Hello everyone! I'm Sam, and my parents computer is acting up, I figured out the problem, but I don't know how to fix it. There is a virus that won't allow their computer to connect to the internet, well it connects just won't go to any websites. The virus protection program on their computer is going crazy cause it's trying to delete the virus but the computer won't let it delete it. You get the problem. There is a 'virus' of sorts in C:\Windows\System32\Drivers - 11th file down 'afd.sys' Any fixes or files you guys need let me know! Any help is welcome!
Also Adaware's 'name' for it is Lookslike.win32.sirefef.ud (v)
Attached at the DDS files, and Attach file, and ARK file. Help ASAP I will be on later tonight to check for any help.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19393 BrowserJavaVersion: 1.6.0_39
Run by BMN at 9:41:28 on 2013-02-16
Microsoft® Windows Vista Home Basic 6.0.6002.2.1252.1.1033.18.1918.980 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mStart Page = hxxp://www.bigseekpro.com/hypercam/{F0A33C4C-131B-40AE-9A8F-F00422BFBE86}
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60475
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60475
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngin0.dll
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngin0.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngin0.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SystemMonit] <no file>
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SetRefresh] c:\program files\hp\setrefresh\SetRefresh.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SystemMonit] <no file>
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex
StartupFolder: c:\users\bmn\appdata\roaming\microsoft\windows\start menu\programs\startup\winmpa.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Peggle/Images/armhelper.ocx
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{506CF40D-7F51-4C3D-8A59-F080A517EC8A} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
STS: ObjectDockShlExt Class - {1984D045-52CF-49cd-DB77-08F378FEA4DB} -
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {233807B5-2H70-13D0-A31Q-00BB00B32C03} - c:\windows\fonts\winlgoon.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bmn\appdata\roaming\mozilla\firefox\profiles\d4tamaem.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGPPlugin.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\bmn\appdata\locallow\sony online entertainment\npsoe.dll
FF - plugin: c:\users\bmn\appdata\locallow\sony online entertainment\npsoeact.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - ExtSQL: 2013-02-15 16:33; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2010-03-02 12:43; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-30 221784]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2012-3-18 101720]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 fioo32;fioo32;c:\windows\system32\SvchOst.eXE -k fioo32 [2008-1-20 21504]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S3 AirDisplay;Air Display Support;c:\windows\system32\drivers\AVVideoCard.sys [2010-9-7 6656]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [2010-6-3 13112]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-11-19 9472]
.
=============== File Associations ===============
.
FileExt: .chm: Mega Zipper.CHM="c:\program files\mega zipper\MegaZipper.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-02-16 03:24:59 -------- d-sh--w- C:\found.000
2013-02-15 23:02:21 -------- d-----w- c:\windows\system32\SPReview
2013-02-15 23:01:25 215475 ----a-w- c:\windows\oem_uninst.exe
2013-02-15 21:32:59 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-15 21:14:41 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
==================== Find3M ====================
.
2013-02-15 21:32:20 473520 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-23 01:35:53 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-20 04:22:50 204288 ----a-w- c:\windows\system32\ncrypt.dll
2010-01-29 02:45:51 306840 --sh--w- c:\windows\fonts\hid.exe
2010-01-29 02:38:55 863448 --sh--w- c:\windows\fonts\winlgoon.exe
.
============= FINISH: 9:50:09.31 ===============
Also Adaware's 'name' for it is Lookslike.win32.sirefef.ud (v)
Attached at the DDS files, and Attach file, and ARK file. Help ASAP I will be on later tonight to check for any help.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19393 BrowserJavaVersion: 1.6.0_39
Run by BMN at 9:41:28 on 2013-02-16
Microsoft® Windows Vista Home Basic 6.0.6002.2.1252.1.1033.18.1918.980 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mStart Page = hxxp://www.bigseekpro.com/hypercam/{F0A33C4C-131B-40AE-9A8F-F00422BFBE86}
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60475
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60475
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngin0.dll
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngin0.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngin0.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [SystemMonit] <no file>
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [SetRefresh] c:\program files\hp\setrefresh\SetRefresh.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SystemMonit] <no file>
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex
StartupFolder: c:\users\bmn\appdata\roaming\microsoft\windows\start menu\programs\startup\winmpa.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Peggle/Images/armhelper.ocx
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{506CF40D-7F51-4C3D-8A59-F080A517EC8A} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
STS: ObjectDockShlExt Class - {1984D045-52CF-49cd-DB77-08F378FEA4DB} -
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {233807B5-2H70-13D0-A31Q-00BB00B32C03} - c:\windows\fonts\winlgoon.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bmn\appdata\roaming\mozilla\firefox\profiles\d4tamaem.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGPPlugin.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\bmn\appdata\locallow\sony online entertainment\npsoe.dll
FF - plugin: c:\users\bmn\appdata\locallow\sony online entertainment\npsoeact.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - ExtSQL: 2013-02-15 16:33; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2010-03-02 12:43; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-30 221784]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2012-3-18 101720]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 fioo32;fioo32;c:\windows\system32\SvchOst.eXE -k fioo32 [2008-1-20 21504]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S3 AirDisplay;Air Display Support;c:\windows\system32\drivers\AVVideoCard.sys [2010-9-7 6656]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [2010-6-3 13112]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-11-19 9472]
.
=============== File Associations ===============
.
FileExt: .chm: Mega Zipper.CHM="c:\program files\mega zipper\MegaZipper.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-02-16 03:24:59 -------- d-sh--w- C:\found.000
2013-02-15 23:02:21 -------- d-----w- c:\windows\system32\SPReview
2013-02-15 23:01:25 215475 ----a-w- c:\windows\oem_uninst.exe
2013-02-15 21:32:59 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-15 21:14:41 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
==================== Find3M ====================
.
2013-02-15 21:32:20 473520 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-23 01:35:53 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-20 04:22:50 204288 ----a-w- c:\windows\system32\ncrypt.dll
2010-01-29 02:45:51 306840 --sh--w- c:\windows\fonts\hid.exe
2010-01-29 02:38:55 863448 --sh--w- c:\windows\fonts\winlgoon.exe
.
============= FINISH: 9:50:09.31 ===============