Jump to content

Riccio

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Everything posted by Riccio

  1. I want to thank you very much. I understand your job can be demanding at times and it takes alot of patience to deal with tedious things like computers. I thank you for having the patience to walk me through everything and help me remove this problem. You guys are definitley the master of your craft and I appreciate everything you've done. Honestly if I had the money I'd love to donate, but I'm just the son in the family that can navigate through todays tech much better than my parents. Thank you, again. Have a good one.
  2. C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application C:\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\2.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\2.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application C:\Qoobox\Quarantine\C\Users\Michael Riccio\AppData\Local\My Web Search Installer(1174fa9f).exe.vir a variant of Win32/Toolbar.MyWebSearch.K application
  3. Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.13.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 aarons :: AARONS-HP [administrator] Protection: Enabled 11/13/2012 2:28:12 PM mbam-log-2012-11-13 (14-28-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 274338 Time elapsed: 7 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Michael Riccio\Local Settings\mwsautSp.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\Michael Riccio\Local Settings\Application Data\mwsautSp.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:58:55 PM, on 11/13/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\aarons\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: FCTBPos00Pos - {69CE821F-3668-475A-B66F-94719B322DE3} - C:\Program Files (x86)\Dallas Cowboys\Toolbar.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623055355.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Dallas Cowboys - {27E7F580-724E-46EB-846F-96C2396D23ED} - C:\Program Files (x86)\Dallas Cowboys\Toolbar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11846 bytes
  4. I just logged into an admin account. Everything seems to be fine on all other profiles
  5. Combo fix is still going crazy with two seperate windows opening and closing, repeatedly. It wouldn't even let me access anything without it interfering.
  6. I'm not sure what the difference was between the custom scans, but this one worked. Whenever I pasted the first one it was formatted differently when it showed up in the fix window. Here is the log from OTL ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-4091956286-139085011-1590961876-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\flags deleted successfully. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. File Protocol\Handler\livecall - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully. File Protocol\Handler\ms-itss - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. File Protocol\Handler\msnim - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. File Protocol\Handler\wlmailhtml - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. File Protocol\Handler\wlpg - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19A796F4-A878-4EB2-A04E-155D080A5063}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19A796F4-A878-4EB2-A04E-155D080A5063}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19A796F4-A878-4EB2-A04E-155D080A5063}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19A796F4-A878-4EB2-A04E-155D080A5063}\ not found. C:\ProgramData\-hA8UYwv7FPqnAwr moved successfully. C:\ProgramData\-hA8UYwv7FPqnAw moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Michael Riccio\Desktop\cmd.bat deleted successfully. C:\Users\Michael Riccio\Desktop\cmd.txt deleted successfully. File\Folder :Commands not found. File\Folder [PURITY] not found. File\Folder [emptyjava] not found. File\Folder [EMPTYFLASH] not found. OTL by OldTimer - Version 3.2.69.0 log created on 11112012_224028
  7. Are there any specifications on the OTL program that I have to change? Like in "Extra Registry", "Output", "Modules" or anything like that? Everything is in "UseSafeList" except for "Extra Registry"
  8. The ":OTL" at the top of the custom scan? I'm a little confused. I made sure I copied and pasted everything that was there. I retried it multiple times and recieved the same message.
  9. Error: Unable to interpret <:OTLIE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundO4:64bit: - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not foundO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLS> in the current context! Error: Unable to interpret <ID value found.IE:64bit: - HKLM\..\SearchScopes\{19A796F4-A878-4EB2-A04E-155D080A5063}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpdIE - HKLM\..\SearchScopes\{19A796F4-A878-4EB2-A04E-155D080A5063}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd[2012/11/08 22:05:23 | 000,000,160 | ---- | M] () -- C:\ProgramData\-hA8UYwv7FPqnAwr[2012/11/08 22:05:23 | 000,000,152 | ---- | M] () -- C:\ProgramData\-hA8UYwv7FPqnAw:Filesipconfig /flushdns /c:Commands[PURITY][emptyjava][EMPTYFLASH]> in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 11112012_214656
  10. OTL logfile created on: 11/11/2012 8:42:53 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael Riccio\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 3.03 Gb Available Physical Memory | 80.91% Memory free 7.50 Gb Paging File | 6.79 Gb Available in Paging File | 90.62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454.02 Gb Total Space | 399.71 Gb Free Space | 88.04% Space Free | Partition Type: NTFS Drive D: | 11.65 Gb Total Space | 1.42 Gb Free Space | 12.20% Space Free | Partition Type: NTFS Computer Name: AARONS-HP | User Name: aarons | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Michael Riccio\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.) SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.) DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{05BB2EBC-A7FF-405E-9EFA-37785789643A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{19A796F4-A878-4EB2-A04E-155D080A5063}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{05BB2EBC-A7FF-405E-9EFA-37785789643A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{19A796F4-A878-4EB2-A04E-155D080A5063}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z128&install_date=20111203 IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS433 IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..\SearchScopes,DefaultScope = {19A796F4-A878-4EB2-A04E-155D080A5063} IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_en IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..\SearchScopes\{6F39D552-2EB3-4668-9687-03CCB46D63F6}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=HKCIE&o=102807&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=4K&apn_dtid=YYYYYYYYUS&apn_uid=37335c0f-52cf-466f-844b-9a5b0a674ea6&apn_sauid=2A05CF1B-51DD-466E-B078-270E75025146 IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..\SearchScopes\{82397087-0570-4A8D-B105-F1E1DA70AFBA}: "URL" = http://www.bing.com/search?FORM=HPDTDF&PC=HPDTDF&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011/12/29 19:10:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/11/07 04:32:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/26 08:25:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/12/29 19:10:56 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012/11/11 19:38:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120623055355.dll (McAfee, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Dallas Cowboys BHO) - {69CE821F-3668-475A-B66F-94719B322DE3} - C:\Program Files (x86)\Dallas Cowboys\Toolbar.dll () O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623055355.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Dallas Cowboys) - {27E7F580-724E-46EB-846F-96C2396D23ED} - C:\Program Files (x86)\Dallas Cowboys\Toolbar.dll () O3:64bit: - HKU\S-1-5-21-4091956286-139085011-1590961876-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [combofix] C:\ComboFix\CF25026.3XE (Microsoft Corporation) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PCPowerSpeed] C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe (Crawler.com) O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-4091956286-139085011-1590961876-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe () O4 - HKU\S-1-5-21-4091956286-139085011-1590961876-1000..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKU\S-1-5-21-4091956286-139085011-1590961876-1004..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe () O4:64bit: - HKLM..\RunOnce: [combofix] C:\ComboFix\CF25026.3XE (Microsoft Corporation) O4:64bit: - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found O4 - Startup: C:\Users\Michael Riccio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4091956286-139085011-1590961876-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4091956286-139085011-1590961876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B85BAF0-EF2C-4A61-BAEA-C45EC4CDE511}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/11 19:24:05 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/11/11 19:22:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/10 10:49:54 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/11/10 10:24:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/11/10 10:24:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/11/10 10:24:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/11/10 10:24:18 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/10 10:23:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/09 18:23:57 | 000,000,000 | ---D | C] -- C:\Users\aarons\Desktop\RK_Quarantine [2012/11/08 23:38:08 | 000,000,000 | ---D | C] -- C:\Users\aarons\AppData\Roaming\Malwarebytes [2012/11/08 23:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/08 23:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/08 23:37:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/11/08 23:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/11/01 23:46:08 | 000,000,000 | ---D | C] -- C:\Users\aarons\AppData\Local\ElevatedDiagnostics [2012/11/01 23:45:26 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/11/01 21:49:53 | 000,000,000 | ---D | C] -- C:\Config.Msi [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/11 20:19:00 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk [2012/11/11 20:16:25 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/11 20:16:25 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/11 20:16:25 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/11 20:12:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/11 20:11:55 | 3018,661,888 | -HS- | M] () -- C:\hiberfil.sys [2012/11/11 20:09:21 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/11 19:48:32 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/11 19:48:32 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/11 19:40:42 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForaarons.job [2012/11/11 19:38:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/11 19:03:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/11 18:48:19 | 000,012,973 | ---- | M] () -- C:\Users\aarons\Desktop\ComboFix NSIS Installer.lnk [2012/11/11 18:21:54 | 000,000,512 | ---- | M] () -- C:\Users\aarons\Documents\MBR.dat [2012/11/11 03:08:44 | 000,013,917 | ---- | M] () -- C:\Users\aarons\Desktop\iexplore - Shortcut.lnk [2012/11/09 18:13:47 | 000,000,102 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2012/11/09 14:18:39 | 000,000,000 | ---- | M] () -- C:\Users\aarons\defogger_reenable [2012/11/08 23:38:01 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/08 22:05:23 | 000,000,160 | ---- | M] () -- C:\ProgramData\-hA8UYwv7FPqnAwr [2012/11/08 22:05:23 | 000,000,152 | ---- | M] () -- C:\ProgramData\-hA8UYwv7FPqnAw [2012/10/31 09:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/11 18:48:19 | 000,012,973 | ---- | C] () -- C:\Users\aarons\Desktop\ComboFix NSIS Installer.lnk [2012/11/11 18:21:54 | 000,000,512 | ---- | C] () -- C:\Users\aarons\Documents\MBR.dat [2012/11/11 03:08:44 | 000,013,917 | ---- | C] () -- C:\Users\aarons\Desktop\iexplore - Shortcut.lnk [2012/11/10 10:24:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/11/10 10:24:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/11/10 10:24:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/11/10 10:24:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/11/10 10:24:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/11/09 18:13:34 | 000,000,102 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2012/11/09 14:18:39 | 000,000,000 | ---- | C] () -- C:\Users\aarons\defogger_reenable [2012/11/08 23:38:01 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/08 22:09:03 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2012/11/08 22:05:23 | 000,000,160 | ---- | C] () -- C:\ProgramData\-hA8UYwv7FPqnAwr [2012/11/08 22:05:22 | 000,000,152 | ---- | C] () -- C:\ProgramData\-hA8UYwv7FPqnAw [2011/12/04 13:12:45 | 000,000,102 | ---- | C] () -- C:\Users\aarons\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
  11. Also, all of the logs that were saved to my desktop throughout this process have been hidden, and so have my start menu options again.
