Jump to content

Lorgeo

Honorary Members
  • Posts

    165
  • Joined

  • Last visited

Everything posted by Lorgeo

  1. Everything looks good.....much thanks for the help.
  2. Downloaded Delfix. When attempting to run I get the following: C:\users\sharon\desktop\delfix_10.7.exe " The specified service does not exist as an installed service." Also, these is a red slash and a administrator shield with the red/green/blue/yellow squares.
  3. Everything looks great. What do we need to do to cleanup?
  4. RogueKiller Report: RogueKiller V9.0.2.0 (x64) [Jun 3 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits versionStarted in : Normal modeUser : Sharon [Admin rights]Mode : Remove -- Date : 06/08/2014 12:01:11 ¤¤¤ Bad processes : 1 ¤¤¤[ZeroAccess] mcshield.exe -- [x] -> ERROR [12] ¤¤¤ Registry Entries : 38 ¤¤¤[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\M4-Service -> NOT SELECTED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Net CLR -> DELETED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M4-Service -> DELETED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Net CLR -> DELETED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\M4-Service -> DELETED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Net CLR -> DELETED[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> DELETED[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> ERROR [2][PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> ERROR [2][PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> ERROR [2][PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> DELETED[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2][PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> REPLACED (1)[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> REPLACED (1)[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> REPLACED (1)[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> REPLACED (1)[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D502\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D502\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D502\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D502\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)[PUM.WallPaper] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Control Panel\Desktop | WallPaper : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg -> REPLACED (C:\Windows\Web\Wallpaper\img2.jpg)[PUM.WallPaper] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Control Panel\Desktop | WallPaper : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg -> REPLACED (C:\Windows\Web\Wallpaper\img2.jpg) ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 173 ¤¤¤[EAT:Addr] (explorer.exe) WINMM.dll - AddGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x7fefbd3bde8[EAT:Addr] (explorer.exe) WINMM.dll - AttachWndProcA : C:\Windows\system32\DUser.dll @ 0x7fefbd50968[EAT:Addr] (explorer.exe) WINMM.dll - AttachWndProcW : C:\Windows\system32\DUser.dll @ 0x7fefbd3a558[EAT:Addr] (explorer.exe) WINMM.dll - AutoTrace : C:\Windows\system32\DUser.dll @ 0x7fefbd49360[EAT:Addr] (explorer.exe) WINMM.dll - BeginTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50bdc[EAT:Addr] (explorer.exe) WINMM.dll - BuildAnimation : C:\Windows\system32\DUser.dll @ 0x7fefbd3b9b8[EAT:Addr] (explorer.exe) WINMM.dll - BuildDropTarget : C:\Windows\system32\DUser.dll @ 0x7fefbd49780[EAT:Addr] (explorer.exe) WINMM.dll - BuildInterpolation : C:\Windows\system32\DUser.dll @ 0x7fefbd3b8d8[EAT:Addr] (explorer.exe) WINMM.dll - CreateAction : C:\Windows\system32\DUser.dll @ 0x7fefbd3adf4[EAT:Addr] (explorer.exe) WINMM.dll - CreateGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd34840[EAT:Addr] (explorer.exe) WINMM.dll - CreateTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50998[EAT:Addr] (explorer.exe) WINMM.dll - DUserBuildGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd50738[EAT:Addr] (explorer.exe) WINMM.dll - DUserCastClass : C:\Windows\system32\DUser.dll @ 0x7fefbd50824[EAT:Addr] (explorer.exe) WINMM.dll - DUserCastDirect : C:\Windows\system32\DUser.dll @ 0x7fefbd5089c[EAT:Addr] (explorer.exe) WINMM.dll - DUserCastHandle : C:\Windows\system32\DUser.dll @ 0x7fefbd508dc[EAT:Addr] (explorer.exe) WINMM.dll - DUserDeleteGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd4ed30[EAT:Addr] (explorer.exe) WINMM.dll - DUserFindClass : C:\Windows\system32\DUser.dll @ 0x7fefbd506c0[EAT:Addr] (explorer.exe) WINMM.dll - DUserFlushDeferredMessages : C:\Windows\system32\DUser.dll @ 0x7fefbd3c844[EAT:Addr] (explorer.exe) WINMM.dll - DUserFlushMessages : C:\Windows\system32\DUser.dll @ 0x7fefbd3c8b0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetAlphaPRID : C:\Windows\system32\DUser.dll @ 0x7fefbd49cd0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetGutsData : C:\Windows\system32\DUser.dll @ 0x7fefbd508f0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetRectPRID : C:\Windows\system32\DUser.dll @ 0x7fefbd49ce0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetRotatePRID : C:\Windows\system32\DUser.dll @ 0x7fefbd49cf0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetScalePRID : C:\Windows\system32\DUser.dll @ 0x7fefbd49d00[EAT:Addr] (explorer.exe) WINMM.dll - DUserInstanceOf : C:\Windows\system32\DUser.dll @ 0x7fefbd507a0[EAT:Addr] (explorer.exe) WINMM.dll - DUserPostEvent : C:\Windows\system32\DUser.dll @ 0x7fefbd35fe0[EAT:Addr] (explorer.exe) WINMM.dll - DUserPostMethod : C:\Windows\system32\DUser.dll @ 0x7fefbd4f8e0[EAT:Addr] (explorer.exe) WINMM.dll - DUserRegisterGuts : C:\Windows\system32\DUser.dll @ 0x7fefbd3fb3c[EAT:Addr] (explorer.exe) WINMM.dll - DUserRegisterStub : C:\Windows\system32\DUser.dll @ 0x7fefbd40660[EAT:Addr] (explorer.exe) WINMM.dll - DUserRegisterSuper : C:\Windows\system32\DUser.dll @ 0x7fefbd41040[EAT:Addr] (explorer.exe) WINMM.dll - DUserSendEvent : C:\Windows\system32\DUser.dll @ 0x7fefbd32370[EAT:Addr] (explorer.exe) WINMM.dll - DUserSendMethod : C:\Windows\system32\DUser.dll @ 0x7fefbd4f804[EAT:Addr] (explorer.exe) WINMM.dll - DUserStopAnimation : C:\Windows\system32\DUser.dll @ 0x7fefbd4a9f4[EAT:Addr] (explorer.exe) WINMM.dll - DeleteHandle : C:\Windows\system32\DUser.dll @ 0x7fefbd33070[EAT:Addr] (explorer.exe) WINMM.dll - DetachWndProc : C:\Windows\system32\DUser.dll @ 0x7fefbd31948[EAT:Addr] (explorer.exe) WINMM.dll - DllMain : C:\Windows\system32\DUser.dll @ 0x7fefbd3ddf8[EAT:Addr] (explorer.exe) WINMM.dll - DrawGadgetTree : C:\Windows\system32\DUser.dll @ 0x7fefbd505b4[EAT:Addr] (explorer.exe) WINMM.dll - EndTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50d60[EAT:Addr] (explorer.exe) WINMM.dll - EnumGadgets : C:\Windows\system32\DUser.dll @ 0x7fefbd50094[EAT:Addr] (explorer.exe) WINMM.dll - FindGadgetFromPoint : C:\Windows\system32\DUser.dll @ 0x7fefbd36d80[EAT:Addr] (explorer.exe) WINMM.dll - FindGadgetMessages : C:\Windows\system32\DUser.dll @ 0x7fefbd4fdb8[EAT:Addr] (explorer.exe) WINMM.dll - FindStdColor : C:\Windows\system32\DUser.dll @ 0x7fefbd3a4a4[EAT:Addr] (explorer.exe) WINMM.dll - FireGadgetMessages : C:\Windows\system32\DUser.dll @ 0x7fefbd4f9a0[EAT:Addr] (explorer.exe) WINMM.dll - ForwardGadgetMessage : C:\Windows\system32\DUser.dll @ 0x7fefbd3d628[EAT:Addr] (explorer.exe) WINMM.dll - GetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x7fefbd50e24[EAT:Addr] (explorer.exe) WINMM.dll - GetDebug : C:\Windows\system32\DUser.dll @ 0x7fefbd493a0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd503f8[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetAnimation : C:\Windows\system32\DUser.dll @ 0x7fefbd37154[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x7fefbd42f40[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x7fefbd4f4e0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x7fefbd38d14[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x7fefbd504e0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd371ec[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetRect : C:\Windows\system32\DUser.dll @ 0x7fefbd31dd0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetRgn : C:\Windows\system32\DUser.dll @ 0x7fefbd34af0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x7fefbd4f6dc[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x7fefbd4f2e4[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetScale : C:\Windows\system32\DUser.dll @ 0x7fefbd4f0e8[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetSize : C:\Windows\system32\DUser.dll @ 0x7fefbd501b4[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x7fefbd42c6c[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetTicket : C:\Windows\system32\DUser.dll @ 0x7fefbd354dc[EAT:Addr] (explorer.exe) WINMM.dll - GetMessageExA : C:\Windows\system32\DUser.dll @ 0x7fefbd433d0[EAT:Addr] (explorer.exe) WINMM.dll - GetMessageExW : C:\Windows\system32\DUser.dll @ 0x7fefbd4fae0[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorBrushF : C:\Windows\system32\DUser.dll @ 0x7fefbd50ff0[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorBrushI : C:\Windows\system32\DUser.dll @ 0x7fefbd31d10[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorF : C:\Windows\system32\DUser.dll @ 0x7fefbd50f7c[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorI : C:\Windows\system32\DUser.dll @ 0x7fefbd3daa4[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorName : C:\Windows\system32\DUser.dll @ 0x7fefbd512dc[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorPenF : C:\Windows\system32\DUser.dll @ 0x7fefbd5118c[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorPenI : C:\Windows\system32\DUser.dll @ 0x7fefbd510a4[EAT:Addr] (explorer.exe) WINMM.dll - GetStdPalette : C:\Windows\system32\DUser.dll @ 0x7fefbd51318[EAT:Addr] (explorer.exe) WINMM.dll - GetTransitionInterface : C:\Windows\system32\DUser.dll @ 0x7fefbd50b18[EAT:Addr] (explorer.exe) WINMM.dll - InitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x7fefbd4ebc4[EAT:Addr] (explorer.exe) WINMM.dll - InitGadgets : C:\Windows\system32\DUser.dll @ 0x7fefbd391d0[EAT:Addr] (explorer.exe) WINMM.dll - InvalidateGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd32bb8[EAT:Addr] (explorer.exe) WINMM.dll - IsGadgetParentChainStyle : C:\Windows\system32\DUser.dll @ 0x7fefbd4eec0[EAT:Addr] (explorer.exe) WINMM.dll - IsInsideContext : C:\Windows\system32\DUser.dll @ 0x7fefbd4ee40[EAT:Addr] (explorer.exe) WINMM.dll - IsStartDelete : C:\Windows\system32\DUser.dll @ 0x7fefbd3ba20[EAT:Addr] (explorer.exe) WINMM.dll - LookupGadgetTicket : C:\Windows\system32\DUser.dll @ 0x7fefbd51610[EAT:Addr] (explorer.exe) WINMM.dll - MapGadgetPoints : C:\Windows\system32\DUser.dll @ 0x7fefbd4426c[EAT:Addr] (explorer.exe) WINMM.dll - PeekMessageExA : C:\Windows\system32\DUser.dll @ 0x7fefbd4fb78[EAT:Addr] (explorer.exe) WINMM.dll - PeekMessageExW : C:\Windows\system32\DUser.dll @ 0x7fefbd4fc14[EAT:Addr] (explorer.exe) WINMM.dll - PlayTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50a44[EAT:Addr] (explorer.exe) WINMM.dll - PrintTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50ca0[EAT:Addr] (explorer.exe) WINMM.dll - RegisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x7fefbd3e49c[EAT:Addr] (explorer.exe) WINMM.dll - RegisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x7fefbd4fd90[EAT:Addr] (explorer.exe) WINMM.dll - RegisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd3e654[EAT:Addr] (explorer.exe) WINMM.dll - RemoveGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x7fefbd4fecc[EAT:Addr] (explorer.exe) WINMM.dll - RemoveGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd3b5b0[EAT:Addr] (explorer.exe) WINMM.dll - SetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x7fefbd50ed4[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x7fefbd4264c[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x7fefbd4f5d8[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetFillF : C:\Windows\system32\DUser.dll @ 0x7fefbd4eff4[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetFillI : C:\Windows\system32\DUser.dll @ 0x7fefbd41f50[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x7fefbd38dec[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetFocusEx : C:\Windows\system32\DUser.dll @ 0x7fefbd3d784[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x7fefbd35348[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetOrder : C:\Windows\system32\DUser.dll @ 0x7fefbd502a4[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetParent : C:\Windows\system32\DUser.dll @ 0x7fefbd34d20[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd3bad0[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetRect : C:\Windows\system32\DUser.dll @ 0x7fefbd34980[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x7fefbd399d8[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x7fefbd4f3ec[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetScale : C:\Windows\system32\DUser.dll @ 0x7fefbd4f1e0[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x7fefbd34390[EAT:Addr] (explorer.exe) WINMM.dll - UninitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x7fefbd4ec78[EAT:Addr] (explorer.exe) WINMM.dll - UnregisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x7fefbd4fcfc[EAT:Addr] (explorer.exe) WINMM.dll - UnregisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x7fefbd4fd90[EAT:Addr] (explorer.exe) WINMM.dll - UnregisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd5000c[EAT:Addr] (explorer.exe) WINMM.dll - UtilBuildFont : C:\Windows\system32\DUser.dll @ 0x7fefbd51380[EAT:Addr] (explorer.exe) WINMM.dll - UtilDrawBlendRect : C:\Windows\system32\DUser.dll @ 0x7fefbd51528[EAT:Addr] (explorer.exe) WINMM.dll - UtilDrawOutlineRect : C:\Windows\system32\DUser.dll @ 0x7fefbd5154c[EAT:Addr] (explorer.exe) WINMM.dll - UtilGetColor : C:\Windows\system32\DUser.dll @ 0x7fefbd51558[EAT:Addr] (explorer.exe) WINMM.dll - UtilSetBackground : C:\Windows\system32\DUser.dll @ 0x7fefbd51324[EAT:Addr] (explorer.exe) WINMM.dll - WaitMessageEx : C:\Windows\system32\DUser.dll @ 0x7fefbd4fcac[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptAddContextFunction : C:\Windows\system32\bcrypt.dll @ 0x7fefced594c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptAddContextFunctionProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefced6340[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptCloseAlgorithmProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefcec24fc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptConfigureContext : C:\Windows\system32\bcrypt.dll @ 0x7fefced55b8[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptConfigureContextFunction : C:\Windows\system32\bcrypt.dll @ 0x7fefced5f14[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptCreateContext : C:\Windows\system32\bcrypt.dll @ 0x7fefced5128[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptCreateHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec44bc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDecrypt : C:\Windows\system32\bcrypt.dll @ 0x7fefcec3484[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDeleteContext : C:\Windows\system32\bcrypt.dll @ 0x7fefced52c8[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDeriveKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4124[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDestroyHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4904[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDestroyKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4338[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDestroySecret : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4420[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDuplicateHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4998[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDuplicateKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4270[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEncrypt : C:\Windows\system32\bcrypt.dll @ 0x7fefcec3168[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumAlgorithms : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2564[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumContextFunctionProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefced6718[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumContextFunctions : C:\Windows\system32\bcrypt.dll @ 0x7fefced5cdc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumContexts : C:\Windows\system32\bcrypt.dll @ 0x7fefced5454[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2970[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumRegisteredProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefced5050[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptExportKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec3770[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptFinalizeKeyPair : C:\Windows\system32\bcrypt.dll @ 0x7fefcec30f8[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptFinishHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4860[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptFreeBuffer : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2c44[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGenRandom : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5034[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGenerateKeyPair : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2fe0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGenerateSymmetricKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2eec[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGetFipsAlgorithmMode : C:\Windows\system32\bcrypt.dll @ 0x7fefced7250[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGetProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2c70[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptHashData : C:\Windows\system32\bcrypt.dll @ 0x7fefcec481c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptImportKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec39bc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptImportKeyPair : C:\Windows\system32\bcrypt.dll @ 0x7fefcec3adc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptOpenAlgorithmProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefcec20f0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryContextConfiguration : C:\Windows\system32\bcrypt.dll @ 0x7fefced574c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryContextFunctionConfiguration : C:\Windows\system32\bcrypt.dll @ 0x7fefced60e0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryContextFunctionProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefced6bb0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryProviderRegistration : C:\Windows\system32\bcrypt.dll @ 0x7fefced4e00[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRegisterConfigChangeNotify : C:\Windows\system32\bcrypt.dll @ 0x7fefced6e38[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRegisterProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefced4a74[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRemoveContextFunction : C:\Windows\system32\bcrypt.dll @ 0x7fefced5b20[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRemoveContextFunctionProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefced653c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptResolveProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefced7030[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSecretAgreement : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4000[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSetAuditingInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5510[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSetContextFunctionProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefced699c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSetProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2e2c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSignHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4af0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptUnregisterConfigChangeNotify : C:\Windows\system32\bcrypt.dll @ 0x7fefced6f50[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptUnregisterProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefced4cbc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptVerifySignature : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4de4[EAT:Addr] (explorer.exe) ncrypt.dll - GetAsymmetricEncryptionInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5400[EAT:Addr] (explorer.exe) ncrypt.dll - GetCipherInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5364[EAT:Addr] (explorer.exe) ncrypt.dll - GetHashInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec53d0[EAT:Addr] (explorer.exe) ncrypt.dll - GetRngInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec55e8[EAT:Addr] (explorer.exe) ncrypt.dll - GetSecretAgreementInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5490[EAT:Addr] (explorer.exe) ncrypt.dll - GetSignatureInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5410 ¤¤¤ Web browsers : 15 ¤¤¤[iE:Addon] System : McAfee SiteAdvisor Toolbar [{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}] -> DELETED[iE:Addon] System : Google Toolbar [{2318C2B1-4965-11d4-9B18-009027A5CD4F}] -> DELETED[FIREFX:Addon] 7adqiqrj.default : Microsoft .NET Framework Assistant [{20a82645-c095-46ed-80e3-08825760534b}] -> DELETED[FIREFX:Addon] 7adqiqrj.default : Browse For Change [browseforchange@browseforchange.com] -> DELETED[FIREFX:Addon] 7adqiqrj.default : ArcadeWeb [textlinks@arcadeweb.com] -> DELETED[FIREFX:Addon] 7adqiqrj.default : McAfee SiteAdvisor [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] -> DELETED[FIREFX:Addon] 7adqiqrj.default : RealDownloader [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] -> DELETED[CHROME:Addon] Default : Google Voice Search Hotword (Beta) [bepbmhgboaologfdajaanbcjmnhjmhfn] -> DELETED[CHROME:Addon] Default : YouTube [blpcfgokakmgnkcojhhkbfbldkacnbeo] -> ERROR [2][CHROME:Addon] Default : Google Search [coobgpohoikkiipiblmjeljniedjpjpf] -> ERROR [2][CHROME:Addon] Default : SiteAdvisor [fheoggkfdfchfphceeifdbepaooicaho] -> ERROR [2][CHROME:Addon] Default : RealDownloader [idhngdhcfkoamngbedgpaokgjbnpdiji] -> ERROR [2][CHROME:Addon] Default : Facebook Unseen [iicapmagmhahddefgokbabbgieiogjop] -> ERROR [2][CHROME:Addon] Default : Google Wallet [nmmhkkegccagdldgiimedpiccmgmieda] -> ERROR [2][CHROME:Addon] Default : Gmail [pjkljhegncpnkpknbcohdijeoejaedia] -> ERROR [2] ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: SAMSUNG HD642JJ +++++--- User ---[MBR] 5af93102361f06a4bb241bee2fa71e6c[bSP] e223061d7b1f736c4877938e9af93bcf : Unknown MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 129024 | Size: 15360 MB2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31586304 | Size: 595056 MBUser = LL1 ... OKUser = LL2 ... OK ============================================RKreport_DEL_06072014_195818.log - RKreport_SCN_06062014_221939.log - RKreport_SCN_06072014_195735.log - RKreport_SCN_06082014_115601.log
  5. Here's the rest: 06:30:16.0204 0x2acc [ 5080E59ECEE0BC923F14018803AA7A01, 2E201511821AECCF056962399AFA3533ED765A3E7FD30E7B38A6D13837367E69 ] Processor C:\Windows\system32\drivers\processr.sys06:30:16.0207 0x2acc Processor - ok06:30:16.0235 0x2acc [ E058CE4FC2449D8BFA14739C83B7FF2A, 6ACA086D5E0EF3C3EAEBD78010E50739BBA7CA05E937FFF3A4F2AD22FD57B54A ] ProfSvc C:\Windows\system32\profsvc.dll06:30:16.0241 0x2acc ProfSvc - ok06:30:16.0271 0x2acc [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] ProtectedStorage C:\Windows\system32\lsass.exe06:30:16.0272 0x2acc ProtectedStorage - ok06:30:16.0283 0x2acc [ C5AB7F0809392D0DA027F4A2A81BFA31, B5BC9712AD93661A77AF4D67DB5F05C58A93CF7CDD6F7BA20568C0A9F4630321 ] PSched C:\Windows\system32\DRIVERS\pacer.sys06:30:16.0286 0x2acc PSched - ok06:30:16.0298 0x2acc [ FBF4DB6D53585437E41A113300002A2B, A0145CE87A95DA3775B28A00E741660C26ADE34BBCC7FC502ED809931482C8F2 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys06:30:16.0300 0x2acc PxHlpa64 - ok06:30:16.0355 0x2acc [ 0B83F4E681062F3839BE2EC1D98FD94A, 47E1B8014C59981693F5544872AF00383528AAEF0C6FE9AE8C45A6359EFB067D ] ql2300 C:\Windows\system32\drivers\ql2300.sys06:30:16.0385 0x2acc ql2300 - ok06:30:16.0409 0x2acc [ E1C80F8D4D1E39EF9595809C1369BF2A, 5C18F8366049C690FC8AA4A992AA0765A6607F72E0EF889A5F3757E59FB1C143 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys06:30:16.0417 0x2acc ql40xx - ok06:30:16.0431 0x2acc [ E8D76EDAB77EC9C634C27B8EAC33ADC5, 171A3C5D5C3C5845C3BF9A4BCD88E744B025C910AC2F528D0E7D66F173FF0BED ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys06:30:16.0433 0x2acc QWAVEdrv - ok06:30:16.0728 0x2acc [ DCC8177244FE79C61C4E73C65E63922A, 1AF6FB52FD7499F1E1C0530C9A75BDC62A2D2EEBC138496DA28E941454708E1E ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys06:30:16.0896 0x2acc R300 - ok06:30:16.0951 0x2acc [ 1013B3B663A56D3DDD784F581C1BD005, 36B83F234C2D6A6112BC8B5EF0AB5075EE98AC0BED702C37E4C1C3D17EB49956 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys06:30:16.0952 0x2acc RasAcd - ok06:30:17.0022 0x2acc [ B2AE18F847D07F0044404DDF7CB04497, 24B1D5E1D0621160640264656E3D447C611DEE1B0EE308971EF85F0AC3D9F7DD ] RasAuto C:\Windows\System32\rasauto.dll06:30:17.0040 0x2acc RasAuto - ok06:30:17.0075 0x2acc [ AC7BC4D42A7E558718DFDEC599BBFC2C, E059EB9472FDDB73AF09FFEBA58D8284AFCDAB1516E0C5759980E60C892F8126 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys06:30:17.0079 0x2acc Rasl2tp - ok06:30:17.0108 0x2acc [ 3AD83E4046C43BE510DE681588ACB8AF, C5445A23F35395B3EA3974C0D5E314E23D900C694D31F7B7A83FE9027D95A91C ] RasMan C:\Windows\System32\rasmans.dll06:30:17.0118 0x2acc RasMan - ok06:30:17.0145 0x2acc [ 4517FBF8B42524AFE4EDE1DE102AAE3E, F01C8A773A637B66192BD16DDE467CAECC6E62853DBDB507FF3FC67B4B388988 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys06:30:17.0147 0x2acc RasPppoe - ok06:30:17.0154 0x2acc [ C6A593B51F34C33E5474539544072527, 8182C1D15CDC164363D3DD355197160167A00BA9FA833AA444317D06344EF7CE ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys06:30:17.0157 0x2acc RasSstp - ok06:30:17.0192 0x2acc [ 322DB5C6B55E8D8EE8D6F358B2AAABB1, 07B89F701594F680F50A885B923521763A6131104CEE63D422E1C359C23AE2F6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys06:30:17.0228 0x2acc rdbss - ok06:30:17.0252 0x2acc [ 603900CC05F6BE65CCBF373800AF3716, 83B010D51D1087673CF15FD0A992FD91CC910A073FEA9A8F20F6124B6E5489F2 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys06:30:17.0254 0x2acc RDPCDD - ok06:30:17.0287 0x2acc [ C045D1FB111C28DF0D1BE8D4BDA22C06, 572986C93B982387EE94797A1EDE1C6C444B0F1078AC8201099452BFA021458F ] rdpdr C:\Windows\system32\drivers\rdpdr.sys06:30:17.0296 0x2acc rdpdr - ok06:30:17.0301 0x2acc [ CAB9421DAF3D97B33D0D055858E2C3AB, 66C353CD310A91FAB0D0871ACCE71110595B63536560D0331DA70B1E33AC45BE ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys06:30:17.0303 0x2acc RDPENCDD - ok06:30:17.0333 0x2acc [ AE4BD9E1C33D351D8E607FC81F15160C, AD785CA72B7C6EB9F94B2E797C758C0F804DB26EE056DDC6D4F85BB562A02EA4 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys06:30:17.0337 0x2acc RDPWD - ok06:30:17.0427 0x2acc [ B2D01290C0E0465ACA54C2088E947823, 6FB6E6CFAF3F2F948B753A0CFF6F9058BF3ED0E421204EE58848F0DFD694A747 ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe06:30:17.0429 0x2acc RealNetworks Downloader Resolver Service - ok06:30:17.0464 0x2acc [ C612B9557DA73F70D41F8A6FBC8E5344, D7D11F202066F848FBD3F26D9FF915C7F3D68F30631393B2049F3AC5A40FD108 ] RemoteAccess C:\Windows\System32\mprdim.dll06:30:17.0468 0x2acc RemoteAccess - ok06:30:17.0499 0x2acc [ 44B9D8EC2F3EF3A0EFB00857AF70D861, A45D8024A242456A73337C91663A3E1633BF163234CDFD5DF86840F31FFFE84D ] RemoteRegistry C:\Windows\system32\regsvc.dll06:30:17.0507 0x2acc RemoteRegistry - ok06:30:17.0544 0x2acc [ CF1EEE81FD32238FC51ADCA9F2266B7D, A807593B83163B4EC1E5344A2A9C6E7B07353E765790C96753258B804FB58231 ] RLDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\livecamv.sys06:30:17.0546 0x2acc RLDesignVirtualAudioCableWdm - ok06:30:17.0633 0x2acc [ FDED778DAF09235E4580F1B9046946B6, E6DCFF75617B1F23967CF19533AA554A45012AF9B6FD6AD9BD7AC29DCF3D7B6A ] RoxLiveShare10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe06:30:17.0657 0x2acc RoxLiveShare10 - ok06:30:17.0697 0x2acc [ E054A2CAF0E2A55C9AAC0BF1CCC558A5, F7C637DB45E834813E04DBAC2F918FD897CAC3C1DD20B8087BEE39C3BEEACA61 ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe06:30:17.0725 0x2acc RoxMediaDB10 - ok06:30:17.0745 0x2acc [ C75FDA9AB3314E555123673E08F9D86D, 97B8DB1AD3DFDDAACE14500EB2497B72C83702F6CA3C2A7E417AA9B0B45BBBF0 ] RoxWatch10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe06:30:17.0751 0x2acc RoxWatch10 - ok06:30:17.0779 0x2acc [ F46C457840D4B7A4DAAFEE739CE04102, 94E946036240B3BAFF17C4A49745E29E492ABBC7BE5110741B212DF4D7F45B84 ] RpcLocator C:\Windows\system32\locator.exe06:30:17.0781 0x2acc RpcLocator - ok06:30:17.0835 0x2acc [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] RpcSs C:\Windows\System32\rpcss.dll06:30:17.0849 0x2acc RpcSs - ok06:30:17.0872 0x2acc [ 22A9CB08B1A6707C1550C6BF099AAE73, 46A9D40A03DC0B6C93274C0C1CDB132B2339E76E77CAB0F12AEDAD4C31822B91 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys06:30:17.0875 0x2acc rspndr - ok06:30:17.0896 0x2acc [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] SamSs C:\Windows\system32\lsass.exe06:30:17.0897 0x2acc SamSs - ok06:30:17.0905 0x2acc [ CD9C693589C60AD59BBBCFB0E524E01B, F9EBD4FF4C712A563B1120D123012E41105D31402BE45D6F8C8DA71155D64ECB ] sbp2port C:\Windows\system32\drivers\sbp2port.sys06:30:17.0908 0x2acc sbp2port - ok06:30:17.0933 0x2acc [ FD1CDCF108D5EF3366F00D18B70FB89B, 5BCE3A9D5DC0B6937A734264C5B8DE0E6B8F77A869A118F94D57E662AAB28FE2 ] SCardSvr C:\Windows\System32\SCardSvr.dll06:30:17.0938 0x2acc SCardSvr - ok06:30:17.0979 0x2acc [ 0F838C811AD295D2A4489B9993096C63, 3DF2F973359249735810CB5AD52E05126A93A1C7D9F6274ACB018A0A125846BD ] Schedule C:\Windows\system32\schedsvc.dll06:30:18.0001 0x2acc Schedule - ok06:30:18.0040 0x2acc [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] SCPolicySvc C:\Windows\System32\certprop.dll06:30:18.0042 0x2acc SCPolicySvc - ok06:30:18.0058 0x2acc [ 4FF71B076A7760FE75EA5AE2D0EE0018, DDDBC9530120F8C1AB449076F6F06F74354149B4C458E6682F957628EE795DE8 ] SDRSVC C:\Windows\System32\SDRSVC.dll06:30:18.0063 0x2acc SDRSVC - ok06:30:18.0077 0x2acc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys06:30:18.0079 0x2acc secdrv - ok06:30:18.0090 0x2acc [ 5ACDCBC67FCF894A1815B9F96D704490, FE0247A8BEDB860EBD46A9D49C641D0B9AA24EE34132CDDADC9F5A605238FDA7 ] seclogon C:\Windows\system32\seclogon.dll06:30:18.0093 0x2acc seclogon - ok06:30:18.0101 0x2acc [ F71BFE7AC6C52273B7C82CBF1BB2A222, 8C7F0E426B266DBBFE4BBE3333A33C338209BD8BE0E434A98D0D2CFD78D3F758 ] Serenum C:\Windows\system32\drivers\serenum.sys06:30:18.0102 0x2acc Serenum - ok06:30:18.0110 0x2acc [ E62FAC91EE288DB29A9696A9D279929C, 9B6A420556532F7F8D55FB6580A592A43BEA579A068B970C741A23DB079ECAD1 ] Serial C:\Windows\system32\drivers\serial.sys06:30:18.0113 0x2acc Serial - ok06:30:18.0119 0x2acc [ A842F04833684BCEEA7336211BE478DF, 9D964AEA237C44898098AC9C2D043F00C66EDA7D73C381D616737C01A9D0FF45 ] sermouse C:\Windows\system32\drivers\sermouse.sys06:30:18.0121 0x2acc sermouse - ok06:30:18.0144 0x2acc [ 14D4B4465193A87C127933978E8C4106, A5C3F2F09E9A0715529B05AC1020EF0F432121E129447795257087E0D6A812FC ] sffdisk C:\Windows\system32\drivers\sffdisk.sys06:30:18.0146 0x2acc sffdisk - ok06:30:18.0152 0x2acc [ 7073AEE3F82F3D598E3825962AA98AB2, 82A959A0970CBA8CC16D44736ED12158E59E138484F3F53EBDD3A4C02DA3700D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys06:30:18.0153 0x2acc sffp_mmc - ok06:30:18.0167 0x2acc [ 35E59EBE4A01A0532ED67975161C7B82, 4F4296B8903FCD06439CC8BF93C703852E523834F09CF9121FDA729A988AF11B ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys06:30:18.0169 0x2acc sffp_sd - ok06:30:18.0175 0x2acc [ 6B7838C94135768BD455CBDC23E39E5F, 868E054ED546479DEAD7C2834C7AB080820522C16F5B4BEF0F3B279A33ABA9C8 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys06:30:18.0176 0x2acc sfloppy - ok06:30:18.0219 0x2acc [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34, 9659C7B5046DE2C0416A74FDE6F798C3E78D38327CB71BAE49D57A8347A9097D ] SharedAccess C:\Windows\System32\ipnathlp.dll06:30:18.0230 0x2acc SharedAccess - ok06:30:18.0286 0x2acc [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] ShellHWDetection C:\Windows\System32\shsvcs.dll06:30:18.0308 0x2acc ShellHWDetection - ok06:30:18.0339 0x2acc [ 7A5DE502AEB719D4594C6471060A78B3, E8E16DF8AFFC230FBB1A5938925D464A1BA776184B8C020B37669EE2105DB9F2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys06:30:18.0341 0x2acc SiSRaid2 - ok06:30:18.0348 0x2acc [ 3A2F769FAB9582BC720E11EA1DFB184D, 83EEBCE37E8709FCE15FB44F546C727C56064ED49B73A471EA33480573558419 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys06:30:18.0351 0x2acc SiSRaid4 - ok06:30:18.0448 0x2acc [ A9A27A8E257B45A604FDAD4F26FE7241, C5A1056522EE2BA7B70D34E391477A0E9351569CEF28B875172F4B363F6D4177 ] slsvc C:\Windows\system32\SLsvc.exe06:30:18.0495 0x2acc slsvc - ok06:30:18.0518 0x2acc [ 290B6F6A0EC4FCDFC90F5CB6D7020473, 971888FE760641FF86165B9876E6FC12DBC309C0FED2734C60B9E0EBC078AAE0 ] Smb C:\Windows\system32\DRIVERS\smb.sys06:30:18.0522 0x2acc Smb - ok06:30:18.0537 0x2acc [ F8F47F38909823B1AF28D60B96340CFF, EFD948EE09F22F9F373A98BA6D9BC519FD9244986E4BE7B2BACD92D3C145AD1D ] SNMPTRAP C:\Windows\System32\snmptrap.exe06:30:18.0540 0x2acc SNMPTRAP - ok06:30:18.0552 0x2acc [ 386C3C63F00A7040C7EC5E384217E89D, DD8766BCBD77EC6F67979A8B37B943A3A0E5478CE3FB129BF8FCA29B66529721 ] spldr C:\Windows\system32\drivers\spldr.sys06:30:18.0553 0x2acc spldr - ok06:30:18.0598 0x2acc [ F66FF751E7EFC816D266977939EF5DC3, 689BDD0B442830E162F2F9A8EFBD0E137F518C7F0CD92EDF4A43EFBA188B69F4 ] Spooler C:\Windows\System32\spoolsv.exe06:30:18.0607 0x2acc Spooler - ok06:30:18.0630 0x2acc [ 880A57FCCB571EBD063D4DD50E93E46D, D46BA584D1C33F17C4156127742FA470AA044C4BCE9E6A209E5B1F3A44C73350 ] srv C:\Windows\system32\DRIVERS\srv.sys06:30:18.0642 0x2acc srv - ok06:30:18.0673 0x2acc [ A1AD14A6D7A37891FFFECA35EBBB0730, AE00950D330EE4C05F5AA9BC7E63E974766D8E93B607CB3E683C727E8A65049D ] srv2 C:\Windows\system32\DRIVERS\srv2.sys06:30:18.0678 0x2acc srv2 - ok06:30:18.0687 0x2acc [ 4BED62F4FA4D8300973F1151F4C4D8A7, 1835895B3E837F8862F7F669DFBDF5EAB627E5656377624474C17E92CF440D2A ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys06:30:18.0692 0x2acc srvnet - ok06:30:18.0724 0x2acc [ 192C74646EC5725AEF3F80D19FF75F6A, 8F24FF139A46B1F837356B9D682526107D7BADCFA510842FEACB6F06C02D93D9 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll06:30:18.0730 0x2acc SSDPSRV - ok06:30:18.0767 0x2acc [ 2EE3FA0308E6185BA64A9A7F2E74332B, EC6A15281685E6CDEADABDFD08C4AF980AD3B404C945EB121D7F90AFCA3D6849 ] SstpSvc C:\Windows\system32\sstpsvc.dll06:30:18.0772 0x2acc SstpSvc - ok06:30:18.0895 0x2acc [ DC4A7A067508470838D2D2336BFEB1E1, F9CFF8A1B60D4A94AA610E1E2CA130E765D640C4BB4B9A51580FF50E09354BE2 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_4b8037c7\STacSV64.exe06:30:18.0902 0x2acc STacSV - ok06:30:18.0966 0x2acc [ 6299F206F17E34EAD0EF63DAD8CD4272, A37DD618F74F91CB1259A6B1602D9743AAED4C8468B074FF5B50698EFB674E20 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys06:30:18.0978 0x2acc STHDA - ok06:30:19.0040 0x2acc [ 15825C1FBFB8779992CB65087F316AF5, E9431C016D209A7322C0586F11EEF0AB461AB5822960287BB1D0FBC30183614D ] stisvc C:\Windows\System32\wiaservc.dll06:30:19.0056 0x2acc stisvc - ok06:30:19.0127 0x2acc [ 1D0063597C3666404FCF97698ABEB019, 352A63C97F930499BC598C2A398663377D7CCD4A42770E35635C90EDC4DA530A ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe06:30:19.0131 0x2acc stllssvr - ok06:30:19.0153 0x2acc [ 8A851CA908B8B974F89C50D2E18D4F0C, 27EA13E50B5B72ABF6C5B7B7D34A7154A12BB27B1C1B2EEFCAA36A96010DB4DC ] swenum C:\Windows\system32\DRIVERS\swenum.sys06:30:19.0155 0x2acc swenum - ok06:30:19.0201 0x2acc [ 6DE37F4DE19D4EFD9C48C43ADDBC949A, 9C3714238571704CEE2AD4F1E15029243E00B494345C41F74EFDF3F0328CC9EA ] swprv C:\Windows\System32\swprv.dll06:30:19.0238 0x2acc swprv - ok06:30:19.0255 0x2acc [ 2F26A2C6FC96B29BEFF5D8ED74E6625B, 0227EAF144BC35AA4FF2535E8C9974C0609B7634EE45F4166B9F88F79B17BBF1 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys06:30:19.0258 0x2acc Symc8xx - ok06:30:19.0272 0x2acc [ A909667976D3BCCD1DF813FED517D837, 0874DD4C1CA7AE2E519EBB45433BC9F11A574408F5D2F9E23A340CA76512F5CE ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys06:30:19.0274 0x2acc Sym_hi - ok06:30:19.0285 0x2acc [ 36887B56EC2D98B9C362F6AE4DE5B7B0, 7349FABACB633A9EEE3D4E241A5F443C28D23CC87F21EAAB3F1711644AA21D7C ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys06:30:19.0287 0x2acc Sym_u3 - ok06:30:19.0313 0x2acc [ 005CE42567F9113A3BCCB3B20073B029, B1831D71410AD6E7DEB59D26BF6D2D07D2F6112936D6A6FDA57E9296ADA4076D ] TabletInputService C:\Windows\System32\TabSvc.dll06:30:19.0317 0x2acc TabletInputService - ok06:30:19.0339 0x2acc [ CC2562B4D55E0B6A4758C65407F63B79, C6AD05B345C699A715EC13830D8EA6EE9822F4B713D15B1F29AC044674A0F498 ] TapiSrv C:\Windows\System32\tapisrv.dll06:30:19.0349 0x2acc TapiSrv - ok06:30:19.0397 0x2acc [ CDBE8D7C1E201B911CDC346D06617FB5, 16D5965E32A109DA38D77F4B6281081569D78371B2F522DE51100967F8776C7A ] TBS C:\Windows\System32\tbssvc.dll06:30:19.0400 0x2acc TBS - ok06:30:19.0464 0x2acc [ EA8623BDD511A1ACD18DA4883860ADDE, A3BE60B3DBFF783111B1AD5D070F376ABFA94D61378D32EDA714E4E90043DE4D ] Tcpip C:\Windows\system32\drivers\tcpip.sys06:30:19.0499 0x2acc Tcpip - ok06:30:19.0541 0x2acc [ EA8623BDD511A1ACD18DA4883860ADDE, A3BE60B3DBFF783111B1AD5D070F376ABFA94D61378D32EDA714E4E90043DE4D ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys06:30:19.0567 0x2acc Tcpip6 - ok06:30:19.0600 0x2acc [ 24D7686A4A0323FB987654BD228C1F39, 46F464BDA89944A4F1DFF61B80FE99819BD98BFF441BACCDDF0429EEB24C5E20 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys06:30:19.0602 0x2acc tcpipreg - ok06:30:19.0638 0x2acc [ 1D8BF4AAA5FB7A2761475781DC1195BC, A28E972E9331BAD685D4C786FDE221565E0AD3E222B24B9182B7FA916BFCD9C8 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys06:30:19.0639 0x2acc TDPIPE - ok06:30:19.0657 0x2acc [ 7F7E00CDF609DF657F4CDA02DD1C9BB1, 42A408E82D4017D27D3B0BBBA02BF4B21DEC060C89849785ED65962D18029B65 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys06:30:19.0659 0x2acc TDTCP - ok06:30:19.0678 0x2acc [ 458919C8C42E398DC4802178D5FFEE27, E38828411DCE0AE2E2BF0D270FD80E47B46EDE4B44DAFD1DF11F54D427EACEB5 ] tdx C:\Windows\system32\DRIVERS\tdx.sys06:30:19.0681 0x2acc tdx - ok06:30:19.0705 0x2acc [ 8C19678D22649EC002EF2282EAE92F98, 551E7EBA54C2345F2B7FD7AAA7ADA4C852C94F1B35E6E4BBEF883BAFA34F6262 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys06:30:19.0708 0x2acc TermDD - ok06:30:19.0736 0x2acc [ 5CDD30BC217082DAC71A9878D9BFD566, 260D40973F9EEAE9A1890B813D8DCC01A9434D17DCE5DA1D16B72A57DCF59194 ] TermService C:\Windows\System32\termsrv.dll06:30:19.0747 0x2acc TermService - ok06:30:19.0778 0x2acc [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] Themes C:\Windows\system32\shsvcs.dll06:30:19.0785 0x2acc Themes - ok06:30:19.0817 0x2acc [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] THREADORDER C:\Windows\system32\mmcss.dll06:30:19.0819 0x2acc THREADORDER - ok06:30:19.0846 0x2acc [ F4689F05AF472A651A7B1B7B02D200E7, 3D34B8879DBC69013D1A87A3F47B8A622A60B57F2E962E9F5925C5A01F44640F ] TrkWks C:\Windows\System32\trkwks.dll06:30:19.0851 0x2acc TrkWks - ok06:30:19.0901 0x2acc [ 66328B08EF5A9305D8EDE36B93930369, FD8136BF15AB8D2DB15D011C4F813737D68EED1178462DB8CE40606C16185A30 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe06:30:19.0903 0x2acc TrustedInstaller - ok06:30:19.0930 0x2acc [ B2388462329ACD17AF50D8701E0C1B18, 959D7B7CCB526367645BAA11C56C88C9AD741EE338BAD6513C54FC7ED43F3AC0 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys06:30:19.0931 0x2acc tssecsrv - ok06:30:19.0943 0x2acc [ 89EC74A9E602D16A75A4170511029B3C, AACD82A6F5FE31FF1315F5CA69E5EB6BD172DD86610F0641177CCC131B542034 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys06:30:19.0945 0x2acc tunmp - ok06:30:19.0961 0x2acc [ 30A9B3F45AD081BFFC3BCAA9C812B609, 57204F1F72FEFA086FF1D8A14487D56F4DEDD3C50FBB6903E0C4AC749EA720DE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys06:30:19.0963 0x2acc tunnel - ok06:30:19.0979 0x2acc [ FEC266EF401966311744BD0F359F7F56, 6EE0223AEFA7A81BEB155FC0CD4421C2BEBCDCBC9663C23064B0445101114BF8 ] uagp35 C:\Windows\system32\drivers\uagp35.sys06:30:19.0982 0x2acc uagp35 - ok06:30:20.0011 0x2acc [ FAF2640A2A76ED03D449E443194C4C34, CC2517DCFE6962EB2EDEB93E44CB53B113974C9C69A050E3F36385C8D78E810B ] udfs C:\Windows\system32\DRIVERS\udfs.sys06:30:20.0020 0x2acc udfs - ok06:30:20.0047 0x2acc [ 060507C4113391394478F6953A79EEDC, 5D0AE5F1184165289DC8E8CD493607FCB68512CF90F748E3BFD2250655D784D4 ] UI0Detect C:\Windows\system32\UI0Detect.exe06:30:20.0050 0x2acc UI0Detect - ok06:30:20.0076 0x2acc [ 4EC9447AC3AB462647F60E547208CA00, F304125321B1ECA915EDDBDB6A71EAEF3123DCB5604C9497D72F12E0C1BD5315 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys06:30:20.0079 0x2acc uliagpkx - ok06:30:20.0108 0x2acc [ 697F0446134CDC8F99E69306184FBBB4, A741882B8FE403E3A5DECED5D4A2254B14AF40ACECD4DAA3D00D71C2205C2C5F ] uliahci C:\Windows\system32\drivers\uliahci.sys06:30:20.0115 0x2acc uliahci - ok06:30:20.0144 0x2acc [ 31707F09846056651EA2C37858F5DDB0, A619AC4B32EA77AC29458894614870086C4DDB81525ADBCFF1AB8970FC5C257A ] UlSata C:\Windows\system32\drivers\ulsata.sys06:30:20.0149 0x2acc UlSata - ok06:30:20.0158 0x2acc [ 85E5E43ED5B48C8376281BAB519271B7, DBDA4216553F7C5EA0C579346D0A638E62766D5B8FCB1BFF3149BB37BBF978D3 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys06:30:20.0164 0x2acc ulsata2 - ok06:30:20.0179 0x2acc [ 46E9A994C4FED537DD951F60B86AD3F4, 256F93ED3BD43B50F0D4489164D959F95AB070CC25A80A46355D2B387D336224 ] umbus C:\Windows\system32\DRIVERS\umbus.sys06:30:20.0181 0x2acc umbus - ok06:30:20.0241 0x2acc [ A565B509000BD3E42A9B93B9FFD40D3D, A22734F2DDAAD743D479D40EA91024F1A16A18D9D6C9FC4F90F3930AD040BFA3 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys06:30:20.0244 0x2acc usbaudio - ok06:30:20.0294 0x2acc [ 858CC93477F9A9383E07861892600FF9, C72B25E7F6AF46AC22F8D2A1FA0345B290AAE642442C8A388EA75944334BB289 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys06:30:20.0298 0x2acc usbccgp - ok06:30:20.0315 0x2acc [ 9247F7E0B65852C1F6631480984D6ED2, E3360A0EE891B8BADEF5FF53F796C79D6AD218961087F866E451F3B6F278672A ] usbcir C:\Windows\system32\drivers\usbcir.sys06:30:20.0318 0x2acc usbcir - ok06:30:20.0337 0x2acc [ 82C3790E4E6F35087EF00994C7A72988, 95FA022BDAC65DCD2DA52C8FCC1F2C186B321F4599F40CB90262E24FD10AE16C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys06:30:20.0339 0x2acc usbehci - ok06:30:20.0364 0x2acc [ BE2EB33AF6EE2E5DA07EB987E0A321F5, 0FCFABA080C553451AE4FAFB54DFE57639251D97DA204C07EC66F469826F3B46 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys06:30:20.0372 0x2acc usbhub - ok06:30:20.0385 0x2acc [ EBA14EF0C07CEC233F1529C698D0D154, FBA35D53A90FD6C3F91DA5ECE10EF29858CB4CB512AA20548225F83E9FE0A23D ] usbohci C:\Windows\system32\drivers\usbohci.sys06:30:20.0387 0x2acc usbohci - ok06:30:20.0399 0x2acc [ 28B693B6D31E7B9332C1BDCEFEF228C1, 6B756E6D7459F755C76BC3F497643F6818F107304B789952B233C6585434F3A8 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys06:30:20.0401 0x2acc usbprint - ok06:30:20.0430 0x2acc [ C024814884CE9E6C2E6ED76A63AC3B9A, 39C9EB54998547B0B65EEE6391AA326B02C7CA52FAE9CEB98D538FEC8D9F1858 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys06:30:20.0432 0x2acc usbscan - ok06:30:20.0457 0x2acc [ B854C1558FCA0C269A38663E8B59B581, 08CC36B33FA2281FC88671BE051863AA8CA911446D24596049DB77FB4CB09EA6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS06:30:20.0461 0x2acc USBSTOR - ok06:30:20.0480 0x2acc [ 308F6DDC052C970D679DA37D8A305279, E0F4C3C8F27E21C186289B115ECAB771777BC7E848F29D683C53C9F936F30848 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys06:30:20.0482 0x2acc usbuhci - ok06:30:20.0511 0x2acc [ D76E231E4850BB3F88A3D9A78DF191E3, 98CAD31C41AD155EA853DF850D94FA29543C3A7D26262D1B6881281D033CEBAF ] UxSms C:\Windows\System32\uxsms.dll06:30:20.0514 0x2acc UxSms - ok06:30:20.0549 0x2acc [ 294945381DFA7CE58CECF0A9896AF327, 67414C6D79D2826BC86BB37349C9D74DB4B667310CBC1ABFD103E26332AE4A00 ] vds C:\Windows\System32\vds.exe06:30:20.0563 0x2acc vds - ok06:30:20.0592 0x2acc [ 916B94BCF1E09873FFF2D5FB11767BBC, 072007FED4EF30C4D7AF8628CBEB2AC99EEAD99D7AB533E90E3748E3D4F11C28 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys06:30:20.0593 0x2acc vga - ok06:30:20.0599 0x2acc [ B83AB16B51FEDA65DD81B8C59D114D63, 97D39AA763037752D87216B83896AFD2AD6DFEBB3BCDCED7A9ABFE5706B804C5 ] VgaSave C:\Windows\System32\drivers\vga.sys06:30:20.0602 0x2acc VgaSave - ok06:30:20.0620 0x2acc [ 8294B6C3FDB6C33F24E150DE647ECDAA, FEBD9536EF61F700DFD5D9CB815808C8415D5B23590B3CE17B12D84F4670EA4D ] viaide C:\Windows\system32\drivers\viaide.sys06:30:20.0622 0x2acc viaide - ok06:30:20.0639 0x2acc [ 2B7E885ED951519A12C450D24535DFCA, 249009EBC1D306D51FDFA4A89588462AA2D8B6DF0A20BE250B60DD73200CB7F3 ] volmgr C:\Windows\system32\drivers\volmgr.sys06:30:20.0642 0x2acc volmgr - ok06:30:20.0677 0x2acc [ CEC5AC15277D75D9E5DEC2E1C6EAF877, EA989E257C4409F9AF3B35C4D7ED9134D930FE3733B077C4F3AA5497796F2CB0 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys06:30:20.0688 0x2acc volmgrx - ok06:30:20.0712 0x2acc [ 582F710097B46140F5A89A19A6573D4B, 6F695B17BF476D027D3012352F3D4DFD0E0815823DA51A136767ECEF6D64A1CA ] volsnap C:\Windows\system32\drivers\volsnap.sys06:30:20.0720 0x2acc volsnap - ok06:30:20.0745 0x2acc [ A68F455ED2673835209318DD61BFBB0E, 8B2B255E8E2F8B415F7AC0F7F4C423F639DD47737F7CEE0F7C816D9A6893C5F7 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys06:30:20.0750 0x2acc vsmraid - ok06:30:20.0819 0x2acc [ B75232DAD33BFD95BF6F0A3E6BFF51E1, A8120040F144AD42A39347A615F31BF752634994D4D134E2FAD23FEA9C1D71DF ] VSS C:\Windows\system32\vssvc.exe06:30:20.0856 0x2acc VSS - ok06:30:20.0880 0x2acc [ F14A7DE2EA41883E250892E1E5230A9A, EBCB74BE26437F6FE84A3B41AD034F451D4BD12CA77D4C7A433DB912E7D31593 ] W32Time C:\Windows\system32\w32time.dll06:30:20.0891 0x2acc W32Time - ok06:30:20.0922 0x2acc [ FEF8FE5923FEAD2CEE4DFABFCE3393A7, D682FBF78CF987609AF35A019E7C90CBE02800D7DFC272FFDD71D82AA362FA7A ] WacomPen C:\Windows\system32\drivers\wacompen.sys06:30:20.0923 0x2acc WacomPen - ok06:30:20.0943 0x2acc [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys06:30:20.0946 0x2acc Wanarp - ok06:30:20.0952 0x2acc [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys06:30:20.0954 0x2acc Wanarpv6 - ok06:30:20.0960 0x2acc [ 0C17A0816F65B89E362E682AD5E7266E, 6233213D07B234056A1EC6FE1166A65371645269132B428FF3A29DDC0000301A ] Wd C:\Windows\system32\drivers\wd.sys06:30:20.0962 0x2acc Wd - ok06:30:21.0004 0x2acc [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys06:30:21.0024 0x2acc Wdf01000 - ok06:30:21.0063 0x2acc [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiServiceHost C:\Windows\system32\wdi.dll06:30:21.0067 0x2acc WdiServiceHost - ok06:30:21.0073 0x2acc [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiSystemHost C:\Windows\system32\wdi.dll06:30:21.0077 0x2acc WdiSystemHost - ok06:30:21.0103 0x2acc [ BD9A749F36710FFA02E0E530F7451936, B57A80CA9D689C0122771205F16E1458BEAC7A68B9C2B492FE5EF329FD0DFAFE ] Wecsvc C:\Windows\system32\wecsvc.dll06:30:21.0111 0x2acc Wecsvc - ok06:30:21.0139 0x2acc [ 9C980351D7E96288EA0C23AE232BD065, BA627B04C4259716B451F421F5310A69D8DE9407DE496AA0489139125E9DC16A ] wercplsupport C:\Windows\System32\wercplsupport.dll06:30:21.0144 0x2acc wercplsupport - ok06:30:21.0169 0x2acc [ 66B9ECEBC46683F47EDC06333C075FEF, 35C33596D97DB65DE0A687644E9AD924AD5FCBAFD83FE4D23E7E58EF4BC4CC87 ] WerSvc C:\Windows\System32\WerSvc.dll06:30:21.0174 0x2acc WerSvc - ok06:30:21.0204 0x2acc WinDefend - ok06:30:21.0210 0x2acc WinHttpAutoProxySvc - ok06:30:21.0279 0x2acc [ D2E7296ED1BD26D8DB2799770C077A02, B494719C2DEB7B9D2505866868143C4E4F59B88461920AA49BD9F1251B6571B8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll06:30:21.0286 0x2acc Winmgmt - ok06:30:21.0378 0x2acc [ 42717DB2BE3A075D0F0CD5C927C27A43, 7CC116B2F6F2911E05A1E7AAE790D2D75F388438AF050B1A7E7C595ABF5F16A4 ] WinRM C:\Windows\system32\WsmSvc.dll06:30:21.0421 0x2acc WinRM - ok06:30:21.0482 0x2acc [ 7F2F9E48566B2087F2AAAD258CB2A8D4, E6A34DF879F6D9F24C8CE5F131B4A104BCDF8720B0F4C6211FF4C9BD567EFB77 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.SYS06:30:21.0484 0x2acc WinUsb - ok06:30:21.0525 0x2acc [ EC339C8115E91BAED835957E9A677F16, 3BBE6D4F1731198E8F0CFEE67C4CCA5C31E6968F8E02EF9E029C1847A26F513B ] Wlansvc C:\Windows\System32\wlansvc.dll06:30:21.0550 0x2acc Wlansvc - ok06:30:21.0567 0x2acc [ E18AEBAAA5A773FE11AA2C70F65320F5, 9E2F6FC0F46D0EEEBF4BC1E3D8800B3D268079ABF8EDDD70CD21B789883D7390 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys06:30:21.0568 0x2acc WmiAcpi - ok06:30:21.0598 0x2acc [ 21FA389E65A852698B6A1341F36EE02D, 2D60911EAAE26C4CE3DEF4FAD1EDE093F912209AA90741AAA8B93F06B37DF605 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe06:30:21.0605 0x2acc wmiApSrv - ok06:30:21.0628 0x2acc WMPNetworkSvc - ok06:30:21.0659 0x2acc [ CBC156C913F099E6680D1DF9307DB7A8, FD8B227F445679E31048CA41442A978A98F267FED96E22C235F63C72AEEE2AB0 ] WPCSvc C:\Windows\System32\wpcsvc.dll06:30:21.0666 0x2acc WPCSvc - ok06:30:21.0689 0x2acc [ 6329D1990DB931073B86AB5946D8E317, F33581D21659A274BF5C0762E24A7DBEEB6380AB6ED0FACD76F1BD2858C4DA49 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys06:30:21.0692 0x2acc WpdUsb - ok06:30:21.0707 0x2acc [ 8A900348370E359B6BFF6A550E4649E1, 3EAD0B951EAF8E940ED6A79FAAAB7D22ACCF3985795F80206A3A07161D319B39 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys06:30:21.0709 0x2acc ws2ifsl - ok06:30:21.0735 0x2acc [ 9EA3E6D0EF7A5C2B9181961052A4B01A, F39BAF1FC7DD1600C0052C2A6AA3BCBC8CA3DA96D1AC7B42B0F2810D051EE1B0 ] wscsvc C:\Windows\system32\wscsvc.dll06:30:21.0739 0x2acc wscsvc - ok06:30:21.0744 0x2acc WSearch - ok06:30:21.0830 0x2acc [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll06:30:21.0893 0x2acc wuauserv - ok06:30:21.0922 0x2acc [ 501A65252617B495C0F1832F908D54D8, CB18A80EAB2F23579D1D38B12CD04CF579C6D0B73127A1E88305CC0488D40B2C ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys06:30:21.0926 0x2acc WUDFRd - ok06:30:21.0954 0x2acc [ 6CBD51FF913C851D56ED9DC7F2A27DDE, 736C66A944F3D37464052211B2728AD53D31CB631CD33B9E094C00D76BF17399 ] wudfsvc C:\Windows\System32\WUDFSvc.dll06:30:21.0958 0x2acc wudfsvc - ok06:30:21.0963 0x2acc ================ Scan global ===============================06:30:21.0997 0x2acc [ 060DC3A7A9A2626031EB23D90151428D, 4AADA06E83603E9D4894D6CFC8DADB018307B384F438C809D4BC8E22BD937C3B ] C:\Windows\system32\basesrv.dll06:30:22.0032 0x2acc [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll06:30:22.0056 0x2acc [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll06:30:22.0110 0x2acc [ 934E0B7D77FF78C18D9F8891221B6DE3, BB1ACD3CD6482D8B7C5931E8733B8094D2CE59C4FBC4012BD0799C8DC367FB74 ] C:\Windows\system32\services.exe06:30:22.0122 0x2acc [ Global ] - ok06:30:22.0122 0x2acc ================ Scan MBR ==================================06:30:22.0146 0x2acc [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR006:30:22.0371 0x2acc \Device\Harddisk0\DR0 - ok06:30:22.0371 0x2acc ================ Scan VBR ==================================06:30:22.0374 0x2acc [ 3E312F46E1CE63EF6FA0360C4F3A6239 ] \Device\Harddisk0\DR0\Partition106:30:22.0405 0x2acc \Device\Harddisk0\DR0\Partition1 - ok06:30:22.0408 0x2acc [ 485FF70FFCF07181594FB446573B4C20 ] \Device\Harddisk0\DR0\Partition206:30:22.0446 0x2acc \Device\Harddisk0\DR0\Partition2 - ok06:30:22.0446 0x2acc ================ Scan generic autorun ======================06:30:22.0473 0x2acc [ 64951155A608D063CC57716EB6918279, 9384A1F5E087AFD16D6AA5DAC7695FD1C03AD8F9958D25BFB474FAF12418ED93 ] C:\Windows\system32\WpcUmi.exe06:30:22.0480 0x2acc WPCUMI - ok06:30:22.0579 0x2acc [ 569AC1376B12D4083FC66CC7A304F234, DD209F09573F10A77D710E30EF3D0461D2E8F4E5F18106B18EFB587C88393460 ] C:\Program Files\Microsoft Security Client\msseces.exe06:30:22.0609 0x2acc MSC - ok06:30:22.0612 0x2acc SysTrayApp - ok06:30:22.0673 0x2acc [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe06:30:22.0687 0x2acc mcui_exe - ok06:30:22.0772 0x2acc [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe06:30:22.0795 0x2acc Adobe ARM - ok06:30:22.0872 0x2acc [ DAC9B43BBFA0359E252DDB0CB91DEA6D, 2A109ABECF757567735C439663ED618B49EF7749ABEE6AEF8A100B2028C31A38 ] C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe06:30:22.0875 0x2acc DELL Webcam Manager - ok06:30:22.0930 0x2acc [ EE1111977B9995D5E8CBB72C0591EA0E, E96503B78041412EEBE639FFCFBEF81EF900EA5AA4D8D8744CF5711007CEDF56 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe06:30:22.0932 0x2acc APSDaemon - ok06:30:23.0007 0x2acc [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files (x86)\QuickTime\QTTask.exe06:30:23.0018 0x2acc QuickTime Task - ok06:30:23.0084 0x2acc [ 225518F190EDBC37CA32197A3E94B498, 9208BDEFCF6DC18291C74C147DC17061FC8C040E068D4D4020E8E2AE64CF99BB ] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe06:30:23.0092 0x2acc TkBellExe - ok06:30:23.0109 0x2acc [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe06:30:23.0118 0x2acc mcpltui_exe - ok06:30:23.0171 0x2acc [ 085BE68B52CE5A5FA4621507AD518CF3, A1761157760F68FE00F34B0182D1D8629EFE7753F4582C6F5ECD422627A8489E ] C:\Program Files (x86)\iTunes\iTunesHelper.exe06:30:23.0176 0x2acc iTunesHelper - ok06:30:23.0307 0x2acc [ 9C5A0F070196B601D629F5BA9AA921F8, BB77BAD24B44A3CB32CD1FACB758E347BE2F5C49C11E494797635D741867AF2B ] C:\Program Files\Windows Sidebar\sidebar.exe06:30:23.0334 0x2acc Sidebar - ok06:30:23.0397 0x2acc [ 3609A9830FB127EE1066EA7A744DC479, 78D4223937DC2E6FA28C32459F059A02D1BE0DCB7A49E3CF14FF350A9DC4AF0A ] C:\Program Files (x86)\Microsoft Money\System\Money Express.exe06:30:23.0401 0x2acc MoneyAgent - ok06:30:23.0466 0x2acc [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe06:30:23.0467 0x2acc swg - ok06:30:23.0585 0x2acc [ C13B42E5692C98A2660135E4BEB26A1A, 13E5B4BEAE604BDCD514A6A960D9FBC5927A8AD1BB1BD0EA0049BA1B7165D939 ] C:\Users\Sharon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe06:30:23.0610 0x2acc SansaDispatch - ok06:30:23.0669 0x2acc [ 65437DAD4F238EA9549408A783002222, 756C846C2DD8209E9161C2DD701E46DF73E1C757F2B66CAE7A579ADF8EF7E000 ] C:\Windows\ehome\ehTray.exe06:30:23.0673 0x2acc ehTray.exe - ok06:30:23.0740 0x2acc [ 2204A26AC363ABD5CE37461A36637807, 61B3F07CB7376872999871521B5B0E585FFCC100FF6515BF187AD676D1C3B621 ] C:\ProgramData\sysiwp\sysiwp.exe06:30:23.0771 0x2acc sysiwp - ok06:30:23.0838 0x2acc [ 9C5A0F070196B601D629F5BA9AA921F8, BB77BAD24B44A3CB32CD1FACB758E347BE2F5C49C11E494797635D741867AF2B ] C:\Program Files\Windows Sidebar\sidebar.exe06:30:23.0865 0x2acc Sidebar - ok06:30:23.0895 0x2acc [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files (x86)\QuickTime\QTTask.exe06:30:23.0902 0x2acc QuickTime Task - ok06:30:23.0904 0x2acc Waiting for KSN requests completion. In queue: 31306:30:24.0904 0x2acc Waiting for KSN requests completion. In queue: 31306:30:25.0904 0x2acc Waiting for KSN requests completion. In queue: 31306:30:26.0904 0x2acc Waiting for KSN requests completion. In queue: 31306:30:28.0092 0x2acc AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x52010 ( disabled : outofdate )06:30:28.0093 0x2acc AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x61000 ( enabled : updated )06:30:28.0095 0x2acc FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x52010 ( disabled )06:30:28.0188 0x2acc Win FW state via NFP2: enabled06:30:30.0647 0x2acc ============================================================06:30:30.0647 0x2acc Scan finished06:30:30.0647 0x2acc ============================================================06:30:30.0656 0x1774 Detected object count: 006:30:30.0657 0x1774 Actual detected object count: 0
  6. Here is the first 1/2 of the report. (post was too long)No threats were found. 06:29:21.0559 0x2668 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:5406:29:40.0519 0x2668 ============================================================06:29:40.0519 0x2668 Current date / time: 2014/06/08 06:29:40.051906:29:40.0519 0x2668 SystemInfo:06:29:40.0519 0x2668 06:29:40.0519 0x2668 OS Version: 6.0.6002 ServicePack: 2.006:29:40.0519 0x2668 Product type: Workstation06:29:40.0520 0x2668 ComputerName: SHARON-PC06:29:40.0520 0x2668 UserName: Sharon06:29:40.0520 0x2668 Windows directory: C:\Windows06:29:40.0520 0x2668 System windows directory: C:\Windows06:29:40.0520 0x2668 Running under WOW6406:29:40.0520 0x2668 Processor architecture: Intel x6406:29:40.0520 0x2668 Number of processors: 406:29:40.0520 0x2668 Page size: 0x100006:29:40.0520 0x2668 Boot type: Normal boot06:29:40.0520 0x2668 ============================================================06:29:40.0822 0x2668 KLMD registered as C:\Windows\system32\drivers\20314002.sys06:29:41.0416 0x2668 System UUID: {0D6D4161-6539-CD1D-1ED9-C70EB82C9E8F}06:29:43.0826 0x2668 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004006:29:43.0834 0x2668 ============================================================06:29:43.0834 0x2668 \Device\Harddisk0\DR0:06:29:43.0834 0x2668 MBR partitions:06:29:43.0834 0x2668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E0000006:29:43.0834 0x2668 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x48A3800006:29:43.0834 0x2668 ============================================================06:29:43.0840 0x2668 C: <-> \Device\Harddisk0\DR0\Partition206:29:43.0870 0x2668 D: <-> \Device\Harddisk0\DR0\Partition106:29:43.0870 0x2668 ============================================================06:29:43.0870 0x2668 Initialize success06:29:43.0870 0x2668 ============================================================06:29:54.0180 0x2acc ============================================================06:29:54.0180 0x2acc Scan started06:29:54.0180 0x2acc Mode: Manual; 06:29:54.0181 0x2acc ============================================================06:29:54.0181 0x2acc KSN ping started06:30:02.0571 0x2acc KSN ping finished: true06:30:03.0500 0x2acc ================ Scan system memory ========================06:30:03.0500 0x2acc System memory - ok06:30:03.0500 0x2acc ================ Scan services =============================06:30:03.0686 0x2acc [ 1965AAFFAB07E3FB03C77F81BEBA3547, 351A1EBB1B95C8E03ED125C8F997DEE810B4DF36AD290E7685FC01963B522BFC ] ACPI C:\Windows\system32\drivers\acpi.sys06:30:03.0695 0x2acc ACPI - ok06:30:03.0821 0x2acc [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe06:30:03.0823 0x2acc AdobeARMservice - ok06:30:03.0978 0x2acc [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe06:30:03.0985 0x2acc AdobeFlashPlayerUpdateSvc - ok06:30:04.0136 0x2acc [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys06:30:04.0149 0x2acc adp94xx - ok06:30:04.0178 0x2acc [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci C:\Windows\system32\drivers\adpahci.sys06:30:04.0216 0x2acc adpahci - ok06:30:04.0238 0x2acc [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m C:\Windows\system32\drivers\adpu160m.sys06:30:04.0242 0x2acc adpu160m - ok06:30:04.0263 0x2acc [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320 C:\Windows\system32\drivers\adpu320.sys06:30:04.0268 0x2acc adpu320 - ok06:30:04.0319 0x2acc [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll06:30:04.0321 0x2acc AeLookupSvc - ok06:30:04.0359 0x2acc [ 2BA159E1F9FD75F6A496742B20F1D9CF, 50094F6E8415ACDBC0DA9C24EDAB3F9B192D2F0D6A820C18E8DBC6D72849D612 ] AFD C:\Windows\system32\drivers\afd.sys06:30:04.0371 0x2acc AFD - ok06:30:04.0410 0x2acc [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440 C:\Windows\system32\drivers\agp440.sys06:30:04.0412 0x2acc agp440 - ok06:30:04.0472 0x2acc [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx C:\Windows\system32\drivers\djsvs.sys06:30:04.0475 0x2acc aic78xx - ok06:30:04.0492 0x2acc [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG C:\Windows\System32\alg.exe06:30:04.0496 0x2acc ALG - ok06:30:04.0511 0x2acc [ 9544C2C55541C0C6BFD7B489D0E7D430, E242A7632BB51C965A7D2E2B0112C75018C0BB4B9A574920E44756E3AC1D8E77 ] aliide C:\Windows\system32\drivers\aliide.sys06:30:04.0512 0x2acc aliide - ok06:30:04.0568 0x2acc [ 5EBA5E837D6635AEA999BAE47E186C6F, F185EAB171B8298ABCAE61B8265F57580AE8A2F424D5BD51E56C6AB482D26FCE ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe06:30:04.0574 0x2acc AMD External Events Utility - ok06:30:04.0593 0x2acc [ 970FA5059E61E30D25307B99903E991E, CFB241803A63EA3469B2596462A42DDCA813B3ACF96E56BB34F5979BB34DDC32 ] amdide C:\Windows\system32\drivers\amdide.sys06:30:04.0595 0x2acc amdide - ok06:30:04.0608 0x2acc [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8 C:\Windows\system32\drivers\amdk8.sys06:30:04.0611 0x2acc AmdK8 - ok06:30:04.0914 0x2acc [ DCC8177244FE79C61C4E73C65E63922A, 1AF6FB52FD7499F1E1C0530C9A75BDC62A2D2EEBC138496DA28E941454708E1E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys06:30:05.0136 0x2acc amdkmdag - ok06:30:05.0186 0x2acc [ 7FE67D107329DC2CF89136A8E19BCEB7, B8048BF857E52CB5CACC1503F6246F12302DC43FA7B814EE169D2EAD3294C8D1 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys06:30:05.0202 0x2acc amdkmdap - ok06:30:05.0336 0x2acc [ F518545E5B7623AD49ABE7F8776EFA46, CD39B6EC0D80C6DB857F34D4AC5C31085271B51B8851A56FEFC052B20B7CC40C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe06:30:05.0338 0x2acc Apple Mobile Device - ok06:30:05.0382 0x2acc [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc C:\Windows\system32\drivers\arc.sys06:30:05.0385 0x2acc arc - ok06:30:05.0425 0x2acc [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas C:\Windows\system32\drivers\arcsas.sys06:30:05.0436 0x2acc arcsas - ok06:30:05.0482 0x2acc [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys06:30:05.0483 0x2acc AsyncMac - ok06:30:05.0534 0x2acc [ F988BB0690CD660318037908E9B8DBF7, E536F371AB31B69FB0AA619C0C04B031A17C89064E90D3C57ED45E280A117C65 ] atapi C:\Windows\system32\drivers\atapi.sys06:30:05.0536 0x2acc atapi - ok06:30:05.0834 0x2acc [ DCC8177244FE79C61C4E73C65E63922A, 1AF6FB52FD7499F1E1C0530C9A75BDC62A2D2EEBC138496DA28E941454708E1E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys06:30:06.0002 0x2acc atikmdag - ok06:30:06.0086 0x2acc [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll06:30:06.0098 0x2acc AudioEndpointBuilder - ok06:30:06.0112 0x2acc [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioSrv C:\Windows\System32\Audiosrv.dll06:30:06.0121 0x2acc AudioSrv - ok06:30:06.0143 0x2acc Beep - ok06:30:06.0173 0x2acc [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] BFE C:\Windows\System32\bfe.dll06:30:06.0186 0x2acc BFE - ok06:30:06.0281 0x2acc [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] BITS C:\Windows\system32\qmgr.dll06:30:06.0354 0x2acc BITS - ok06:30:06.0385 0x2acc [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys06:30:06.0387 0x2acc blbdrive - ok06:30:06.0491 0x2acc [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe06:30:06.0513 0x2acc Bonjour Service - ok06:30:06.0540 0x2acc [ 2348447A80920B2493A9B582A23E81E1, 50F9242B7104607E633ABAF4E0A213C1C1226BF81F7FB4E216A9E878247B868C ] bowser C:\Windows\system32\DRIVERS\bowser.sys06:30:06.0543 0x2acc bowser - ok06:30:06.0583 0x2acc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys06:30:06.0585 0x2acc BrFiltLo - ok06:30:06.0597 0x2acc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys06:30:06.0598 0x2acc BrFiltUp - ok06:30:06.0627 0x2acc [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser C:\Windows\System32\browser.dll06:30:06.0631 0x2acc Browser - ok06:30:06.0649 0x2acc [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid C:\Windows\system32\drivers\brserid.sys06:30:06.0652 0x2acc Brserid - ok06:30:06.0673 0x2acc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys06:30:06.0675 0x2acc BrSerWdm - ok06:30:06.0690 0x2acc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys06:30:06.0692 0x2acc BrUsbMdm - ok06:30:06.0704 0x2acc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys06:30:06.0706 0x2acc BrUsbSer - ok06:30:06.0718 0x2acc [ E0777B34E05F8A82A21856EFC900C29F, A7ACE3C65D1773C50ACD98A13B3ADBDD2A6052D7F5D124CB6EE6E7C22151A424 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys06:30:06.0721 0x2acc BTHMODEM - ok06:30:06.0747 0x2acc catchme - ok06:30:06.0755 0x2acc [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys06:30:06.0759 0x2acc cdfs - ok06:30:06.0775 0x2acc [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys06:30:06.0777 0x2acc cdrom - ok06:30:06.0804 0x2acc [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] CertPropSvc C:\Windows\System32\certprop.dll06:30:06.0806 0x2acc CertPropSvc - ok06:30:06.0876 0x2acc [ 0C48BDA498B0109F21729A556F1B21FF, 81392C6D585D5BA048E4D9616CAE316B334687456394BEF847FBD04D3F5E3F88 ] cfwids C:\Windows\system32\drivers\cfwids.sys06:30:06.0879 0x2acc cfwids - ok06:30:06.0907 0x2acc [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass C:\Windows\system32\drivers\circlass.sys06:30:06.0909 0x2acc circlass - ok06:30:06.0943 0x2acc [ 3DCA9A18B204939CFB24BEA53E31EB48, 73CEDE020A6C8269EE8847A4E43071FD231179DA9430DE2983263B8345AD92B7 ] CLFS C:\Windows\system32\CLFS.sys06:30:06.0966 0x2acc CLFS - ok06:30:07.0053 0x2acc [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe06:30:07.0056 0x2acc clr_optimization_v2.0.50727_32 - ok06:30:07.0128 0x2acc [ CE07A466201096F021CD09D631B21540, 1A11DDAB7000569A89F3FA26BDEE4D527FA6D57D3F91CDABAA9C02CACDDE5F6D ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe06:30:07.0131 0x2acc clr_optimization_v2.0.50727_64 - ok06:30:07.0149 0x2acc [ E5D5499A1C50A54B5161296B6AFE6192, 20A8A0478918063A9EE81565F21F4ACCAA7B6A8B2E9E084099879D85574BAB3E ] cmdide C:\Windows\system32\drivers\cmdide.sys06:30:07.0151 0x2acc cmdide - ok06:30:07.0156 0x2acc [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt C:\Windows\system32\drivers\compbatt.sys06:30:07.0158 0x2acc Compbatt - ok06:30:07.0163 0x2acc COMSysApp - ok06:30:07.0233 0x2acc [ 7150E3708FB489E7941F7A6A7A0DB282, 2D521FCF3CC75C86FF74B885490000A94468FC68113785B700FF62C912511843 ] CouponPrinterService C:\Program Files (x86)\Coupons\CouponPrinterService.exe06:30:07.0242 0x2acc CouponPrinterService - ok06:30:07.0254 0x2acc [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys06:30:07.0256 0x2acc crcdisk - ok06:30:07.0314 0x2acc [ 5AAC48EAF8EACF247DB44FB61B900D89, D20FCD5C71CA18F284D3DFD0CED37F6888A296E76B7B0563F2F4668CF90FE752 ] CryptSvc C:\Windows\system32\cryptsvc.dll06:30:07.0319 0x2acc CryptSvc - ok06:30:07.0370 0x2acc [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] DcomLaunch C:\Windows\system32\rpcss.dll06:30:07.0385 0x2acc DcomLaunch - ok06:30:07.0431 0x2acc [ 8B722BA35205C71E7951CDC4CDBADE19, 39720A60DFD0532F7E1A1976240E9828559BF9E0C6D1CFBF4D911965BFD94158 ] DfsC C:\Windows\system32\Drivers\dfsc.sys06:30:07.0435 0x2acc DfsC - ok06:30:07.0604 0x2acc [ C647F468F7DE343DF8C143655C5557D4, E2D35FE49C408B952D8FE0C7EF70D42798229D30B89CEF9858BAC9F4F9E98EF2 ] DFSR C:\Windows\system32\DFSR.exe06:30:07.0689 0x2acc DFSR - ok06:30:07.0741 0x2acc [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] Dhcp C:\Windows\System32\dhcpcsvc.dll06:30:07.0746 0x2acc Dhcp - ok06:30:07.0754 0x2acc [ B0107E40ECDB5FA692EBF832F295D905, 76466BB9E4F12436ECCCB9D89EB20762B4785F82F02591B51A735A590E248264 ] disk C:\Windows\system32\drivers\disk.sys06:30:07.0756 0x2acc disk - ok06:30:07.0808 0x2acc [ 06230F1B721494A6DF8D47FD395BB1B0, F6CA8270740E01D9CE2FE8E34BC067C7EDC15BA610F461860E1D17D135C8A379 ] Dnscache C:\Windows\System32\dnsrslvr.dll06:30:07.0812 0x2acc Dnscache - ok06:30:07.0893 0x2acc [ DB29915209770D8B59654345EC2D943A, 3D55C5F86E8FC46A82ECA4CBE30DE1C53AB9F6CD79D1597571667774DD86ABD2 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe06:30:07.0898 0x2acc DockLoginService - ok06:30:07.0923 0x2acc [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] dot3svc C:\Windows\System32\dot3svc.dll06:30:07.0930 0x2acc dot3svc - ok06:30:07.0943 0x2acc [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS C:\Windows\system32\dps.dll06:30:07.0947 0x2acc DPS - ok06:30:07.0991 0x2acc [ F1A78A98CFC2EE02144C6BEC945447E6, D2E2AA13BE6319F967002476A5D3CF09B1B44350576DD8E1C1C531854F53B488 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys06:30:07.0992 0x2acc drmkaud - ok06:30:08.0051 0x2acc [ 0A3C78677FF62E9E0AE7CC25C790A968, 6A2D81BC3715FD4960D2C853870C056C5BFE581B25C4592CBF65EAC044DFEAB3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys06:30:08.0074 0x2acc DXGKrnl - ok06:30:08.0108 0x2acc [ 090C52161E62D06CC7DF831F4BFF7644, 6ACB77D0E90F24D71022BFD1056F20590E90F768A3495B18328A87AD5495AE3D ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys06:30:08.0117 0x2acc e1express - ok06:30:08.0149 0x2acc [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys06:30:08.0154 0x2acc E1G60 - ok06:30:08.0214 0x2acc [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost C:\Windows\System32\eapsvc.dll06:30:08.0217 0x2acc EapHost - ok06:30:08.0255 0x2acc [ 5F94962BE5A62DB6E447FF6470C4F48A, D00F9B3315DE8610BBE93FFD3CA3E2CF5B10697C518FC25FA4274CC6894D022B ] Ecache C:\Windows\system32\drivers\ecache.sys06:30:08.0260 0x2acc Ecache - ok06:30:08.0326 0x2acc [ 14CE384D2E27B64C256BDA4DC39C312D, D5FA9C2BB162F1C22E419D33671B8202AAC245A87F6B183B97F83F5BFA165B41 ] ehRecvr C:\Windows\ehome\ehRecvr.exe06:30:08.0350 0x2acc ehRecvr - ok06:30:08.0371 0x2acc [ B93159C1313D66FDFBBE876F5189CD52, 51E39160EA56F6B08449267EDF2A0F604612663768D2348DE23554AB07BDBB62 ] ehSched C:\Windows\ehome\ehsched.exe06:30:08.0375 0x2acc ehSched - ok06:30:08.0406 0x2acc [ F5EE2527D74449868E3C3227A59BCD28, 11640E97EE9D8F9A5DC3FEA6BA7A737AA796A7235C7F5C7EF1ABFB51C9D730D3 ] ehstart C:\Windows\ehome\ehstart.dll06:30:08.0408 0x2acc ehstart - ok06:30:08.0423 0x2acc [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor C:\Windows\system32\drivers\elxstor.sys06:30:08.0441 0x2acc elxstor - ok06:30:08.0471 0x2acc [ A9B18B63A4FD6BAAB83326706D857FAB, 7721CC67C0F8CE3060D0EB35A10E4ADC1E3CB470C0797B17D606060C270F96D7 ] EMDMgmt C:\Windows\system32\emdmgmt.dll06:30:08.0482 0x2acc EMDMgmt - ok06:30:08.0512 0x2acc [ BC3A58E938BB277E46BF4B3003B01ABD, 2BB054E632A96951DAB25B3BE8541AEC1B97A7739FC8D0E34BE8B9295600C8FC ] ErrDev C:\Windows\system32\drivers\errdev.sys06:30:08.0514 0x2acc ErrDev - ok06:30:08.0586 0x2acc [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] EventSystem C:\Windows\system32\es.dll06:30:08.0596 0x2acc EventSystem - ok06:30:08.0606 0x2acc [ 486844F47B6636044A42454614ED4523, 3E24E78584B199C0FAA59613EEB7DF67B3B878B277A0130C7A3FF608C130BA2F ] exfat C:\Windows\system32\drivers\exfat.sys06:30:08.0610 0x2acc exfat - ok06:30:08.0627 0x2acc [ 1A4BEE34277784619DDAF0422C0C6E23, 3223E1B5DD4866D8E09F1B465FF82C911DDEE5B01B084543086E47B11D2AEA77 ] fastfat C:\Windows\system32\drivers\fastfat.sys06:30:08.0631 0x2acc fastfat - ok06:30:08.0650 0x2acc [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc C:\Windows\system32\DRIVERS\fdc.sys06:30:08.0651 0x2acc fdc - ok06:30:08.0662 0x2acc [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost C:\Windows\system32\fdPHost.dll06:30:08.0664 0x2acc fdPHost - ok06:30:08.0679 0x2acc [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub C:\Windows\system32\fdrespub.dll06:30:08.0682 0x2acc FDResPub - ok06:30:08.0696 0x2acc [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo C:\Windows\system32\drivers\fileinfo.sys06:30:08.0698 0x2acc FileInfo - ok06:30:08.0713 0x2acc [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace C:\Windows\system32\drivers\filetrace.sys06:30:08.0715 0x2acc Filetrace - ok06:30:08.0728 0x2acc [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys06:30:08.0730 0x2acc flpydisk - ok06:30:08.0760 0x2acc [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys06:30:08.0768 0x2acc FltMgr - ok06:30:08.0838 0x2acc [ BC5B0BE5AF3510B0FD8C140EE42C6D3E, B21CA5F14BDB6CFD97A24C28BB2AD0D704C46058F13B01FF4203514FE8B92591 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe06:30:08.0840 0x2acc FontCache3.0.0.0 - ok06:30:08.0853 0x2acc [ 5779B86CD8B32519FBECB136394D946A, 68A395CD2287D22CB5C8CFE5A3006A61AC0C3FDAADF166C93240FF83C0315DCF ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys06:30:08.0854 0x2acc Fs_Rec - ok06:30:08.0861 0x2acc [ C8E416668D3DC2BE3D4FE4C79224997F, 7DBC8E7687179A649638F606C9584F2E8EC2065762997CDF151F9BB99FA8D535 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys06:30:08.0863 0x2acc gagp30kx - ok06:30:08.0879 0x2acc [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys06:30:08.0881 0x2acc GEARAspiWDM - ok06:30:08.0929 0x2acc [ A0E1B575BA8F504968CD40C0FAEB2384, F64A24A5A93F4E757882E97C65DA612F07A87F4DDD2E10C1AB0250AFA03BCEF1 ] gpsvc C:\Windows\System32\gpsvc.dll06:30:08.0949 0x2acc gpsvc - ok06:30:09.0027 0x2acc [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe06:30:09.0032 0x2acc gupdate - ok06:30:09.0055 0x2acc [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe06:30:09.0058 0x2acc gupdatem - ok06:30:09.0135 0x2acc [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe06:30:09.0141 0x2acc gusvc - ok06:30:09.0167 0x2acc [ 68E732382B32417FF61FD663259B4B09, 10C5365AEAC46DF4F5F6A8F96D15141B4709851D4752613233E57EB20CE16446 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys06:30:09.0175 0x2acc HdAudAddService - ok06:30:09.0221 0x2acc [ F942C5820205F2FB453243EDFEC82A3D, 17A6A3DCF884FB524C93F2477D97E9F2B8E547709F8F2AEA93BEEA322B62E914 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys06:30:09.0266 0x2acc HDAudBus - ok06:30:09.0289 0x2acc [ B4881C84A180E75B8C25DC1D726C375F, C0BEDBF43EFB0DD442A1D7985EA4A7493671648954B7D1840E30FB2FC46589A4 ] HidBth C:\Windows\system32\drivers\hidbth.sys06:30:09.0290 0x2acc HidBth - ok06:30:09.0309 0x2acc [ 4E77A77E2C986E8F88F996BB3E1AD829, 1748676EB038A145405080B829DF4156C2596691BE5C67FD8269BE8D9351B400 ] HidIr C:\Windows\system32\drivers\hidir.sys06:30:09.0310 0x2acc HidIr - ok06:30:09.0321 0x2acc [ 59361D38A297755D46A540E450202B2A, ED97800A3FF9B90EC58BC5122C42B53F46D9C157EFE488481E8677ED7058E33D ] hidserv C:\Windows\System32\hidserv.dll06:30:09.0324 0x2acc hidserv - ok06:30:09.0347 0x2acc [ 443BDD2D30BB4F00795C797E2CF99EDF, BCE1A241AE5CCE3E1C65CCF07ECB4305C7106F2EFFD51F2C519EB00026B474C4 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys06:30:09.0348 0x2acc HidUsb - ok06:30:09.0377 0x2acc [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys06:30:09.0383 0x2acc HipShieldK - ok06:30:09.0420 0x2acc [ B12F367EA39C0795FD57E31242CE1A5A, 498439FE4D1217211EB6C1AC35CDA5D59F3AE8F06AF5E41EE9FDB0DC559FBE27 ] hkmsvc C:\Windows\system32\kmsvc.dll06:30:09.0424 0x2acc hkmsvc - ok06:30:09.0542 0x2acc [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] HomeNetSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe06:30:09.0551 0x2acc HomeNetSvc - ok06:30:09.0591 0x2acc [ D7109A1E6BD2DFDBCBA72A6BC626A13B, 6141B6645F4152A326ECA8AD0DD04CB38C9EDA395BDF6FF260AB17CB86FC4C87 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys06:30:09.0593 0x2acc HpCISSs - ok06:30:09.0604 0x2acc [ DBD2BB97A574FC565B1EB5C0A03F917A, 3946F8F95C3A7371E168BC82F068E7F830A07FD545A16F47336902E174E0370A ] HPFXBULK C:\Windows\system32\drivers\hpfx64bulk.sys06:30:09.0606 0x2acc HPFXBULK - ok06:30:09.0661 0x2acc [ 098F1E4E5C9CB5B0063A959063631610, 36B02A738413E4745978E3E90D9CE8ABC08376BEE411008A4312A752CB4A2E13 ] HTTP C:\Windows\system32\drivers\HTTP.sys06:30:09.0677 0x2acc HTTP - ok06:30:09.0713 0x2acc [ DA94C854CEA5FAC549D4E1F6E88349E8, 10BEB47DB90F55BD1792C2041E49ED13E4E52BCC11BE6599F6DA8D91B79CC8D1 ] i2omp C:\Windows\system32\drivers\i2omp.sys06:30:09.0715 0x2acc i2omp - ok06:30:09.0756 0x2acc [ CBB597659A2713CE0C9CC20C88C7591F, A2BAC75F7247D871842A32EAA7594D338E728D1BFEAEA3C1FCDBF65F007BC06A ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys06:30:09.0758 0x2acc i8042prt - ok06:30:09.0857 0x2acc [ CB686F44BF955EA02520710A56874FA4, D898E897171B07136FCB94726AB16738C923A170B166EB5D758E404C8A6EFD0F ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe06:30:09.0866 0x2acc IAANTMON - ok06:30:09.0888 0x2acc [ 8D58627FEF3F8767665D9F4DC91CBD97, 1E0C1701220A73633C53766F3BD469468135D4B97827F1659A719FCCCA34E26E ] iaStor C:\Windows\system32\drivers\iastor.sys06:30:09.0896 0x2acc iaStor - ok06:30:09.0908 0x2acc [ 3E3BF3627D886736D0B4E90054F929F6, 95A138B65DC9133E92F53A529C7AD897D8823EFAED343756549FDF6C8C749CD0 ] iaStorV C:\Windows\system32\drivers\iastorv.sys06:30:09.0916 0x2acc iaStorV - ok06:30:09.0993 0x2acc [ 749F5F8CEDCA70F2A512945325FC489D, 443B4F779F27CD69C1F072823FCD9E5BA7590B6F48BE759DC6A1F898C467E58F ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe06:30:10.0040 0x2acc idsvc - ok06:30:10.0062 0x2acc [ 8C3951AD2FE886EF76C7B5027C3125D3, 85CF7231756E02BD9E5F4378F3FC794394A072B8028F27827F83ACE9EE554499 ] iirsp C:\Windows\system32\drivers\iirsp.sys06:30:10.0064 0x2acc iirsp - ok06:30:10.0107 0x2acc [ 0401A380C88754B2399F8043AC9B2BF9, BFF3B53FAFAE6622AA9F74BAA4A3D522C06E2D732B88916766603B9FE8D0D77F ] IKEEXT C:\Windows\System32\ikeext.dll06:30:10.0119 0x2acc IKEEXT - ok06:30:10.0153 0x2acc [ DF797A12176F11B2D301C5B234BB200E, 384343636B21CA7EDF28EFD1B6728EAB1508CA49CE48FF3DC0D91DB843C0C73E ] intelide C:\Windows\system32\drivers\intelide.sys06:30:10.0154 0x2acc intelide - ok06:30:10.0170 0x2acc [ BFD84AF32FA1BAD6231C4585CB469630, 33E0842F2D0879B02C115301174FCB19ED3AAF7B1B8E6284839CE16DE56476EA ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys06:30:10.0172 0x2acc intelppm - ok06:30:10.0231 0x2acc [ D8AABC341311E4780D6FCE8C73C0AD81, 141E8032A934777567E6DAC35FB1C77C40D9B6EE477F17F872F35833A8F57F72 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys06:30:10.0233 0x2acc IpFilterDriver - ok06:30:10.0261 0x2acc [ BF0DBFA9792C5C14FA00F61C75116C1B, 24C14DCAF57013F1C238E3C123279737420A714EB29CB69239C9838C9A269A59 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll06:30:10.0268 0x2acc iphlpsvc - ok06:30:10.0275 0x2acc [ 9C2EE2E6E5A7203BFAE15C299475EC67, E51628ECAB9CCCBCE02801C5E71406487A280765FEE318D14B0C227141B87658 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys06:30:10.0278 0x2acc IPMIDRV - ok06:30:10.0286 0x2acc [ B7E6212F581EA5F6AB0C3A6CEEEB89BE, C29D7F392116BB09F7047A90702331F200DACFB3C94E7F912932971E0B7F0413 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys06:30:10.0290 0x2acc IPNAT - ok06:30:10.0367 0x2acc [ F7ED08D4BC89D7AC6135C1556A89157F, 8F15F1E528F6513FCEF5D966880CBA8A2C7A4816393393F4B201CDD6227F36A3 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe06:30:10.0383 0x2acc iPod Service - ok06:30:10.0398 0x2acc [ 8C42CA155343A2F11D29FECA67FAA88D, 699F06D25C5F270CE1194F4D350CB0BE22C6AB609EECF35D066C034AC380BEE3 ] IRENUM C:\Windows\system32\drivers\irenum.sys06:30:10.0408 0x2acc IRENUM - ok06:30:10.0470 0x2acc [ 0672BFCEDC6FC468A2B0500D81437F4F, A0322B569C309F258684AFECCD52924A33F363186261730469245B7FA357C645 ] isapnp C:\Windows\system32\drivers\isapnp.sys06:30:10.0472 0x2acc isapnp - ok06:30:10.0528 0x2acc [ E4FDF99599F27EC25D2CF6D754243520, 9139E708EE30F10652C9A458BD58B0343A3C05E84CD3E71FA0B0E4123503CF7B ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys06:30:10.0535 0x2acc iScsiPrt - ok06:30:10.0555 0x2acc [ 63C766CDC609FF8206CB447A65ABBA4A, D9CA006FA852C95E90E8A0837E296FCBFD76246DA8AFDE563863D5F95BDFEC52 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys06:30:10.0557 0x2acc iteatapi - ok06:30:10.0572 0x2acc [ 1281FE73B17664631D12F643CBEA3F59, B27571A0348CDF81DC102A61712CBA9A4AF7AC0015A7702B0DE73AD4E4646853 ] iteraid C:\Windows\system32\drivers\iteraid.sys06:30:10.0574 0x2acc iteraid - ok06:30:10.0585 0x2acc [ 423696F3BA6472DD17699209B933BC26, 00C2EAA1A8E9D422D178B7678598743234930C1858D76C632F079EF789BB56C3 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys06:30:10.0587 0x2acc kbdclass - ok06:30:10.0593 0x2acc [ DBDF75D51464FBC47D0104EC3D572C05, E392EE961E734620245874C7700D56621A1A990C45DF5CE0B7D270BA708F255E ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys06:30:10.0594 0x2acc kbdhid - ok06:30:10.0623 0x2acc [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] KeyIso C:\Windows\system32\lsass.exe06:30:10.0625 0x2acc KeyIso - ok06:30:10.0663 0x2acc [ 88956AD9FA510848AD176777A6C6C1F5, 8F2FBF7E70F836C2C11EE5ABCAFE3E51DC26E953DDFBEE3C1B4AA8E58EBDCF5E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys06:30:10.0677 0x2acc KSecDD - ok06:30:10.0699 0x2acc [ 1D419CF43DB29396ECD7113D129D94EB, 21ECCE9D17F055C7B5066110864E10C99291CE50B389C545371333904CE2DBB5 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys06:30:10.0701 0x2acc ksthunk - ok06:30:10.0766 0x2acc [ 1FAF6926F3416D3DA05C5B265491BDAE, 3989E18522691CC3820092033E00ED39D08861DFB369AA0DFFF4B379E48EA1F0 ] KtmRm C:\Windows\system32\msdtckrm.dll06:30:10.0777 0x2acc KtmRm - ok06:30:10.0832 0x2acc [ 50C7A3CB427E9BB5ED0708A669956AB5, 3DAD1C01AE58FE2C6134283B19118E2F3C884DDFFBAE4A46B7B5E4FB1A2567A1 ] LanmanServer C:\Windows\System32\srvsvc.dll06:30:10.0838 0x2acc LanmanServer - ok06:30:10.0887 0x2acc [ CAF86FC1388BE1E470F1A7B43E348ADB, 9E9AE0B617D1031E8462524802A2D997AE7C944A7D00D403FF903145A7FEB761 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll06:30:10.0894 0x2acc LanmanWorkstation - ok06:30:10.0920 0x2acc [ 96ECE2659B6654C10A0C310AE3A6D02C, 3322E87B9F64C3ACBCB634F2390AAB212FA7695383BF01F0092A803871BF19B2 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys06:30:10.0922 0x2acc lltdio - ok06:30:10.0950 0x2acc [ 961CCBD0B1CCB5675D64976FAE37D092, 258378BE76A13E4368C9587E6A22727721E4B267B0D26D3D3E333B3B2A5A0611 ] lltdsvc C:\Windows\System32\lltdsvc.dll06:30:10.0959 0x2acc lltdsvc - ok06:30:10.0981 0x2acc [ A47F8080CACC23C91FE823AD19AA5612, 161575406D158D6D5C9220F1E82C0CC19108C74ADC35C509BAF9B0C414EFD8EE ] lmhosts C:\Windows\System32\lmhsvc.dll06:30:10.0983 0x2acc lmhosts - ok06:30:11.0006 0x2acc [ ACBE1AF32D3123E330A07BFBC5EC4A9B, 0E17E4DD30B5AF8F269EF8EA003836C9E16273262A050B9BE3ED802DD3AC9319 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys06:30:11.0010 0x2acc LSI_FC - ok06:30:11.0018 0x2acc [ 799FFB2FC4729FA46D2157C0065B3525, AB462A34D061C113DA12641C45159A58D0AEA1C440233D061A20DF99586CFA93 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys06:30:11.0021 0x2acc LSI_SAS - ok06:30:11.0029 0x2acc [ F445FF1DAAD8A226366BFAF42551226B, 92B63E15363F1EAE8A54D4E74ED21669D0A9FE99C654671556C58456228278B1 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys06:30:11.0033 0x2acc LSI_SCSI - ok06:30:11.0040 0x2acc [ 52F87B9CC8932C2A7375C3B2A9BE5E3E, 2EB22DD418D4934BDD22C5DB49D5D06178EC0419AB5CC28DD544CA91823987B0 ] luafv C:\Windows\system32\drivers\luafv.sys06:30:11.0044 0x2acc luafv - ok06:30:11.0228 0x2acc [ 2D46DC95709F2967D401326CA67D4111, E3D0ABD776AC769799033C23B00BCAEDB53339BB1B262224F39F93C6895DDAAF ] M4-Service C:\Users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe06:30:11.0270 0x2acc M4-Service - ok06:30:11.0296 0x2acc [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys06:30:11.0298 0x2acc MBAMProtector - ok06:30:11.0386 0x2acc [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe06:30:11.0430 0x2acc MBAMScheduler - ok06:30:11.0470 0x2acc [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe06:30:11.0492 0x2acc MBAMService - ok06:30:11.0558 0x2acc [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys06:30:11.0561 0x2acc MBAMSwissArmy - ok06:30:11.0603 0x2acc [ 3C88AB26DEDCD50396240CA37D5085AF, 2513CBD3CA303CB9B424659F2F5E89B22CA4E724DCEB31B4A0DA1A5B731A9A39 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys06:30:11.0605 0x2acc MBAMWebAccessControl - ok06:30:11.0701 0x2acc [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe06:30:11.0707 0x2acc McAfee SiteAdvisor Service - ok06:30:11.0782 0x2acc [ 96E7AA538AB0EDECCAB3862BA4B66232, 8AF460093B4DC1FD81C4508A57B6A80A7FB2E1818A3405506B8DB5B521615FB6 ] McAPExe C:\Program Files\McAfee\MSC\McAPExe.exe06:30:11.0787 0x2acc McAPExe - ok06:30:11.0848 0x2acc [ F8B823414A22DBF3BEC10DCAA5F93CD8, 651C7521033439C0AA9006F1AC2CF376B1588CE781BEE4D10B7622FA3D055F6C ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe06:30:11.0857 0x2acc McciCMService - ok06:30:11.0943 0x2acc [ 859E5A32485178DAECA06B52E2BB44B2, 10402A9E290821A2F353CB58DA3362FB38D8BCC0E5F174F6CFEE9BE022CE0FD8 ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe06:30:11.0969 0x2acc McciCMService64 - ok06:30:12.0029 0x2acc [ 49F5B235EDC9C6AC0ABA44737B190317, 096D8D583ED024F1B3AD30DD5EBA38B1FEE518166E157C0E3890D80687181F60 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe06:30:12.0050 0x2acc McComponentHostService - ok06:30:12.0088 0x2acc [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McMPFSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe06:30:12.0095 0x2acc McMPFSvc - ok06:30:12.0128 0x2acc [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McNaiAnn C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe06:30:12.0135 0x2acc McNaiAnn - ok06:30:12.0193 0x2acc [ 63D93A440E7AC015D85B9A3DA0C1BBAF, 849A13E91B041DEC2A47F5BE65ADBA6CAC8AF01675D0D8E13730724B54B4DD15 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe06:30:12.0210 0x2acc McODS - ok06:30:12.0223 0x2acc [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] mcpltsvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe06:30:12.0229 0x2acc mcpltsvc - ok06:30:12.0262 0x2acc [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McProxy C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe06:30:12.0268 0x2acc McProxy - ok06:30:12.0305 0x2acc [ 76A58DF02BD4EA29F189B82D0BEF17F8, B3A96AABE050BB332ECD9AF7C35D08B468AC459D30FF4D49B609BA3F95ECEEDA ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll06:30:12.0308 0x2acc Mcx2Svc - ok06:30:12.0365 0x2acc [ 5C5CD6AACED32FB26C3FB34B3DCF972F, 34A66C21FA79800D3CDE933CFA71343218F94D67AAE763EA0B53AC49060CB6D0 ] megasas C:\Windows\system32\drivers\megasas.sys06:30:12.0366 0x2acc megasas - ok06:30:12.0405 0x2acc [ 859BC2436B076C77C159ED694ACFE8F8, 4AEA57A8B9EACEC1B8DED3ECC95621C56E6D65CFE2DA9F07DAF7C7BAD132B624 ] MegaSR C:\Windows\system32\drivers\megasr.sys06:30:12.0442 0x2acc MegaSR - ok06:30:12.0476 0x2acc [ 4800829B6DA07ED8818EBC3AB4ECB2AF, B75BC9838B4A4CEB65AFE246B01FD545DC7AACA192AC0F7B4E7A0F5DF6A454E3 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys06:30:12.0481 0x2acc mfeapfk - ok06:30:12.0545 0x2acc [ 001EF965C2869723E5929255E7F4BDB0, E9F6DC7842DAE743881F7DC9AE9CDBF2DBD1DD48A387AF92E32AA13CAEFCBEF6 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys06:30:12.0553 0x2acc mfeavfk - ok06:30:12.0673 0x2acc [ E85AC33B3E5D81BF750AC8FFBE7FD46F, 5F62E2732B234176A94E8E3F34A125935FC8D52F608CB4F38FE0DE3E7B25E3D5 ] mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe06:30:12.0699 0x2acc mfecore - ok06:30:12.0755 0x2acc [ A769FABF6F9B5E72450F9E161C83D495, 3601A1242885B778B81AB2ABA95F6EAA026427A3F8072427A0A4DF7B93CF4CE1 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe06:30:12.0761 0x2acc mfefire - ok06:30:12.0831 0x2acc [ F153129E35F2D1C893A099368B55E530, 08D5F93CF2A6994700D1F29239BF7F5B4EA48793211E24601B1FE4A8BC96F092 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys06:30:12.0845 0x2acc mfefirek - ok06:30:12.0889 0x2acc [ 63835C12B7B9E1B8EA1D195E9A2A786A, C25CFAE33178AE0CB84F078113F328308FB107D574A27653323F909B41B41C01 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys06:30:12.0908 0x2acc mfehidk - ok06:30:12.0980 0x2acc [ 9BBE68D37302E191788058ECA974B870, 9D1034097328A4E83479594DD2AFA857B58D758C227F952FDCED7DEEF23B8D5D ] mfencbdc C:\Windows\system32\DRIVERS\mfencbdc.sys06:30:12.0991 0x2acc mfencbdc - ok06:30:13.0031 0x2acc [ 5A0A092F04A83505799F857371E4A3FF, 1BD7726CB3CDFA7B5C225B695B07AC143B7BE2A3DBD596B30DB2816D407A6C9E ] mfencrk C:\Windows\system32\DRIVERS\mfencrk.sys06:30:13.0035 0x2acc mfencrk - ok06:30:13.0083 0x2acc [ FAB7B6D571B810B73F5BB286AB439687, D1898B16E9FCABFF1BC937427B18B1083018B4F5DED6A04A2967352FF5857218 ] mfevtp C:\Windows\system32\mfevtps.exe06:30:13.0089 0x2acc mfevtp - ok06:30:13.0109 0x2acc [ 57CC9413361359476B844339417F1CFF, 87093104871F8B6A6336404F0C497A6B5473AA0E770C54ABF233428FB151FD4C ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys06:30:13.0119 0x2acc mfewfpk - ok06:30:13.0150 0x2acc [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] MMCSS C:\Windows\system32\mmcss.dll06:30:13.0152 0x2acc MMCSS - ok06:30:13.0186 0x2acc [ 59848D5CC74606F0EE7557983BB73C2E, EA6ACF0619DE1E4272AEDC69F2E66E29DA499E8E8094243C9EF735FD8369229D ] Modem C:\Windows\system32\drivers\modem.sys06:30:13.0187 0x2acc Modem - ok06:30:13.0212 0x2acc [ C247CC2A57E0A0C8C6DCCF7807B3E9E5, 357811D1B8F70828F6432879F59DAB916FBB55673B3473D879382DE33CFB3FAF ] monitor C:\Windows\system32\DRIVERS\monitor.sys06:30:13.0214 0x2acc monitor - ok06:30:13.0230 0x2acc [ 9367304E5E412B120CF5F4EA14E4E4F1, F87EBACEE27A50E6610FDCB4BD3001C35A99FEE6D63D643FF2CBF0D484CD082C ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys06:30:13.0233 0x2acc mouclass - ok06:30:13.0282 0x2acc [ C2C2BD5C5CE5AAF786DDD74B75D2AC69, B77E4A7511923E7BD35A177A40B4E461AC9CB050D6F0575D4799DEF85DA6DA38 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys06:30:13.0284 0x2acc mouhid - ok06:30:13.0305 0x2acc [ 11BC9B1E8801B01F7F6ADB9EAD30019B, 1BAF820C0AB1B70A114E767B2155A58BF86CD0D9CF582813C1635A86BE3A7A05 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys06:30:13.0308 0x2acc MountMgr - ok06:30:13.0358 0x2acc [ E1B6FCAE82474FC071155263E2841D54, 341E2CEB1A86586730130311C4FAF86851151D5F08EF915A5F89B6C4094AE1F4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe06:30:13.0361 0x2acc MozillaMaintenance - ok06:30:13.0426 0x2acc [ 9EB89625A82AC961F25E7C865947BF9A, 91DB9530CDE883DC60BE621AC4210ACD069631D9466E37411D9D6AEE587098D9 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys06:30:13.0441 0x2acc MpFilter - ok06:30:13.0463 0x2acc [ F8276EB8698142884498A528DFEA8478, C0FF504F721F1D00F42CFE783D4F32C6728518F64646F5C5C11BA3A4824815BB ] mpio C:\Windows\system32\drivers\mpio.sys06:30:13.0467 0x2acc mpio - ok06:30:13.0491 0x2acc [ C92B9ABDB65A5991E00C28F13491DBA2, D1233381A9E4262F0AB396BBDB7DE402D4370805E11EB8A118C846F6E9474098 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys06:30:13.0495 0x2acc mpsdrv - ok06:30:13.0542 0x2acc [ 897E3BAF68BA406A61682AE39C83900C, 13F61D5C22BED061BE7C2669CCCAA2BAD4A0CE83800DF57A50306DE0A476FC27 ] MpsSvc C:\Windows\system32\mpssvc.dll06:30:13.0559 0x2acc MpsSvc - ok06:30:13.0584 0x2acc [ 3C200630A89EF2C0864D515B7A75802E, AA4A312E7A28FCE7A944747BADB809CAAD3D67899EBBE663D473621DB25B140A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys06:30:13.0586 0x2acc Mraid35x - ok06:30:13.0601 0x2acc [ 7C1DE4AA96DC0C071611F9E7DE02A68D, 8B248A82324FB23C64D41FA91BCC22093DE44C48D688E5995C484A7072A6EC08 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys06:30:13.0605 0x2acc MRxDAV - ok06:30:13.0614 0x2acc [ 1485811B320FF8C7EDAD1CAEBB1C6C2B, 9F157AAA1A793EF7E52817E4126B774C17FFA0036DADCF10A024FDC068F94F67 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys06:30:13.0618 0x2acc mrxsmb - ok06:30:13.0647 0x2acc [ 3B929A60C833FC615FD97FBA82BC7632, 40EEBEB43F42A1A37FAA529E0C21984426F90C1EEFE1EF9BB2F696164595F91D ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys06:30:13.0655 0x2acc mrxsmb10 - ok06:30:13.0663 0x2acc [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3, 197F70E24D2BBDEC35C2D5BC442267ACC4C5AE3FD5BB30A0928976BE9758C942 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys06:30:13.0666 0x2acc mrxsmb20 - ok06:30:13.0687 0x2acc [ 730B784962D22D2C6481EAE2370E7C8C, D797363808125247CFCE49E5E427193B95292260B70CDB882331CD9F58F8979B ] msahci C:\Windows\system32\drivers\msahci.sys06:30:13.0689 0x2acc msahci - ok06:30:13.0696 0x2acc [ 264BBB4AAF312A485F0E44B65A6B7202, 1DF36540C77D5D885B6C2EE91F0446864D8E6D6CFED87A9ED0765E76FE05E102 ] msdsm C:\Windows\system32\drivers\msdsm.sys06:30:13.0700 0x2acc msdsm - ok06:30:13.0738 0x2acc [ 7EC02CE772F068ED0BEAFA3DA341A9BC, 3B5B4EA0BF1D1E57F4DF74A569304A5EE41821F5E2F352760B8C9CA82C6D8292 ] MSDTC C:\Windows\System32\msdtc.exe06:30:13.0743 0x2acc MSDTC - ok06:30:13.0770 0x2acc [ 704F59BFC4512D2BB0146AEC31B10A7C, F7712944DDC192C47953D577BE31B79B4D11217305B1C3D0DCA31B1518CB8DCB ] Msfs C:\Windows\system32\drivers\Msfs.sys06:30:13.0772 0x2acc Msfs - ok06:30:13.0814 0x2acc [ 00EBC952961664780D43DCA157E79B27, 4F8F5718D8574A128E0F6CD54C9BE59A93A7638A5689A8FF68D0C81D3E67808F ] msisadrv C:\Windows\system32\drivers\msisadrv.sys06:30:13.0816 0x2acc msisadrv - ok06:30:13.0845 0x2acc [ 366B0C1F4478B519C181E37D43DCDA32, A98E2BC397FAD7D90653F55AC283CACAE7465D7F10A198D715046B1D896AF246 ] MSiSCSI C:\Windows\system32\iscsiexe.dll06:30:13.0850 0x2acc MSiSCSI - ok06:30:13.0855 0x2acc msiserver - ok06:30:13.0905 0x2acc [ 0EA73E498F53B96D83DBFCA074AD4CF8, E3DDE34FCFF272E06CD8DA836F8D79E2515885715D4A7CD7BF8D97D7A4E0E781 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys06:30:13.0907 0x2acc MSKSSRV - ok06:30:13.0980 0x2acc [ 89F2AEDC2788696702141AB82C3E7866, E166CBD8D3C708737C37172221945D8E56C25C2CC750889C3CE14AA2DE750F33 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe06:30:13.0982 0x2acc MsMpSvc - ok06:30:14.0000 0x2acc [ 52E59B7E992A58E740AA63F57EDBAE8B, A89F607B330BA1F42CA9FF01EF289BBD088350CF376568E58CB9865F1DA6CD72 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys06:30:14.0001 0x2acc MSPCLOCK - ok06:30:14.0007 0x2acc [ 49084A75BAE043AE02D5B44D02991BB2, 4CD2692D191035CE9D18F4D21F054FF8C3F9CF2734464EA33EAB480A28AD447F ] MSPQM C:\Windows\system32\drivers\MSPQM.sys06:30:14.0008 0x2acc MSPQM - ok06:30:14.0034 0x2acc [ DC6CCF440CDEDE4293DB41C37A5060A5, 768D08A67508E1CE69B67642A5E5A639C0DD1E93C956C56ECC5A56B0E502C953 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys06:30:14.0040 0x2acc MsRPC - ok06:30:14.0069 0x2acc [ 855796E59DF77EA93AF46F20155BF55B, 75DFCEE16A9D94EDF74295B9686D92552817E8A00958917CB0E17089EDCF6A97 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys06:30:14.0071 0x2acc mssmbios - ok06:30:14.0076 0x2acc [ 86D632D75D05D5B7C7C043FA3564AE86, 96911FBC106B91E76598EE110B5147D4C55E42C9194E857F866B6B395E78D2CB ] MSTEE C:\Windows\system32\drivers\MSTEE.sys06:30:14.0078 0x2acc MSTEE - ok06:30:14.0090 0x2acc [ 0CC49F78D8ACA0877D885F149084E543, 984DDCB52F0DFC1B26C6504FE500E8D9C2CA7F79ED34608AE9866A0915B8BA67 ] Mup C:\Windows\system32\Drivers\mup.sys06:30:14.0093 0x2acc Mup - ok06:30:14.0134 0x2acc [ A5B10C845E7538C60C0F5D87A57CB3F5, 2B4E16702591C59BC2CA2B99DBB504BAB4F4EF0835B0D9C7453D340CBF0BDF16 ] napagent