolicies-DisallowRun: 26 = iMesh.exe
mPolicies-DisallowRun: 27 = Kazaa.exe
mPolicies-DisallowRun: 28 = kazaa_setup.exe
mPolicies-DisallowRun: 29 = KCeasy.exe
mPolicies-DisallowRun: 30 = Ktorrent.exe
mPolicies-DisallowRun: 31 = LimeWire.exe
mPolicies-DisallowRun: 32 = LimeWireWin.exe
mPolicies-DisallowRun: 33 = Morpheus.exe
mPolicies-DisallowRun: 34 = napigator.exe
mPolicies-DisallowRun: 35 = napster.exe
mPolicies-DisallowRun: 36 = overnet.exe
mPolicies-DisallowRun: 37 = piolet.exe
mPolicies-DisallowRun: 38 = Qtorrent.exe
mPolicies-DisallowRun: 39 = Rtorrent.exe
mPolicies-DisallowRun: 40 = Shareaza.exe
mPolicies-DisallowRun: 41 = strongdc.exe
mPolicies-DisallowRun: 42 = temp.exe
mPolicies-DisallowRun: 43 = tmp.exe
mPolicies-DisallowRun: 44 = turbobt.exe
mPolicies-DisallowRun: 45 = uTorrent.exe
mPolicies-DisallowRun: 46 = vuze.exe
mPolicies-DisallowRun: 47 = vuze_installer.exe
mPolicies-DisallowRun: 48 = WinMX.exe
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: hp.com
Trusted Zone: hp.com
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.3.1.0.cab
DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://www.3dpublisher.net/SWService/eDrawingsEnglish.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 208.85.80.245 192.75.24.250
TCP: Interfaces\{79B8784A-E966-4404-A71C-E10841E22897} : DHCPNameServer = 208.85.80.245 192.75.24.250
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - <orphaned>
x64-Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - <orphaned>
x64-Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - <orphaned>
x64-Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-7-15 53488]
R1 DVMIO;DVMIO;C:\Program Files (x86)\Dell\Reader 2.1\dvmio_x64.sys [2010-5-4 20624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-9 235520]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\Program Files (x86)\Dell\Reader 2.1\DVMExportService.exe [2010-5-4 327680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-26 13336]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2012-3-1 145448]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-10-29 2477304]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-15 2533400]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2012-1-19 294064]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-30 138912]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-15 56344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe [2010-1-20 87336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-9-16 1431888]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2010-8-24 74320]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2010-8-24 13392]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-10 19456]
S3 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2009-11-23 93992]
S3 RMWPService;RMWPService;C:\Program Files (x86)\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe [2004-1-28 20537]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2011-5-27 63528]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-10 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-15 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .txt: Applications\EXCEL.EXE="C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE" "%1" [UserChoice]
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
ShellExec: EDITPLUS.EXE: edit=C:\Program Files (x86)\EditPlus 3\EDITPLUS.EXE
ShellExec: EDITPLUS.EXE: open=C:\Program Files (x86)\EditPlus 3\EDITPLUS.EXE
.
=============== Created Last 30 ================
.
2013-01-07 13:15:24 -------- d-sh--w- C:\$RECYCLE.BIN
2013-01-07 12:44:26 98816 ----a-w- C:\Windows\sed.exe
2013-01-07 12:44:26 256000 ----a-w- C:\Windows\PEV.exe
2013-01-07 12:44:26 208896 ----a-w- C:\Windows\MBR.exe
2013-01-03 13:14:03 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{756B0318-CBD6-4B72-8823-71350337FA33}\offreg.dll
2012-12-17 17:28:25 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{756B0318-CBD6-4B72-8823-71350337FA33}\mpengine.dll
2012-12-13 18:56:21 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-12-13 18:56:21 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-12-13 18:56:21 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-12-13 18:56:21 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-12-13 18:56:01 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-13 18:52:24 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-12-13 18:52:24 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-12-13 18:52:24 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-12-13 18:52:24 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-13 18:51:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-12-13 18:51:25 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-12-13 18:51:25 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2012-12-13 18:51:25 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-12-13 18:51:25 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-12-13 18:51:25 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-12-13 18:51:25 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-12-13 18:51:24 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-12-13 18:51:24 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-12-13 18:51:24 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-12-13 18:51:24 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-12-13 18:51:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-12-13 18:42:05 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-12-13 18:42:05 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-12-13 18:42:04 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-12-13 18:42:04 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-12-13 18:42:04 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-12-13 18:42:04 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-12-13 18:42:04 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-12-13 18:42:00 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-12-13 18:42:00 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-12-11 15:55:41 -------- d-----w- C:\Windows\{69093D49-3DD1-4FB5-A378-0D4DB4CF86EA}
2012-12-10 13:11:27 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-12-10 13:02:59 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-12-10 13:02:58 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-12-10 13:02:58 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-12-10 12:59:29 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-12-10 12:59:29 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-12-10 12:59:29 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-12-10 12:59:29 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-12-10 12:59:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-12-10 12:59:29 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-12-10 12:59:29 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-12-10 12:59:28 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-12-10 12:59:28 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-12-10 12:56:01 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-12-10 12:56:00 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-12-10 12:54:57 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-12-10 12:54:57 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-12-10 12:52:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-10 12:52:45 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-10 12:52:36 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-12-10 12:52:36 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-12-10 12:44:21 53248 ----a-r- C:\Users\estern\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-12-10 12:41:32 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-12-10 12:41:32 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-12-10 12:41:32 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-12-10 12:41:32 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-12-10 12:41:32 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-12-10 12:41:31 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
.