  12. It ran combo fix after dragging CFScript, I left my computer until it finished the scan. I returned to my computer to find it had restarted itself, when I logged back on to my computer, Combo fix repeatedly popped up and closed itself over and over. I had to run the computer in safe mode to get on the forum.
  13. 02:04:53.0735 6304 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 02:04:55.0745 6304 ============================================================ 02:04:55.0745 6304 Current date / time: 2012/11/11 02:04:55.0745 02:04:55.0745 6304 SystemInfo: 02:04:55.0745 6304 02:04:55.0745 6304 OS Version: 6.1.7601 ServicePack: 1.0 02:04:55.0745 6304 Product type: Workstation 02:04:55.0745 6304 ComputerName: AARONS-HP 02:04:55.0745 6304 UserName: aarons 02:04:55.0745 6304 Windows directory: C:\Windows 02:04:55.0745 6304 System windows directory: C:\Windows 02:04:55.0745 6304 Running under WOW64 02:04:55.0745 6304 Processor architecture: Intel x64 02:04:55.0745 6304 Number of processors: 2 02:04:55.0745 6304 Page size: 0x1000 02:04:55.0745 6304 Boot type: Normal boot 02:04:55.0745 6304 ============================================================ 02:04:57.0565 6304 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 02:04:57.0565 6304 ============================================================ 02:04:57.0565 6304 \Device\Harddisk0\DR0: 02:04:57.0565 6304 MBR partitions: 02:04:57.0565 6304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 02:04:57.0565 6304 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38C08800 02:04:57.0565 6304 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38C3B000, BlocksNum 0x174A800 02:04:57.0565 6304 ============================================================ 02:04:57.0585 6304 C: <-> \Device\Harddisk0\DR0\Partition2 02:04:57.0625 6304 D: <-> \Device\Harddisk0\DR0\Partition3 02:04:57.0625 6304 ============================================================ 02:04:57.0625 6304 Initialize success 02:04:57.0625 6304 ============================================================ 02:05:01.0141 3196 ============================================================ 02:05:01.0141 3196 Scan started 02:05:01.0141 3196 Mode: Manual; 02:05:01.0141 3196 ============================================================ 02:05:02.0473 3196 ================ Scan system memory ======================== 02:05:02.0473 3196 System memory - ok 02:05:02.0483 3196 ================ Scan services ============================= 02:05:02.0613 3196 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 02:05:02.0713 3196 1394ohci - ok 02:05:02.0733 3196 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 02:05:02.0833 3196 ACPI - ok 02:05:02.0853 3196 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 02:05:02.0933 3196 AcpiPmi - ok 02:05:03.0033 3196 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 02:05:03.0163 3196 AdobeARMservice - ok 02:05:03.0203 3196 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 02:05:03.0223 3196 adp94xx - ok 02:05:03.0263 3196 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 02:05:03.0293 3196 adpahci - ok 02:05:03.0313 3196 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 02:05:03.0323 3196 adpu320 - ok 02:05:03.0353 3196 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 02:05:03.0353 3196 AeLookupSvc - ok 02:05:03.0413 3196 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE 02:05:03.0523 3196 AERTFilters - ok 02:05:03.0583 3196 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 02:05:03.0703 3196 AFD - ok 02:05:03.0753 3196 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 02:05:03.0763 3196 agp440 - ok 02:05:03.0783 3196 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 02:05:03.0793 3196 ALG - ok 02:05:03.0833 3196 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 02:05:03.0843 3196 aliide - ok 02:05:03.0873 3196 [ C4C88CD854B28FC85495C841A0F6A069 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 02:05:03.0963 3196 AMD External Events Utility - ok 02:05:03.0983 3196 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 02:05:03.0993 3196 amdide - ok 02:05:04.0013 3196 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 02:05:04.0023 3196 AmdK8 - ok 02:05:04.0173 3196 [ 1147F8816D4DDC9FC43A40DF52F40500 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys 02:05:04.0403 3196 amdkmdag - ok 02:05:04.0443 3196 [ EBC963D8F5B04C98F5EF597AAE79CDDD ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 02:05:04.0543 3196 amdkmdap - ok 02:05:04.0553 3196 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 02:05:04.0563 3196 AmdPPM - ok 02:05:04.0593 3196 [ F747497A0EE5498F79B207F215B3D2D8 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys 02:05:04.0593 3196 amdsata - ok 02:05:04.0623 3196 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 02:05:04.0633 3196 amdsbs - ok 02:05:04.0653 3196 [ 2946D695E158615BAAA16248E63C7ADB ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys 02:05:04.0763 3196 amdxata - ok 02:05:04.0803 3196 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 02:05:04.0913 3196 AppID - ok 02:05:04.0963 3196 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 02:05:04.0973 3196 AppIDSvc - ok 02:05:05.0003 3196 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 02:05:05.0093 3196 Appinfo - ok 02:05:05.0143 3196 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 02:05:05.0153 3196 arc - ok 02:05:05.0173 3196 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 02:05:05.0183 3196 arcsas - ok 02:05:05.0213 3196 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 02:05:05.0223 3196 AsyncMac - ok 02:05:05.0263 3196 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 02:05:05.0273 3196 atapi - ok 02:05:05.0333 3196 [ A42A4052A7DC86E3A01DFAE97FFE2ED1 ] athur C:\Windows\system32\DRIVERS\athurx.sys 02:05:05.0453 3196 athur - ok 02:05:05.0483 3196 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys 02:05:05.0583 3196 AtiPcie - ok 02:05:05.0643 3196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 02:05:05.0653 3196 AudioEndpointBuilder - ok 02:05:05.0673 3196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 02:05:05.0673 3196 AudioSrv - ok 02:05:05.0703 3196 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 02:05:05.0773 3196 AxInstSV - ok 02:05:05.0803 3196 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 02:05:05.0823 3196 b06bdrv - ok 02:05:05.0863 3196 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 02:05:05.0873 3196 b57nd60a - ok 02:05:05.0913 3196 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 02:05:05.0923 3196 BDESVC - ok 02:05:05.0933 3196 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 02:05:05.0943 3196 Beep - ok 02:05:05.0993 3196 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 02:05:06.0083 3196 BFE - ok 02:05:06.0113 3196 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 02:05:06.0123 3196 BITS - ok 02:05:06.0154 3196 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 02:05:06.0164 3196 blbdrive - ok 02:05:06.0194 3196 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 02:05:06.0284 3196 bowser - ok 02:05:06.0304 3196 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 02:05:06.0314 3196 BrFiltLo - ok 02:05:06.0334 3196 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 02:05:06.0344 3196 BrFiltUp - ok 02:05:06.0394 3196 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 02:05:06.0404 3196 BridgeMP - ok 02:05:06.0434 3196 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 02:05:06.0524 3196 Browser - ok 02:05:06.0554 3196 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 02:05:06.0574 3196 Brserid - ok 02:05:06.0584 3196 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 02:05:06.0594 3196 BrSerWdm - ok 02:05:06.0614 3196 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 02:05:06.0624 3196 BrUsbMdm - ok 02:05:06.0634 3196 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 02:05:06.0634 3196 BrUsbSer - ok 02:05:06.0644 3196 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 02:05:06.0654 3196 BTHMODEM - ok 02:05:06.0694 3196 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 02:05:06.0704 3196 bthserv - ok 02:05:06.0747 3196 catchme - ok 02:05:06.0776 3196 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 02:05:06.0786 3196 cdfs - ok 02:05:06.0826 3196 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 02:05:06.0926 3196 cdrom - ok 02:05:06.0978 3196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 02:05:07.0054 3196 CertPropSvc - ok 02:05:07.0087 3196 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys 02:05:07.0177 3196 cfwids - ok 02:05:07.0212 3196 [ 2C24DB5F78F0ACA759803001E6B4F320 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe 02:05:07.0324 3196 CinemaNow Service - ok 02:05:07.0364 3196 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 02:05:07.0364 3196 circlass - ok 02:05:07.0415 3196 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 02:05:07.0466 3196 CLFS - ok 02:05:07.0586 3196 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 02:05:07.0596 3196 clr_optimization_v2.0.50727_32 - ok 02:05:07.0636 3196 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 02:05:07.0646 3196 clr_optimization_v2.0.50727_64 - ok 02:05:07.0726 3196 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 02:05:07.0830 3196 clr_optimization_v4.0.30319_32 - ok 02:05:07.0848 3196 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 02:05:07.0953 3196 clr_optimization_v4.0.30319_64 - ok 02:05:07.0988 3196 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 02:05:07.0988 3196 CmBatt - ok 02:05:07.0998 3196 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 02:05:08.0008 3196 cmdide - ok 02:05:08.0058 3196 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 02:05:08.0128 3196 CNG - ok 02:05:08.0148 3196 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 02:05:08.0158 3196 Compbatt - ok 02:05:08.0198 3196 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 02:05:08.0308 3196 CompositeBus - ok 02:05:08.0308 3196 COMSysApp - ok 02:05:08.0348 3196 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 02:05:08.0358 3196 crcdisk - ok 02:05:08.0398 3196 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 02:05:08.0398 3196 CryptSvc - ok 02:05:08.0438 3196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 02:05:08.0448 3196 DcomLaunch - ok 02:05:08.0478 3196 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 