C:\Windows\system32\qagentRT.dll06:30:14.0144 0x2acc napagent - ok06:30:14.0191 0x2acc [ 2007B826C4ACD94AE32232B41F0842B9, 6267D165C3C8C5F83194890A6DBF71226D4B891AECD1D06F7AEB5D738C3DC9CA ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys06:30:14.0204 0x2acc NativeWifiP - ok06:30:14.0269 0x2acc [ 65950E07329FCEE8E6516B17C8D0ABB6, 4429D9FF9B6E376D28D8FA4906B7554DF566EC23E455E3166C496B579622F204 ] NDIS C:\Windows\system32\drivers\ndis.sys06:30:14.0288 0x2acc NDIS - ok06:30:14.0316 0x2acc [ 64DF698A425478E321981431AC171334, C43177CB60F5D58E1FF7A31E9BE5DA7D92C4B25235867DD65BADC069EDF023F3 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys06:30:14.0318 0x2acc NdisTapi - ok06:30:14.0323 0x2acc [ 8BAA43196D7B5BB972C9A6B2BBF61A19, 8AFFB26F6E8CF67F562818BBFE12FB448E4FCDF9B68858B625681565DE30DDC1 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys06:30:14.0325 0x2acc Ndisuio - ok06:30:14.0344 0x2acc [ F8158771905260982CE724076419EF19, B86FFA790A30ED614A11C87F4D738C913EFC0924DC14750D544001D4E9556071 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys06:30:14.0348 0x2acc NdisWan - ok06:30:14.0367 0x2acc [ 9CB77ED7CB72850253E973A2D6AFDF49, C3C15B317A7F7AE68B7BC62343962C47F075240F252727811DB4BEE443F9103F ] NDProxy C:\Windows\system32\drivers\NDProxy.sys06:30:14.0369 0x2acc NDProxy - ok06:30:14.0372 0x2acc Net CLR - ok06:30:14.0387 0x2acc [ A499294F5029A7862ADC115BDA7371CE, 6BE0AAFE4EB59E056A929D6C1A009D8DFD547025481108CEFB12E5D6F86DBE14 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys06:30:14.0389 0x2acc NetBIOS - ok06:30:14.0401 0x2acc [ FC2C792EBDDC8E28DF939D6A92C83D61, 9EDF8B56E2B47C31457074DA371B604E5F7EB2B3B5CD4688CBEEDD5B266D119B ] netbt C:\Windows\system32\DRIVERS\netbt.sys06:30:14.0407 0x2acc netbt - ok06:30:14.0421 0x2acc [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] Netlogon C:\Windows\system32\lsass.exe06:30:14.0423 0x2acc Netlogon - ok06:30:14.0491 0x2acc [ 9B63B29DEFC0F3115A559D2597BF5D75, 297319D3F2E97CB34464EA59D8FD96AC2B8B1A4F2AEE666937F16A041128021F ] Netman C:\Windows\System32\netman.dll06:30:14.0514 0x2acc Netman - ok06:30:14.0560 0x2acc [ 74751DDA198165947FD7454D83F49825, 24639B7E71D77999762BDDC65696E1EB868165C03C64278A6176B4505D0EEBB5 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe06:30:14.0564 0x2acc NetTcpPortSharing - ok06:30:14.0584 0x2acc [ 4AC08BD6AF2DF42E0C3196D826C8AEA7, 8D7DE921E14BAF09D7E2704CFB2FB1C8A78A46DAF86CDF7A347C5D113A8C110B ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys06:30:14.0586 0x2acc nfrd960 - ok06:30:14.0605 0x2acc [ C3E0696C3B42F694C5822776AA6FFFDF, 80C3DEC2C48500F96C9E677450EFC1ADA9FE9FBB70F4CC2D7D9244B1A515418B ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys06:30:14.0610 0x2acc NisDrv - ok06:30:14.0642 0x2acc [ DCEE3592299B2229A0DB98CB415059A2, 709AAA095DF44DDCB6159CE1635AB05EC666D845445790E569F56B297DC64AC3 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe06:30:14.0651 0x2acc NisSrv - ok06:30:14.0672 0x2acc [ F145BF4C4668E7E312069F81EF847CFC, C4926EFB41FE2813E90D83456C6CB8F3157D835391B443C7E26168F4E1D67DC7 ] NlaSvc C:\Windows\System32\nlasvc.dll06:30:14.0677 0x2acc NlaSvc - ok06:30:14.0697 0x2acc [ B298874F8E0EA93F06EC40AA8D146478, 275D769E5EFD3153985DAF84C5B22B9D65428E09AB41099901ABDD03B3A2625D ] Npfs C:\Windows\system32\drivers\Npfs.sys06:30:14.0698 0x2acc Npfs - ok06:30:14.0755 0x2acc [ ACB62BAA1C319B17752553DF3026EEEB, 5A309DF390A097245250BB64AD5F8575BECA601E0A122DDCB494C67D3D9EA089 ] nsi C:\Windows\system32\nsisvc.dll06:30:14.0757 0x2acc nsi - ok06:30:14.0769 0x2acc [ 1523AF19EE8B030BA682F7A53537EAEB, B000630CE4B562D39B5EE4148409B2E01D8924D33D27607B24ADC901357E7AA5 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys06:30:14.0771 0x2acc nsiproxy - ok06:30:14.0839 0x2acc [ 2ACCAA3C3C55370A32F17B3595E1A217, 8539A293A5E1EBA2CC0FA9E999099D3B6B035D41069398AE17D737BBE4D9FEA8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys06:30:14.0867 0x2acc Ntfs - ok06:30:14.0891 0x2acc [ DD5D684975352B85B52E3FD5347C20CB, BB03C50D5178643550C024130E20FD9A023AE110B3C85A2D6E18FB8DBB3A12E4 ] Null C:\Windows\system32\drivers\Null.sys06:30:14.0892 0x2acc Null - ok06:30:14.0908 0x2acc [ 2C040B7ADA5B06F6FACADAC8514AA034, EF32F7C411090230ED1D95B2D01E8464DCC89D72EFD94BBC8DF6856D00B1A783 ] nvraid C:\Windows\system32\drivers\nvraid.sys06:30:14.0913 0x2acc nvraid - ok06:30:14.0932 0x2acc [ F7EA0FE82842D05EDA3EFDD376DBFDBA, 0ED0543A5331C0D8BBFD1BE3174482ED1B3EE70CA41CE8CE5C81977C37B3D129 ] nvstor C:\Windows\system32\drivers\nvstor.sys06:30:14.0935 0x2acc nvstor - ok06:30:14.0953 0x2acc [ 19067CA93075EF4823E3938A686F532F, 81339372E90CE9E2594461146A82B62452CF9DB3FF53381D30F6922059EDCF99 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys06:30:14.0957 0x2acc nv_agp - ok06:30:15.0047 0x2acc [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE06:30:15.0058 0x2acc odserv - ok06:30:15.0114 0x2acc [ E52479B03A57DC3D4BABD9C5536C94D6, 1F007C8396F9703D8B921E7A78FE5CFBAECD1396FD9C91FD726D6056F3235D24 ] OEM05Afx C:\Windows\system32\Drivers\OEM05Afx.sys06:30:15.0120 0x2acc OEM05Afx - ok06:30:15.0148 0x2acc [ 766F689564BC30E5A91F8621CE65AD68, CC98437AC8F6CF2F25331878075E1DEAF79526E82D89840BA86623F559528EDF ] OEM05Vfx C:\Windows\system32\DRIVERS\OEM05Vfx.sys06:30:15.0149 0x2acc OEM05Vfx - ok06:30:15.0174 0x2acc [ 859F850A4FD021A66493D18CBA847792, E519760DCE2D797C1B2CB1F00B9E7A409C07D57EEFBB98D4F90BE48791B10523 ] OEM05Vid C:\Windows\system32\DRIVERS\OEM05Vid.sys06:30:15.0196 0x2acc OEM05Vid - ok06:30:15.0222 0x2acc [ B5B1CE65AC15BBD11C0619E3EF7CFC28, E9AA27724A7576D1869FF861A498DB8AF79A7B297F10272F1D63E6CB88CD455B ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys06:30:15.0225 0x2acc ohci1394 - ok06:30:15.0260 0x2acc [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE06:30:15.0265 0x2acc ose - ok06:30:15.0320 0x2acc [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2pimsvc C:\Windows\system32\p2psvc.dll06:30:15.0343 0x2acc p2pimsvc - ok06:30:15.0368 0x2acc [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2psvc C:\Windows\system32\p2psvc.dll06:30:15.0384 0x2acc p2psvc - ok06:30:15.0393 0x2acc [ AECD57F94C887F58919F307C35498EA0, CD8E8B54A445EF0DC485D5F221588875C98328596F64EE03B2D8BD0B860504FB ] Parport C:\Windows\system32\drivers\parport.sys06:30:15.0397 0x2acc Parport - ok06:30:15.0412 0x2acc [ B43751085E2ABE389DA466BC62A4B987, 167CB6B18B6B7B74A229A976833E1FBE6D51C9C0EB8A23C92FC2465B692DF383 ] partmgr C:\Windows\system32\drivers\partmgr.sys06:30:15.0415 0x2acc partmgr - ok06:30:15.0441 0x2acc [ 9AB157B374192FF276C1628FBDBA2B0E, E63E2EE1ABEEC5234F4F1318757EDB4A7567057B1DF1A2414C8698D47062B6AC ] PcaSvc C:\Windows\System32\pcasvc.dll06:30:15.0445 0x2acc PcaSvc - ok06:30:15.0454 0x2acc [ 47AB1E0FC9D0E12BB53BA246E3A0906D, 82B452D614B535FAD3AFEEA06DFBBF8F7C5031563A2558CFA04F9B94C76E45DF ] pci C:\Windows\system32\drivers\pci.sys06:30:15.0458 0x2acc pci - ok06:30:15.0478 0x2acc [ 8D618C829034479985A9ED56106CC732, 9F3773A5184064092920FA2C88CCF5BFE44C63573B443E67230C4F596B7884C2 ] pciide C:\Windows\system32\drivers\pciide.sys06:30:15.0480 0x2acc pciide - ok06:30:15.0490 0x2acc [ 037661F3D7C507C9993B7010CEEE6288, A7B415675B14FD755D0167BBA458A902AA9ABFC4343A1B887289D31DE8A55285 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys06:30:15.0498 0x2acc pcmcia - ok06:30:15.0545 0x2acc [ 58865916F53592A61549B04941BFD80D, 3511AF2EFD06636E144C36ECA8C7AA1A33C269EDB10A6D879AA25D9E11359AA9 ] PEAUTH C:\Windows\system32\drivers\peauth.sys06:30:15.0564 0x2acc PEAUTH - ok06:30:15.0669 0x2acc [ 0ED8727EA0172860F47258456C06CAEA, 3CDAA1044E412EC4303CEABD36A8C7BADA2D6C6692E09B8FE440709E3F4F0166 ] PerfHost C:\Windows\SysWow64\perfhost.exe06:30:15.0672 0x2acc PerfHost - ok06:30:15.0805 0x2acc [ E9E68C1A0F25CF4A7AC966EEA74EE89E, 6C6903A856C29AD690FDA1B74ADB2222C3453FBE2B364245FA61D53C77C586C0 ] pla C:\Windows\system32\pla.dll06:30:15.0841 0x2acc pla - ok06:30:15.0893 0x2acc [ FE6B0F59215C9FD9F9D26539C58C8B82, 52CF8BE31A28430226D117EB80974AEAE5EA07F39DE881164232D44BF67FF752 ] PlugPlay C:\Windows\system32\umpnpmgr.dll06:30:15.0903 0x2acc PlugPlay - ok06:30:15.0967 0x2acc [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll06:30:15.0984 0x2acc PNRPAutoReg - ok06:30:16.0008 0x2acc [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPsvc C:\Windows\system32\p2psvc.dll06:30:16.0025 0x2acc PNRPsvc - ok06:30:16.0090 0x2acc [ 89A5560671C2D8B4A4B51F3E1AA069D8, 07DEE5D73DDE09F954E2E13BB5603F0033829B6199C81A7C1709D94AB92B351E ] PolicyAgent C:\Windows\System32\ipsecsvc.dll06:30:16.0104 0x2acc PolicyAgent - ok06:30:16.0180 0x2acc [ 23386E9952025F5F21C368971E2E7301, F7241C1799A8AA0E9106B101B841670304DC695FD8D290C690CE0ED5C13BC514 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys06:30:16.0183 0x2acc PptpMiniport - ok
  7. I thought I had followed the instructions: Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found on your DesktopExit/Close RogueKillerShould I try to run that again? I'll run the TDSSkiller and post that in the mean time, Thank you.
  8. RogueKiller report: RogueKiller V9.0.2.0 (x64) [Jun 3 2014] by Adlice Software mail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits versionStarted in : Normal modeUser : Sharon [Admin rights]Mode : Remove -- Date : 06/07/2014 19:58:18 ¤¤¤ Bad processes : 3 ¤¤¤[ZeroAccess] mcshield.exe -- [x] -> ERROR [12][suspicious.Path] OEM05Mon.exe -- C:\Windows\OEM05Mon.exe[7] -> KILLED [TermProc][suspicious.Path] (SVC) M4-Service -- C:\Users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe[7] -> STOPPED ¤¤¤ Registry Entries : 41 ¤¤¤[suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | OEM05Mon.exe : C:\Windows\OEM05Mon.exe [x] -> DELETED[shell.HJ] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A7E2\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> REPLACED (explorer.exe)[shell.HJ] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A7E2\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> REPLACED (explorer.exe)[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\M4-Service -> NOT SELECTED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Net CLR -> NOT SELECTED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M4-Service -> NOT SELECTED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Net CLR -> NOT SELECTED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\M4-Service -> NOT SELECTED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Net CLR -> NOT SELECTED[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> NOT SELECTED[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> NOT SELECTED[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> NOT SELECTED[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> NOT SELECTED[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NOT SELECTED[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NOT SELECTED[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> NOT SELECTED[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A7E2\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A7E2\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A7E2\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A7E2\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED[PUM.WallPaper] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Control Panel\Desktop | WallPaper : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg -> NOT SELECTED[PUM.WallPaper] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Control Panel\Desktop | WallPaper : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg -> NOT SELECTED ¤¤¤ Scheduled tasks : 4 ¤¤¤[suspicious.Path] \\{7177BA2D-4E13-44A7-888F-81244710D84E} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCFZW1AR\WebPostUserServlet[2].exe" -d C:\Users\Sharon) -> DELETED[suspicious.Path] \\{82E896D3-C842-4280-BE42-BF6BE919E9D7} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZN2MSN0\WebPostUserServlet[1].exe" -d C:\Users\Sharon) -> DELETED[suspicious.Path] \\{8C551938-308A-482A-98E2-1F461FD69A86} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAD3V92T\install[1].exe" -d C:\Users\Sharon) -> DELETED[suspicious.Path] \\{E503796F-154E-4CF3-8ED2-EE69F0DC3748} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YY2SZKZN\CT-Rate[1].exe" -d C:\Users\Sharon\Desktop) -> DELETED ¤¤¤ Files : 2 ¤¤¤[ZeroAccess][Folder] L -- C:\Users\Sharon\AppData\Local\{b0b2e9a6-e8ff-c1b2-3fb9-797ec509843a}\L -> DELETED[ZeroAccess][Folder] U -- C:\Users\Sharon\AppData\Local\{b0b2e9a6-e8ff-c1b2-3fb9-797ec509843a}\U -> DELETED ¤¤¤ HOSTS File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 173 ¤¤¤[EAT:Addr] (explorer.exe) WINMM.dll - AddGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x7fefbd3bde8[EAT:Addr] (explorer.exe) WINMM.dll - AttachWndProcA : C:\Windows\system32\DUser.dll @ 0x7fefbd50968[EAT:Addr] (explorer.exe) WINMM.dll - AttachWndProcW : C:\Windows\system32\DUser.dll @ 0x7fefbd3a558[EAT:Addr] (explorer.exe) WINMM.dll - AutoTrace : C:\Windows\system32\DUser.dll @ 0x7fefbd49360[EAT:Addr] (explorer.exe) WINMM.dll - BeginTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50bdc[EAT:Addr] (explorer.exe) WINMM.dll - BuildAnimation : C:\Windows\system32\DUser.dll @ 0x7fefbd3b9b8[EAT:Addr] (explorer.exe) WINMM.dll - BuildDropTarget : C:\Windows\system32\DUser.dll @ 0x7fefbd49780[EAT:Addr] (explorer.exe) WINMM.dll - BuildInterpolation : C:\Windows\system32\DUser.dll @ 0x7fefbd3b8d8[EAT:Addr] (explorer.exe) WINMM.dll - CreateAction : C:\Windows\system32\DUser.dll @ 0x7fefbd3adf4[EAT:Addr] (explorer.exe) WINMM.dll - CreateGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd34840[EAT:Addr] (explorer.exe) WINMM.dll - CreateTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50998[EAT:Addr] (explorer.exe) WINMM.dll - DUserBuildGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd50738[EAT:Addr] (explorer.exe) WINMM.dll - DUserCastClass : C:\Windows\system32\DUser.dll @ 0x7fefbd50824[EAT:Addr] (explorer.exe) WINMM.dll - DUserCastDirect : C:\Windows\system32\DUser.dll @ 0x7fefbd5089c[EAT:Addr] (explorer.exe) WINMM.dll - DUserCastHandle : C:\Windows\system32\DUser.dll @ 0x7fefbd508dc[EAT:Addr] (explorer.exe) WINMM.dll - DUserDeleteGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd4ed30[EAT:Addr] (explorer.exe) WINMM.dll - DUserFindClass : C:\Windows\system32\DUser.dll @ 0x7fefbd506c0[EAT:Addr] (explorer.exe) WINMM.dll - DUserFlushDeferredMessages : C:\Windows\system32\DUser.dll @ 0x7fefbd3c844[EAT:Addr] (explorer.exe) WINMM.dll - DUserFlushMessages : C:\Windows\system32\DUser.dll @ 0x7fefbd3c8b0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetAlphaPRID : C:\Windows\system32\DUser.dll @ 0x7fefbd49cd0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetGutsData : C:\Windows\system32\DUser.dll @ 0x7fefbd508f0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetRectPRID : C:\Windows\system32\DUser.dll @ 0x7fefbd49ce0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetRotatePRID : C:\Windows\system32\DUser.dll @ 0x7fefbd49cf0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetScalePRID : C:\Windows\system32\DUser.dll @ 0x7fefbd49d00[EAT:Addr] (explorer.exe) WINMM.dll - DUserInstanceOf : C:\Windows\system32\DUser.dll @ 0x7fefbd507a0[EAT:Addr] (explorer.exe) WINMM.dll - DUserPostEvent : C:\Windows\system32\DUser.dll @ 0x7fefbd35fe0[EAT:Addr] (explorer.exe) WINMM.dll - DUserPostMethod : C:\Windows\system32\DUser.dll @ 0x7fefbd4f8e0[EAT:Addr] (explorer.exe) WINMM.dll - DUserRegisterGuts : C:\Windows\system32\DUser.dll @ 0x7fefbd3fb3c[EAT:Addr] (explorer.exe) WINMM.dll - DUserRegisterStub : C:\Windows\system32\DUser.dll @ 0x7fefbd40660[EAT:Addr] (explorer.exe) WINMM.dll - DUserRegisterSuper : C:\Windows\system32\DUser.dll @ 0x7fefbd41040[EAT:Addr] (explorer.exe) WINMM.dll - DUserSendEvent : C:\Windows\system32\DUser.dll @ 0x7fefbd32370[EAT:Addr] (explorer.exe) WINMM.dll - DUserSendMethod : C:\Windows\system32\DUser.dll @ 0x7fefbd4f804[EAT:Addr] (explorer.exe) WINMM.dll - DUserStopAnimation : C:\Windows\system32\DUser.dll @ 0x7fefbd4a9f4[EAT:Addr] (explorer.exe) WINMM.dll - DeleteHandle : C:\Windows\system32\DUser.dll @ 0x7fefbd33070[EAT:Addr] (explorer.exe) WINMM.dll - DetachWndProc : C:\Windows\system32\DUser.dll @ 0x7fefbd31948[EAT:Addr] (explorer.exe) WINMM.dll - DllMain : C:\Windows\system32\DUser.dll @ 0x7fefbd3ddf8[EAT:Addr] (explorer.exe) WINMM.dll - DrawGadgetTree : C:\Windows\system32\DUser.dll @ 0x7fefbd505b4[EAT:Addr] (explorer.exe) WINMM.dll - EndTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50d60[EAT:Addr] (explorer.exe) WINMM.dll - EnumGadgets : C:\Windows\system32\DUser.dll @ 0x7fefbd50094[EAT:Addr] (explorer.exe) WINMM.dll - FindGadgetFromPoint : C:\Windows\system32\DUser.dll @ 0x7fefbd36d80[EAT:Addr] (explorer.exe) WINMM.dll - FindGadgetMessages : C:\Windows\system32\DUser.dll @ 0x7fefbd4fdb8[EAT:Addr] (explorer.exe) WINMM.dll - FindStdColor : C:\Windows\system32\DUser.dll @ 0x7fefbd3a4a4[EAT:Addr] (explorer.exe) WINMM.dll - FireGadgetMessages : C:\Windows\system32\DUser.dll @ 0x7fefbd4f9a0[EAT:Addr] (explorer.exe) WINMM.dll - ForwardGadgetMessage : C:\Windows\system32\DUser.dll @ 0x7fefbd3d628[EAT:Addr] (explorer.exe) WINMM.dll - GetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x7fefbd50e24[EAT:Addr] (explorer.exe) WINMM.dll - GetDebug : C:\Windows\system32\DUser.dll @ 0x7fefbd493a0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd503f8[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetAnimation : C:\Windows\system32\DUser.dll @ 0x7fefbd37154[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x7fefbd42f40[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x7fefbd4f4e0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x7fefbd38d14[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x7fefbd504e0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd371ec[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetRect : C:\Windows\system32\DUser.dll @ 0x7fefbd31dd0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetRgn : C:\Windows\system32\DUser.dll @ 0x7fefbd34af0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x7fefbd4f6dc[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x7fefbd4f2e4[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetScale : C:\Windows\system32\DUser.dll @ 0x7fefbd4f0e8[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetSize : C:\Windows\system32\DUser.dll @ 0x7fefbd501b4[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x7fefbd42c6c[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetTicket : C:\Windows\system32\DUser.dll @ 0x7fefbd354dc[EAT:Addr] (explorer.exe) WINMM.dll - GetMessageExA : C:\Windows\system32\DUser.dll @ 0x7fefbd433d0[EAT:Addr] (explorer.exe) WINMM.dll - GetMessageExW : C:\Windows\system32\DUser.dll @ 0x7fefbd4fae0[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorBrushF : C:\Windows\system32\DUser.dll @ 0x7fefbd50ff0[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorBrushI : C:\Windows\system32\DUser.dll @ 0x7fefbd31d10[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorF : C:\Windows\system32\DUser.dll @ 0x7fefbd50f7c[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorI : C:\Windows\system32\DUser.dll @ 0x7fefbd3daa4[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorName : C:\Windows\system32\DUser.dll @ 0x7fefbd512dc[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorPenF : C:\Windows\system32\DUser.dll @ 0x7fefbd5118c[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorPenI : C:\Windows\system32\DUser.dll @ 0x7fefbd510a4[EAT:Addr] (explorer.exe) WINMM.dll - GetStdPalette : C:\Windows\system32\DUser.dll @ 0x7fefbd51318[EAT:Addr] (explorer.exe) WINMM.dll - GetTransitionInterface : C:\Windows\system32\DUser.dll @ 0x7fefbd50b18[EAT:Addr] (explorer.exe) WINMM.dll - InitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x7fefbd4ebc4[EAT:Addr] (explorer.exe) WINMM.dll - InitGadgets : C:\Windows\system32\DUser.dll @ 0x7fefbd391d0[EAT:Addr] (explorer.exe) WINMM.dll - InvalidateGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd32bb8[EAT:Addr] (explorer.exe) WINMM.dll - IsGadgetParentChainStyle : C:\Windows\system32\DUser.dll @ 0x7fefbd4eec0[EAT:Addr] (explorer.exe) WINMM.dll - IsInsideContext : C:\Windows\system32\DUser.dll @ 0x7fefbd4ee40[EAT:Addr] (explorer.exe) WINMM.dll - IsStartDelete : C:\Windows\system32\DUser.dll @ 0x7fefbd3ba20[EAT:Addr] (explorer.exe) WINMM.dll - LookupGadgetTicket : C:\Windows\system32\DUser.dll @ 0x7fefbd51610[EAT:Addr] (explorer.exe) WINMM.dll - MapGadgetPoints : C:\Windows\system32\DUser.dll @ 0x7fefbd4426c[EAT:Addr] (explorer.exe) WINMM.dll - PeekMessageExA : C:\Windows\system32\DUser.dll @ 0x7fefbd4fb78[EAT:Addr] (explorer.exe) WINMM.dll - PeekMessageExW : C:\Windows\system32\DUser.dll @ 0x7fefbd4fc14[EAT:Addr] (explorer.exe) WINMM.dll - PlayTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50a44[EAT:Addr] (explorer.exe) WINMM.dll - PrintTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50ca0[EAT:Addr] (explorer.exe) WINMM.dll - RegisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x7fefbd3e49c[EAT:Addr] (explorer.exe) WINMM.dll - RegisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x7fefbd4fd90[EAT:Addr] (explorer.exe) WINMM.dll - RegisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd3e654[EAT:Addr] (explorer.exe) WINMM.dll - RemoveGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x7fefbd4fecc[EAT:Addr] (explorer.exe) WINMM.dll - RemoveGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd3b5b0[EAT:Addr] (explorer.exe) WINMM.dll - SetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x7fefbd50ed4[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x7fefbd4264c[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x7fefbd4f5d8[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetFillF : C:\Windows\system32\DUser.dll @ 0x7fefbd4eff4[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetFillI : C:\Windows\system32\DUser.dll @ 0x7fefbd41f50[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x7fefbd38dec[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetFocusEx : C:\Windows\system32\DUser.dll @ 0x7fefbd3d784[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x7fefbd35348[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetOrder : C:\Windows\system32\DUser.dll @ 0x7fefbd502a4[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetParent : C:\Windows\system32\DUser.dll @ 0x7fefbd34d20[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd3bad0[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetRect : C:\Windows\system32\DUser.dll @ 0x7fefbd34980[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x7fefbd399d8[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x7fefbd4f3ec[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetScale : C:\Windows\system32\DUser.dll @ 0x7fefbd4f1e0[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x7fefbd34390[EAT:Addr] (explorer.exe) WINMM.dll - UninitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x7fefbd4ec78[EAT:Addr] (explorer.exe) WINMM.dll - UnregisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x7fefbd4fcfc[EAT:Addr] (explorer.exe) WINMM.dll - UnregisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x7fefbd4fd90[EAT:Addr] (explorer.exe) WINMM.dll - UnregisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd5000c[EAT:Addr] (explorer.exe) WINMM.dll - UtilBuildFont : C:\Windows\system32\DUser.dll @ 0x7fefbd51380[EAT:Addr] (explorer.exe) WINMM.dll - UtilDrawBlendRect : C:\Windows\system32\DUser.dll @ 0x7fefbd51528[EAT:Addr] (explorer.exe) WINMM.dll - UtilDrawOutlineRect : C:\Windows\system32\DUser.dll @ 0x7fefbd5154c[EAT:Addr] (explorer.exe) WINMM.dll - UtilGetColor : C:\Windows\system32\DUser.dll @ 0x7fefbd51558[EAT:Addr] (explorer.exe) WINMM.dll - UtilSetBackground : C:\Windows\system32\DUser.dll @ 0x7fefbd51324[EAT:Addr] (explorer.exe) WINMM.dll - WaitMessageEx : C:\Windows\system32\DUser.dll @ 0x7fefbd4fcac[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptAddContextFunction : C:\Windows\system32\bcrypt.dll @ 0x7fefced594c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptAddContextFunctionProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefced6340[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptCloseAlgorithmProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefcec24fc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptConfigureContext : C:\Windows\system32\bcrypt.dll @ 0x7fefced55b8[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptConfigureContextFunction : C:\Windows\system32\bcrypt.dll @ 0x7fefced5f14[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptCreateContext : C:\Windows\system32\bcrypt.dll @ 0x7fefced5128[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptCreateHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec44bc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDecrypt : C:\Windows\system32\bcrypt.dll @ 0x7fefcec3484[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDeleteContext : C:\Windows\system32\bcrypt.dll @ 0x7fefced52c8[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDeriveKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4124[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDestroyHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4904[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDestroyKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4338[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDestroySecret : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4420[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDuplicateHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4998[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDuplicateKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4270[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEncrypt : C:\Windows\system32\bcrypt.dll @ 0x7fefcec3168[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumAlgorithms : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2564[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumContextFunctionProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefced6718[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumContextFunctions : C:\Windows\system32\bcrypt.dll @ 0x7fefced5cdc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumContexts : C:\Windows\system32\bcrypt.dll @ 0x7fefced5454[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2970[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumRegisteredProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefced5050[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptExportKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec3770[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptFinalizeKeyPair : C:\Windows\system32\bcrypt.dll @ 0x7fefcec30f8[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptFinishHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4860[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptFreeBuffer : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2c44[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGenRandom : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5034[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGenerateKeyPair : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2fe0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGenerateSymmetricKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2eec[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGetFipsAlgorithmMode : C:\Windows\system32\bcrypt.dll @ 0x7fefced7250[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGetProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2c70[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptHashData : C:\Windows\system32\bcrypt.dll @ 0x7fefcec481c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptImportKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec39bc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptImportKeyPair : C:\Windows\system32\bcrypt.dll @ 0x7fefcec3adc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptOpenAlgorithmProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefcec20f0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryContextConfiguration : C:\Windows\system32\bcrypt.dll @ 0x7fefced574c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryContextFunctionConfiguration : C:\Windows\system32\bcrypt.dll @ 0x7fefced60e0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryContextFunctionProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefced6bb0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryProviderRegistration : C:\Windows\system32\bcrypt.dll @ 0x7fefced4e00[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRegisterConfigChangeNotify : C:\Windows\system32\bcrypt.dll @ 0x7fefced6e38[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRegisterProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefced4a74[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRemoveContextFunction : C:\Windows\system32\bcrypt.dll @ 0x7fefced5b20[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRemoveContextFunctionProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefced653c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptResolveProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefced7030[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSecretAgreement : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4000[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSetAuditingInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5510[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSetContextFunctionProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefced699c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSetProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2e2c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSignHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4af0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptUnregisterConfigChangeNotify : C:\Windows\system32\bcrypt.dll @ 0x7fefced6f50[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptUnregisterProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefced4cbc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptVerifySignature : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4de4[EAT:Addr] (explorer.exe) ncrypt.dll - GetAsymmetricEncryptionInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5400[EAT:Addr] (explorer.exe) ncrypt.dll - GetCipherInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5364[EAT:Addr] (explorer.exe) ncrypt.dll - GetHashInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec53d0[EAT:Addr] (explorer.exe) ncrypt.dll - GetRngInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec55e8[EAT:Addr] (explorer.exe) ncrypt.dll - GetSecretAgreementInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5490[EAT:Addr] (explorer.exe) ncrypt.dll - GetSignatureInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5410 ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: SAMSUNG HD642JJ +++++--- User ---[MBR] 5af93102361f06a4bb241bee2fa71e6c[bSP] e223061d7b1f736c4877938e9af93bcf : Unknown MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 129024 | Size: 15360 MB2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31586304 | Size: 595056 MBUser = LL1 ... OKUser = LL2 ... OK ============================================RKreport_SCN_06062014_221939.log - RKreport_SCN_06072014_195735.log
  9. Just ran the mbar. Result was Congratulations! No malware found! I could not find any reports. Wil re-run Rogue killer and post the log.