==================== Find3M ====================
.
2012-12-12 15:12:16 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 15:12:16 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-10 12:21:54 233120 ----a-w- C:\Windows\System32\drivers\wpshelper.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
.
============= FINISH: 9:47:47.90 ===============
Thanks!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by estern at 9:47:38 on 2013-01-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.3958.1967 [GMT -3.5:30]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Dell\Reader 2.1\DVMExportService.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Dell\Reader 2.1\DellBtrEvent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mail.google.com/mail/?shva=1#inbox
uProxyOverride = 127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [DellBtrEvent] C:\Program Files (x86)\Dell\Reader 2.1\DellBtrEvent.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [PUStarter] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe
mRun: [RunPUTasktray] "C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe" --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\estern\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: DisallowRun = dword:1
mPolicies-DisallowRun: 1 = a.exe
mPolicies-DisallowRun: 2 = abc.exe
mPolicies-DisallowRun: 3 = acquisition.exe
mPolicies-DisallowRun: 4 = aMule.exe
mPolicies-DisallowRun: 5 = ants.exe
mPolicies-DisallowRun: 6 = ares.exe
mPolicies-DisallowRun: 7 = aresgalaxy.exe
mPolicies-DisallowRun: 8 = azureus.exe
mPolicies-DisallowRun: 9 = BearShare.exe
mPolicies-DisallowRun: 10 = BitComet.exe
mPolicies-DisallowRun: 11 = BitComet_setup.exe
mPolicies-DisallowRun: 12 = BitLord.exe
mPolicies-DisallowRun: 13 = BitTornado.exe
mPolicies-DisallowRun: 14 = BitTorrent.exe
mPolicies-DisallowRun: 15 = Blubster.exe
mPolicies-DisallowRun: 16 = cabos.exe
mPolicies-DisallowRun: 17 = dcplusplus.exe
mPolicies-DisallowRun: 18 = eMule.exe
mPolicies-DisallowRun: 19 = eMulePlus.exe
mPolicies-DisallowRun: 20 = flashget.exe
mPolicies-DisallowRun: 21 = frostwire.exe
mPolicies-DisallowRun: 22 = gnucleus.exe
mPolicies-DisallowRun: 23 = gnutella.exe
mPolicies-DisallowRun: 24 = grokster.exe
mPolicies-DisallowRun: 25 = gtk-gnutella.exe
mPolicies-DisallowRun: 26 = iMesh.exe
mPolicies-DisallowRun: 27 = Kazaa.exe
mPolicies-DisallowRun: 28 = kazaa_setup.exe
mPolicies-DisallowRun: 29 = KCeasy.exe
mPolicies-DisallowRun: 30 = Ktorrent.exe
mPolicies-DisallowRun: 31 = LimeWire.exe
mPolicies-DisallowRun: 32 = LimeWireWin.exe
mPolicies-DisallowRun: 33 = Morpheus.exe
mPolicies-DisallowRun: 34 = napigator.exe
mPolicies-DisallowRun: 35 = napster.exe
mPolicies-DisallowRun: 36 = overnet.exe
mPolicies-DisallowRun: 37 = piolet.exe
mPolicies-DisallowRun: 38 = Qtorrent.exe
mPolicies-DisallowRun: 39 = Rtorrent.exe
mPolicies-DisallowRun: 40 = Shareaza.exe
mPolicies-DisallowRun: 41 = strongdc.exe
mPolicies-DisallowRun: 42 = temp.exe
mPolicies-DisallowRun: 43 = tmp.exe
mPolicies-DisallowRun: 44 = turbobt.exe
mPolicies-DisallowRun: 45 = uTorrent.exe
mPolicies-DisallowRun: 46 = vuze.exe
mPolicies-DisallowRun: 47 = vuze_installer.exe
mPolicies-DisallowRun: 48 = WinMX.exe
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: hp.com
Trusted Zone: hp.com
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.3.1.0.cab
DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://www.3dpublisher.net/SWService/eDrawingsEnglish.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 208.85.80.245 192.75.24.250
TCP: Interfaces\{79B8784A-E966-4404-A71C-E10841E22897} : DHCPNameServer = 208.85.80.245 192.75.24.250
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - <orphaned>
x64-Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - <orphaned>
x64-Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - <orphaned>
x64-Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-7-15 53488]
R1 DVMIO;DVMIO;C:\Program Files (x86)\Dell\Reader 2.1\dvmio_x64.sys [2010-5-4 20624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-9 235520]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\Program Files (x86)\Dell\Reader 2.1\DVMExportService.exe [2010-5-4 327680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-26 13336]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2012-3-1 145448]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-10-29 2477304]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-15 2533400]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2012-1-19 294064]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-30 138912]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-15 56344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe [2010-1-20 87336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-9-16 1431888]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2010-8-24 74320]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2010-8-24 13392]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-10 19456]
S3 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2009-11-23 93992]
S3 RMWPService;RMWPService;C:\Program Files (x86)\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe [2004-1-28 20537]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2011-5-27 63528]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-10 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-15 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .txt: Applications\EXCEL.EXE="C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE" "%1" [UserChoice]