02:05:08.0498 3196 defragsvc - ok 02:05:08.0538 3196 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 02:05:08.0628 3196 DfsC - ok 02:05:08.0660 3196 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 02:05:08.0660 3196 Dhcp - ok 02:05:08.0690 3196 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 02:05:08.0700 3196 discache - ok 02:05:08.0740 3196 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 02:05:08.0750 3196 Disk - ok 02:05:08.0770 3196 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 02:05:08.0780 3196 Dnscache - ok 02:05:08.0810 3196 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 02:05:08.0910 3196 dot3svc - ok 02:05:08.0952 3196 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 02:05:09.0022 3196 DPS - ok 02:05:09.0042 3196 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 02:05:09.0052 3196 drmkaud - ok 02:05:09.0102 3196 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 02:05:09.0212 3196 DXGKrnl - ok 02:05:09.0262 3196 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 02:05:09.0272 3196 EapHost - ok 02:05:09.0362 3196 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 02:05:09.0442 3196 ebdrv - ok 02:05:09.0462 3196 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 02:05:09.0552 3196 EFS - ok 02:05:09.0612 3196 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 02:05:09.0722 3196 ehRecvr - ok 02:05:09.0762 3196 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 02:05:09.0772 3196 ehSched - ok 02:05:09.0792 3196 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 02:05:09.0802 3196 elxstor - ok 02:05:09.0832 3196 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 02:05:09.0842 3196 ErrDev - ok 02:05:09.0892 3196 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 02:05:09.0902 3196 EventSystem - ok 02:05:09.0962 3196 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 02:05:09.0972 3196 exfat - ok 02:05:09.0992 3196 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 02:05:10.0002 3196 fastfat - ok 02:05:10.0052 3196 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 02:05:10.0062 3196 Fax - ok 02:05:10.0082 3196 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 02:05:10.0082 3196 fdc - ok 02:05:10.0102 3196 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 02:05:10.0112 3196 fdPHost - ok 02:05:10.0132 3196 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 02:05:10.0132 3196 FDResPub - ok 02:05:10.0142 3196 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 02:05:10.0152 3196 FileInfo - ok 02:05:10.0152 3196 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 02:05:10.0162 3196 Filetrace - ok 02:05:10.0192 3196 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 02:05:10.0202 3196 flpydisk - ok 02:05:10.0232 3196 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 02:05:10.0312 3196 FltMgr - ok 02:05:10.0362 3196 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 02:05:10.0452 3196 FontCache - ok 02:05:10.0522 3196 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 02:05:10.0642 3196 FontCache3.0.0.0 - ok 02:05:10.0662 3196 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 02:05:10.0672 3196 FsDepends - ok 02:05:10.0722 3196 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 02:05:10.0842 3196 fssfltr - ok 02:05:10.0942 3196 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 02:05:11.0102 3196 fsssvc - ok 02:05:11.0132 3196 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 02:05:11.0232 3196 Fs_Rec - ok 02:05:11.0272 3196 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 02:05:11.0372 3196 fvevol - ok 02:05:11.0402 3196 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 02:05:11.0412 3196 gagp30kx - ok 02:05:11.0472 3196 [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe 02:05:11.0582 3196 GameConsoleService - ok 02:05:11.0632 3196 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 02:05:11.0722 3196 GEARAspiWDM - ok 02:05:11.0762 3196 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 02:05:11.0842 3196 gpsvc - ok 02:05:11.0912 3196 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 02:05:11.0912 3196 gupdate - ok 02:05:11.0932 3196 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 02:05:11.0932 3196 gupdatem - ok 02:05:12.0002 3196 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 02:05:12.0142 3196 gusvc - ok 02:05:12.0162 3196 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 02:05:12.0162 3196 hcw85cir - ok 02:05:12.0212 3196 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 02:05:12.0302 3196 HdAudAddService - ok 02:05:12.0332 3196 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 02:05:12.0432 3196 HDAudBus - ok 02:05:12.0442 3196 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 02:05:12.0452 3196 HidBatt - ok 02:05:12.0472 3196 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 02:05:12.0482 3196 HidBth - ok 02:05:12.0502 3196 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 02:05:12.0502 3196 HidIr - ok 02:05:12.0532 3196 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 02:05:12.0542 3196 hidserv - ok 02:05:12.0572 3196 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 02:05:12.0682 3196 HidUsb - ok 02:05:12.0712 3196 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 02:05:12.0802 3196 hkmsvc - ok 02:05:12.0852 3196 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 02:05:12.0922 3196 HomeGroupListener - ok 02:05:12.0942 3196 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 02:05:12.0952 3196 HomeGroupProvider - ok 02:05:13.0012 3196 [ C84BCC03858DAEAC4DB1E95EFCCE1934 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 02:05:13.0122 3196 HP Health Check Service - ok 02:05:13.0162 3196 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 02:05:13.0332 3196 hpqwmiex - ok 02:05:13.0362 3196 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 02:05:13.0452 3196 HpSAMD - ok 02:05:13.0492 3196 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 02:05:13.0602 3196 HTTP - ok 02:05:13.0632 3196 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 02:05:13.0702 3196 hwpolicy - ok 02:05:13.0732 3196 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 02:05:13.0742 3196 i8042prt - ok 02:05:13.0772 3196 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 02:05:13.0872 3196 iaStorV - ok 02:05:13.0932 3196 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 02:05:14.0072 3196 idsvc - ok 02:05:14.0092 3196 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 02:05:14.0092 3196 iirsp - ok 02:05:14.0142 3196 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 02:05:14.0252 3196 IKEEXT - ok 02:05:14.0352 3196 [ 28CEEFBD2C63F91DC17DED3E8D27ECF5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 02:05:14.0492 3196 IntcAzAudAddService - ok 02:05:14.0522 3196 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 02:05:14.0522 3196 intelide - ok 02:05:14.0552 3196 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 02:05:14.0562 3196 intelppm - ok 02:05:14.0592 3196 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 02:05:14.0602 3196 IPBusEnum - ok 02:05:14.0642 3196 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 02:05:14.0732 3196 IpFilterDriver - ok 02:05:14.0772 3196 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 02:05:14.0862 3196 iphlpsvc - ok 02:05:14.0882 3196 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 02:05:14.0962 3196 IPMIDRV - ok 02:05:14.0992 3196 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 02:05:15.0002 3196 IPNAT - ok 02:05:15.0032 3196 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 02:05:15.0042 3196 IRENUM - ok 02:05:15.0052 3196 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 02:05:15.0062 3196 isapnp - ok 02:05:15.0082 3196 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 02:05:15.0182 3196 iScsiPrt - ok 02:05:15.0212 3196 [ 364F2281F960895788EF55C401E946E9 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys 02:05:15.0332 3196 JMCR - ok 02:05:15.0362 3196 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 02:05:15.0372 3196 kbdclass - ok 02:05:15.0402 3196 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 02:05:15.0492 3196 kbdhid - ok 02:05:15.0512 3196 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 02:05:15.0612 3196 KeyIso - ok 02:05:15.0652 3196 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 02:05:15.0762 3196 KSecDD - ok 02:05:15.0792 3196 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 02:05:15.0892 3196 KSecPkg - ok 02:05:15.0922 3196 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 02:05:15.0932 3196 ksthunk - ok 02:05:15.0962 3196 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 02:05:15.0982 3196 KtmRm - ok 02:05:16.0012 3196 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 02:05:16.0022 3196 LanmanServer - ok 02:05:16.0042 3196 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 02:05:16.0052 3196 LanmanWorkstation - ok 02:05:16.0102 3196 [ 3503F257B3203F824B1567238EBE17E2 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 02:05:16.0212 3196 LightScribeService - ok 02:05:16.0252 3196 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 02:05:16.0262 3196 lltdio - ok 02:05:16.0292 3196 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 02:05:16.0302 3196 lltdsvc - ok 02:05:16.0322 3196 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 02:05:16.0332 3196 lmhosts - ok 02:05:16.0362 3196 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 02:05:16.0372 3196 LSI_FC - ok 02:05:16.0422 3196 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 02:05:16.0422 3196 LSI_SAS - ok 02:05:16.0442 3196 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 02:05:16.0442 3196 LSI_SAS2 - ok 02:05:16.0462 3196 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 02:05:16.0472 3196 LSI_SCSI - ok 02:05:16.0492 3196 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 02:05:16.0492 3196 luafv - ok 02:05:16.0542 3196 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 02:05:16.0642 3196 MBAMProtector - ok 02:05:16.0702 3196 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 02:05:16.0832 3196 MBAMScheduler - ok 02:05:16.0862 3196 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 02:05:17.0002 3196 MBAMService - ok 02:05:17.0112 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 02:05:17.0222 3196 McAfee SiteAdvisor Service - ok 02:05:17.0252 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 02:05:17.0342 3196 