  10. I did rename ComboFix, the PUM.BAD.PROXY hasn't shown up again (since the 3rd) and here's the RogueKiller log: Thanks. RogueKiller V9.0.2.0 (x64) [Jun 3 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits versionStarted in : Normal modeUser : Sharon [Admin rights]Mode : Scan -- Date : 06/06/2014 22:19:39 ¤¤¤ Bad processes : 3 ¤¤¤[ZeroAccess] mcshield.exe -- [x] -> ERROR [12][suspicious.Path] OEM05Mon.exe -- C:\Windows\OEM05Mon.exe[7] -> KILLED [TermProc][suspicious.Path] (SVC) M4-Service -- C:\Users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe[7] -> STOPPED ¤¤¤ Registry Entries : 63 ¤¤¤[suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | OEM05Mon.exe : C:\Windows\OEM05Mon.exe -> FOUND[shell.HJ] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_98D1\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> FOUND[shell.HJ] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_98D1\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\M4-Service -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Net CLR -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M4-Service -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Net CLR -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\M4-Service -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Net CLR -> FOUND[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> FOUND[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> FOUND[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> FOUND[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> FOUND[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> FOUND[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_98D1\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_98D1\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_98D1\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_98D1\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.WallPaper] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Control Panel\Desktop | WallPaper : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg -> FOUND[PUM.WallPaper] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Control Panel\Desktop | WallPaper : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg -> FOUND[PUM.WallPaper] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop | WallPaper : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg -> FOUND[PUM.WallPaper] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop | WallPaper : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg -> FOUND ¤¤¤ Scheduled tasks : 4 ¤¤¤[suspicious.Path] \\{7177BA2D-4E13-44A7-888F-81244710D84E} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCFZW1AR\WebPostUserServlet[2].exe" -d C:\Users\Sharon) -> FOUND[suspicious.Path] \\{82E896D3-C842-4280-BE42-BF6BE919E9D7} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZN2MSN0\WebPostUserServlet[1].exe" -d C:\Users\Sharon) -> FOUND[suspicious.Path] \\{8C551938-308A-482A-98E2-1F461FD69A86} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAD3V92T\install[1].exe" -d C:\Users\Sharon) -> FOUND[suspicious.Path] \\{E503796F-154E-4CF3-8ED2-EE69F0DC3748} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YY2SZKZN\CT-Rate[1].exe" -d C:\Users\Sharon\Desktop) -> FOUND ¤¤¤ Files : 2 ¤¤¤[ZeroAccess][Folder] L -- C:\Users\Sharon\AppData\Local\{b0b2e9a6-e8ff-c1b2-3fb9-797ec509843a}\L -> FOUND[ZeroAccess][Folder] U -- C:\Users\Sharon\AppData\Local\{b0b2e9a6-e8ff-c1b2-3fb9-797ec509843a}\U -> FOUND ¤¤¤ HOSTS File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 2 ¤¤¤[EAT:Addr] (explorer.exe) WINTRUST.dll - DllCanUnloadNow : C:\Windows\system32\authui.dll @ 0x7fefbec6650[EAT:Addr] (explorer.exe) WINTRUST.dll - DllGetClassObject : C:\Windows\system32\authui.dll @ 0x7fefbec6664 ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: SAMSUNG HD642JJ +++++--- User ---[MBR] 5af93102361f06a4bb241bee2fa71e6c[bSP] e223061d7b1f736c4877938e9af93bcf : Unknown MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 129024 | Size: 15360 MB2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31586304 | Size: 595056 MBUser = LL1 ... OKUser = LL2 ... OK
  11. The PUM.BAD.PROXY hasn't been detected since 6/3, and it would appear several times a day. Do you think it's gone? Thanks again for the help.
  12. New log. Not sure where we are with this but I still get the pop up after a scan w/ Malwarebytes Pro "Potential threat detected "Choose an action" Only Quarantine available and MBAM hangs and needs to be closed. ComboFix 14-06-03.01 - Sharon 06/03/2014 6:21.3.4 - x64Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.3365 [GMT -4:00]Running from: c:\users\Sharon\Desktop\sar20er.exeCommand switches used :: c:\users\Sharon\Desktop\CFScript.txtAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {ADA629C7-7F48-5689-624A-3B76997E0892}AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Sharon\AppData\Roaming\svfiles.logc:\windows\SysWow64\bidisp.dll..((((((((((((((((((((((((( Files Created from 2014-05-03 to 2014-06-03 )))))))))))))))))))))))))))))))..2014-06-03 10:40 . 2014-06-03 10:40 -------- d-----w- c:\users\Public\AppData\Local\temp2014-06-03 10:40 . 2014-06-03 10:40 -------- d-----w- c:\users\Dragonlady\AppData\Local\temp2014-06-03 10:40 . 2014-06-03 10:40 -------- d-----w- c:\users\Default\AppData\Local\temp2014-06-02 11:24 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C1DDAC0-20DC-4E6B-A8F5-942D62576BB2}\mpengine.dll2014-06-01 01:16 . 2014-06-01 01:16 -------- d-----w- c:\program files (x86)\ESET2014-05-31 16:37 . 2014-05-31 16:37 75376 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll2014-05-31 16:37 . 2014-05-31 16:37 46704 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll2014-05-31 16:37 . 2014-05-31 16:37 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\D3DCompiler_43.dll2014-05-31 16:37 . 2014-05-31 16:37 20080 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll2014-05-31 16:37 . 2014-05-31 16:37 305264 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\freebl3.dll2014-05-31 16:37 . 2014-05-31 16:37 275568 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\firefox.exe2014-05-31 16:37 . 2014-05-31 16:37 117360 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\crashreporter.exe2014-05-31 16:37 . 2014-05-31 16:37 4881520 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\gkmedias.dll2014-05-31 16:37 . 2014-05-31 16:37 10594416 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icudt52.dll2014-05-31 16:37 . 2014-05-31 16:37 1266800 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuin52.dll2014-05-31 16:37 . 2014-05-31 16:37 965232 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuuc52.dll2014-05-31 13:52 . 2014-05-31 13:52 -------- d-----w- c:\windows\ERUNT2014-05-31 13:34 . 2014-05-31 13:37 -------- d-----w- C:\AdwCleaner2014-05-31 12:33 . 2014-04-30 23:20 10702536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-05-24 11:04 . 2014-05-01 20:00 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8456C39-30B7-426C-B89F-E8CD6FA43BBF}\gapaengine.dll2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\users\Sharon\AppData\Roaming\Oracle2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\programdata\Oracle2014-05-20 21:53 . 2014-04-15 00:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-05-14 07:39 . 2014-03-25 16:30 12900864 ----a-w- c:\windows\system32\shell32.dll2014-05-14 07:39 . 2014-05-05 20:06 9348096 ----a-w- c:\windows\system32\mshtml.dll2014-05-14 07:39 . 2014-05-05 20:06 98304 ----a-w- c:\windows\system32\mshtmled.dll2014-05-14 07:39 . 2014-05-05 19:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb2014-05-14 07:39 . 2014-05-05 18:47 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll2014-05-07 11:15 . 2013-09-23 17:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-06-03 10:30 . 2014-04-28 23:28 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-05-28 11:48 . 2012-03-30 11:37 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-05-28 11:48 . 2011-06-14 11:40 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-05-15 07:02 . 2006-11-02 12:35 93223848 ----a-w- c:\windows\system32\mrt.exe2014-05-12 11:26 . 2014-04-28 23:28 64216 ----a-w- c:\windows\system32\drivers\mwac.sys2014-05-12 11:26 . 2014-04-28 23:28 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-05-12 11:25 . 2014-04-28 23:28 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-05-02 20:06 . 2014-05-02 20:06 650936 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2014-05-01 20:00 . 2013-12-07 00:38 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2014-04-01 02:46 . 2014-04-01 02:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL2014-04-01 02:46 . 2014-04-01 02:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX2014-03-17 23:02 . 2012-06-04 11:40 70592 ----a-w- c:\windows\system32\drivers\cfwids.sys2014-03-17 22:54 . 2012-06-04 11:40 345456 ----a-w- c:\windows\system32\drivers\mfewfpk.sys2014-03-17 22:54 . 2012-06-02 23:26 185792 ----a-w- c:\windows\system32\mfevtps.exe2014-03-17 22:49 . 2012-02-22 17:29 783864 ----a-w- c:\windows\system32\drivers\mfehidk.sys2014-03-17 22:47 . 2012-06-04 11:40 522360 ----a-w- c:\windows\system32\drivers\mfefirek.sys2014-03-17 22:45 . 2012-06-04 11:40 311600 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2014-03-17 22:44 . 2012-02-22 17:29 180272 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2014-03-11 13:52 . 2013-06-19 02:50 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]"MoneyAgent"="c:\program files (x86)\Microsoft Money\System\Money Express.exe" [2000-07-19 176183]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-04 39408]"SansaDispatch"="c:\users\Sharon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2013-06-18 613888]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"DELL Webcam Manager"="c:\program files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-08-22 36864]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-31 295512]"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392].c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]Displaysoft Online Updates - c--DSI-FIDLITE3.lnk - c:\dsi\FIDLITE3\inetupapp.exe [2009-7-16 757760].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]netsvcr REG_MULTI_SZ MedisCenter.HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsThemes.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-05-21 12:12 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:48].2014-06-02 c:\windows\Tasks\BeFrugal.com Toolbar.job- c:\program files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe [2012-12-09 15:09].2014-06-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34].2014-06-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45].2014-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34].2014-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34].2014-06-02 c:\windows\Tasks\User_Feed_Synchronization-{1AA20150-EF88-4896-B0E4-6EEAF5644B98}.job- c:\windows\system32\msfeedssync.exe [2014-04-09 07:23]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTrusted Zone: aquarionwater.com\wwwTrusted Zone: caldirectsecuredocs.com\wwwTrusted Zone: com\pennwest-edocsTrusted Zone: com\swiftviewTrusted Zone: coupons.com\micrositeTrusted Zone: ditechsecuredocs.com\wwwTrusted Zone: ditechsecuredocs.net\wwwTrusted Zone: docmagic.com\wwwTrusted Zone: elynx.com\gatewayTrusted Zone: elynx.com\stest.lane100Trusted Zone: elynx.com\stest.lane200Trusted Zone: elynx.net\aegisTrusted Zone: elynx.net\ctestTrusted Zone: elynx.net\ctest.lane100Trusted Zone: elynx.net\formsTrusted Zone: elynx.net\gatewayTrusted Zone: elynx.net\gateway.ctestTrusted Zone: elynx.net\gmacformsTrusted Zone: elynx.net\proTrusted Zone: elynx.net\secureTrusted Zone: elynx.net\ssctestTrusted Zone: elynx.net\stestTrusted Zone: elynx.net\usignTrusted Zone: elynx.net\webpostTrusted Zone: gmacmsecuredocs.com\wwwTrusted Zone: gmacmsecuredocs.net\wwwTrusted Zone: gmamcsecuredocs.com\wwwTrusted Zone: hsbc.com\mortgage-esign.usTrusted Zone: real.com\rhap-app-4-0Trusted Zone: real.com\rhapregTrusted Zone: sasrlink.com\wwwTrusted Zone: ss3.swiftsend.com\loandocsTrusted Zone: swiftsend.com\docsTrusted Zone: swiftsend.com\gatewayTrusted Zone: swiftsend.com\loandocsTrusted Zone: swiftsend.com\loandocs.ss3Trusted Zone: swiftsend.com\wwwTrusted Zone: swiftsend2.com\docsTrusted Zone: swiftsend2.com\loandocsTrusted Zone: swiftview.com\productsTrusted Zone: swiftview.com\wwwTrusted Zone: wamuloandocs.com\wwwTCP: DhcpNameServer = 192.168.1.254CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dllFF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - Bing FF - ExtSQL: !HIDDEN! 2009-09-01 11:28; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension.- - - - ORPHANS REMOVED - - - -.AddRemove-Coupon Printer for Windows4.0 - c:\program files (x86)\Coupons\uninstall.exeAddRemove-Coupon Printer for Windows5.0.0.7 - c:\program files (x86)\Coupons\uninstall.exeAddRemove-Driver Performer_is1 - c:\program files (x86)\Driver-Soft\DriverPerformer\unins000.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.13".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]@Denied: (A 2) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]@="Shockwave Flash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]@Denied: (A 2) (Everyone)@="".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]@="FlashBroker".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.Completion time: 2014-06-03 06:43:52ComboFix-quarantined-files.txt 2014-06-03 10:43ComboFix2.txt 2014-06-02 11:17ComboFix3.txt 2014-06-02 01:25ComboFix4.txt 2012-05-26 00:37ComboFix5.txt 2014-06-03 10:20.Pre-Run: 440,600,793,088 bytes freePost-Run: 440,551,026,688 bytes free.- - End Of File - - 7C9FB56B15B93D5F72A661B0333711B55C616939100B85E558DA92B899A0FC36Thanks.
  13. Latest Log....Thanks. ComboFix 14-05-29.01 - Sharon 06/02/2014 6:47.2.4 - x64Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.3651 [GMT -4:00]Running from: c:\users\Sharon\Desktop\ComboFix.exeCommand switches used :: c:\users\Sharon\Desktop\CFScript.txtAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\program files (x86)\FoxTabMusicConverter\AudioConverter.exe""c:\windows\Installer\48270c.msi""c:\windows\System32\air.exe""c:\windows\SysWOW64\air.exe"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\FoxTabMusicConverter\AudioConverter.exec:\programdata\sysiwpc:\programdata\sysiwp\bpk.dtc:\programdata\sysiwp\dt\2014-05-31_16-28-51-24653009c:\programdata\sysiwp\dt\2014-05-31_16-33-51-24952999c:\programdata\sysiwp\dt\2014-05-31_16-38-51-25253005c:\programdata\sysiwp\dt\2014-05-31_16-43-51-25553010c:\programdata\sysiwp\dt\2014-05-31_16-48-51-25853031c:\programdata\sysiwp\dt\2014-05-31_16-53-51-26153021c:\programdata\sysiwp\dt\2014-05-31_16-58-51-26453042c:\programdata\sysiwp\dt\2014-05-31_17-03-51-26753048c:\programdata\sysiwp\dt\2014-05-31_17-08-51-27053053c:\programdata\sysiwp\dt\2014-05-31_17-13-51-27353059c:\programdata\sysiwp\dt\2014-05-31_17-18-51-27653064c:\programdata\sysiwp\dt\2014-05-31_17-23-51-27953070c:\programdata\sysiwp\dt\2014-05-31_17-28-51-28253060c:\programdata\sysiwp\dt\2014-05-31_17-33-51-28553081c:\programdata\sysiwp\dt\2014-05-31_17-38-51-28853071c:\programdata\sysiwp\dt\2014-05-31_17-43-51-29153092c:\programdata\sysiwp\dt\2014-05-31_17-48-51-29453082c:\programdata\sysiwp\dt\2014-05-31_17-53-51-29753103c:\programdata\sysiwp\dt\2014-05-31_17-58-51-30053093c:\programdata\sysiwp\dt\2014-05-31_18-03-51-30353114c:\programdata\sysiwp\dt\2014-05-31_18-08-51-30653104c:\programdata\sysiwp\dt\2014-05-31_18-13-51-30953125c:\programdata\sysiwp\dt\2014-05-31_18-18-51-31253115c:\programdata\sysiwp\dt\2014-05-31_18-23-51-31553136c:\programdata\sysiwp\dt\2014-05-31_18-28-51-31853126c:\programdata\sysiwp\dt\2014-05-31_18-33-51-32153147c:\programdata\sysiwp\dt\2014-05-31_18-38-51-32453153c:\programdata\sysiwp\dt\2014-05-31_18-43-51-32753158c:\programdata\sysiwp\dt\2014-05-31_18-48-51-33053164c:\programdata\sysiwp\dt\2014-05-31_18-53-51-33353169c:\programdata\sysiwp\dt\2014-05-31_18-58-51-33653175c:\programdata\sysiwp\dt\2014-05-31_19-03-51-33953165c:\programdata\sysiwp\dt\2014-05-31_19-08-51-34253186c:\programdata\sysiwp\dt\2014-05-31_19-13-51-34553176c:\programdata\sysiwp\dt\2014-05-31_19-18-51-34853197c:\programdata\sysiwp\dt\2014-05-31_19-23-51-35153202c:\programdata\sysiwp\dt\2014-05-31_19-28-51-35453192c:\programdata\sysiwp\dt\2014-05-31_19-33-51-35753198c:\programdata\sysiwp\dt\2014-05-31_19-38-51-36053203c:\programdata\sysiwp\dt\2014-05-31_19-43-51-36353209c:\programdata\sysiwp\dt\2014-05-31_19-48-51-36653214c:\programdata\sysiwp\dt\2014-05-31_19-53-51-36953236c:\programdata\sysiwp\dt\2014-05-31_19-58-51-37253241c:\programdata\sysiwp\dt\2014-05-31_20-03-51-37553231c:\programdata\sysiwp\dt\2014-05-31_20-08-51-37853237c:\programdata\sysiwp\dt\2014-05-31_20-13-51-38153242c:\programdata\sysiwp\dt\2014-05-31_20-18-51-38453248c:\programdata\sysiwp\dt\2014-05-31_20-23-51-38753269c:\programdata\sysiwp\dt\2014-05-31_20-28-51-39053274c:\programdata\sysiwp\dt\2014-05-31_20-33-51-39353280c:\programdata\sysiwp\dt\2014-05-31_20-38-51-39653285c:\programdata\sysiwp\dt\2014-05-31_20-43-51-39953275c:\programdata\sysiwp\dt\2014-05-31_20-48-51-40253281c:\programdata\sysiwp\dt\2014-05-31_20-53-51-40553302c:\programdata\sysiwp\dt\2014-05-31_20-58-51-40853323c:\programdata\sysiwp\dt\2014-05-31_21-03-51-41153313c:\programdata\sysiwp\dt\2014-05-31_21-08-51-41453303c:\programdata\sysiwp\dt\2014-05-31_21-13-51-41753308c:\programdata\sysiwp\dt\2014-05-31_21-18-51-42053329c:\programdata\sysiwp\dt\2014-05-31_21-23-51-42353319c:\programdata\sysiwp\dt\2014-05-31_21-28-51-42653340c:\programdata\sysiwp\dt\2014-05-31_21-33-51-42953330c:\programdata\sysiwp\dt\2014-05-31_21-38-51-43253352c:\programdata\sysiwp\dt\2014-05-31_21-43-51-43553357c:\programdata\sysiwp\dt\2014-05-31_21-48-51-43853363c:\programdata\sysiwp\dt\2014-05-31_21-53-51-44153368c:\programdata\sysiwp\dt\2014-05-31_21-58-51-44453374c:\programdata\sysiwp\dt\2014-05-31_22-03-51-44753379c:\programdata\sysiwp\dt\2014-05-31_22-08-51-45053385c:\programdata\sysiwp\dt\2014-05-31_22-13-51-45353390c:\programdata\sysiwp\dt\2014-05-31_22-18-51-45653380c:\programdata\sysiwp\dt\2014-05-31_22-23-51-45953401c:\programdata\sysiwp\dt\2014-05-31_22-28-51-46253391c:\programdata\sysiwp\dt\2014-05-31_22-33-51-46553412c:\programdata\sysiwp\dt\2014-05-31_22-38-51-46853402c:\programdata\sysiwp\dt\2014-05-31_22-43-51-47153408c:\programdata\sysiwp\dt\2014-05-31_22-48-51-47453413c:\programdata\sysiwp\dt\2014-05-31_22-53-51-47753434c:\programdata\sysiwp\dt\2014-05-31_22-58-51-48053440c:\programdata\sysiwp\dt\2014-05-31_23-03-51-48353445c:\programdata\sysiwp\dt\2014-05-31_23-08-51-48653451c:\programdata\sysiwp\dt\2014-05-31_23-13-51-48953441c:\programdata\sysiwp\dt\2014-05-31_23-18-51-49253462c:\programdata\sysiwp\dt\2014-05-31_23-23-51-49553452c:\programdata\sysiwp\dt\2014-05-31_23-28-51-49853473c:\programdata\sysiwp\dt\2014-05-31_23-33-50-50153463c:\programdata\sysiwp\dt\2014-05-31_23-38-50-50453484c:\programdata\sysiwp\dt\2014-05-31_23-43-50-50753490c:\programdata\sysiwp\dt\2014-05-31_23-48-50-51053495c:\programdata\sysiwp\dt\2014-05-31_23-53-50-51353485c:\programdata\sysiwp\dt\2014-05-31_23-58-50-51653506c:\programdata\sysiwp\dt\2014-06-01_00-03-50-51953512c:\programdata\sysiwp\dt\2014-06-01_00-08-50-52253517c:\programdata\sysiwp\dt\2014-06-01_00-13-50-52553523c:\programdata\sysiwp\dt\2014-06-01_00-18-50-52853528c:\programdata\sysiwp\dt\2014-06-01_00-23-50-53153534c:\programdata\sysiwp\dt\2014-06-01_00-28-50-53453539c:\programdata\sysiwp\dt\2014-06-01_00-33-50-53753545c:\programdata\sysiwp\dt\2014-06-01_00-38-50-54053535c:\programdata\sysiwp\dt\2014-06-01_00-43-50-54353556c:\programdata\sysiwp\dt\2014-06-01_00-48-50-54653561c:\programdata\sysiwp\dt\2014-06-01_00-53-50-54953567c:\programdata\sysiwp\dt\2014-06-01_00-58-50-55253572c:\programdata\sysiwp\dt\2014-06-01_01-03-50-55553578c:\programdata\sysiwp\dt\2014-06-01_01-08-50-55853568c:\programdata\sysiwp\dt\2014-06-01_01-13-50-56153589c:\programdata\sysiwp\dt\2014-06-01_01-18-50-56453595c:\programdata\sysiwp\dt\2014-06-01_01-23-50-56753600c:\programdata\sysiwp\dt\2014-06-01_01-28-50-57053606c:\programdata\sysiwp\dt\2014-06-01_01-33-50-57353595c:\programdata\sysiwp\dt\2014-06-01_01-38-50-57653617c:\programdata\sysiwp\dt\2014-06-01_01-43-50-57953607c:\programdata\sysiwp\dt\2014-06-01_01-48-50-58253628c:\programdata\sysiwp\dt\2014-06-01_01-53-50-58553633c:\programdata\sysiwp\dt\2014-06-01_01-58-50-58853639c:\programdata\sysiwp\dt\2014-06-01_02-03-50-59153629c:\programdata\sysiwp\dt\2014-06-01_02-08-50-59453650c:\programdata\sysiwp\dt\2014-06-01_02-13-50-59753671c:\programdata\sysiwp\dt\2014-06-01_02-18-50-60053645c:\programdata\sysiwp\dt\2014-06-01_02-23-50-60353666c:\programdata\sysiwp\dt\2014-06-01_02-28-50-60653672c:\programdata\sysiwp\dt\2014-06-01_02-33-50-60953693c:\programdata\sysiwp\dt\2014-06-01_02-38-50-61253683c:\programdata\sysiwp\dt\2014-06-01_02-43-50-61553704c:\programdata\sysiwp\dt\2014-06-01_02-48-50-61853694c:\programdata\sysiwp\dt\2014-06-01_02-53-50-62153699c:\programdata\sysiwp\dt\2014-06-01_02-58-50-62453721c:\programdata\sysiwp\dt\2014-06-01_03-03-50-62753710c:\programdata\sysiwp\dt\2014-06-01_03-08-50-63053716c:\programdata\sysiwp\dt\2014-06-01_03-13-50-63353722c:\programdata\sysiwp\dt\2014-06-01_03-18-50-63653758c:\programdata\sysiwp\dt\2014-06-01_03-23-50-63953748c:\programdata\sysiwp\dt\2014-06-01_03-28-50-64253738c:\programdata\sysiwp\dt\2014-06-01_03-33-50-64553744c:\programdata\sysiwp\dt\2014-06-01_03-38-50-64853749c:\programdata\sysiwp\dt\2014-06-01_03-43-50-65153739c:\programdata\sysiwp\dt\2014-06-01_03-48-50-65453760c:\programdata\sysiwp\dt\2014-06-01_03-53-50-65753781c:\programdata\sysiwp\dt\2014-06-01_03-58-50-66053771c:\programdata\sysiwp\dt\2014-06-01_04-03-50-66353792c:\programdata\sysiwp\dt\2014-06-01_04-08-50-66653782c:\programdata\sysiwp\dt\2014-06-01_04-13-50-66953788c:\programdata\sysiwp\dt\2014-06-01_04-18-50-67253825c:\programdata\sysiwp\dt\2014-06-01_04-23-50-67553799c:\programdata\sysiwp\dt\2014-06-01_04-28-50-67853789c:\programdata\sysiwp\dt\2014-06-01_04-33-50-68153825c:\programdata\sysiwp\dt\2014-06-01_04-38-50-68453815c:\programdata\sysiwp\dt\2014-06-01_04-43-50-68753837c:\programdata\sysiwp\dt\2014-06-01_04-48-50-69053826c:\programdata\sysiwp\dt\2014-06-01_04-53-50-69353832c:\programdata\sysiwp\dt\2014-06-01_04-58-50-69653853c:\programdata\sysiwp\dt\2014-06-01_05-03-50-69953874c:\programdata\sysiwp\dt\2014-06-01_05-08-50-70253880c:\programdata\sysiwp\dt\2014-06-01_05-13-50-70553870c:\programdata\sysiwp\dt\2014-06-01_05-18-50-70853860c:\programdata\sysiwp\dt\2014-06-01_05-23-50-71153865c:\programdata\sysiwp\dt\2014-06-01_05-28-50-71453902c:\programdata\sysiwp\dt\2014-06-01_05-33-50-71753876c:\programdata\sysiwp\dt\2014-06-01_05-38-50-72053882c:\programdata\sysiwp\dt\2014-06-01_05-43-50-72353887c:\programdata\sysiwp\dt\2014-06-01_05-48-50-72653893c:\programdata\sysiwp\dt\2014-06-01_05-53-50-72953883c:\programdata\sysiwp\dt\2014-06-01_05-58-50-73253919c:\programdata\sysiwp\dt\2014-06-01_06-03-50-73553909c:\programdata\sysiwp\dt\2014-06-01_06-08-50-73853915c:\programdata\sysiwp\dt\2014-06-01_06-13-50-74153936c:\programdata\sysiwp\dt\2014-06-01_06-18-50-74453941c:\programdata\sysiwp\dt\2014-06-01_06-23-50-74753931c:\programdata\sysiwp\dt\2014-06-01_06-28-50-75053937c:\programdata\sysiwp\dt\2014-06-01_06-33-50-75353942c:\programdata\sysiwp\dt\2014-06-01_06-38-50-75653932c:\programdata\sysiwp\dt\2014-06-01_06-43-50-75953969c:\programdata\sysiwp\dt\2014-06-01_06-48-49-76253959c:\programdata\sysiwp\dt\2014-06-01_06-53-49-76553965c:\programdata\sysiwp\dt\2014-06-01_06-58-49-76853986c:\programdata\sysiwp\dt\2014-06-01_07-03-49-77153960c:\programdata\sysiwp\dt\2014-06-01_07-08-49-77453981c:\programdata\sysiwp\dt\2014-06-01_07-13-49-77753971c:\programdata\sysiwp\dt\2014-06-01_07-18-49-78053992c:\programdata\sysiwp\dt\2014-06-01_07-23-49-78353982c:\programdata\sysiwp\dt\2014-06-01_07-28-49-78654003c:\programdata\sysiwp\dt\2014-06-01_07-33-49-78954009c:\programdata\sysiwp\dt\2014-06-01_07-38-49-79253999c:\programdata\sysiwp\dt\2014-06-01_07-43-49-79554020c:\programdata\sysiwp\dt\2014-06-01_07-48-49-79854025c:\programdata\sysiwp\dt\2014-06-01_07-53-49-80154031c:\programdata\sysiwp\dt\2014-06-01_07-58-49-80454021c:\programdata\sysiwp\dt\2014-06-01_08-03-49-80754042c:\programdata\sysiwp\dt\2014-06-01_08-08-49-81054032c:\programdata\sysiwp\dt\2014-06-01_08-13-49-81354053c:\programdata\sysiwp\dt\2014-06-01_08-18-49-81654058c:\programdata\sysiwp\dt\2014-06-01_08-23-49-81954064c:\programdata\sysiwp\dt\2014-06-01_08-28-49-82254069c:\programdata\sysiwp\dt\2014-06-01_08-33-49-82554075c:\programdata\sysiwp\dt\2014-06-01_08-38-49-82854081c:\programdata\sysiwp\dt\2014-06-01_08-43-49-83154086c:\programdata\sysiwp\dt\2014-06-01_08-48-49-83454092c:\programdata\sysiwp\dt\2014-06-01_08-53-49-83754081c:\programdata\sysiwp\dt\2014-06-01_08-58-49-84054103c:\programdata\sysiwp\dt\2014-06-01_09-03-49-84354093c:\programdata\sysiwp\dt\2014-06-01_09-08-49-84654114c:\programdata\sysiwp\dt\2014-06-01_09-13-49-84954119c:\programdata\sysiwp\dt\2014-06-01_09-18-49-85254125c:\programdata\sysiwp\dt\2014-06-01_09-23-49-85554130c:\programdata\sysiwp\dt\2014-06-01_09-28-49-85854120c:\programdata\sysiwp\dt\2014-06-01_09-33-49-86154141c:\programdata\sysiwp\dt\2014-06-01_09-38-49-86454131c:\programdata\sysiwp\dt\2014-06-01_09-43-49-86754152c:\programdata\sysiwp\dt\2014-06-01_09-48-49-87054158c:\programdata\sysiwp\dt\2014-06-01_09-53-49-87354163c:\programdata\sysiwp\dt\2014-06-01_09-58-49-87654169c:\programdata\sysiwp\dt\2014-06-01_10-03-49-87954174c:\programdata\sysiwp\dt\2014-06-01_10-08-49-88254180c:\programdata\sysiwp\dt\2014-06-01_10-13-49-88554185c:\programdata\sysiwp\dt\2014-06-01_10-18-49-88854207c:\programdata\sysiwp\dt\2014-06-01_10-23-49-89154181c:\programdata\sysiwp\dt\2014-06-01_10-28-49-89454202c:\programdata\sysiwp\dt\2014-06-01_10-33-49-89754208c:\programdata\sysiwp\dt\2014-06-01_10-42-34-90279166c:\programdata\sysiwp\dt\2014-06-01_10-47-34-90579172c:\programdata\sysiwp\dt\2014-06-01_10-52-34-90879162c:\programdata\sysiwp\dt\2014-06-01_10-57-34-91179183c:\programdata\sysiwp\dt\2014-06-01_11-02-34-91479173c:\programdata\sysiwp\dt\2014-06-01_11-07-34-91779194c:\programdata\sysiwp\dt\2014-06-01_11-12-34-92079184c:\programdata\sysiwp\dt\2014-06-01_11-17-34-92379205c:\programdata\sysiwp\dt\2014-06-01_11-22-34-92679226c:\programdata\sysiwp\dt\2014-06-01_11-27-34-92979216c:\programdata\sysiwp\dt\2014-06-01_11-32-34-93279222c:\programdata\sysiwp\dt\2014-06-01_11-37-34-93579227c:\programdata\sysiwp\dt\2014-06-01_11-42-34-93879233c:\programdata\sysiwp\dt\2014-06-01_11-47-34-94179238c:\programdata\sysiwp\dt\2014-06-01_11-52-34-94479244c:\programdata\sysiwp\dt\2014-06-01_11-57-34-94779234c:\programdata\sysiwp\dt\2014-06-01_12-02-34-95079255c:\programdata\sysiwp\dt\2014-06-01_12-07-34-95379245c:\programdata\sysiwp\dt\2014-06-01_12-12-34-95679266c:\programdata\sysiwp\dt\2014-06-01_12-17-34-95979256c:\programdata\sysiwp\dt\2014-06-01_12-22-34-96279277