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
ShellExec: EDITPLUS.EXE: edit=C:\Program Files (x86)\EditPlus 3\EDITPLUS.EXE
ShellExec: EDITPLUS.EXE: open=C:\Program Files (x86)\EditPlus 3\EDITPLUS.EXE
.
=============== Created Last 30 ================
.
2013-01-07 13:15:24 -------- d-sh--w- C:\$RECYCLE.BIN
2013-01-07 12:44:26 98816 ----a-w- C:\Windows\sed.exe
2013-01-07 12:44:26 256000 ----a-w- C:\Windows\PEV.exe
2013-01-07 12:44:26 208896 ----a-w- C:\Windows\MBR.exe
2013-01-03 13:14:03 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{756B0318-CBD6-4B72-8823-71350337FA33}\offreg.dll
2012-12-17 17:28:25 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{756B0318-CBD6-4B72-8823-71350337FA33}\mpengine.dll
2012-12-13 18:56:21 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-12-13 18:56:21 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-12-13 18:56:21 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-12-13 18:56:21 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-12-13 18:56:01 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-13 18:52:24 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-12-13 18:52:24 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-12-13 18:52:24 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-12-13 18:52:24 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-13 18:51:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-12-13 18:51:25 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-12-13 18:51:25 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2012-12-13 18:51:25 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-12-13 18:51:25 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-12-13 18:51:25 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-12-13 18:51:25 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-12-13 18:51:24 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-12-13 18:51:24 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-12-13 18:51:24 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-12-13 18:51:24 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-12-13 18:51:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-12-13 18:42:05 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-12-13 18:42:05 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-12-13 18:42:04 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-12-13 18:42:04 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-12-13 18:42:04 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-12-13 18:42:04 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-12-13 18:42:04 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-12-13 18:42:00 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-12-13 18:42:00 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-12-11 15:55:41 -------- d-----w- C:\Windows\{69093D49-3DD1-4FB5-A378-0D4DB4CF86EA}
2012-12-10 13:11:27 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-12-10 13:02:59 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-12-10 13:02:58 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-12-10 13:02:58 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-12-10 12:59:29 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-12-10 12:59:29 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-12-10 12:59:29 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-12-10 12:59:29 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-12-10 12:59:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-12-10 12:59:29 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-12-10 12:59:29 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-12-10 12:59:28 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-12-10 12:59:28 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-12-10 12:56:01 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-12-10 12:56:00 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-12-10 12:54:57 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-12-10 12:54:57 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-12-10 12:52:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-10 12:52:45 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-10 12:52:36 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-12-10 12:52:36 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-12-10 12:44:21 53248 ----a-r- C:\Users\estern\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-12-10 12:41:32 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-12-10 12:41:32 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-12-10 12:41:32 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-12-10 12:41:32 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-12-10 12:41:32 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-12-10 12:41:31 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
.
==================== Find3M ====================
.
2012-12-12 15:12:16 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 15:12:16 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-10 12:21:54 233120 ----a-w- C:\Windows\System32\drivers\wpshelper.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
.
============= FINISH: 9:47:47.90 ===============