McMPFSvc - ok 02:05:17.0352 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 02:05:17.0452 3196 mcmscsvc - ok 02:05:17.0462 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 02:05:17.0562 3196 McNaiAnn - ok 02:05:17.0632 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 02:05:17.0742 3196 McNASvc - ok 02:05:17.0872 3196 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe 02:05:17.0882 3196 McODS - ok 02:05:17.0952 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 02:05:18.0044 3196 McProxy - ok 02:05:18.0104 3196 [ E998E3B12101288D716558466CBF6AE1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 02:05:18.0104 3196 McShield - ok 02:05:18.0134 3196 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 02:05:18.0234 3196 Mcx2Svc - ok 02:05:18.0244 3196 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 02:05:18.0254 3196 megasas - ok 02:05:18.0284 3196 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 02:05:18.0304 3196 MegaSR - ok 02:05:18.0344 3196 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys 02:05:18.0454 3196 mfeapfk - ok 02:05:18.0494 3196 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys 02:05:18.0594 3196 mfeavfk - ok 02:05:18.0654 3196 mfeavfk01 - ok 02:05:18.0694 3196 [ B26782C3D6045B4464017D7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 02:05:18.0805 3196 mfefire - ok 02:05:18.0846 3196 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys 02:05:18.0956 3196 mfefirek - ok 02:05:19.0006 3196 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys 02:05:19.0126 3196 mfehidk - ok 02:05:19.0166 3196 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys 02:05:19.0246 3196 mfenlfk - ok 02:05:19.0316 3196 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys 02:05:19.0411 3196 mferkdet - ok 02:05:19.0430 3196 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\Windows\system32\mfevtps.exe 02:05:19.0520 3196 mfevtp - ok 02:05:19.0570 3196 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys 02:05:19.0670 3196 mfewfpk - ok 02:05:19.0711 3196 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 02:05:19.0717 3196 MMCSS - ok 02:05:19.0738 3196 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 02:05:19.0742 3196 Modem - ok 02:05:19.0772 3196 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 02:05:19.0772 3196 monitor - ok 02:05:19.0802 3196 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 02:05:19.0812 3196 mouclass - ok 02:05:19.0842 3196 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 02:05:19.0852 3196 mouhid - ok 02:05:19.0892 3196 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 02:05:19.0992 3196 mountmgr - ok 02:05:20.0032 3196 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 02:05:20.0142 3196 mpio - ok 02:05:20.0172 3196 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 02:05:20.0182 3196 mpsdrv - ok 02:05:20.0222 3196 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 02:05:20.0312 3196 MpsSvc - ok 02:05:20.0342 3196 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 02:05:20.0442 3196 MRxDAV - ok 02:05:20.0472 3196 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 02:05:20.0582 3196 mrxsmb - ok 02:05:20.0622 3196 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 02:05:20.0712 3196 mrxsmb10 - ok 02:05:20.0732 3196 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 02:05:20.0822 3196 mrxsmb20 - ok 02:05:20.0852 3196 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 02:05:20.0949 3196 msahci - ok 02:05:20.0967 3196 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 02:05:21.0066 3196 msdsm - ok 02:05:21.0096 3196 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 02:05:21.0106 3196 MSDTC - ok 02:05:21.0156 3196 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 02:05:21.0156 3196 Msfs - ok 02:05:21.0196 3196 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 02:05:21.0196 3196 mshidkmdf - ok 02:05:21.0216 3196 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 02:05:21.0226 3196 msisadrv - ok 02:05:21.0256 3196 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 02:05:21.0276 3196 MSiSCSI - ok 02:05:21.0286 3196 msiserver - ok 02:05:21.0316 3196 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 02:05:21.0316 3196 MSKSSRV - ok 02:05:21.0336 3196 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 02:05:21.0346 3196 MSPCLOCK - ok 02:05:21.0366 3196 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 02:05:21.0366 3196 MSPQM - ok 02:05:21.0396 3196 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 02:05:21.0466 3196 MsRPC - ok 02:05:21.0486 3196 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 02:05:21.0496 3196 mssmbios - ok 02:05:21.0516 3196 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 02:05:21.0526 3196 MSTEE - ok 02:05:21.0536 3196 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 02:05:21.0536 3196 MTConfig - ok 02:05:21.0556 3196 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 02:05:21.0566 3196 Mup - ok 02:05:21.0606 3196 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 02:05:21.0686 3196 napagent - ok 02:05:21.0726 3196 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 02:05:21.0746 3196 NativeWifiP - ok 02:05:21.0796 3196 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 02:05:21.0916 3196 NDIS - ok 02:05:21.0946 3196 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 02:05:21.0956 3196 NdisCap - ok 02:05:21.0986 3196 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 02:05:21.0996 3196 NdisTapi - ok 02:05:22.0026 3196 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 02:05:22.0116 3196 Ndisuio - ok 02:05:22.0166 3196 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 02:05:22.0276 3196 NdisWan - ok 02:05:22.0306 3196 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 02:05:22.0426 3196 NDProxy - ok 02:05:22.0446 3196 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 02:05:22.0456 3196 NetBIOS - ok 02:05:22.0476 3196 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 02:05:22.0566 3196 NetBT - ok 02:05:22.0596 3196 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 02:05:22.0686 3196 Netlogon - ok 02:05:22.0716 3196 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 02:05:22.0736 3196 Netman - ok 02:05:22.0756 3196 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 02:05:22.0766 3196 netprofm - ok 02:05:22.0826 3196 [ 064AB63C9A588D2611306AE16D017E7E ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys 02:05:22.0926 3196 netr28x - ok 02:05:22.0966 3196 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 02:05:22.0976 3196 NetTcpPortSharing - ok 02:05:22.0986 3196 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 02:05:22.0996 3196 nfrd960 - ok 02:05:23.0026 3196 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 02:05:23.0026 3196 NlaSvc - ok 02:05:23.0066 3196 [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys 02:05:23.0166 3196 nmwcd - ok 02:05:23.0196 3196 [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys 02:05:23.0286 3196 nmwcdc - ok 02:05:23.0316 3196 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 02:05:23.0326 3196 Npfs - ok 02:05:23.0346 3196 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 02:05:23.0356 3196 nsi - ok 02:05:23.0366 3196 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 02:05:23.0376 3196 nsiproxy - ok 02:05:23.0446 3196 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 02:05:23.0566 3196 Ntfs - ok 02:05:23.0596 3196 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 02:05:23.0606 3196 Null - ok 02:05:23.0646 3196 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 02:05:23.0746 3196 nvraid - ok 02:05:23.0776 3196 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 02:05:23.0866 3196 nvstor - ok 02:05:23.0896 3196 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 02:05:23.0906 3196 nv_agp - ok 02:05:23.0976 3196 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 02:05:24.0096 3196 odserv - ok 02:05:24.0136 3196 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 02:05:24.0146 3196 ohci1394 - ok 02:05:24.0166 3196 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 02:05:24.0276 3196 ose - ok 02:05:24.0296 3196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 02:05:24.0306 3196 p2pimsvc - ok 02:05:24.0326 3196 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 02:05:24.0346 3196 p2psvc - ok 02:05:24.0376 3196 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 02:05:24.0386 3196 Parport - ok 02:05:24.0406 3196 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 02:05:24.0496 3196 partmgr - ok 02:05:24.0526 3196 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 02:05:24.0536 3196 PcaSvc - ok 02:05:24.0556 3196 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 02:05:24.0656 3196 pccsmcfd - ok 02:05:24.0686 3196 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 02:05:24.0836 3196 pci - ok 02:05:24.0876 3196 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 02:05:24.0886 3196 pciide - ok 02:05:24.0916 3196 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 02:05:24.0926 3196 pcmcia - ok 02:05:24.0956 3196 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 02:05:24.0966 3196 pcw - ok 02:05:24.0986 3196 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 02:05:25.0006 3196 PEAUTH - ok 02:05:25.0086 3196 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 02:05:25.0086 3196 PerfHost - ok 02:05:25.0156 3196 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 02:05:25.0286 3196 pla - ok 02:05:25.0336 3196 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 02:05:25.0416 3196 PlugPlay - ok 02:05:25.0436 3196 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 02:05:25.0446 3196 PNRPAutoReg - ok 02:05:25.0466 3196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 02:05:25.0476 3196 PNRPsvc - ok 02:05:25.0496 3196 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 02:05:25.0576 3196 PolicyAgent - ok 02:05:25.0621 3196 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 02:05:25.0631 3196 Power - ok 02:05:25.0658 3196 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 02:05:25.0748 3196 PptpMiniport - ok 02:05:25.0778 3196 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 02:05:25.0788 3196 Processor - ok 02:05:25.0828 3196 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 02:05:25.0838 3196 ProfSvc - ok 02:05:25.0858 3196 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 02:05:25.0958 