c:\programdata\sysiwp\dt\2014-06-01_12-27-34-96579267c:\programdata\sysiwp\dt\2014-06-01_12-32-34-96879288c:\programdata\sysiwp\dt\2014-06-01_12-37-34-97179294c:\programdata\sysiwp\dt\2014-06-01_12-42-34-97479283c:\programdata\sysiwp\dt\2014-06-01_12-47-34-97779305c:\programdata\sysiwp\dt\2014-06-01_12-52-34-98079294c:\programdata\sysiwp\dt\2014-06-01_12-57-34-98379316c:\programdata\sysiwp\dt\2014-06-01_13-02-34-98679306c:\programdata\sysiwp\dt\2014-06-01_13-07-34-98979327c:\programdata\sysiwp\dt\2014-06-01_13-12-34-99279332c:\programdata\sysiwp\dt\2014-06-01_13-17-34-99579338c:\programdata\sysiwp\dt\2014-06-01_13-22-34-99879359c:\programdata\sysiwp\dt\2014-06-01_13-27-34-100179349c:\programdata\sysiwp\dt\2014-06-01_13-32-34-100479354c:\programdata\sysiwp\dt\2014-06-01_13-37-34-100779360c:\programdata\sysiwp\dt\2014-06-01_13-42-33-101079365c:\programdata\sysiwp\dt\2014-06-01_13-47-33-101379355c:\programdata\sysiwp\dt\2014-06-01_13-52-33-101679376c:\programdata\sysiwp\dt\2014-06-01_13-57-33-101979397c:\programdata\sysiwp\dt\2014-06-01_14-02-33-102279387c:\programdata\sysiwp\dt\2014-06-01_14-07-33-102579377c:\programdata\sysiwp\dt\2014-06-01_14-12-33-102879383c:\programdata\sysiwp\dt\2014-06-01_14-17-33-103179404c:\programdata\sysiwp\dt\2014-06-01_14-22-33-103479394c:\programdata\sysiwp\dt\2014-06-01_14-27-33-103779399c:\programdata\sysiwp\dt\2014-06-01_14-32-33-104079405c:\programdata\sysiwp\dt\2014-06-01_14-37-33-104379426c:\programdata\sysiwp\dt\2014-06-01_14-42-33-104679432c:\programdata\sysiwp\dt\2014-06-01_14-47-33-104979437c:\programdata\sysiwp\dt\2014-06-01_14-52-33-105279427c:\programdata\sysiwp\dt\2014-06-01_14-57-33-105579433c:\programdata\sysiwp\dt\2014-06-01_15-02-33-105879454c:\programdata\sysiwp\dt\2014-06-01_15-07-33-106179459c:\programdata\sysiwp\dt\2014-06-01_15-12-33-106479465c:\programdata\sysiwp\dt\2014-06-01_15-17-33-106779455c:\programdata\sysiwp\dt\2014-06-01_15-22-33-107079476c:\programdata\sysiwp\dt\2014-06-01_15-27-33-107379481c:\programdata\sysiwp\dt\2014-06-01_15-32-33-107679487c:\programdata\sysiwp\dt\2014-06-01_15-37-33-107979492c:\programdata\sysiwp\dt\2014-06-01_15-42-33-108279498c:\programdata\sysiwp\dt\2014-06-01_15-47-33-108579503c:\programdata\sysiwp\dt\2014-06-01_15-52-33-108879509c:\programdata\sysiwp\dt\2014-06-01_15-57-33-109179499c:\programdata\sysiwp\dt\2014-06-01_16-02-33-109479504c:\programdata\sysiwp\dt\2014-06-01_16-07-33-109779525c:\programdata\sysiwp\dt\2014-06-01_16-12-33-110079531c:\programdata\sysiwp\dt\2014-06-01_16-17-33-110379537c:\programdata\sysiwp\dt\2014-06-01_16-22-33-110679526c:\programdata\sysiwp\dt\2014-06-01_16-27-33-110979548c:\programdata\sysiwp\dt\2014-06-01_16-32-33-111279537c:\programdata\sysiwp\dt\2014-06-01_16-37-33-111579559c:\programdata\sysiwp\dt\2014-06-01_16-42-33-111879564c:\programdata\sysiwp\dt\2014-06-01_16-47-33-112179570c:\programdata\sysiwp\dt\2014-06-01_16-52-33-112479560c:\programdata\sysiwp\dt\2014-06-01_16-57-33-112779565c:\programdata\sysiwp\dt\2014-06-01_17-02-33-113079571c:\programdata\sysiwp\dt\2014-06-01_17-07-33-113379576c:\programdata\sysiwp\dt\2014-06-01_17-12-33-113679597c:\programdata\sysiwp\dt\2014-06-01_17-17-33-113979587c:\programdata\sysiwp\dt\2014-06-01_17-22-33-114279593c:\programdata\sysiwp\dt\2014-06-01_17-27-33-114579598c:\programdata\sysiwp\dt\2014-06-01_17-32-33-114879619c:\programdata\sysiwp\dt\2014-06-01_17-37-33-115179609c:\programdata\sysiwp\dt\2014-06-01_17-42-33-115479630c:\programdata\sysiwp\dt\2014-06-01_17-47-33-115779620c:\programdata\sysiwp\dt\2014-06-01_17-52-33-116079641c:\programdata\sysiwp\dt\2014-06-01_17-57-33-116379647c:\programdata\sysiwp\dt\2014-06-01_18-02-33-116679652c:\programdata\sysiwp\dt\2014-06-01_18-07-33-116979658c:\programdata\sysiwp\dt\2014-06-01_18-12-33-117279664c:\programdata\sysiwp\dt\2014-06-01_18-17-33-117579653c:\programdata\sysiwp\dt\2014-06-01_18-22-33-117879659c:\programdata\sysiwp\dt\2014-06-01_18-27-33-118179680c:\programdata\sysiwp\dt\2014-06-01_18-32-33-118479670c:\programdata\sysiwp\dt\2014-06-01_18-37-33-118779691c:\programdata\sysiwp\dt\2014-06-01_18-42-33-119079681c:\programdata\sysiwp\dt\2014-06-01_18-47-33-119379702c:\programdata\sysiwp\dt\2014-06-01_18-52-33-119679708c:\programdata\sysiwp\dt\2014-06-01_18-57-33-119979713c:\programdata\sysiwp\dt\2014-06-01_19-02-33-120279703c:\programdata\sysiwp\dt\2014-06-01_19-07-33-120579724c:\programdata\sysiwp\dt\2014-06-01_19-12-33-120879730c:\programdata\sysiwp\dt\2014-06-01_19-17-33-121179720c:\programdata\sysiwp\dt\2014-06-01_19-22-33-121479725c:\programdata\sysiwp\dt\2014-06-01_19-27-33-121779731c:\programdata\sysiwp\dt\2014-06-01_19-32-33-122079736c:\programdata\sysiwp\dt\2014-06-01_19-37-33-122379742c:\programdata\sysiwp\dt\2014-06-01_19-42-33-122679747c:\programdata\sysiwp\dt\2014-06-01_19-47-33-122979768c:\programdata\sysiwp\dt\2014-06-01_19-52-33-123279774c:\programdata\sysiwp\help.chmc:\programdata\sysiwp\install.binc:\programdata\sysiwp\install.logc:\programdata\sysiwp\pkl.binc:\programdata\sysiwp\sysiwpconfigure.exec:\programdata\sysiwp\sysiwphk.dllc:\programdata\sysiwp\sysiwpi.dllc:\programdata\sysiwp\sysiwpr.exec:\programdata\sysiwp\sysiwpvw.exec:\programdata\sysiwp\sysiwpwb.dllc:\programdata\sysiwp\web.dtc:\users\All Users\sysiwp\bpk.dtc:\users\All Users\sysiwp\dt\2014-05-31_16-28-51-24653009c:\users\All Users\sysiwp\dt\2014-05-31_16-33-51-24952999c:\users\All Users\sysiwp\dt\2014-05-31_16-38-51-25253005c:\users\All Users\sysiwp\dt\2014-05-31_16-43-51-25553010c:\users\All Users\sysiwp\dt\2014-05-31_16-48-51-25853031c:\users\All Users\sysiwp\dt\2014-05-31_16-53-51-26153021c:\users\All Users\sysiwp\dt\2014-05-31_16-58-51-26453042c:\users\All Users\sysiwp\dt\2014-05-31_17-03-51-26753048c:\users\All Users\sysiwp\dt\2014-05-31_17-08-51-27053053c:\users\All Users\sysiwp\dt\2014-05-31_17-13-51-27353059c:\users\All Users\sysiwp\dt\2014-05-31_17-18-51-27653064c:\users\All Users\sysiwp\dt\2014-05-31_17-23-51-27953070c:\users\All Users\sysiwp\dt\2014-05-31_17-28-51-28253060c:\users\All Users\sysiwp\dt\2014-05-31_17-33-51-28553081c:\users\All Users\sysiwp\dt\2014-05-31_17-38-51-28853071c:\users\All Users\sysiwp\dt\2014-05-31_17-43-51-29153092c:\users\All Users\sysiwp\dt\2014-05-31_17-48-51-29453082c:\users\All Users\sysiwp\dt\2014-05-31_17-53-51-29753103c:\users\All Users\sysiwp\dt\2014-05-31_17-58-51-30053093c:\users\All Users\sysiwp\dt\2014-05-31_18-03-51-30353114c:\users\All Users\sysiwp\dt\2014-05-31_18-08-51-30653104c:\users\All Users\sysiwp\dt\2014-05-31_18-13-51-30953125c:\users\All Users\sysiwp\dt\2014-05-31_18-18-51-31253115c:\users\All Users\sysiwp\dt\2014-05-31_18-23-51-31553136c:\users\All Users\sysiwp\dt\2014-05-31_18-28-51-31853126c:\users\All Users\sysiwp\dt\2014-05-31_18-33-51-32153147c:\users\All Users\sysiwp\dt\2014-05-31_18-38-51-32453153c:\users\All Users\sysiwp\dt\2014-05-31_18-43-51-32753158c:\users\All Users\sysiwp\dt\2014-05-31_18-48-51-33053164c:\users\All Users\sysiwp\dt\2014-05-31_18-53-51-33353169c:\users\All Users\sysiwp\dt\2014-05-31_18-58-51-33653175c:\users\All Users\sysiwp\dt\2014-05-31_19-03-51-33953165c:\users\All Users\sysiwp\dt\2014-05-31_19-08-51-34253186c:\users\All Users\sysiwp\dt\2014-05-31_19-13-51-34553176c:\users\All Users\sysiwp\dt\2014-05-31_19-18-51-34853197c:\users\All Users\sysiwp\dt\2014-05-31_19-23-51-35153202c:\users\All Users\sysiwp\dt\2014-05-31_19-28-51-35453192c:\users\All Users\sysiwp\dt\2014-05-31_19-33-51-35753198c:\users\All Users\sysiwp\dt\2014-05-31_19-38-51-36053203c:\users\All Users\sysiwp\dt\2014-05-31_19-43-51-36353209c:\users\All Users\sysiwp\dt\2014-05-31_19-48-51-36653214c:\users\All Users\sysiwp\dt\2014-05-31_19-53-51-36953236c:\users\All Users\sysiwp\dt\2014-05-31_19-58-51-37253241c:\users\All Users\sysiwp\dt\2014-05-31_20-03-51-37553231c:\users\All Users\sysiwp\dt\2014-05-31_20-08-51-37853237c:\users\All Users\sysiwp\dt\2014-05-31_20-13-51-38153242c:\users\All Users\sysiwp\dt\2014-05-31_20-18-51-38453248c:\users\All Users\sysiwp\dt\2014-05-31_20-23-51-38753269c:\users\All Users\sysiwp\dt\2014-05-31_20-28-51-39053274c:\users\All Users\sysiwp\dt\2014-05-31_20-33-51-39353280c:\users\All Users\sysiwp\dt\2014-05-31_20-38-51-39653285c:\users\All Users\sysiwp\dt\2014-05-31_20-43-51-39953275c:\users\All Users\sysiwp\dt\2014-05-31_20-48-51-40253281c:\users\All Users\sysiwp\dt\2014-05-31_20-53-51-40553302c:\users\All Users\sysiwp\dt\2014-05-31_20-58-51-40853323c:\users\All Users\sysiwp\dt\2014-05-31_21-03-51-41153313c:\users\All Users\sysiwp\dt\2014-05-31_21-08-51-41453303c:\users\All Users\sysiwp\dt\2014-05-31_21-13-51-41753308c:\users\All Users\sysiwp\dt\2014-05-31_21-18-51-42053329c:\users\All Users\sysiwp\dt\2014-05-31_21-23-51-42353319c:\users\All Users\sysiwp\dt\2014-05-31_21-28-51-42653340c:\users\All Users\sysiwp\dt\2014-05-31_21-33-51-42953330c:\users\All Users\sysiwp\dt\2014-05-31_21-38-51-43253352c:\users\All Users\sysiwp\dt\2014-05-31_21-43-51-43553357c:\users\All Users\sysiwp\dt\2014-05-31_21-48-51-43853363c:\users\All Users\sysiwp\dt\2014-05-31_21-53-51-44153368c:\users\All Users\sysiwp\dt\2014-05-31_21-58-51-44453374c:\users\All Users\sysiwp\dt\2014-05-31_22-03-51-44753379c:\users\All Users\sysiwp\dt\2014-05-31_22-08-51-45053385c:\users\All Users\sysiwp\dt\2014-05-31_22-13-51-45353390c:\users\All Users\sysiwp\dt\2014-05-31_22-18-51-45653380c:\users\All Users\sysiwp\dt\2014-05-31_22-23-51-45953401c:\users\All Users\sysiwp\dt\2014-05-31_22-28-51-46253391c:\users\All Users\sysiwp\dt\2014-05-31_22-33-51-46553412c:\users\All Users\sysiwp\dt\2014-05-31_22-38-51-46853402c:\users\All Users\sysiwp\dt\2014-05-31_22-43-51-47153408c:\users\All Users\sysiwp\dt\2014-05-31_22-48-51-47453413c:\users\All Users\sysiwp\dt\2014-05-31_22-53-51-47753434c:\users\All Users\sysiwp\dt\2014-05-31_22-58-51-48053440c:\users\All Users\sysiwp\dt\2014-05-31_23-03-51-48353445c:\users\All Users\sysiwp\dt\2014-05-31_23-08-51-48653451c:\users\All Users\sysiwp\dt\2014-05-31_23-13-51-48953441c:\users\All Users\sysiwp\dt\2014-05-31_23-18-51-49253462c:\users\All Users\sysiwp\dt\2014-05-31_23-23-51-49553452c:\users\All Users\sysiwp\dt\2014-05-31_23-28-51-49853473c:\users\All Users\sysiwp\dt\2014-05-31_23-33-50-50153463c:\users\All Users\sysiwp\dt\2014-05-31_23-38-50-50453484c:\users\All Users\sysiwp\dt\2014-05-31_23-43-50-50753490c:\users\All Users\sysiwp\dt\2014-05-31_23-48-50-51053495c:\users\All Users\sysiwp\dt\2014-05-31_23-53-50-51353485c:\users\All Users\sysiwp\dt\2014-05-31_23-58-50-51653506c:\users\All Users\sysiwp\dt\2014-06-01_00-03-50-51953512c:\users\All Users\sysiwp\dt\2014-06-01_00-08-50-52253517c:\users\All Users\sysiwp\dt\2014-06-01_00-13-50-52553523c:\users\All Users\sysiwp\dt\2014-06-01_00-18-50-52853528c:\users\All Users\sysiwp\dt\2014-06-01_00-23-50-53153534c:\users\All Users\sysiwp\dt\2014-06-01_00-28-50-53453539c:\users\All Users\sysiwp\dt\2014-06-01_00-33-50-53753545c:\users\All Users\sysiwp\dt\2014-06-01_00-38-50-54053535c:\users\All Users\sysiwp\dt\2014-06-01_00-43-50-54353556c:\users\All Users\sysiwp\dt\2014-06-01_00-48-50-54653561c:\users\All Users\sysiwp\dt\2014-06-01_00-53-50-54953567c:\users\All Users\sysiwp\dt\2014-06-01_00-58-50-55253572c:\users\All Users\sysiwp\dt\2014-06-01_01-03-50-55553578c:\users\All Users\sysiwp\dt\2014-06-01_01-08-50-55853568c:\users\All Users\sysiwp\dt\2014-06-01_01-13-50-56153589c:\users\All Users\sysiwp\dt\2014-06-01_01-18-50-56453595c:\users\All Users\sysiwp\dt\2014-06-01_01-23-50-56753600c:\users\All Users\sysiwp\dt\2014-06-01_01-28-50-57053606c:\users\All Users\sysiwp\dt\2014-06-01_01-33-50-57353595c:\users\All Users\sysiwp\dt\2014-06-01_01-38-50-57653617c:\users\All Users\sysiwp\dt\2014-06-01_01-43-50-57953607c:\users\All Users\sysiwp\dt\2014-06-01_01-48-50-58253628c:\users\All Users\sysiwp\dt\2014-06-01_01-53-50-58553633c:\users\All Users\sysiwp\dt\2014-06-01_01-58-50-58853639c:\users\All Users\sysiwp\dt\2014-06-01_02-03-50-59153629c:\users\All Users\sysiwp\dt\2014-06-01_02-08-50-59453650c:\users\All Users\sysiwp\dt\2014-06-01_02-13-50-59753671c:\users\All Users\sysiwp\dt\2014-06-01_02-18-50-60053645c:\users\All Users\sysiwp\dt\2014-06-01_02-23-50-60353666c:\users\All Users\sysiwp\dt\2014-06-01_02-28-50-60653672c:\users\All Users\sysiwp\dt\2014-06-01_02-33-50-60953693c:\users\All Users\sysiwp\dt\2014-06-01_02-38-50-61253683c:\users\All Users\sysiwp\dt\2014-06-01_02-43-50-61553704c:\users\All Users\sysiwp\dt\2014-06-01_02-48-50-61853694c:\users\All Users\sysiwp\dt\2014-06-01_02-53-50-62153699c:\users\All Users\sysiwp\dt\2014-06-01_02-58-50-62453721c:\users\All Users\sysiwp\dt\2014-06-01_03-03-50-62753710c:\users\All Users\sysiwp\dt\2014-06-01_03-08-50-63053716c:\users\All Users\sysiwp\dt\2014-06-01_03-13-50-63353722c:\users\All Users\sysiwp\dt\2014-06-01_03-18-50-63653758c:\users\All Users\sysiwp\dt\2014-06-01_03-23-50-63953748c:\users\All Users\sysiwp\dt\2014-06-01_03-28-50-64253738c:\users\All Users\sysiwp\dt\2014-06-01_03-33-50-64553744c:\users\All Users\sysiwp\dt\2014-06-01_03-38-50-64853749c:\users\All Users\sysiwp\dt\2014-06-01_03-43-50-65153739c:\users\All Users\sysiwp\dt\2014-06-01_03-48-50-65453760c:\users\All Users\sysiwp\dt\2014-06-01_03-53-50-65753781c:\users\All Users\sysiwp\dt\2014-06-01_03-58-50-66053771c:\users\All Users\sysiwp\dt\2014-06-01_04-03-50-66353792c:\users\All Users\sysiwp\dt\2014-06-01_04-08-50-66653782c:\users\All Users\sysiwp\dt\2014-06-01_04-13-50-66953788c:\users\All Users\sysiwp\dt\2014-06-01_04-18-50-67253825c:\users\All Users\sysiwp\dt\2014-06-01_04-23-50-67553799c:\users\All Users\sysiwp\dt\2014-06-01_04-28-50-67853789c:\users\All Users\sysiwp\dt\2014-06-01_04-33-50-68153825c:\users\All Users\sysiwp\dt\2014-06-01_04-38-50-68453815c:\users\All Users\sysiwp\dt\2014-06-01_04-43-50-68753837c:\users\All Users\sysiwp\dt\2014-06-01_04-48-50-69053826c:\users\All Users\sysiwp\dt\2014-06-01_04-53-50-69353832c:\users\All Users\sysiwp\dt\2014-06-01_04-58-50-69653853c:\users\All Users\sysiwp\dt\2014-06-01_05-03-50-69953874c:\users\All Users\sysiwp\dt\2014-06-01_05-08-50-70253880c:\users\All Users\sysiwp\dt\2014-06-01_05-13-50-70553870c:\users\All Users\sysiwp\dt\2014-06-01_05-18-50-70853860c:\users\All Users\sysiwp\dt\2014-06-01_05-23-50-71153865c:\users\All Users\sysiwp\dt\2014-06-01_05-28-50-71453902c:\users\All Users\sysiwp\dt\2014-06-01_05-33-50-71753876c:\users\All Users\sysiwp\dt\2014-06-01_05-38-50-72053882c:\users\All Users\sysiwp\dt\2014-06-01_05-43-50-72353887c:\users\All Users\sysiwp\dt\2014-06-01_05-48-50-72653893c:\users\All Users\sysiwp\dt\2014-06-01_05-53-50-72953883c:\users\All Users\sysiwp\dt\2014-06-01_05-58-50-73253919c:\users\All Users\sysiwp\dt\2014-06-01_06-03-50-73553909c:\users\All Users\sysiwp\dt\2014-06-01_06-08-50-73853915c:\users\All Users\sysiwp\dt\2014-06-01_06-13-50-74153936c:\users\All Users\sysiwp\dt\2014-06-01_06-18-50-74453941c:\users\All Users\sysiwp\dt\2014-06-01_06-23-50-74753931c:\users\All Users\sysiwp\dt\2014-06-01_06-28-50-75053937c:\users\All Users\sysiwp\dt\2014-06-01_06-33-50-75353942c:\users\All Users\sysiwp\dt\2014-06-01_06-38-50-75653932c:\users\All Users\sysiwp\dt\2014-06-01_06-43-50-75953969c:\users\All Users\sysiwp\dt\2014-06-01_06-48-49-76253959c:\users\All Users\sysiwp\dt\2014-06-01_06-53-49-76553965c:\users\All Users\sysiwp\dt\2014-06-01_06-58-49-76853986c:\users\All Users\sysiwp\dt\2014-06-01_07-03-49-77153960c:\users\All Users\sysiwp\dt\2014-06-01_07-08-49-77453981c:\users\All Users\sysiwp\dt\2014-06-01_07-13-49-77753971c:\users\All Users\sysiwp\dt\2014-06-01_07-18-49-78053992c:\users\All Users\sysiwp\dt\2014-06-01_07-23-49-78353982c:\users\All Users\sysiwp\dt\2014-06-01_07-28-49-78654003c:\users\All Users\sysiwp\dt\2014-06-01_07-33-49-78954009c:\users\All Users\sysiwp\dt\2014-06-01_07-38-49-79253999c:\users\All Users\sysiwp\dt\2014-06-01_07-43-49-79554020c:\users\All Users\sysiwp\dt\2014-06-01_07-48-49-79854025c:\users\All Users\sysiwp\dt\2014-06-01_07-53-49-80154031c:\users\All Users\sysiwp\dt\2014-06-01_07-58-49-80454021c:\users\All Users\sysiwp\dt\2014-06-01_08-03-49-80754042c:\users\All Users\sysiwp\dt\2014-06-01_08-08-49-81054032c:\users\All Users\sysiwp\dt\2014-06-01_08-13-49-81354053c:\users\All Users\sysiwp\dt\2014-06-01_08-18-49-81654058c:\users\All Users\sysiwp\dt\2014-06-01_08-23-49-81954064c:\users\All Users\sysiwp\dt\2014-06-01_08-28-49-82254069c:\users\All Users\sysiwp\dt\2014-06-01_08-33-49-82554075c:\users\All Users\sysiwp\dt\2014-06-01_08-38-49-82854081c:\users\All Users\sysiwp\dt\2014-06-01_08-43-49-83154086c:\users\All Users\sysiwp\dt\2014-06-01_08-48-49-83454092c:\users\All Users\sysiwp\dt\2014-06-01_08-53-49-83754081c:\users\All Users\sysiwp\dt\2014-06-01_08-58-49-84054103c:\users\All Users\sysiwp\dt\2014-06-01_09-03-49-84354093c:\users\All Users\sysiwp\dt\2014-06-01_09-08-49-84654114c:\users\All Users\sysiwp\dt\2014-06-01_09-13-49-84954119c:\users\All Users\sysiwp\dt\2014-06-01_09-18-49-85254125c:\users\All Users\sysiwp\dt\2014-06-01_09-23-49-85554130c:\users\All Users\sysiwp\dt\2014-06-01_09-28-49-85854120c:\users\All Users\sysiwp\dt\2014-06-01_09-33-49-86154141c:\users\All Users\sysiwp\dt\2014-06-01_09-38-49-86454131c:\users\All Users\sysiwp\dt\2014-06-01_09-43-49-86754152c:\users\All Users\sysiwp\dt\2014-06-01_09-48-49-87054158c:\users\All Users\sysiwp\dt\2014-06-01_09-53-49-87354163c:\users\All Users\sysiwp\dt\2014-06-01_09-58-49-87654169c:\users\All Users\sysiwp\dt\2014-06-01_10-03-49-87954174c:\users\All Users\sysiwp\dt\2014-06-01_10-08-49-88254180c:\users\All Users\sysiwp\dt\2014-06-01_10-13-49-88554185c:\users\All Users\sysiwp\dt\2014-06-01_10-18-49-88854207c:\users\All Users\sysiwp\dt\2014-06-01_10-23-49-89154181c:\users\All Users\sysiwp\dt\2014-06-01_10-28-49-89454202c:\users\All Users\sysiwp\dt\2014-06-01_10-33-49-89754208c:\users\All Users\sysiwp\dt\2014-06-01_10-42-34-90279166c:\users\All Users\sysiwp\dt\2014-06-01_10-47-34-90579172c:\users\All Users\sysiwp\dt\2014-06-01_10-52-34-90879162c:\users\All Users\sysiwp\dt\2014-06-01_10-57-34-91179183c:\users\All Users\sysiwp\dt\2014-06-01_11-02-34-91479173c:\users\All Users\sysiwp\dt\2014-06-01_11-07-34-91779194c:\users\All Users\sysiwp\dt\2014-06-01_11-12-34-92079184c:\users\All Users\sysiwp\dt\2014-06-01_11-17-34-92379205c:\users\All Users\sysiwp\dt\2014-06-01_11-22-34-92679226c:\users\All Users\sysiwp\dt\2014-06-01_11-27-34-92979216c:\users\All Users\sysiwp\dt\2014-06-01_11-32-34-93279222c:\users\All Users\sysiwp\dt\2014-06-01_11-37-34-93579227c:\users\All Users\sysiwp\dt\2014-06-01_11-42-34-93879233c:\users\All Users\sysiwp\dt\2014-06-01_11-47-34-94179238c:\users\All Users\sysiwp\dt\2014-06-01_11-52-34-94479244c:\users\All Users\sysiwp\dt\2014-06-01_11-57-34-94779234c:\users\All Users\sysiwp\dt\2014-06-01_12-02-34-95079255c:\users\All Users\sysiwp\dt\2014-06-01_12-07-34-95379245c:\users\All Users\sysiwp\dt\2014-06-01_12-12-34-95679266c:\users\All Users\sysiwp\dt\2014-06-01_12-17-34-95979256c:\users\All Users\sysiwp\dt\2014-06-01_12-22-34-96279277c:\users\All Users\sysiwp\dt\2014-06-01_12-27-34-96579267c:\users\All Users\sysiwp\dt\2014-06-01_12-32-34-96879288c:\users\All Users\sysiwp\dt\2014-06-01_12-37-34-97179294c:\users\All Users\sysiwp\dt\2014-06-01_12-42-34-97479283c:\users\All Users\sysiwp\dt\2014-06-01_12-47-34-97779305c:\users\All Users\sysiwp\dt\2014-06-01_12-52-34-98079294c:\users\All Users\sysiwp\dt\2014-06-01_12-57-34-98379316c:\users\All Users\sysiwp\dt\2014-06-01_13-02-34-98679306c:\users\All Users\sysiwp\dt\2014-06-01_13-07-34-98979327c:\users\All Users\sysiwp\dt\2014-06-01_13-12-34-99279332c:\users\All Users\sysiwp\dt\2014-06-01_13-17-34-99579338c:\users\All Users\sysiwp\dt\2014-06-01_13-22-34-99879359c:\users\All Users\sysiwp\dt\2014-06-01_13-27-34-100179349c:\users\All Users\sysiwp\dt\2014-06-01_13-32-34-100479354c:\users\All Users\sysiwp\dt\2014-06-01_13-37-34-100779360c:\users\All Users\sysiwp\dt\2014-06-01_13-42-33-101079365c:\users\All Users\sysiwp\dt\2014-06-01_13-47-33-101379355c:\users\All Users\sysiwp\dt\2014-06-01_13-52-33-101679376c:\users\All Users\sysiwp\dt\2014-06-01_13-57-33-101979397c:\users\All Users\sysiwp\dt\2014-06-01_14-02-33-102279387c:\users\All Users\sysiwp\dt\2014-06-01_14-07-33-102579377c:\users\All Users\sysiwp\dt\2014-06-01_14-12-33-102879383c:\users\All Users\sysiwp\dt\2014-06-01_14-17-33-103179404c:\users\All Users\sysiwp\dt\2014-06-01_14-22-33-103479394c:\users\All Users\sysiwp\dt\2014-06-01_14-27-33-103779399c:\users\All Users\sysiwp\dt\2014-06-01_14-32-33-104079405c:\users\All Users\sysiwp\dt\2014-06-01_14-37-33-104379426c:\users\All Users\sysiwp\dt\2014-06-01_14-42-33-104679432c:\users\All Users\sysiwp\dt\2014-06-01_14-47-33-104979437c:\users\All Users\sysiwp\dt\2014-06-01_14-52-33-105279427c:\users\All Users\sysiwp\dt\2014-06-01_14-57-33-105579433c:\users\All Users\sysiwp\dt\2014-06-01_15-02-33-105879454c:\users\All Users\sysiwp\dt\2014-06-01_15-07-33-106179459c:\users\All Users\sysiwp\dt\2014-06-01_15-12-33-106479465c:\users\All Users\sysiwp\dt\2014-06-01_15-17-33-106779455c:\users\All Users\sysiwp\dt\2014-06-01_15-22-33-107079476c:\users\All Users\sysiwp\dt\2014-06-01_15-27-33-107379481c:\users\All Users\sysiwp\dt\2014-06-01_15-32-33-107679487c:\users\All Users\sysiwp\dt\2014-06-01_15-37-33-107979492c:\users\All Users\sysiwp\dt\2014-06-01_15-42-33-108279498c:\users\All Users\sysiwp\dt\2014-06-01_15-47-33-108579503c:\users\All Users\sysiwp\dt\2014-06-01_15-52-33-108879509c:\users\All Users\sysiwp\dt\2014-06-01_15-57-33-109179499c:\users\All Users\sysiwp\dt\2014-06-01_16-02-33-109479504c:\users\All Users\sysiwp\dt\2014-06-01_16-07-33-109779525c:\users\All Users\sysiwp\dt\2014-06-01_16-12-33-110079531c:\users\All Users\sysiwp\dt\2014-06-01_16-17-33-110379537c:\users\All Users\sysiwp\dt\2014-06-01_16-22-33-110679526c:\users\All Users\sysiwp\dt\2014-06-01_16-27-33-110979548c:\users\All Users\sysiwp\dt\2014-06-01_16-32-33-111279537c:\users\All Users\sysiwp\dt\2014-06-01_16-37-33-111579559c:\users\All Users\sysiwp\dt\2014-06-01_16-42-33-111879564c:\users\All Users\sysiwp\dt\2014-06-01_16-47-33-112179570c:\users\All Users\sysiwp\dt\2014-06-01_16-52-33-112479560c:\users\All Users\sysiwp\dt\2014-06-01_16-57-33-112779565c:\users\All Users\sysiwp\dt\2014-06-01_17-02-33-113079571c:\users\All Users\sysiwp\dt\2014-06-01_17-07-33-113379576c:\users\All Users\sysiwp\dt\2014-06-01_17-12-33-113679597c:\users\All Users\sysiwp\dt\2014-06-01_17-17-33-113979587c:\users\All Users\sysiwp\dt\2014-06-01_17-22-33-114279593c:\users\All Users\sysiwp\dt\2014-06-01_17-27-33-114579598c:\users\All Users\sysiwp\dt\2014-06-01_17-32-33-114879619c:\users\All Users\sysiwp\dt\2014-06-01_17-37-33-115179609c:\users\All Users\sysiwp\dt\2014-06-01_17-42-33-115479630c:\users\All Users\sysiwp\dt\2014-06-01_17-47-33-115779620c:\users\All Users\sysiwp\dt\2014-06-01_17-52-33-116079641c:\users\All Users\sysiwp\dt\2014-06-01_17-57-33-116379647c:\users\All Users\sysiwp\dt\2014-06-01_18-02-33-116679652c:\users\All Users\sysiwp\dt\2014-06-01_18-07-33-116979658c:\users\All Users\sysiwp\dt\2014-06-01_18-12-33-117279664c:\users\All Users\sysiwp\dt\2014-06-01_18-17-33-117579653c:\users\All Users\sysiwp\dt\2014-06-01_18-22-33-117879659c:\users\All Users\sysiwp\dt\2014-06-01_18-27-33-118179680c:\users\All Users\sysiwp\dt\2014-06-01_18-32-33-118479670c:\users\All Users\sysiwp\dt\2014-06-01_18-37-33-118779691c:\users\All Users\sysiwp\dt\2014-06-01_18-42-33-119079681c:\users\All Users\sysiwp\dt\2014-06-01_18-47-33-119379702c:\users\All Users\sysiwp\dt\2014-06-01_18-52-33-119679708c:\users\All Users\sysiwp\dt\2014-06-01_18-57-33-119979713c:\users\All Users\sysiwp\dt\2014-06-01_19-02-33-120279703c:\users\All Users\sysiwp\dt\2014-06-01_19-07-33-120579724c:\users\All Users\sysiwp\dt\2014-06-01_19-12-33-120879730c:\users\All Users\sysiwp\dt\2014-06-01_19-17-33-121179720c:\users\All Users\sysiwp\dt\2014-06-01_19-22-33-121479725c:\users\All Users\sysiwp\dt\2014-06-01_19-27-33-121779731c:\users\All Users\sysiwp\dt\2014-06-01_19-32-33-122079736c:\users\All Users\sysiwp\dt\2014-06-01_19-37-33-122379742c:\users\All Users\sysiwp\dt\2014-06-01_19-42-33-122679747c:\users\All Users\sysiwp\dt\2014-06-01_19-47-33-122979768c:\users\All Users\sysiwp\dt\2014-06-01_19-52-33-123279774c:\users\All Users\sysiwp\help.chmc:\users\All Users\sysiwp\install.binc:\users\All Users\sysiwp\install.logc:\users\All Users\sysiwp\pkl.binc:\users\All Users\sysiwp\sysiwpconfigure.exec:\users\All Users\sysiwp\sysiwphk.dllc:\users\All Users\sysiwp\sysiwpi.dllc:\users\All Users\sysiwp\sysiwpr.exec:\users\All Users\sysiwp\sysiwpvw.exec:\users\All Users\sysiwp\sysiwpwb.dllc:\users\All Users\sysiwp\web.dtc:\windows\Installer\48270c.msic:\windows\SysWOW64\air.exe..((((((((((((((((((((((((( Files Created from 2014-05-02 to 2014-06-02 )))))))))))))))))))))))))))))))..2014-06-02 11:08 . 2014-06-02 11:08 -------- d-----w- c:\users\Public\AppData\Local\temp2014-06-02 11:08 . 2014-06-02 11:08 -------- d-----w- c:\users\Dragonlady\AppData\Local\temp2014-06-02 11:08 . 2014-06-02 11:08 -------- d-----w- c:\users\Default\AppData\Local\temp2014-06-02 01:52 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA0B2348-A4EF-4885-ADED-64CB50684965}\mpengine.dll2014-06-01 01:16 . 2014-06-01 01:16 -------- d-----w- c:\program files (x86)\ESET2014-05-31 16:37 . 2014-05-31 16:37 75376 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll2014-05-31 16:37 . 2014-05-31 16:37 46704 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll2014-05-31 16:37 . 2014-05-31 16:37 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\D3DCompiler_43.dll2014-05-31 16:37 . 2014-05-31 16:37 20080 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll2014-05-31 16:37 . 2014-05-31 16:37 305264 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\freebl3.dll2014-05-31 16:37 . 2014-05-31 16:37 275568 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\firefox.exe2014-05-31 16:37 . 2014-05-31 16:37 117360 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\crashreporter.exe2014-05-31 16:37 . 2014-05-31 16:37 4881520 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\gkmedias.dll2014-05-31 16:37 . 2014-05-31 16:37 10594416 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icudt52.dll2014-05-31 16:37 . 2014-05-31 16:37 1266800 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuin52.dll2014-05-31 16:37 . 2014-05-31 16:37 965232 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuuc52.dll2014-05-31 13:52 . 2014-05-31 13:52 -------- d-----w- c:\windows\ERUNT2014-05-31 13:34 . 2014-05-31 13:37 -------- d-----w- C:\AdwCleaner2014-05-31 12:33 . 2014-04-30 23:20 10702536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-05-24 11:04 . 2014-05-01 20:00 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8456C39-30B7-426C-B89F-E8CD6FA43BBF}\gapaengine.dll2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\users\Sharon\AppData\Roaming\Oracle2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\programdata\Oracle2014-05-20 21:53 . 2014-04-15 00:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-05-14 07:39 . 2014-03-25 16:30 12900864 ----a-w- c:\windows\system32\shell32.dll2014-05-14 07:39 . 2014-05-05 20:06 9348096 ----a-w- c:\windows\system32\mshtml.dll2014-05-14 07:39 . 