3196 ProtectedStorage - ok 02:05:26.0018 3196 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 02:05:26.0118 3196 Psched - ok 02:05:26.0178 3196 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 02:05:26.0228 3196 ql2300 - ok 02:05:26.0248 3196 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 02:05:26.0258 3196 ql40xx - ok 02:05:26.0278 3196 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 02:05:26.0288 3196 QWAVE - ok 02:05:26.0318 3196 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 02:05:26.0328 3196 QWAVEdrv - ok 02:05:26.0338 3196 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 02:05:26.0348 3196 RasAcd - ok 02:05:26.0388 3196 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 02:05:26.0388 3196 RasAgileVpn - ok 02:05:26.0408 3196 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 02:05:26.0418 3196 RasAuto - ok 02:05:26.0468 3196 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 02:05:26.0578 3196 Rasl2tp - ok 02:05:26.0608 3196 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 02:05:26.0684 3196 RasMan - ok 02:05:26.0700 3196 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 02:05:26.0710 3196 RasPppoe - ok 02:05:26.0738 3196 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 02:05:26.0743 3196 RasSstp - ok 02:05:26.0763 3196 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 02:05:26.0850 3196 rdbss - ok 02:05:26.0870 3196 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 02:05:26.0880 3196 rdpbus - ok 02:05:26.0900 3196 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 02:05:26.0900 3196 RDPCDD - ok 02:05:26.0930 3196 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 02:05:26.0930 3196 RDPENCDD - ok 02:05:26.0950 3196 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 02:05:26.0960 3196 RDPREFMP - ok 02:05:26.0990 3196 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 02:05:27.0081 3196 RDPWD - ok 02:05:27.0112 3196 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 02:05:27.0204 3196 rdyboost - ok 02:05:27.0234 3196 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 02:05:27.0244 3196 RemoteAccess - ok 02:05:27.0274 3196 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 02:05:27.0274 3196 RemoteRegistry - ok 02:05:27.0314 3196 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys 02:05:27.0408 3196 RimUsb - ok 02:05:27.0428 3196 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 02:05:27.0431 3196 RpcEptMapper - ok 02:05:27.0458 3196 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 02:05:27.0468 3196 RpcLocator - ok 02:05:27.0495 3196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 02:05:27.0502 3196 RpcSs - ok 02:05:27.0536 3196 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 02:05:27.0546 3196 rspndr - ok 02:05:27.0586 3196 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 02:05:27.0686 3196 RTL8167 - ok 02:05:27.0696 3196 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 02:05:27.0796 3196 SamSs - ok 02:05:27.0828 3196 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 02:05:27.0931 3196 sbp2port - ok 02:05:27.0957 3196 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 02:05:27.0960 3196 SCardSvr - ok 02:05:27.0990 3196 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 02:05:28.0088 3196 scfilter - ok 02:05:28.0132 3196 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 02:05:28.0232 3196 Schedule - ok 02:05:28.0262 3196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 02:05:28.0262 3196 SCPolicySvc - ok 02:05:28.0282 3196 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 02:05:28.0372 3196 SDRSVC - ok 02:05:28.0402 3196 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 02:05:28.0412 3196 secdrv - ok 02:05:28.0422 3196 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 02:05:28.0492 3196 seclogon - ok 02:05:28.0522 3196 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 02:05:28.0522 3196 SENS - ok 02:05:28.0532 3196 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 02:05:28.0542 3196 SensrSvc - ok 02:05:28.0562 3196 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 02:05:28.0562 3196 Serenum - ok 02:05:28.0582 3196 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 02:05:28.0582 3196 Serial - ok 02:05:28.0602 3196 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 02:05:28.0602 3196 sermouse - ok 02:05:28.0682 3196 [ 668043F192AB9659761A349A4703600D ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe 02:05:28.0822 3196 ServiceLayer - ok 02:05:28.0872 3196 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 02:05:28.0952 3196 SessionEnv - ok 02:05:28.0978 3196 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 02:05:28.0984 3196 sffdisk - ok 02:05:28.0994 3196 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 02:05:29.0004 3196 sffp_mmc - ok 02:05:29.0004 3196 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 02:05:29.0094 3196 sffp_sd - ok 02:05:29.0114 3196 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 02:05:29.0124 3196 sfloppy - ok 02:05:29.0164 3196 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 02:05:29.0184 3196 SharedAccess - ok 02:05:29.0204 3196 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 02:05:29.0294 3196 ShellHWDetection - ok 02:05:29.0304 3196 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 02:05:29.0304 3196 SiSRaid2 - ok 02:05:29.0334 3196 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 02:05:29.0334 3196 SiSRaid4 - ok 02:05:29.0374 3196 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 02:05:29.0384 3196 Smb - ok 02:05:29.0434 3196 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 02:05:29.0454 3196 SNMPTRAP - ok 02:05:29.0464 3196 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 02:05:29.0474 3196 spldr - ok 02:05:29.0524 3196 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 02:05:29.0534 3196 Spooler - ok 02:05:29.0624 3196 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 02:05:29.0768 3196 sppsvc - ok 02:05:29.0795 3196 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 02:05:29.0796 3196 sppuinotify - ok 02:05:29.0836 3196 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 02:05:29.0934 3196 srv - ok 02:05:29.0968 3196 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 02:05:30.0060 3196 srv2 - ok 02:05:30.0070 3196 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 02:05:30.0170 3196 srvnet - ok 02:05:30.0220 3196 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys 02:05:30.0330 3196 ssadbus - ok 02:05:30.0390 3196 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys 02:05:30.0480 3196 ssadmdfl - ok 02:05:30.0500 3196 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys 02:05:30.0600 3196 ssadmdm - ok 02:05:30.0640 3196 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 02:05:30.0650 3196 SSDPSRV - ok 02:05:30.0680 3196 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 02:05:30.0690 3196 SstpSvc - ok 02:05:30.0720 3196 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 02:05:30.0720 3196 stexstor - ok 02:05:30.0770 3196 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 02:05:30.0850 3196 stisvc - ok 02:05:30.0880 3196 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 02:05:30.0880 3196 swenum - ok 02:05:30.0910 3196 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 02:05:30.0940 3196 swprv - ok 02:05:30.0990 3196 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 02:05:31.0090 3196 SysMain - ok 02:05:31.0130 3196 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 02:05:31.0200 3196 TabletInputService - ok 02:05:31.0220 3196 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 02:05:31.0300 3196 TapiSrv - ok 02:05:31.0320 3196 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 02:05:31.0330 3196 TBS - ok 02:05:31.0410 3196 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 02:05:31.0530 3196 Tcpip - ok 02:05:31.0570 3196 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 02:05:31.0580 3196 TCPIP6 - ok 02:05:31.0610 3196 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 02:05:31.0700 3196 tcpipreg - ok 02:05:31.0730 3196 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 02:05:31.0740 3196 TDPIPE - ok 02:05:31.0770 3196 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 02:05:31.0860 3196 TDTCP - ok 02:05:31.0900 3196 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 02:05:31.0980 3196 tdx - ok 02:05:32.0000 3196 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 02:05:32.0080 3196 TermDD - ok 02:05:32.0100 3196 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 02:05:32.0190 3196 TermService - ok 02:05:32.0220 3196 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 02:05:32.0230 3196 Themes - ok 02:05:32.0240 3196 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 02:05:32.0250 3196 THREADORDER - ok 02:05:32.0260 3196 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 02:05:32.0270 3196 TrkWks - ok 02:05:32.0320 3196 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 02:05:32.0410 3196 TrustedInstaller - ok 02:05:32.0450 3196 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 02:05:32.0540 3196 tssecsrv - ok 02:05:32.0590 3196 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 02:05:32.0690 3196 TsUsbFlt - ok 02:05:32.0720 3196 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 02:05:32.0810 3196 tunnel - ok 02:05:32.0840 3196 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 02:05:32.0850 3196 uagp35 - ok 02:05:32.0870 3196 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 02:05:32.0980 3196 udfs - ok 02:05:33.0020 3196 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 02:05:33.0040 3196 UI0Detect - ok 02:05:33.0070 3196 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 02:05:33.0090 3196 uliagpkx - ok 02:05:33.0130 3196 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 02:05:33.0240 3196 umbus - ok 02:05:33.0280 3196 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 02:05:33.0280 3196 UmPass - ok 02:05:33.0310 3196 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 02:05:33.0320 3196 upnphost - ok 02:05:33.0360 3196 [ 4E93C8496359E97830C75AC36393654D ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys 02:05:33.0440 3196 upperdev - ok 02:05:33.0480 3196 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 02:05:33.0580 3196 USBAAPL64 - ok 02:05:33.0620 3196 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 02:05:33.0720 3196 usbccgp - ok 02:05:33.0760 3196 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 02:05:33.0770 3196 usbcir - ok 02:05:33.0790 3196 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 02:05:33.0890 3196 usbehci - ok 02:05:33.0930 3196 [ 858BE9C0E498C8E505E198E17EECE0D9 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys 02:05:34.0020 3196 usbfilter - ok 02:05:34.0060 3196 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 02:05:34.0142 3196 usbhub - ok 02:05:34.0162 3196 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 02:05:34.0252 3196 usbohci - ok 02:05:34.0292 3196 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 02:05:34.0292 3196 usbprint - ok 02:05:34.0322 3196 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 02:05:34.0332 3196 usbscan - ok 02:05:34.0362 3196 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys 02:05:34.0472 3196 usbser - ok 02:05:34.0492 3196 [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys 02:05:34.0582 3196 UsbserFilt - ok 02:05:34.0602 3196 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 02:05:34.0682 3196 USBSTOR - ok 02:05:34.0702 3196 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 02:05:34.0792 3196 usbuhci - ok 02:05:34.0852 3196 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 02:05:34.0962 3196 usbvideo - ok 02:05:35.0002 3196 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 02:05:35.0012 3196 UxSms - ok 02:05:35.0032 3196 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 02:05:35.0132 3196 VaultSvc - ok 02:05:35.0162 3196 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 02:05:35.0172 3196 vdrvroot - ok 02:05:35.0212 3196 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 02:05:35.0322 3196 vds - ok 02:05:35.0362 3196 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 02:05:35.0372 3196 vga - ok 02:05:35.0372 3196 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 02:05:35.0382 3196 VgaSave - ok 02:05:35.0402 3196 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 02:05:35.0492 3196 vhdmp - ok 02:05:35.0532 3196 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 02:05:35.0532 3196 viaide - ok 02:05:35.0552 3196 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 02:05:35.0662 3196 volmgr - ok 02:05:35.0682 3196 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 02:05:35.0782 3196 volmgrx - ok 02:05:35.0802 3196 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 02:05:35.0902 3196 volsnap - ok 02:05:35.0942 3196 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 02:05:35.0952 3196 vsmraid - ok 02:05:36.0002 3196 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 02:05:36.0152 3196 VSS - ok 02:05:36.0182 3196 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 02:05:36.0182 3196 vwifibus - ok 02:05:36.0202 3196 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 02:05:36.0202 3196 vwififlt - ok 02:05:36.0232 3196 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 02:05:36.0252 3196 W32Time - ok 02:05:36.0262 3196 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 02:05:36.0272 3196 WacomPen - ok 02:05:36.0322 3196 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 02:05:36.0432 3196 WANARP - ok 02:05:36.0432 3196 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 02:05:36.0442 3196 Wanarpv6 - ok 02:05:36.0502 3196 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 02:05:36.0612 3196 WatAdminSvc - ok 02:05:36.0652 3196 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 02:05:36.0762 3196 wbengine - ok 02:05:36.0792 3196 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 02:05:36.0812 3196 WbioSrvc - ok 02:05:36.0842 3196 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 02:05:36.0922 3196 wcncsvc - ok 02:05:36.0942 3196 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 02:05:36.0952 3196 WcsPlugInService - ok 02:05:36.0972 3196 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 02:05:36.0982 3196 Wd - ok 02:05:37.0012 3196 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 02:05:37.0032 3196 Wdf01000 - ok 02:05:37.0052 3196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 02:05:37.0052 3196 WdiServiceHost - ok 02:05:37.0062 3196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 02:05:37.0062 3196 WdiSystemHost - ok 02:05:37.0102 3196 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 02:05:37.0202 3196 WebClient - ok 02:05:37.0242 3196 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 02:05:37.0262 3196 Wecsvc - ok 02:05:37.0292 3196 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 02:05:37.0292 3196 wercplsupport - ok 02:05:37.0332 3196 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 02:05:37.0342 3196 WerSvc - ok 02:05:37.0372 3196 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 02:05:37.0382 3196 WfpLwf - ok 02:05:37.0392 3196 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 02:05:37.0402 3196 WIMMount - ok 02:05:37.0432 3196 WinDefend - ok 02:05:37.0432 3196 WinHttpAutoProxySvc - ok 02:05:37.0502 3196 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 02:05:37.0512 3196 Winmgmt - ok 02:05:37.0582 3196 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 02:05:37.0682 3196 WinRM - ok 02:05:37.0742 3196 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 02:05:37.0850 3196 WinUsb - ok 02:05:37.0894 3196 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 02:05:37.0914 3196 Wlansvc - ok 02:05:37.0994 3196 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 02:05:38.0084 3196 wlcrasvc - ok 02:05:38.0214 3196 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 02:05:38.0344 3196 wlidsvc - ok 02:05:38.0374 3196 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 02:05:38.0384 3196 WmiAcpi - ok 02:05:38.0414 3196 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 02:05:38.0424 3196 wmiApSrv - ok 02:05:38.0464 3196 WMPNetworkSvc - ok 02:05:38.0504 3196 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 02:05:38.0514 3196 WPCSvc - ok 02:05:38.0564 3196 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 02:05:38.0634 3196 WPDBusEnum - ok 02:05:38.0674 3196 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 02:05:38.0684 3196 ws2ifsl - ok 02:05:38.0714 3196 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 02:05:38.0724 3196 wscsvc - ok 02:05:38.0724 3196 WSearch - ok 02:05:38.0794 3196 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 02:05:38.0904 3196 wuauserv - ok 02:05:38.0934 3196 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 02:05:39.0034 3196 WudfPf - ok 02:05:39.0054 3196 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 02:05:39.0154 3196 WUDFRd - ok 02:05:39.0194 3196 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 02:05:39.0264 3196 wudfsvc - ok 02:05:39.0350 3196 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 02:05:39.0356 3196 WwanSvc - ok 02:05:39.0396 3196 ================ Scan global =============================== 02:05:39.0426 3196 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 02:05:39.0466 3196 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 02:05:39.0548 3196 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 02:05:39.0578 3196 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 02:05:39.0598 3196 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 02:05:39.0598 3196 [Global] - ok 02:05:39.0598 3196 ================ Scan MBR ================================== 02:05:39.0608 3196 [ 413C67F8F0B59E85B19BD3FE8DB93C9A ] \Device\Harddisk0\DR0 02:05:39.0758 3196 \Device\Harddisk0\DR0 - ok 02:05:39.0768 3196 ================ Scan VBR ================================== 02:05:39.0768 3196 [ AB3555CE06AB81C226DE2116CB4F4A86 ] \Device\Harddisk0\DR0\Partition1 02:05:39.0768 3196 \Device\Harddisk0\DR0\Partition1 - ok 02:05:39.0778 3196 [ 8A0806BBFE040B88E194312C67BA9480 ] \Device\Harddisk0\DR0\Partition2 02:05:39.0778 3196 \Device\Harddisk0\DR0\Partition2 - ok 02:05:39.0808 3196 [ 3620B12D2611A019E7CF734D023981A6 ] \Device\Harddisk0\DR0\Partition3 02:05:39.0818 3196 \Device\Harddisk0\DR0\Partition3 - ok 02:05:39.0818 3196 ============================================================ 02:05:39.0818 3196 Scan finished 02:05:39.0818 3196 ============================================================ 02:05:39.0828 2844 Detected object count: 0 02:05:39.0828 2844 Actual detected object count: 0 02:08:06.0046 5908 Deinitialize success aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-11 02:14:39 ----------------------------- 02:14:39.703 OS Version: Windows x64 6.1.7601 Service Pack 1 02:14:39.703 Number of processors: 2 586 0x602 02:14:39.705 ComputerName: AARONS-HP UserName: aarons 02:14:42.061 Initialize success 02:55:02.016 AVAST engine defs: 12111002 02:59:27.967 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057 02:59:27.977 Disk 0 Vendor: ST350041 HP35 Size: 476940MB BusType: 11 02:59:27.987 Disk 0 MBR read successfully 02:59:27.987 Disk 0 MBR scan 02:59:28.007 Disk 0 unknown MBR code 02:59:28.007 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 02:59:28.017 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464913 MB offset 206848 02:59:28.057 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11925 MB offset 952348672 02:59:28.107 Disk 0 scanning C:\Windows\system32\drivers 02:59:44.321 Service scanning 03:00:09.057 Modules scanning 03:00:09.067 Disk 0 trace - called modules: 03:00:09.107 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys 03:00:09.117 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003a3a060] 03:00:09.137 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8003a27040] 03:00:09.147 5 amdxata.sys[fffff880011207a8] -> nt!IofCallDriver -> [0xfffffa8003a22480] 03:00:09.147 7 ACPI.sys[fffff88000f7e7a1] -> nt!IofCallDriver -> \Device\00000057[0xfffffa8003a23060] 03:00:14.619 AVAST engine scan C:\Windows 03:00:25.041 AVAST engine scan C:\Windows\system32 03:07:25.028 AVAST engine scan C:\Windows\system32\drivers 03:07:42.668 AVAST engine scan C:\Users\aarons 03:14:41.984 AVAST engine scan C:\ProgramData 03:30:47.004 Scan finished successfully 18:21:54.114 Disk 0 MBR has been saved successfully to "C:\Users\aarons\Documents\MBR.dat" 18:21:54.129 The log file has been saved successfully to "C:\Users\aarons\Documents\aswMBR.txt"
  14. So everything turned out fine. No pop ups, or programs like "File Restore" to be found. Only thing is, is that things like my internet explorer, desktop backround, and options on the start menu are still hidden.