2014-05-05 20:06 98304 ----a-w- c:\windows\system32\mshtmled.dll2014-05-14 07:39 . 2014-05-05 19:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb2014-05-14 07:39 . 2014-05-05 18:47 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll2014-05-07 11:15 . 2013-09-23 17:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-06-02 11:11 . 2014-04-28 23:28 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-05-28 11:48 . 2012-03-30 11:37 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-05-28 11:48 . 2011-06-14 11:40 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-05-15 07:02 . 2006-11-02 12:35 93223848 ----a-w- c:\windows\system32\mrt.exe2014-05-12 11:26 . 2014-04-28 23:28 64216 ----a-w- c:\windows\system32\drivers\mwac.sys2014-05-12 11:26 . 2014-04-28 23:28 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-05-12 11:25 . 2014-04-28 23:28 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-05-02 20:06 . 2014-05-02 20:06 650936 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2014-05-01 20:00 . 2013-12-07 00:38 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2014-04-01 02:46 . 2014-04-01 02:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL2014-04-01 02:46 . 2014-04-01 02:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX2014-03-17 23:02 . 2012-06-04 11:40 70592 ----a-w- c:\windows\system32\drivers\cfwids.sys2014-03-17 22:54 . 2012-06-04 11:40 345456 ----a-w- c:\windows\system32\drivers\mfewfpk.sys2014-03-17 22:54 . 2012-06-02 23:26 185792 ----a-w- c:\windows\system32\mfevtps.exe2014-03-17 22:49 . 2012-02-22 17:29 783864 ----a-w- c:\windows\system32\drivers\mfehidk.sys2014-03-17 22:47 . 2012-06-04 11:40 522360 ----a-w- c:\windows\system32\drivers\mfefirek.sys2014-03-17 22:45 . 2012-06-04 11:40 311600 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2014-03-17 22:44 . 2012-02-22 17:29 180272 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2014-03-11 13:52 . 2013-06-19 02:50 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2014-03-04 15:10 . 2014-04-09 11:29 1147392 ----a-w- c:\windows\system32\wininet.dll2014-03-04 15:09 . 2014-04-09 11:29 1490432 ----a-w- c:\windows\system32\urlmon.dll2014-03-04 15:09 . 2014-04-09 11:29 108032 ----a-w- c:\windows\system32\url.dll2014-03-04 15:08 . 2014-04-09 11:29 243712 ----a-w- c:\windows\system32\occache.dll2014-03-04 15:06 . 2014-04-09 11:29 1062912 ----a-w- c:\windows\system32\mstime.dll2014-03-04 15:05 . 2014-04-09 11:29 742912 ----a-w- c:\windows\system32\msfeeds.dll2014-03-04 15:05 . 2014-04-09 11:29 71680 ----a-w- c:\windows\system32\msfeedsbs.dll2014-03-04 15:05 . 2014-04-09 11:29 56832 ----a-w- c:\windows\system32\licmgr10.dll2014-03-04 15:04 . 2014-04-09 11:29 31744 ----a-w- c:\windows\system32\jsproxy.dll2014-03-04 15:04 . 2014-04-09 11:29 1538560 ----a-w- c:\windows\system32\inetcpl.cpl2014-03-04 15:04 . 2014-04-09 11:29 2357760 ----a-w- c:\windows\system32\iertutil.dll2014-03-04 15:04 . 2014-04-09 11:29 77312 ----a-w- c:\windows\system32\iesetup.dll2014-03-04 15:04 . 2014-04-09 11:29 219136 ----a-w- c:\windows\system32\ieui.dll2014-03-04 15:04 . 2014-04-09 11:29 132096 ----a-w- c:\windows\system32\iesysprep.dll2014-03-04 15:04 . 2014-04-09 11:29 72192 ----a-w- c:\windows\system32\iernonce.dll2014-03-04 15:04 . 2014-04-09 11:29 12510720 ----a-w- c:\windows\system32\ieframe.dll2014-03-04 15:04 . 2014-04-09 11:29 252416 ----a-w- c:\windows\system32\iepeers.dll2014-03-04 15:04 . 2014-04-09 11:29 459776 ----a-w- c:\windows\system32\iedkcs32.dll2014-03-04 15:02 . 2014-04-09 11:29 23040 ----a-w- c:\windows\system32\corpol.dll2014-03-04 13:33 . 2014-04-09 11:29 479232 ----a-w- c:\windows\system32\html.iec2014-03-04 12:10 . 2014-04-09 11:29 162816 ----a-w- c:\windows\system32\ieUnatt.exe2014-03-04 12:09 . 2014-04-09 11:29 70656 ----a-w- c:\windows\system32\ie4uinit.exe2014-03-04 12:08 . 2014-04-09 11:29 12288 ----a-w- c:\windows\system32\msfeedssync.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]"MoneyAgent"="c:\program files (x86)\Microsoft Money\System\Money Express.exe" [2000-07-19 176183]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-04 39408]"SansaDispatch"="c:\users\Sharon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2013-06-18 613888]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"DELL Webcam Manager"="c:\program files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-08-22 36864]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-31 295512]"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392].c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]Displaysoft Online Updates - c--DSI-FIDLITE3.lnk - c:\dsi\FIDLITE3\inetupapp.exe [2009-7-16 757760].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]netsvcr REG_MULTI_SZ MedisCenter.HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsThemes.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-05-21 12:12 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:48].2014-06-02 c:\windows\Tasks\BeFrugal.com Toolbar.job- c:\program files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe [2012-12-09 15:09].2014-06-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34].2014-06-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45].2014-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34].2014-06-01 c:\windows\Tasks\User_Feed_Synchronization-{1AA20150-EF88-4896-B0E4-6EEAF5644B98}.job- c:\windows\system32\msfeedssync.exe [2014-04-09 07:23]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTrusted Zone: aquarionwater.com\wwwTrusted Zone: caldirectsecuredocs.com\wwwTrusted Zone: com\pennwest-edocsTrusted Zone: com\swiftviewTrusted Zone: coupons.com\micrositeTrusted Zone: ditechsecuredocs.com\wwwTrusted Zone: ditechsecuredocs.net\wwwTrusted Zone: docmagic.com\wwwTrusted Zone: elynx.com\gatewayTrusted Zone: elynx.com\stest.lane100Trusted Zone: elynx.com\stest.lane200Trusted Zone: elynx.net\aegisTrusted Zone: elynx.net\ctestTrusted Zone: elynx.net\ctest.lane100Trusted Zone: elynx.net\formsTrusted Zone: elynx.net\gatewayTrusted Zone: elynx.net\gateway.ctestTrusted Zone: elynx.net\gmacformsTrusted Zone: elynx.net\proTrusted Zone: elynx.net\secureTrusted Zone: elynx.net\ssctestTrusted Zone: elynx.net\stestTrusted Zone: elynx.net\usignTrusted Zone: elynx.net\webpostTrusted Zone: gmacmsecuredocs.com\wwwTrusted Zone: gmacmsecuredocs.net\wwwTrusted Zone: gmamcsecuredocs.com\wwwTrusted Zone: hsbc.com\mortgage-esign.usTrusted Zone: real.com\rhap-app-4-0Trusted Zone: real.com\rhapregTrusted Zone: sasrlink.com\wwwTrusted Zone: ss3.swiftsend.com\loandocsTrusted Zone: swiftsend.com\docsTrusted Zone: swiftsend.com\gatewayTrusted Zone: swiftsend.com\loandocsTrusted Zone: swiftsend.com\loandocs.ss3Trusted Zone: swiftsend.com\wwwTrusted Zone: swiftsend2.com\docsTrusted Zone: swiftsend2.com\loandocsTrusted Zone: swiftview.com\productsTrusted Zone: swiftview.com\wwwTrusted Zone: wamuloandocs.com\wwwTCP: DhcpNameServer = 192.168.1.254CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dllFF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - Bing FF - ExtSQL: !HIDDEN! 2009-09-01 11:28; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension.- - - - ORPHANS REMOVED - - - -.AddRemove-Coupon Printer for Windows4.0 - c:\program files (x86)\Coupons\uninstall.exeAddRemove-Coupon Printer for Windows5.0.0.7 - c:\program files (x86)\Coupons\uninstall.exeAddRemove-Driver Performer_is1 - c:\program files (x86)\Driver-Soft\DriverPerformer\unins000.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.13".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]@Denied: (A 2) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]@="Shockwave Flash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]@Denied: (A 2) (Everyone)@="".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]@="FlashBroker".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exec:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exec:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exec:\users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exec:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exec:\windows\SysWOW64\rundll32.exec:\program files (x86)\Malwarebytes Anti-Malware\mbam.exec:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe.**************************************************************************.Completion time: 2014-06-02 07:17:41 - machine was rebootedComboFix-quarantined-files.txt 2014-06-02 11:17ComboFix2.txt 2014-06-02 01:25ComboFix3.txt 2012-05-26 00:37ComboFix4.txt 2012-05-25 11:02ComboFix5.txt 2014-06-02 10:43.Pre-Run: 440,775,299,072 bytes freePost-Run: 440,612,446,208 bytes free.- - End Of File - - 0C53CA91E455361784464A16A7B218C15C616939100B85E558DA92B899A0FC36
  14. Here's the ComboFix log....Thanks again for the help: ComboFix 14-05-29.01 - Sharon 06/01/2014 19:54:55.1.4 - x64Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.3352 [GMT -4:00]Running from: c:\users\Sharon\Downloads\ComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {ADA629C7-7F48-5689-624A-3B76997E0892}AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\sysiwp\sysiwp.exec:\users\Sharon\AppData\Roaming\svfiles.logc:\windows\SysWow64\bidisp.dll..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_BeFrugal.com Service..((((((((((((((((((((((((( Files Created from 2014-05-02 to 2014-06-02 )))))))))))))))))))))))))))))))..2014-06-02 00:14 . 2014-06-02 00:14 -------- d-----w- c:\users\Public\AppData\Local\temp2014-06-02 00:14 . 2014-06-02 00:14 -------- d-----w- c:\users\Dragonlady\AppData\Local\temp2014-06-02 00:14 . 2014-06-02 00:14 -------- d-----w- c:\users\Default\AppData\Local\temp2014-06-01 13:56 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE01932E-AD7E-43C6-9150-6548CE75E33A}\mpengine.dll2014-06-01 01:16 . 2014-06-01 01:16 -------- d-----w- c:\program files (x86)\ESET2014-05-31 20:23 . 2014-06-02 00:14 -------- d--h--w- c:\programdata\sysiwp2014-05-31 16:37 . 2014-05-31 16:37 75376 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll2014-05-31 16:37 . 2014-05-31 16:37 46704 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll2014-05-31 16:37 . 2014-05-31 16:37 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\D3DCompiler_43.dll2014-05-31 16:37 . 2014-05-31 16:37 20080 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll2014-05-31 16:37 . 2014-05-31 16:37 305264 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\freebl3.dll2014-05-31 16:37 . 2014-05-31 16:37 275568 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\firefox.exe2014-05-31 16:37 . 2014-05-31 16:37 117360 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\crashreporter.exe2014-05-31 16:37 . 2014-05-31 16:37 4881520 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\gkmedias.dll2014-05-31 16:37 . 2014-05-31 16:37 10594416 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icudt52.dll2014-05-31 16:37 . 2014-05-31 16:37 1266800 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuin52.dll2014-05-31 16:37 . 2014-05-31 16:37 965232 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuuc52.dll2014-05-31 13:52 . 2014-05-31 13:52 -------- d-----w- c:\windows\ERUNT2014-05-31 13:34 . 2014-05-31 13:37 -------- d-----w- C:\AdwCleaner2014-05-31 12:33 . 2014-04-30 23:20 10702536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-05-24 11:04 . 2014-05-01 20:00 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8456C39-30B7-426C-B89F-E8CD6FA43BBF}\gapaengine.dll2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\users\Sharon\AppData\Roaming\Oracle2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\programdata\Oracle2014-05-20 21:53 . 2014-04-15 00:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-05-14 07:39 . 2014-03-25 16:30 12900864 ----a-w- c:\windows\system32\shell32.dll2014-05-14 07:39 . 2014-05-05 20:06 9348096 ----a-w- c:\windows\system32\mshtml.dll2014-05-14 07:39 . 2014-05-05 20:06 98304 ----a-w- c:\windows\system32\mshtmled.dll2014-05-14 07:39 . 2014-05-05 19:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb2014-05-14 07:39 . 2014-05-05 18:47 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll2014-05-07 11:15 . 2013-09-23 17:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-06-02 01:21 . 2014-04-28 23:28 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-05-28 11:48 . 2012-03-30 11:37 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-05-28 11:48 . 2011-06-14 11:40 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-05-15 07:02 . 2006-11-02 12:35 93223848 ----a-w- c:\windows\system32\mrt.exe2014-05-12 11:26 . 2014-04-28 23:28 64216 ----a-w- c:\windows\system32\drivers\mwac.sys2014-05-12 11:26 . 2014-04-28 23:28 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-05-12 11:25 . 2014-04-28 23:28 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-05-02 20:06 . 2014-05-02 20:06 650936 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2014-05-01 20:00 . 2013-12-07 00:38 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2014-04-01 02:46 . 2014-04-01 02:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL2014-04-01 02:46 . 2014-04-01 02:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX2014-03-17 23:02 . 2012-06-04 11:40 70592 ----a-w- c:\windows\system32\drivers\cfwids.sys2014-03-17 22:54 . 2012-06-04 11:40 345456 ----a-w- c:\windows\system32\drivers\mfewfpk.sys2014-03-17 22:54 . 2012-06-02 23:26 185792 ----a-w- c:\windows\system32\mfevtps.exe2014-03-17 22:49 . 2012-02-22 17:29 783864 ----a-w- c:\windows\system32\drivers\mfehidk.sys2014-03-17 22:47 . 2012-06-04 11:40 522360 ----a-w- c:\windows\system32\drivers\mfefirek.sys2014-03-17 22:45 . 2012-06-04 11:40 311600 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2014-03-17 22:44 . 2012-02-22 17:29 180272 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2014-03-11 13:52 . 2013-06-19 02:50 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2014-03-04 15:10 . 2014-04-09 11:29 1147392 ----a-w- c:\windows\system32\wininet.dll2014-03-04 15:09 . 2014-04-09 11:29 1490432 ----a-w- c:\windows\system32\urlmon.dll2014-03-04 15:09 . 2014-04-09 11:29 108032 ----a-w- c:\windows\system32\url.dll2014-03-04 15:08 . 2014-04-09 11:29 243712 ----a-w- c:\windows\system32\occache.dll2014-03-04 15:06 . 2014-04-09 11:29 1062912 ----a-w- c:\windows\system32\mstime.dll2014-03-04 15:05 . 2014-04-09 11:29 742912 ----a-w- c:\windows\system32\msfeeds.dll2014-03-04 15:05 . 2014-04-09 11:29 71680 ----a-w- c:\windows\system32\msfeedsbs.dll2014-03-04 15:05 . 2014-04-09 11:29 56832 ----a-w- c:\windows\system32\licmgr10.dll2014-03-04 15:04 . 2014-04-09 11:29 31744 ----a-w- c:\windows\system32\jsproxy.dll2014-03-04 15:04 . 2014-04-09 11:29 1538560 ----a-w- c:\windows\system32\inetcpl.cpl2014-03-04 15:04 . 2014-04-09 11:29 2357760 ----a-w- c:\windows\system32\iertutil.dll2014-03-04 15:04 . 2014-04-09 11:29 77312 ----a-w- c:\windows\system32\iesetup.dll2014-03-04 15:04 . 2014-04-09 11:29 219136 ----a-w- c:\windows\system32\ieui.dll2014-03-04 15:04 . 2014-04-09 11:29 132096 ----a-w- c:\windows\system32\iesysprep.dll2014-03-04 15:04 . 2014-04-09 11:29 72192 ----a-w- c:\windows\system32\iernonce.dll2014-03-04 15:04 . 2014-04-09 11:29 12510720 ----a-w- c:\windows\system32\ieframe.dll2014-03-04 15:04 . 2014-04-09 11:29 252416 ----a-w- c:\windows\system32\iepeers.dll2014-03-04 15:04 . 2014-04-09 11:29 459776 ----a-w- c:\windows\system32\iedkcs32.dll2014-03-04 15:02 . 2014-04-09 11:29 23040 ----a-w- c:\windows\system32\corpol.dll2014-03-04 13:33 . 2014-04-09 11:29 479232 ----a-w- c:\windows\system32\html.iec2014-03-04 12:10 . 2014-04-09 11:29 162816 ----a-w- c:\windows\system32\ieUnatt.exe2014-03-04 12:09 . 2014-04-09 11:29 70656 ----a-w- c:\windows\system32\ie4uinit.exe2014-03-04 12:08 . 2014-04-09 11:29 12288 ----a-w- c:\windows\system32\msfeedssync.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]"MoneyAgent"="c:\program files (x86)\Microsoft Money\System\Money Express.exe" [2000-07-19 176183]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-04 39408]"SansaDispatch"="c:\users\Sharon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2013-06-18 613888]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"DELL Webcam Manager"="c:\program files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-08-22 36864]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-31 295512]"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392].c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]Displaysoft Online Updates - c--DSI-FIDLITE3.lnk - c:\dsi\FIDLITE3\inetupapp.exe [2009-7-16 757760].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY*NewlyCreated* - MBAMWEBACCESSCONTROL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]netsvcr REG_MULTI_SZ MedisCenter.HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsThemes.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-05-21 12:12 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:48].2014-06-02 c:\windows\Tasks\BeFrugal.com Toolbar.job- c:\program files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe [2012-12-09 15:09].2014-06-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34].2014-06-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45].2014-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34].2014-06-01 c:\windows\Tasks\User_Feed_Synchronization-{1AA20150-EF88-4896-B0E4-6EEAF5644B98}.job- c:\windows\system32\msfeedssync.exe [2014-04-09 07:23]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTrusted Zone: aquarionwater.com\wwwTrusted Zone: caldirectsecuredocs.com\wwwTrusted Zone: com\pennwest-edocsTrusted Zone: com\swiftviewTrusted Zone: coupons.com\micrositeTrusted Zone: ditechsecuredocs.com\wwwTrusted Zone: ditechsecuredocs.net\wwwTrusted Zone: docmagic.com\wwwTrusted Zone: elynx.com\gatewayTrusted Zone: elynx.com\stest.lane100Trusted Zone: elynx.com\stest.lane200Trusted Zone: elynx.net\aegisTrusted Zone: elynx.net\ctestTrusted Zone: elynx.net\ctest.lane100Trusted Zone: elynx.net\formsTrusted Zone: elynx.net\gatewayTrusted Zone: elynx.net\gateway.ctestTrusted Zone: elynx.net\gmacformsTrusted Zone: elynx.net\proTrusted Zone: elynx.net\secureTrusted Zone: elynx.net\ssctestTrusted Zone: elynx.net\stestTrusted Zone: elynx.net\usignTrusted Zone: elynx.net\webpostTrusted Zone: gmacmsecuredocs.com\wwwTrusted Zone: gmacmsecuredocs.net\wwwTrusted Zone: gmamcsecuredocs.com\wwwTrusted Zone: hsbc.com\mortgage-esign.usTrusted Zone: real.com\rhap-app-4-0Trusted Zone: real.com\rhapregTrusted Zone: sasrlink.com\wwwTrusted Zone: ss3.swiftsend.com\loandocsTrusted Zone: swiftsend.com\docsTrusted Zone: swiftsend.com\gatewayTrusted Zone: swiftsend.com\loandocsTrusted Zone: swiftsend.com\loandocs.ss3Trusted Zone: swiftsend.com\wwwTrusted Zone: swiftsend2.com\docsTrusted Zone: swiftsend2.com\loandocsTrusted Zone: swiftview.com\productsTrusted Zone: swiftview.com\wwwTrusted Zone: wamuloandocs.com\wwwTCP: DhcpNameServer = 192.168.1.254CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dllFF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - Bing FF - ExtSQL: !HIDDEN! 2009-09-01 11:28; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKCU-Run-bpk - c:\programdata\BPK\bpk.exeWow6432Node-HKCU-Run-sysiwp - c:\programdata\sysiwp\sysiwp.exeWow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exeAddRemove-Coupon Printer for Windows4.0 - c:\program files (x86)\Coupons\uninstall.exeAddRemove-Coupon Printer for Windows5.0.0.7 - c:\program files (x86)\Coupons\uninstall.exeAddRemove-Driver Performer_is1 - c:\program files (x86)\Driver-Soft\DriverPerformer\unins000.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.13".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]@Denied: (A 2) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]@="Shockwave Flash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]@Denied: (A 2) (Everyone)@="".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]@="FlashBroker".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exec:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exec:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exec:\users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exec:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exec:\windows\SysWOW64\rundll32.exec:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exec:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe.**************************************************************************.Completion time: 2014-06-01 21:25:36 - machine was rebootedComboFix-quarantined-files.txt 2014-06-02 01:25ComboFix2.txt 2012-05-26 00:37ComboFix3.txt 2012-05-25 11:02ComboFix4.txt 2012-05-25 00:26ComboFix5.txt 2014-06-01 23:53.Pre-Run: 440,709,865,472 bytes freePost-Run: 440,796,131,328 bytes free.- - End Of File - - 900830E5900BE6C65D521F094DE018FF5C616939100B85E558DA92B899A0FC36
  15. Stopped the scan at 3:50 as its been at 93 percent since early this morning. I could not find a way to quarantine the files. Here is the Log: C:\AdwCleaner\Quarantine\C\Users\Sharon\AppData\Local\Babylon\Setup\BExternal.dll.vir a variant of Win32/Toolbar.Babylon.F potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Sharon\AppData\Local\Babylon\Setup\IECookieLow.dll.vir a variant of Win32/Toolbar.Babylon.E potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Sharon\AppData\Local\Babylon\Setup\Setup.exe.vir a variant of Win32/Toolbar.Babylon.H potentially unwanted applicationC:\FRST\Quarantine\C\Program Files\Common Files\safewx.exe.xBAD Win32/Farfli.ATK trojanC:\FRST\Quarantine\C\ProgramData\sysiwp\sysiwp.exe a variant of Win32/Packed.Themida potentially unwanted applicationC:\FRST\Quarantine\C\ProgramData\sysiwp\sysiwpconfigure.exe a variant of Win32/Packed.Themida potentially unwanted applicationC:\FRST\Quarantine\C\ProgramData\sysiwp\sysiwphk.dll probably a variant of Win32/Packed.Themida potentially unwanted applicationC:\FRST\Quarantine\C\ProgramData\sysiwp\sysiwpvw.exe a variant of Win32/Packed.Themida potentially unwanted applicationC:\FRST\Quarantine\C\ProgramData\sysiwp\sysiwpwb.dll probably a variant of Win32/Packed.Themida potentially unwanted applicationC:\FRST\Quarantine\C\Windows\safewx.exe.xBAD Win32/Farfli.ATK trojanC:\Program Files (x86)\FoxTabMusicConverter\AudioConverter.exe a variant of Win32/InstallCore.A potentially unwanted applicationC:\ProgramData\BPK\bpkconfigure.exe a variant of Win32/Packed.Themida potentially unwanted applicationC:\ProgramData\BPK\bpkwb.dll probably a variant of Win32/Packed.Themida potentially unwanted applicationC:\ProgramData\sysiwp\sysiwp.exe a variant of Win32/Packed.Themida potentially unwanted applicationC:\ProgramData\sysiwp\sysiwpconfigure.exe a variant of Win32/Packed.Themida potentially unwanted applicationC:\ProgramData\sysiwp\sysiwphk.dll probably a variant of Win32/Packed.Themida potentially unwanted applicationC:\ProgramData\sysiwp\sysiwpvw.exe a variant of Win32/Packed.Themida potentially unwanted applicationC:\ProgramData\sysiwp\sysiwpwb.dll probably a variant of Win32/Packed.Themida potentially unwanted applicationC:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo potentially unwanted applicationC:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo potentially unwanted applicationC:\Users\All Users\BPK\bpkconfigure.exe a variant of Win32/Packed.Themida potentially unwanted applicationC:\Users\All Users\BPK\bpkwb.dll probably a variant of Win32/Packed.Themida potentially unwanted applicationC:\Users\All Users\sysiwp\sysiwp.exe a variant of Win32/Packed.Themida potentially unwanted applicationC:\Users\All Users\sysiwp\sysiwpconfigure.exe a variant of Win32/Packed.Themida potentially unwanted applicationC:\Users\All Users\sysiwp\sysiwphk.dll probably a variant of Win32/Packed.Themida potentially unwanted applicationC:\Users\All Users\sysiwp\sysiwpvw.exe a variant of Win32/Packed.Themida potentially unwanted applicationC:\Users\All Users\sysiwp\sysiwpwb.dll probably a variant of Win32/Packed.Themida potentially unwanted applicationC:\Users\Sharon\Desktop\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD applicationC:\Windows\Installer\48270c.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationC:\Windows\System32\air.exe Win32/Farfli.ATK trojanC:\Windows\SysWOW64\air.exe Win32/Farfli.ATK trojanF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2012-06-02 213830\Backup files 17.zip a variant of Win32/Toolbar.Zugo potentially unwanted applicationF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2012-10-30 092305\Backup files 1.zip JS/Redirector.NIQ trojanF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2012-11-16 180010\Backup files 1.zip JS/Redirector.NIQ trojanF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2012-11-21 180010\Backup files 2.zip JS/Redirector.NIQ trojanF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2012-11-23 185945\Backup files 1.zip multiple threatsF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-01-06 183518\Backup files 1.zip JS/Agent.NKW trojanF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-03-24 181541\Backup files 3.zip Win32/OpenCandy potentially unsafe applicationF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-03-26 180012\Backup files 3.zip Win32/OpenCandy potentially unsafe applicationF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-03-28 180011\Backup files 3.zip Win32/OpenCandy potentially unsafe applicationF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-03-30 180012\Backup files 3.zip Win32/OpenCandy potentially unsafe applicationF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-03-31 180011\Backup files 2.zip Win32/OpenCandy potentially unsafe applicationF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-06-01 180030\Backup files 21.zip a variant of Win32/Toolbar.Zugo potentially unwanted applicationF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-06-01 180030\Backup files 24.zip multiple threatsF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-06-19 180012\Backup files 3.zip Win32/OpenCandy potentially unsafe applicationF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-06-21 180012\Backup files 3.zip Win32/OpenCandy potentially unsafe applicationF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-06-23 180016\Backup files 2.zip Win32/OpenCandy potentially unsafe applicationF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-06-25 180017\Backup files 3.zip Win32/OpenCandy potentially unsafe applicationF:\SHARON-PC\Backup Set 2012-06-02 213830\Backup Files 2013-06-26 180014\Backup files 3.zip Win32/OpenCandy potentially unsafe application
  16. The number of files scanned is slowly incrementing. Also, it is scanning a backup drive which I believe is a TB about half full. I will let it drag on a bit and see what happens then follow your last post instructions. Thanks.
  17. Hello, I was able to get the ESET Online Scanner to run, however I started it 9:30 last night and @ 7:15 this morning it was still running and indicated it was @ 92%. Almost an hour later it is stil at 92% and running and indicating 37 infected files. Is it normal for ESET to run this long? Thanks.