  15. ComboFix 12-11-09.02 - aarons 11/10/2012 10:29:56.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2729 [GMT -5:00] Running from: c:\users\aarons\Downloads\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\MyWebSearch c:\program files (x86)\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR c:\program files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE c:\program files (x86)\MyWebSearch\bar\2.bin\MWSOEPLG.DLL c:\program files (x86)\MyWebSearch\bar\2.bin\MWSOESTB.DLL c:\program files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL c:\program files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE c:\program files (x86)\MyWebSearch\bar\2.bin\MWSUABTN.DLL c:\program files (x86)\MyWebSearch\bar\2.bin\NPMYWEBS.DLL c:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3S c:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3S c:\program files (x86)\MyWebSearch\bar\icons\CM.ICO c:\program files (x86)\MyWebSearch\bar\icons\MFC.ICO c:\program files (x86)\MyWebSearch\bar\icons\PSS.ICO c:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICO c:\program files (x86)\MyWebSearch\bar\icons\WB.ICO c:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat c:\programdata\hA8UYwv7FPqnAw c:\programdata\hA8UYwv7FPqnAw.exe c:\users\Michael Riccio\AppData\Local\My Web Search Installer(1174fa9f).exe . . ((((((((((((((((((((((((( Files Created from 2012-10-10 to 2012-11-10 ))))))))))))))))))))))))))))))) . . 2012-11-10 15:42 . 2012-11-10 15:42 -------- d-----w- c:\users\Mike Riccio\AppData\Local\temp 2012-11-10 15:42 . 2012-11-10 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-09 23:30 . 2012-11-09 23:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8872AE35-CC3C-4259-BA36-9B9F31FAD5C2}\offreg.dll 2012-11-09 23:13 . 2012-11-09 23:13 102 ----a-w- c:\windows\DeleteOnReboot.bat 2012-11-09 19:21 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8872AE35-CC3C-4259-BA36-9B9F31FAD5C2}\mpengine.dll 2012-11-09 08:07 . 2012-11-09 08:07 -------- d-----w- c:\users\Michael Riccio\AppData\Roaming\Malwarebytes 2012-11-09 04:38 . 2012-11-09 04:38 -------- d-----w- c:\users\aarons\AppData\Roaming\Malwarebytes 2012-11-09 04:37 . 2012-11-09 04:37 -------- d-----w- c:\programdata\Malwarebytes 2012-11-09 04:37 . 2012-11-09 04:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-09 04:37 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-02 04:46 . 2012-11-02 22:55 -------- d-----w- c:\users\aarons\AppData\Local\ElevatedDiagnostics . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-11 07:04 . 2011-02-22 12:02 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-09-14 19:19 . 2012-10-10 16:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 16:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-10 16:52 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 16:52 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 16:52 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 16:52 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-24 18:05 . 2012-10-10 16:47 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-10 16:47 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-24 11:15 . 2012-09-22 07:00 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-22 07:00 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-22 07:00 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-22 07:00 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-22 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-22 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-22 07:00 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-22 07:00 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-22 07:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-22 07:00 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-22 07:00 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-22 07:00 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-22 07:00 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-22 07:00 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-22 07:00 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-22 07:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-22 07:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-22 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-22 07:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-22 07:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 12:03 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 12:03 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 12:03 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 12:03 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 07:10 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-20 18:48 . 2012-10-10 16:51 243200 ----a-w- c:\windows\system32\wow64.dll 2012-08-20 18:48 . 2012-10-10 16:51 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-08-20 18:48 . 2012-10-10 16:51 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-08-20 18:48 . 2012-10-10 16:51 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 18:48 . 2012-10-10 16:51 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-08-20 18:48 . 2012-10-10 16:51 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 18:48 . 2012-10-10 16:51 1162240 ----a-w- c:\windows\system32\kernel32.dll 2012-08-20 18:46 . 2012-10-10 16:51 338432 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 18:38 . 2012-10-10 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 18:38 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 17:40 . 2012-10-10 16:51 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38 . 2012-10-10 16:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-20 17:38 . 2012-10-10 16:51 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2012-08-20 17:37 . 2012-10-10 16:50 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-08-20 17:37 . 2012-10-10 16:51 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-08-20 17:32 . 2012-10-10 16:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:50 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:50 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 17:32 . 2012-10-10 16:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{69CE821F-3668-475A-B66F-94719B322DE3}] 2011-11-29 12:13 1610752 ----a-w- c:\program files (x86)\Dallas Cowboys\Toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{27E7F580-724E-46EB-846F-96C2396D23ED}"= "c:\program files (x86)\Dallas Cowboys\Toolbar.dll" [2011-11-29 1610752] . [HKEY_CLASSES_ROOT\clsid\{27e7f580-724e-46eb-846f-96c2396d23ed}] [HKEY_CLASSES_ROOT\FCTB000056891.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{48278695-E203-419E-99F3-EAB173862A53}] [HKEY_CLASSES_ROOT\FCTB000056891.IEToolbar] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2011-11-01 1053056] "HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "PCPowerSpeed"="c:\program files (x86)\PCPowerSpeed\PCPowerTray.exe" [2011-09-27 385664] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160] . c:\users\Michael Riccio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-6-20 46432] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-03-09 1849856] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-23 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 202752] S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-12-02 153712] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 17:12] . 2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 17:12] . 2012-11-10 c:\windows\Tasks\HPCeeScheduleForaarons.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53] . 2012-10-31 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10081312] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-10 10:49:43 ComboFix-quarantined-files.txt 2012-11-10 15:49 . Pre-Run: 428,436,045,824 bytes free Post-Run: 428,551,262,208 bytes free . - - End Of File - - 6833EF58F4535A381C18FFFC0472063D Didn't run into any problems, I had to log into an admin profile to disable the virus protection, so I'll be back to let you know how everything turned out on mine. I appreciate everything you've done. Thank you very much.
  16. Do I turn off malwarebytes security for this as well?
  17. # AdwCleaner v2.007 - Logfile created 11/09/2012 at 18:13:32 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : aarons - AARONS-HP # Boot Mode : Normal # Running from : C:\Users\Michael Riccio\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : MyWebSearchService ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\MyWebSearch File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Deleted : C:\Users\aarons\AppData\Local\Temp\Uninstall.exe File Deleted : C:\Users\Public\Desktop\eBay.lnk File Deleted : C:\Windows\SysWOW64\f3PSSavr.scr Folder Deleted : C:\Program Files (x86)\AppGraffiti Folder Deleted : C:\Program Files (x86)\Common Files\FreeCause Folder Deleted : C:\Program Files (x86)\FunWebProducts Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti Folder Deleted : C:\Users\aarons\AppData\LocalLow\AppGraffiti Folder Deleted : C:\Users\aarons\AppData\LocalLow\FunWebProducts Folder Deleted : C:\Users\aarons\AppData\LocalLow\MyWebSearch Folder Deleted : C:\Users\Beth Riccio\AppData\LocalLow\AppGraffiti Folder Deleted : C:\Users\Beth Riccio\AppData\LocalLow\FunWebProducts Folder Deleted : C:\Users\Beth Riccio\AppData\LocalLow\MyWebSearch Folder Deleted : C:\Users\Beth Riccio\AppData\LocalLow\RebateInformer Folder Deleted : C:\Users\Michael Riccio\AppData\LocalLow\AppGraffiti Folder Deleted : C:\Users\Michael Riccio\AppData\LocalLow\FunWebProducts Folder Deleted : C:\Users\Michael Riccio\AppData\LocalLow\MyWebSearch Folder Deleted : C:\Users\Michael Riccio\AppData\LocalLow\RebateInformer Folder Deleted : C:\Users\Mike Riccio\AppData\Local\Temp\avg@toolbar Folder Deleted : C:\Users\Mike Riccio\AppData\LocalLow\AppGraffiti Folder Deleted : C:\Users\Mike Riccio\AppData\LocalLow\AVG Secure Search Folder Deleted : C:\Users\Mike Riccio\AppData\LocalLow\FunWebProducts Folder Deleted : C:\Users\Mike Riccio\AppData\LocalLow\Inbox Toolbar Folder Deleted : C:\Users\Mike Riccio\AppData\LocalLow\MyWebSearch Folder Deleted : C:\Users\Mike Riccio\AppData\LocalLow\RebateInformer ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\MyWebSearch Key Deleted : HKCU\Software\StartNow Toolbar Key Deleted : HKCU\Software\Zugo Key Deleted : HKLM\Software\AppGraffiti Key Deleted : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1 Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000056891.FCTB000056891Pos Key Deleted : HKLM\SOFTWARE\Classes\FCTB000056891.FCTB000056891Pos.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000056891.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\FCTB000056891.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000056891.JSOptionsImpl Key Deleted : HKLM\SOFTWARE\Classes\FCTB000056891.JSOptionsImpl.1 Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1 Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C} Key Deleted : HKLM\SOFTWARE\FCTB000056891 Key Deleted : HKLM\Software\FocusInteractive Key Deleted : HKLM\Software\Fun Web Products Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin Key Deleted : HKLM\Software\MyWebSearch Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F2CF666-0EC7-418E-B86A-459AD43BCAB1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall Key Deleted : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F2CF666-0EC7-418E-B86A-459AD43BCAB1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Software Key Deleted : HKU\S-1-5-21-4091956286-139085011-1590961876-1004\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKU\S-1-5-21-4091956286-139085011-1590961876-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07B18EA9-A523-4961-B6BB-170DE4475CCA}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00A6FAF6-072E-44CF-8957-5838F569A31D}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [My Web Search Bar Search Scope Monitor] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{07B18EA9-A523-4961-B6BB-170DE4475CCA}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. ************************* AdwCleaner[s1].txt - [26996 octets] - [09/11/2012 18:13:32] ########## EOF - \AdwCleaner[s1].txt - [27057 octets] ########## RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : aarons [Admin rights] Mode : Remove -- Date : 11/09/2012 18:26:26 ¤¤¤ Bad processes : 1 ¤¤¤ [Rogue.FakeHDD] hA8UYwv7FPqnAw.exe -- C:\ProgramData\hA8UYwv7FPqnAw.exe -> KILLED [TermProc] [sUSP PATH] hA8UYwv7FPqnAw.exe -- C:\ProgramData\hA8UYwv7FPqnAw.exe -> KILLED [TermThr] ¤¤¤ Registry Entries : 6 ¤¤¤ [RUN][sUSP PATH] HKUS\S-1-5-21-4091956286-139085011-1590961876-1004[...]\Run : RbKbMIMhDLR.exe (C:\ProgramData\RbKbMIMhDLR.exe) -> DELETED [RUN][sUSP PATH] HKUS\S-1-5-21-4091956286-139085011-1590961876-1004[...]\Run : hA8UYwv7FPqnAw (C:\ProgramData\hA8UYwv7FPqnAw.exe) -> DELETED [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : DeleteOnReboot (C:\Windows\DeleteOnReboot.bat) -> DELETED [TASK][sUSP PATH] {89B3C1F7-3F4E-4F66-A520-0EA62E6F48E0} : C:\Users\Michael Riccio\Desktop\Minecraft.exe -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Rans.Gendarm ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST350041 8AS SATA Disk Device +++++ --- User --- [MBR] bb2bd3a5274e2c700c1b2ebf66cad5fe [bSP] 5175452bc82f34ba48f324bbf3b5134d : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 464913 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 952348672 | Size: 11925 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] c102c963b79552c694ecfccabfaa3715 [bSP] 980895ef88e6d724bf1643e709222162 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 234989568 | Size: 300 Mo Finished : << RKreport[2]_D_11092012_02d1826.txt >> RKreport[1]_S_11092012_02d1824.txt ; RKreport[2]_D_11092012_02d1826.txt
  18. Sorry, Just popped up. Took a bit longer than expected, I was getting worried. Here are the logs you asked for. Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 29 Java version out of Date! Adobe Reader X 10.1.2 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log`````````````````````` DDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450 Run by aarons at 17:14:58 on 2012-11-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2630 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe C:\Windows\system32\taskhost.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwssvc.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\SysWOW64\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL mWinlogon: Userinit = userinit.exe, BHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL BHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Dallas Cowboys BHO: {69CE821F-3668-475A-B66F-94719B322DE3} - C:\Program Files (x86)\Dallas Cowboys\Toolbar.dll BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623055355.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL TB: Dallas Cowboys: {27E7F580-724E-46EB-846F-96C2396D23ED} - C:\Program Files (x86)\Dallas Cowboys\Toolbar.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 mRun: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup mRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{2B85BAF0-EF2C-4A61-BAEA-C45EC4CDE511} : DHCPNameServer = 192.168.1.254 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120623055355.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-2-22 647208] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-5-28 289664] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2012-5-28 75936] R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-5-28 65264] R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-5-7 153712] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-8 25928] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-5-28 229528] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-5-28 487296] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-5-7 852256] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-7 346144] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-5-7 39480] S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2011-9-15 1849856] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-7-19 48488] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-5-28 100912] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-23 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712] . =============== Created Last 30 ================ . 2012-11-09 19:28:00 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8872AE35-CC3C-4259-BA36-9B9F31FAD5C2}\offreg.dll 2012-11-09 19:21:31 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8872AE35-CC3C-4259-BA36-9B9F31FAD5C2}\mpengine.dll 2012-11-09 04:38:08 -------- d-----w- C:\Users\aarons\AppData\Roaming\Malwarebytes 2012-11-09 04:37:52 -------- d-----w- C:\ProgramData\Malwarebytes 2012-11-09 04:37:47 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-11-09 04:37:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-09 03:05:15 350208 ---ha-w- C:\ProgramData\hA8UYwv7FPqnAw.exe 2012-11-02 22:43:59 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-11-02 04:46:08 -------- d-----w- C:\Users\aarons\AppData\Local\ElevatedDiagnostics 2012-11-02 04:45:26 -------- d-----w- C:\Windows\pss . ==================== Find3M ==================== . 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 17:36:58.01 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/29/2010 3:26:58 PM System Uptime: 11/9/2012 4:38:20 PM (1 hours ago) . Motherboard: Hewlett-Packard | | 2A97 Processor: AMD Athlon II X2 250 | Socket S1G2 | 1600/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 454 GiB total, 399.495 GiB free. D: is FIXED (NTFS) - 12 GiB total, 1.421 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP353: 10/7/2012 7:00:09 PM - Windows Backup RP354: 10/11/2012 3:00:27 AM - Windows Update RP355: 10/14/2012 7:00:08 PM - Windows Backup RP356: 10/21/2012 7:00:08 PM - Windows Backup RP357: 10/28/2012 7:00:09 PM - Windows Backup RP358: 11/1/2012 10:48:42 PM - Removed AVG 2012 RP359: 11/1/2012 10:51:05 PM - Removed AVG 2012 RP360: 11/1/2012 10:53:15 PM - Removed Oblivion RP361: 11/1/2012 10:54:39 PM - Removed iTunes RP362: 11/1/2012 11:02:59 PM - Removed Visual Studio 2008 x64 Redistributables RP363: 11/1/2012 11:03:52 PM - Removed Visual Studio 2008 x64 Redistributables RP364: 11/1/2012 11:04:51 PM - Removed Apple Software Update RP365: 11/1/2012 11:06:22 PM - Removed Apple Mobile Device Support RP366: 11/1/2012 11:07:46 PM - Removed Apple Application Support RP367: 11/1/2012 11:12:06 PM - Removed Bonjour RP368: 11/2/2012 12:30:11 AM - Windows Backup RP369: 11/2/2012 6:42:57 PM - Windows Update RP370: 11/4/2012 8:10:06 PM - Windows Backup RP371: 11/6/2012 3:28:58 AM - Windows Update RP372: 11/9/2012 2:20:27 PM - Windows Update RP374: 11/9/2012 2:29:19 PM - Windows Defender Checkpoint . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 11 ActiveX 64-bit Adobe Reader X (10.1.2) AMD USB Filter Driver AppGraffiti Ask Toolbar Updater ATI Catalyst Install Manager Bejeweled 2 Deluxe Bing Rewards Client Installer Blackhawk Striker 2 Blasterball 3 Build-a-lot 2 Cake Mania Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe CinemaNow Media Manager Compatibility Pack for the 2007 Office system Coupon Printer for Windows CyberLink DVD Suite Deluxe D3DX10 Dallas Cowboys Diner Dash 2 Restaurant Rescue Dora's Carnival Adventure DVD Menu Pack for HP MediaSmart Video Escape Rosecliff Island Faerie Solitaire FATE Google Toolbar for Internet Explorer Google Update Helper Hardware Diagnostic Tools HP Advisor HP Customer Experience Enhancements HP Deskjet 3050 J610 series Basic Device Software HP Deskjet 3050 J610 series Help HP Deskjet 3050 J610 series Product Improvement Study HP Game Console HP Games HP MediaSmart CinemaNow 2.0 HP MediaSmart DVD HP MediaSmart Music HP MediaSmart Photo HP MediaSmart SmartMenu HP MediaSmart Video HP MediaSmart Webcam HP MediaSmart/TouchSmart Netflix HP Odometer HP Photo Creations HP Setup HP Support Assistant HP Support Information HP Update HPAsset component for HP Active Support Library Hulu Desktop Java Auto Updater Java 6 Update 29 Jewel Quest 3 Jewel Quest Solitaire 2 JMicron Flash Media Controller Driver Junk Mail filter update LabelPrint LightScribe System Software Malwarebytes Anti-Malware version 1.65.1.1000 McAfee SecurityCenter Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft WSE 3.0 Runtime Microsoft_VC100_CRT_SP1_x64 Microsoft_VC100_CRT_SP1_x86 Movie Theme Pack for HP MediaSmart Video MSVC80_x64_v2 MSVC80_x86_v2 MSVC90_x64 MSVC90_x86 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My Web Search Mystery P.I. - The New York Fortune Nokia Connectivity Cable Driver Nokia Suite Norton Online Backup PC Connectivity Solution PC Power Speed 1.0.0.17 PDF Viewer 0.1 Penguins! PhotoNow! PictureMover Plants vs. Zombies PlayReady PC Runtime amd64 Poker Superstars III Polar Bowler Polar Golfer Power2Go PowerDirector QuickTime Ralink RT2860 Wireless LAN Card Realtek High Definition Audio Driver Recovery Manager Roxio CinemaNow 2.0 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition TextTwist 2 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Virtual Families Virtual Villagers - The Secret City Wheel of Fortune 2 Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 11/9/2012 3:37:25 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 11/8/2012 11:24:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 11/8/2012 10:18:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06} 11/8/2012 10:15:26 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 11/8/2012 10:14:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/8/2012 10:14:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/8/2012 10:14:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 11/8/2012 10:14:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 11/8/2012 10:14:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/8/2012 10:14:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/8/2012 10:13:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start. 11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. . ==== End Of File ===========================
  19. DDS has been running for about 20 minutes or so. I had a small window saying two logs will be created on my desktop, but I didn't have a command screen or anything of the sort. Still says it's running.
  20. How long does DDS typically run for before a command screen appears?
  21. Ok, so it wasnt very difficult to tell that when I recieved a million pop-ups for this so called "Error" that I had a virus on my hands. There was also a "Restore File" program that popped up along with it all. Seemed alittle suspicious that I had to register for it, so I backed off. My backround for my desktop is hidden, and programs on my Start menu are hidden (Until I click All Programs, they will show up). It also hid my internet explorer, but luckily I found a saved webpage from the internet. So I used the saved webpage to get on the internet. I downloaded Malwarebytes through the recommendation of a friend and I ran a scan. I also took a look on the subject on google and found this was a common problem. Unfortunatley I had it run a full scan for both C and D drives, and it was 3 hours in (Still scanning C) that I aborted the scan. I recieved the results and deleted the infected. When I restarted my computer, the pop-up messages have ended. I right clicked the "Restore File" program and got it's actual name and manually ended the process through task manager. The only problem now, is that my things are still hidden and I'm not sure I completely got rid of this virus. I also don't know what damage it's done or if my computer is compromised. I need help please.
  22. Ok, so it wasnt very difficult to tell that when I recieved a million pop-ups for this so called "Error" that I had a virus on my hands. There was also a "Restore File" program that popped up along with it all. Seemed alittle suspicious that I had to register for it, so I backed off. My backround for my desktop is hidden, and programs on my Start menu are hidden (Until I click All Programs, they will show up). It also hid my internet explorer, but luckily I found a saved webpage from the internet. So I used the saved webpage to get on the internet. I downloaded Malwarebytes through the recommendation of a friend and I ran a scan. I also took a look on the subject on google and found this was a common problem. Unfortunatley I had it run a full scan for both C and D drives, and it was 3 hours in (Still scanning C) that I aborted the scan. I recieved the results and deleted the infected. When I restarted my computer, the pop-up messages have ended. I right clicked the "Restore File" program and got it's actual name and manually ended the process through task manager. The only problem now, is that my things are still hidden and I'm not sure I completely got rid of this virus. I also don't know what damage it's done or if my computer is compromised. I need help please.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.