  18. Here's the Junkware removal tool log. I can't seem to get the ESET online scanner to download and run. Thanks for the help so far. unkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows Vista Home Premium x64 Ran by Sharon on Sat 05/31/2014 at 9:52:55.60 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] ustsscheduler Successfully deleted: [service] ustsscheduler ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ustechsupport ~~~ Files Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll" Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll" Successfully deleted: [File] C:\Users\Sharon\appdata\local\{682CD89D-A4D0-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A] ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\ustechsupport" Successfully deleted: [Folder] "C:\Users\Sharon\AppData\Roaming\ustechsupport" Successfully deleted: [Folder] "C:\Users\Sharon\appdata\locallow\superfish" Failed to delete: [Folder] "C:\Program Files (x86)\coupons" Successfully deleted: [Folder] "C:\Program Files (x86)\superfish" Successfully deleted: [Folder] "C:\Program Files (x86)\ustechsupport" Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\ustechsupport" Successfully deleted: [Empty Folder] C:\Users\Sharon\appdata\local\{b0b2e9a6-e8ff-c1b2-3fb9-797ec509843a} Successfully deleted: [Folder] C:\Users\Sharon\appdata\local\{682CD89D-A4D0-11E1-8270-B8AC6F996F26} [Trojan:JS/Medfos.A] ~~~ FireFox Successfully deleted: [File] C:\user.js Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\superfish@superfish.com Emptied folder: C:\Users\Sharon\AppData\Roaming\mozilla\firefox\profiles\7adqiqrj.default\minidumps [5 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 05/31/2014 at 10:04:59.40 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  19. There were 2 files. SO, RO # AdwCleaner v3.211 - Report created 31/05/2014 at 09:37:12 # Updated 26/05/2014 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (64 bits) # Username : Sharon - SHARON-PC # Running from : C:\Users\Sharon\Downloads\adwcleaner_3.211.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\ProgramData\Ask [!] Folder Deleted : C:\ProgramData\Babylon [!] Folder Deleted : C:\Program Files (x86)\driver-soft [!] Folder Deleted : C:\Program Files (x86)\iBryte [!] Folder Deleted : C:\Users\George\AppData\LocalLow\AskToolbar [!] Folder Deleted : C:\Users\Sharon\AppData\Local\Babylon [!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\BabylonToolbar [!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\iBryte [!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [!] Folder Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh File Deleted : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\invalidprefs.js File Deleted : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\searchplugins\Askcom.xml File Deleted : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\searchplugins\bingp.xml File Deleted : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\wajam.DLL Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\Driver-Soft Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.19518 -\\ Mozilla Firefox v17.0 (en-US) [ File : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\prefs.js ] Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Line Deleted : user_pref("browser.search.order.1", "Ask.com"); Line Deleted : \\\\Sharon\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\7adqiqrj.default\\\\extensions\\\\toolbar@ask.com\",\"mtime\":1367530272770},\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descrip[...] Line Deleted : user_pref("browser.search.defaultengine", "Ask.com"); -\\ Google Chrome v35.0.1916.114 [ File : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=B35F0F79-4C8B-49B1-B14B-F12E11C11AD7&apn_ptnrs=TV&apn_sauid=296E7551-4BFE-4540-9D60-37F14DDBB1D9&apn_dtid=OSJ000YYUS&q={searchTerms} Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} Deleted [search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=254DEBD6-73A8-4A65-8643-544B1B3417EC&n=77fdcb1c&ind=2013121308&p2=^AYY^xdm090^YYA^us&si=wiseconvert Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh ************************* AdwCleaner[R0].txt - [8061 octets] - [31/05/2014 09:35:01] AdwCleaner[s0].txt - [6671 octets] - [31/05/2014 09:37:12] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6731 octets] ########## RO: # AdwCleaner v3.211 - Report created 31/05/2014 at 09:35:01 # Updated 26/05/2014 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (64 bits) # Username : Sharon - SHARON-PC # Running from : C:\Users\Sharon\Downloads\adwcleaner_3.211.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\invalidprefs.js File Found : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\searchplugins\Askcom.xml File Found : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\searchplugins\bingp.xml File Found : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\user.js Folder Found : C:\Program Files (x86)\driver-soft Folder Found : C:\Program Files (x86)\iBryte Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\Babylon Folder Found : C:\Users\George\AppData\LocalLow\AskToolbar Folder Found : C:\Users\Sharon\AppData\Local\Babylon Folder Found : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh Folder Found : C:\Users\Sharon\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\Sharon\AppData\LocalLow\iBryte Folder Found : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software Key Found : HKCU\Software\Cr_Installer Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\YahooPartnerToolbar Key Found : [x64] HKCU\Software\Cr_Installer Key Found : [x64] HKCU\Software\YahooPartnerToolbar Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169} Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\wajam.DLL Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46} Key Found : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047} Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78} Key Found : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Found : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE} Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\Software\Driver-Soft Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.19518 -\\ Mozilla Firefox v17.0 (en-US) [ File : C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\prefs.js ] Line Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Line Found : user_pref("browser.search.order.1", "Ask.com"); Line Found : \\\\Sharon\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\7adqiqrj.default\\\\extensions\\\\toolbar@ask.com\",\"mtime\":1367530272770},\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descrip[...] Line Found : user_pref("browser.search.defaultengine", "Ask.com"); -\\ Google Chrome v35.0.1916.114 [ File : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=B35F0F79-4C8B-49B1-B14B-F12E11C11AD7&apn_ptnrs=TV&apn_sauid=296E7551-4BFE-4540-9D60-37F14DDBB1D9&apn_dtid=OSJ000YYUS&q={searchTerms} Found [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms} Found [search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=254DEBD6-73A8-4A65-8643-544B1B3417EC&n=77fdcb1c&ind=2013121308&p2=^AYY^xdm090^YYA^us&si=wiseconvert Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh ************************* AdwCleaner[R0].txt - [7849 octets] - [31/05/2014 09:35:01] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7909 octets] ##########
  20. Thanks, Here's the fixlog.txt file: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2014 Ran by Sharon at 2014-05-31 09:02:47 Run:1Running from C:\Users\Sharon\Desktop\ToolsBoot Mode: Normal============================================== Content of fixlist:*****************start HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)HKLM-x32\...\Run: [AirSafe] => C:\Program Files\Common Files\safewx.exe [146616 2013-11-20] (Setup/Uninstall)HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [sysiwp] => C:\ProgramData\sysiwp\sysiwp.exe [1289216 2013-05-21] ()GroupPolicyUsers\S-1-5-21-1280911578-185664597-1390033846-1003\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-1280911578-185664597-1390033846-1002\User: Group Policy restriction detected <======= ATTENTIONURLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)SearchScopes: HKCU - {18D8643F-390D-4B60-A7A2-ABAC15782AB2} URL = http://websearch.ask...60-37F14DDBB1D9BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No FileToolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileFF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll No FileCHR Plugin: (Wajam) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No FileR2 MedisCenter; C:\Windows\safetkn.dll [31479296 2014-05-11] ()2 Net CLR; C:\Windows\safewx.exe [146616 2013-11-20] (Setup/Uninstall)S3 B-Service; C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7RD6PBX\B-Service.exe [X]S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]S1 Beep; No ImagePathS3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptTask: {6D99390E-8A1D-4C57-B2EA-5202EF2B1911} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTIONC:\Program Files (x86)\Ask.comC:\Program Files\Common Files\safewx.exeC:\ProgramData\sysiwpC:\Windows\safetkn.dllC:\Windows\safewx.exe end***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value not found.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AirSafe => Value deleted successfully.HKU\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Run\\sysiwp => Value deleted successfully.C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1280911578-185664597-1390033846-1003\User => Moved successfully.C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1280911578-185664597-1390033846-1002\User => Moved successfully.HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{18D8643F-390D-4B60-A7A2-ABAC15782AB2} => Key deleted successfully.HKCR\CLSID\{18D8643F-390D-4B60-A7A2-ABAC15782AB2} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{06C7AD57-B655-418D-9AB8-9526A6D2E052} => Value deleted successfully.HKCR\Wow6432Node\CLSID\{06C7AD57-B655-418D-9AB8-9526A6D2E052} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.HKLM\Software\Wow6432Node\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 => Key deleted successfully.C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll not found.C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll not found.MedisCenter => Service stopped successfully.MedisCenter => Service deleted successfully.B-Service => Service deleted successfully.SessionLauncher => Service deleted successfully.Beep => Service deleted successfully.catchme => Service deleted successfully.IpInIp => Service deleted successfully.NwlnkFlt => Service deleted successfully.NwlnkFwd => Service deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D99390E-8A1D-4C57-B2EA-5202EF2B1911} => Key not found.C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar not found.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key not found."C:\Program Files (x86)\Ask.com" => File/Directory not found.C:\Program Files\Common Files\safewx.exe => Moved successfully.C:\ProgramData\sysiwp => Moved successfully.C:\Windows\safetkn.dll => Moved successfully.C:\Windows\safewx.exe => Moved successfully. The system needed a reboot. ==== End of Fixlog ====
  21. Hello, Before I do anything, the key logger was installed by myself at least 5 years ago and is currently in use. Also, do those coupon items need to be un-installed? Coupon things not a problem to remove if necessary. Thanks, Lorgeo
  22. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014 Ran by Sharon at 2014-05-29 20:14:51 Running from C:\Users\Sharon\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Out of date) {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated) Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: - ) Advanced Video FX Engine (HKLM-x32\...\Advanced Video FX Engine) (Version: - ) Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC) Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.23.0 - Ask.com) <==== ATTENTION Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.36191 - Ask.com) <==== ATTENTION ATI Catalyst Install Manager (HKLM\...\{AE57C044-8912-A181-A0E4-BC2DAB3A092A}) (Version: 3.0.812.0 - ATI Technologies, Inc.) ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version: - ) ATT-RC Self Support Tool (HKLM-x32\...\ATT-RC) (Version: - ) Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.) BeFrugal.com Toolbar (HKLM-x32\...\BeFrugal.com Toolbar_is1) (Version: 2012.2.4.1 - BeFrugal.com) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Browse For Change (HKLM-x32\...\iBryte_browseforchange) (Version: - iBryte) Browser Address Error Redirector (HKLM-x32\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - ) Browser Address Error Redirector (HKLM-x32\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell) Canon MF Toolbox 4.9.1.1.mf09 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 3.2.0 - Canon) Canon MF4320-4350 (HKLM\...\{99A5569D-9F86-4f32-A227-1538B731DA42}) (Version: - ) Catalina Savings Printer (HKLM-x32\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0126.1749.31909 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2011.0126.1749.31909 - ATI Technologies, Inc.) Hidden CCC Help English (x32 Version: 2011.0126.1748.31909 - ATI) Hidden ccc-core-static (x32 Version: 2011.0126.1749.31909 - ATI) Hidden ccc-utility64 (Version: 2011.0126.1749.31909 - ATI) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.) <==== ATTENTION Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated) CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - ) Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0029 - Dell, Inc.) Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell Video Chat (remove only) (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6551) - SightSpeed Inc.) Dell Webcam Center (HKLM-x32\...\Dell Webcam Center) (Version: - ) Dell Webcam Manager (HKLM-x32\...\Dell Webcam Manager) (Version: - ) DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden Displaysoft Main Install (HKLM-x32\...\{6817B93A-8497-11D4-AA25-00104B66574A}) (Version: - ) DocMaster 4.5.2.2 (HKLM-x32\...\DocMaster) (Version: 4.5.2.2 - DocMagic) Driver Performer (HKLM-x32\...\Driver Performer_is1) (Version: 10.0 - Driver-Soft Inc.) eLynx Ltd. Web Post Printer (HKLM-x32\...\eLynx Ltd. Web Post Printer) (Version: - eLynx Ltd.) eLynx SMARTvue (HKLM-x32\...\eLynx SMARTvue) (Version: - eLynx Ltd.) EMCGadgets64 (Version: 1.1.501 - Sonic) Hidden Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited) FNT-CT Rate Calculator 2.30 (HKLM-x32\...\FNT-CT Rate Calculator_is1) (Version: - Fidelity National Title) FNTG-CT Rate Calculator 3.00 (HKLM-x32\...\FNTG-CT Rate Calculator_is1) (Version: - Fidelity National Title Group) FRED.Net (HKLM-x32\...\{4DBDBBE4-723A-4AA2-9A27-17F5DD716206}) (Version: - ) GMD Print Utility (HKLM-x32\...\{B314C339-8AEC-4069-8793-4478CD650CE1}) (Version: 1.03.0104 - Guardian Mortgage Documents) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Talk Plugin (HKLM-x32\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro) HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP) HP LaserJet P2050 Series 6.0 (HKLM\...\{6F801026-6AF0-4520-9153-4C9B4CAAB361}) (Version: 6.0 - HP) hppFonts (x32 Version: 001.001.00061 - Hewlett-Packard) Hidden hppQFolderP2050 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.5.3104.1 - Creative) Live! Cam Avatar v1.0 (HKLM-x32\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative) Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.) McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.957 - McAfee, Inc.) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Money 2001 (HKLM-x32\...\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}) (Version: 9.0.0.0 - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Monitor Webcam (SP2208WFP) Driver (1.00.08.0720) (HKLM\...\Creative OEM005) (Version: - ) Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version: - ) Mozilla Firefox 17.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 17.0 (x86 en-US)) (Version: 17.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 17.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) PrepExp (HKLM-x32\...\{BB7C99CE-E975-4C67-A2DB-942A66ABC804}) (Version: 6.0.198 - CATIC) PrepExpress 6.0 (HKLM-x32\...\PrepExpress 6.0) (Version: - ) PrepExpress 6.0 Build 205 Hot Fix 1 (HKLM-x32\...\PrepExpress 6.0 Build 205 Hot Fix 1) (Version: - ) PrepExpress 6.0 Build 205 Hot Fix 2 (HKLM-x32\...\PrepExpress 6.0 Build 205 Hot Fix 2) (Version: - ) PrepExpress 6.0 Update (HKLM-x32\...\PrepExpress 6.0 Update) (Version: - ) Quick Title 2.39 (HKLM-x32\...\Quick Title_is1) (Version: - Quick Title) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Rhapsody (HKLM-x32\...\Rhapsody) (Version: - ) Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden Roxio Creator Premier (HKLM-x32\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio) Roxio Creator Premier (x32 Version: 3.7.0 - Roxio) Hidden Roxio Creator Premier 10 (x32 Version: 10.2.606 - Roxio) Hidden Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden Roxio Express Labeler (x32 Version: 3.2 - Roxio) Hidden Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden R-Viewer.1.6.3768 (HKLM-x32\...\InstallShield_{35870352-4116-4E80-AB2A-37A07ECE30E2}) (Version: 1.6.3763 - Data-Vision, Inc.) R-Viewer.1.6.3768 (x32 Version: 1.6.3763 - Data-Vision, Inc.) Hidden Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) SwiftView Viewer (HKLM-x32\...\SwiftView) (Version: - ) The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) US Tech Support Framework (HKLM-x32\...\{4734A746-A503-4B8E-A4FA-7B7C84A18D79}) (Version: 2.1.0.4741 - US Tech Support LLC) WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden Window Shopper (HKLM-x32\...\{A1570454-ED12-4050-A7AC-9282C7AFB23C}) (Version: 01.02.0003 - Superfish) XPS MiniView Gadget (HKLM-x32\...\{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}) (Version: 1.00.0000 - CompanionLink Software, Inc.) Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version: - ) ==================== Restore Points ========================= 13-05-2014 12:03:02 Scheduled Checkpoint 13-05-2014 13:32:10 Windows Update 13-05-2014 22:00:44 Windows Backup 14-05-2014 22:00:35 Windows Backup 15-05-2014 07:00:21 Windows Update 15-05-2014 22:00:45 Windows Backup 16-05-2014 18:06:15 Scheduled Checkpoint 16-05-2014 22:00:44 Windows Backup 17-05-2014 16:03:41 Scheduled Checkpoint 17-05-2014 22:00:44 Windows Backup 18-05-2014 13:07:35 Windows Update 18-05-2014 22:00:36 Windows Backup 19-05-2014 22:00:46 Windows Backup 20-05-2014 21:51:38 Installed Java 7 Update 55 20-05-2014 22:00:29 Windows Backup 21-05-2014 22:00:35 Windows Backup 22-05-2014 12:58:36 Scheduled Checkpoint 22-05-2014 22:00:49 Windows Backup 23-05-2014 11:02:57 Windows Update 23-05-2014 22:00:43 Windows Backup 24-05-2014 22:00:38 Windows Backup 25-05-2014 15:24:59 Scheduled Checkpoint 25-05-2014 22:00:43 Windows Backup 26-05-2014 13:04:25 Windows Update 26-05-2014 22:00:45 Windows Backup 27-05-2014 16:50:01 Scheduled Checkpoint 27-05-2014 22:00:45 Windows Backup 28-05-2014 22:00:43 Windows Backup 29-05-2014 22:00:36 Windows Backup ==================== Hosts content: ========================== 2006-11-02 08:34 - 2012-05-25 20:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0652DDB3-FD7C-486E-B9C9-01C1605620B5} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1280911578-185664597-1390033846-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.) Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {0DC4AA72-66CC-4942-9447-A67BF6F82138} - System32\Tasks\BeFrugal.com Toolbar => C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe [2012-09-11] (Capital Intellect, Inc.) Task: {13F62143-222B-443E-81E9-B03AA5E58266} - System32\Tasks\RealCreateProcessScheduledTask2915955S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.) Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation) Task: {2BE02B68-EDD1-4EE0-9F30-D89F1AF46FE6} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {384BCDA5-8433-4224-99D3-FC1BC2BB7AF1} - System32\Tasks\RealCreateProcessScheduledTask881577S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\realplay.exe [2013-06-26] (RealNetworks, Inc.) Task: {39786BE9-8492-4BD3-BCC3-F2F17369C84C} - System32\Tasks\RealCreateProcessScheduledTask186811S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.) Task: {41096ADB-91D8-42DE-90C0-D81CBFDC6E13} - System32\Tasks\RealCreateProcessScheduledTask4575384S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.) Task: {462E24AA-5A86-41B2-A50C-5D196BFC44D5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1280911578-185664597-1390033846-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {476DD8A1-83E4-4BF1-8091-05069DD4975B} - System32\Tasks\RealCreateProcessScheduledTask5270212S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.) Task: {48735741-9659-4D90-AB49-E8A083FAA116} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-28] (Adobe Systems Incorporated) Task: {53608495-E569-42FA-A04F-E51373A0023D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {558ACE8A-E522-4EB4-8270-CF2CFA6A967E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1280911578-185664597-1390033846-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {55DB0494-3D07-43E0-B77B-57424B154950} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1280911578-185664597-1390033846-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {587DDC1C-BC36-465D-A636-35ADB2A20B57} - System32\Tasks\RealCreateProcessScheduledTask113954643S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.) Task: {6D99390E-8A1D-4C57-B2EA-5202EF2B1911} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTION Task: {7245B10D-80CC-4155-B809-130489CDA531} - System32\Tasks\RealCreateProcessScheduledTask10447964S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.) Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {850A2B07-9507-4F3F-A021-E1FBF3BDD820} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA => C:\Users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-27] (Facebook Inc.) Task: {870F059A-0718-420D-8AB1-7A8AE7AB4A62} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1280911578-185664597-1390033846-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {918FCC53-E13E-4623-A8ED-F0D722BDBD8B} - System32\Tasks\RealCreateProcessScheduledTask178901S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.) Task: {964210C3-9545-4F84-A1C8-35B0839E6C0F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1280911578-185664597-1390033846-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {9701FA65-7D73-4994-8A6B-62A7D76F2EAD} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1280911578-185664597-1390033846-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {9D867EBD-79D7-4B4B-A0CF-70FF4301E7CE} - System32\Tasks\RealCreateProcessScheduledTask932651S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.) Task: {A3CDD9F2-BB2F-4A01-9BB8-31E81D61AE3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04] (Google Inc.) Task: {B8534C34-CE86-4EE0-B3CA-0A74F43FE391} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core => C:\Users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07] (Google Inc.) Task: {BE6D2E1F-7ABF-4AE9-A500-44A35D6ECFAA} - System32\Tasks\RealCreateProcessScheduledTask185968S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.) Task: {C77E1A33-E3D3-4FE6-9E70-1063918673A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04] (Google Inc.) Task: {CBE8C0FA-A083-4DB3-94FC-B6DDA2371EA6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core => C:\Users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-27] (Facebook Inc.) Task: {D67D224B-4CF4-42A6-820D-56BA3852AE7B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {DE90FE45-6BEE-4BA6-B45D-5E681A8144B9} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Sharon => C:\Program Files (x86)\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation) Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] () Task: {EE95BDB6-3C0A-4E41-9782-74B7BD13695F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA => C:\Users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07] (Google Inc.) Task: {F0B01899-77B1-415B-8EB0-9ED2BA6E978F} - System32\Tasks\RealCreateProcessScheduledTask8908093S-1-5-21-1280911578-185664597-1390033846-1000 => c:\program files (x86)\real\realplayer\update\realsched.exe [2013-03-31] (RealNetworks, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\BeFrugal.com Toolbar.job => C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job => C:\Users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job => C:\Users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job => C:\Users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job => C:\Users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\User_Feed_Synchronization-{1AA20150-EF88-4896-B0E4-6EEAF5644B98}.job => C:\Windows\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============= 2009-01-19 21:03 - 2007-07-12 23:37 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll 2011-01-26 18:12 - 2011-01-26 18:12 - 00026112 _____ () C:\Windows\system32\atitmp64.dll 2013-05-21 03:05 - 2013-05-21 03:05 - 01289216 _____ () C:\ProgramData\sysiwp\sysiwp.exe 2014-02-13 04:27 - 2014-02-13 04:27 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\0f48d9153765cbcf00b5d108df293b96\VistaBridgeLibrary.ni.dll 2012-08-31 11:20 - 2012-08-31 11:20 - 01008032 _____ () C:\Users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe 2014-05-28 07:44 - 2014-05-28 07:44 - 01592208 _____ () C:\Users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe 2013-03-06 02:21 - 2013-03-06 02:21 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2013-05-21 03:05 - 2013-05-21 03:05 - 00676864 _____ () C:\ProgramData\sysiwp\sysiwphk.dll 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-05-11 13:30 - 2014-05-11 13:30 - 31479296 _____ () c:\windows\safetkn.dll 2013-01-17 09:47 - 2013-01-17 09:47 - 01073984 _____ () C:\Program Files (x86)\Common Files\USTechSupport\DEL\DEL_dll.dll 2014-05-21 08:24 - 2014-05-13 19:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll 2014-05-21 08:24 - 2014-05-13 19:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll 2014-05-21 08:24 - 2014-05-13 19:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll 2014-05-21 08:24 - 2014-05-13 19:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: DockLoginService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: IAANTMON => 2 MSCONFIG\Services: McAfee SiteAdvisor Service => 2 MSCONFIG\Services: McciCMService => 2 MSCONFIG\Services: McciCMService64 => 2 MSCONFIG\Services: mcmscsvc => 2 MSCONFIG\Services: McNaiAnn => 2 MSCONFIG\Services: McNASvc => 2 MSCONFIG\Services: McODS => 3 MSCONFIG\Services: McProxy => 2 MSCONFIG\Services: RoxLiveShare10 => 2 MSCONFIG\Services: RoxMediaDB10 => 3 MSCONFIG\Services: RoxWatch10 => 2 MSCONFIG\Services: STacSV => 2 MSCONFIG\Services: stllssvr => 3 MSCONFIG\Services: Toolbar Updater Service => 2 MSCONFIG\Services: WajamUpdater => 2 MSCONFIG\startupfolder: C:^Users^Sharon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup MSCONFIG\startupfolder: C:^Users^Sharon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ATICustomerCare => "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" MSCONFIG\startupreg: Dell DataSafe Online => E.EXE" /M MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" MSCONFIG\startupreg: IAAnotif => OTIF.EXE" MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript MSCONFIG\startupreg: OEM05Mon.exe => C:\Windows\OEM05Mon.exe MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" MSCONFIG\startupreg: SightSpeed => "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: SysTrayApp => %ProgramFiles%\IDT\WDM\sttray64.exe MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/29/2014 06:22:54 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\SHARON\DOCUMENTS\REAL ESTATE\BJN\BJN\SUSSMAN MUNICIPAL SEARCH.DOC> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (05/29/2014 06:22:54 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\SHARON\DOCUMENTS\REAL ESTATE\BJN\BJN\SUSSMAN MUNICIPAL SEARCH.DOC> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (05/28/2014 07:45:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/27/2014 08:54:43 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: PolicyAgent4 Error: (05/27/2014 08:54:43 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (05/27/2014 08:54:43 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: EmdCache4 Error: (05/27/2014 07:54:41 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/26/2014 00:02:57 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program mbam.exe version 1.0.0.500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1224 Start Time: 01cf78e3de6e1d4c Termination Time: 3 Error: (05/26/2014 08:54:38 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2014 08:45:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (05/28/2014 07:49:08 AM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Windows Media Player Network Sharing ServiceUPnPHost Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Beep Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: seclogon%%127 Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: SessionLauncher%%3 Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Microsoft .Net Framework COM+ Supports Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: MBAMScheduler%%1053 Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000MBAMScheduler Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Apple Mobile Device%%1053 Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Apple Mobile Device Error: (05/28/2014 07:46:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: WebClient%%2 Microsoft Office Sessions: ========================= Error: (01/20/2013 05:22:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-05-29 20:14:21.379 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-29 20:14:21.222 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-29 20:14:21.060 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-29 20:14:20.903 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-29 19:17:52.902 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-29 19:17:52.740 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-29 19:17:52.577 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-29 19:17:52.415 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-29 19:03:03.592 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-29 19:03:03.414 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 54% Total physical RAM: 6077.03 MB Available physical RAM: 2737.05 MB Total Pagefile: 12331.09 MB Available Pagefile: 9227.43 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:581.11 GB) (Free:407.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:5.98 GB) NTFS Drive f: (Iomega HDD) (Fixed) (Total:931.51 GB) (Free:472.84 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 80000000) Partition 1: (Not Active) - (Size=63 MB) - (Type=DE) Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=581 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: CBCE2081) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  23. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014 Ran by Sharon (administrator) on SHARON-PC on 29-05-2014 20:14:10 Running from C:\Users\Sharon\Desktop Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_4b8037c7\stacsv64.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Capital Intellect, Inc.) C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\wpcumi.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Money\System\Money Express.exe (SanDisk Corporation) C:\Users\Sharon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe () C:\ProgramData\sysiwp\sysiwp.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe (Display Systems, Inc.) C:\DSI\FIDLITE3\inetupapp.exe (Creative Technology Ltd.) C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Creative Technology Ltd.) C:\Windows\OEM05Mon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Capital Intellect, Inc.) C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe () C:\Users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe () C:\Users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (US Tech Support LLC) C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Sharon\Desktop\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [443904 2008-09-17] (IDT, Inc.) HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DELL Webcam Manager] => C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.) HKLM-x32\...\Run: [OEM05Mon.exe] => C:\Windows\OEM05Mon.exe [36864 2007-08-22] (Creative Technology Ltd.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-03-31] (RealNetworks, Inc.) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [AirSafe] => C:\Program Files\Common Files\safewx.exe [146616 2013-11-20] (Setup/Uninstall) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [NOFOLDEROPTIONS] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [MoneyAgent] => C:\Program Files (x86)\Microsoft Money\System\Money Express.exe [176183 2000-07-19] (Microsoft Corporation) HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-05-04] (Google Inc.) HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [Facebook Update] => C:\Users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-27] (Facebook Inc.) HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [sansaDispatch] => C:\Users\Sharon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2013-06-17] (SanDisk Corporation) HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [bpk] => C:\ProgramData\BPK\bpk.exe HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [Google Update] => C:\Users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-07] (Google Inc.) HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Run: [sysiwp] => C:\ProgramData\sysiwp\sysiwp.exe [1289216 2013-05-21] () HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-1280911578-185664597-1390033846-1000\...\Policies\Explorer: [NoControlPanel] 0 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Displaysoft Online Updates - c--DSI-FIDLITE3.lnk ShortcutTarget: Displaysoft Online Updates - c--DSI-FIDLITE3.lnk -> C:\DSI\FIDLITE3\inetupapp.exe (Display Systems, Inc.) GroupPolicyUsers\S-1-5-21-1280911578-185664597-1390033846-1003\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-1280911578-185664597-1390033846-1002\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081204 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKCU - {18D8643F-390D-4B60-A7A2-ABAC15782AB2} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=B35F0F79-4C8B-49B1-B14B-F12E11C11AD7&apn_sauid=296E7551-4BFE-4540-9D60-37F14DDBB1D9 SearchScopes: HKCU - {25203DD1-F1B0-46F9-8E3D-3C7F2852BC98} URL = http://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ie-ds BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: BeFrugalIEHelper - {2335A057-CBA6-40F6-A712-C6A7C98F7813} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.) BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No File Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - BeFrugal.com Toolbar - {5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7} - C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFTB.dll (Capital Intellect, Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: HKLM {7DD62E58-5FA8-11D2-AFB7-00104B64F126} http://products.swiftview.com/install.html?id=sv8/3_IN_1_CAB&ctx=&ref= DPF: HKLM {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/x64/ractrl.cab?lmi=1007 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Winsock: Catalog9 01 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 02 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 03 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 04 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 05 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 06 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 07 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 08 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 19 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9-x64 01 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Winsock: Catalog9-x64 02 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Winsock: Catalog9-x64 03 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Winsock: Catalog9-x64 04 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Winsock: Catalog9-x64 05 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Winsock: Catalog9-x64 06 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Winsock: Catalog9-x64 07 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Winsock: Catalog9-x64 08 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Winsock: Catalog9-x64 19 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default FF DefaultSearchEngine: Bing FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: Bing FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q= FF SearchEngineOrder.3: Bing FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @swiftview.com/SwiftView - C:\Program Files (x86)\SwiftView\npsview.dll (SwiftView, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll No File FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Sharon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Sharon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Sharon\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Sharon\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Sharon\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.) FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\Sharon\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation) FF Plugin HKCU: hopster.com/CouponPrinterPlugin - C:\Users\Sharon\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll (Hopster) FF user.js: detected! => C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npsview.dll (SwiftView, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Sharon\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Sharon\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\searchplugins\bingp.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml FF Extension: Browse For Change - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\Extensions\browseforchange@browseforchange.com [2012-03-09] FF Extension: ArcadeWeb - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\Extensions\textlinks@arcadeweb.com [2011-06-14] FF Extension: Ask Toolbar - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\Extensions\toolbar@ask.com [2012-07-27] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-07-23] FF Extension: Yahoo! Toolbar - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-07-30] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM-x32\...\Firefox\Extensions: [superfish@superfish.com] - C:\ProgramDataMozilla\Extensions\superfish@superfish.com FF Extension: Window Shopper - Powered by Superfish - C:\ProgramDataMozilla\Extensions\superfish@superfish.com [2011-06-08] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-06-04] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-26] FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKCU\...\Firefox\Extensions: [{B7E247FA-8046-43A7-9581-32DC30BD2438}] - C:\Users\Sharon\AppData\Local\{B7E247FA-8046-43A7-9581-32DC30BD2438} FF Extension: No Name - C:\Users\Sharon\AppData\Local\{B7E247FA-8046-43A7-9581-32DC30BD2438} [2010-07-20] FF HKCU\...\Firefox\Extensions: [{682CD89D-A4D0-11E1-8270-B8AC6F996F26}] - C:\Users\Sharon\AppData\Local\{682CD89D-A4D0-11E1-8270-B8AC6F996F26}\ FF Extension: Mozilla Safe Browsing - C:\Users\Sharon\AppData\Local\{682CD89D-A4D0-11E1-8270-B8AC6F996F26}\ [] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll () CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) CHR Plugin: (Wajam) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File CHR Plugin: (SwiftView Plug-In) - C:\Program Files (x86)\Mozilla Firefox\plugins\npsview.dll (SwiftView, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Java Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.50.6) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll () CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21] CHR Extension: (YouTube) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-11] CHR Extension: (McAfee Security Scan+) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-04-25] CHR Extension: (Google Search) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-11] CHR Extension: (SiteAdvisor) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-08-11] CHR Extension: (RealDownloader) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-28] CHR Extension: (Facebook Unseen) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2014-04-02] CHR Extension: (Google Wallet) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-11] CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx [2012-08-11] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16] ==================== Services (Whitelisted) ================= R2 BeFrugal.com Service; C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\befrgl.exe [348056 2012-12-05] (Capital Intellect, Inc.) R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 M4-Service; C:\Users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe [1008032 2012-08-31] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.) S4 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-10-22] (Alcatel-Lucent) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 MedisCenter; C:\Windows\safetkn.dll [31479296 2014-05-11] () R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) S2 Net CLR; C:\Windows\safewx.exe [146616 2013-11-20] (Setup/Uninstall) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_4b8037c7\STacSV64.exe [246272 2008-09-17] (IDT, Inc.) R2 USTSScheduler; C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe [737600 2013-01-17] (US Tech Support LLC) S2 WebClient; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation) S3 B-Service; C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7RD6PBX\B-Service.exe [X] S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X] ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation) S1 Beep; No ImagePath R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 OEM05Afx; C:\Windows\system32\Drivers\OEM05Afx.sys [212864 2007-08-22] (Creative Technology Ltd.) S3 OEM05Vfx; C:\Windows\System32\DRIVERS\OEM05Vfx.sys [12288 2007-08-22] (EyePower Games Pte. Ltd.) S3 OEM05Vid; C:\Windows\System32\DRIVERS\OEM05Vid.sys [266720 2007-08-22] (Creative Technology Ltd.) R3 RLDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\livecamv.sys [49664 2007-02-05] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-29 20:14 - 2014-05-29 20:14 - 00036908 _____ () C:\Users\Sharon\Desktop\FRST.txt 2014-05-29 20:13 - 2014-05-29 20:13 - 02066944 _____ (Farbar) C:\Users\Sharon\Downloads\FRST64 (1).exe 2014-05-29 20:13 - 2014-05-29 20:13 - 02066944 _____ (Farbar) C:\Users\Sharon\Desktop\FRST64 (1).exe 2014-05-29 20:11 - 2014-05-29 20:12 - 02066944 _____ (Farbar) C:\Users\Sharon\Downloads\FRST64.exe 2014-05-29 20:02 - 2014-05-29 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-05-29 15:25 - 2014-05-29 15:25 - 00000851 _____ () C:\Users\Sharon\Downloads\coupon_printer.jnlp 2014-05-29 10:36 - 2014-05-29 10:36 - 00052083 _____ () C:\Users\Sharon\Downloads\message_zdm (1).html 2014-05-29 10:17 - 2014-05-29 10:17 - 00045709 _____ () C:\Users\Sharon\Downloads\message_zdm.html 2014-05-27 11:36 - 2014-05-27 11:39 - 00000000 ____D () C:\Users\Sharon\Documents\2014-05-27 2014-05-27 11:06 - 2014-05-27 11:06 - 00003387 _____ () C:\Users\Sharon\Downloads\attachment 2014-05-23 18:17 - 2014-05-28 14:52 - 00000000 ____D () C:\Users\Sharon\Desktop\Re-Fi statements 5_23_14 2014-05-23 10:54 - 2014-05-23 10:55 - 03716256 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\LogMeIn Client (1).exe 2014-05-23 10:25 - 2014-05-23 10:26 - 00749844 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T201635.html 2014-05-23 10:16 - 2014-05-23 10:17 - 01437012 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T192142 (3).html 2014-05-23 10:15 - 2014-05-23 10:15 - 00108468 _____ () C:\Users\Sharon\Downloads\securedoc_20140516T182012.html 2014-05-23 10:13 - 2014-05-23 10:13 - 01437012 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T192142 (2).html 2014-05-20 17:54 - 2014-05-20 17:54 - 00000000 ____D () C:\Users\Sharon\AppData\Roaming\Oracle 2014-05-20 17:54 - 2014-05-20 17:54 - 00000000 ____D () C:\ProgramData\Oracle 2014-05-20 17:53 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-05-20 17:53 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-05-20 17:53 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-05-20 17:53 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-05-20 17:52 - 2014-05-20 17:53 - 00006556 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-20 17:52 - 2014-05-20 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-20 17:49 - 2014-05-20 17:49 - 00921512 _____ (Oracle Corporation) C:\Users\Sharon\Downloads\chromeinstall-7u55.exe 2014-05-20 16:57 - 2014-05-20 16:57 - 00166550 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T200640.html 2014-05-20 15:25 - 2014-05-20 15:25 - 01437012 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T192142 (1).html 2014-05-20 15:23 - 2014-05-20 15:23 - 01437012 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T192142.html 2014-05-18 10:12 - 2014-05-18 10:12 - 00018645 _____ () C:\Users\Sharon\Desktop\05_18_14hijackthis.log 2014-05-14 19:06 - 2014-05-18 10:12 - 00018645 _____ () C:\Users\Sharon\Desktop\hijackthis.log 2014-05-14 03:39 - 2014-05-05 16:06 - 09348096 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-14 03:39 - 2014-05-05 16:06 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 03:39 - 2014-05-05 15:31 - 06021120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-14 03:39 - 2014-05-05 15:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-14 03:39 - 2014-05-05 15:17 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-14 03:39 - 2014-05-05 14:47 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-14 03:39 - 2014-03-25 12:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 03:39 - 2014-03-25 09:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-11 13:30 - 2014-05-11 13:30 - 31479296 _____ () C:\Windows\safetkn.dll 2014-05-07 07:15 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys 2014-05-06 20:46 - 2014-05-07 07:08 - 00000000 ____D () C:\Users\Sharon\AppData\Roaming\USTechSupport 2014-05-06 20:46 - 2014-05-07 07:08 - 00000000 ____D () C:\Program Files (x86)\USTechSupport 2014-05-06 20:44 - 2014-05-07 07:08 - 00000000 ____D () C:\ProgramData\USTechSupport 2014-05-03 07:22 - 2014-05-03 07:22 - 00008224 _____ () C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-03 07:21 - 2014-05-03 07:21 - 00000000 ____D () C:\Users\George\AppData\Roaming\Real 2014-05-03 07:21 - 2014-05-03 07:21 - 00000000 ____D () C:\Users\George\AppData\Roaming\Apple Computer 2014-05-01 15:50 - 2014-05-01 15:50 - 00362029 _____ () C:\Windows\SysWOW64\sqlite3.dll ==================== One Month Modified Files and Folders ======= 2014-05-29 20:14 - 2014-05-29 20:14 - 00036908 _____ () C:\Users\Sharon\Desktop\FRST.txt 2014-05-29 20:14 - 2012-05-30 22:37 - 00000000 ____D () C:\FRST 2014-05-29 20:14 - 2012-05-25 20:37 - 00000000 ____D () C:\Users\Sharon\AppData\Local\temp 2014-05-29 20:13 - 2014-05-29 20:13 - 02066944 _____ (Farbar) C:\Users\Sharon\Downloads\FRST64 (1).exe 2014-05-29 20:13 - 2014-05-29 20:13 - 02066944 _____ (Farbar) C:\Users\Sharon\Desktop\FRST64 (1).exe 2014-05-29 20:12 - 2014-05-29 20:11 - 02066944 _____ (Farbar) C:\Users\Sharon\Downloads\FRST64.exe 2014-05-29 20:12 - 2013-11-20 19:42 - 00000000 ___HD () C:\ProgramData\sysiwp 2014-05-29 20:02 - 2014-05-29 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-05-29 20:01 - 2011-05-04 15:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-29 20:00 - 2012-03-30 07:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-29 19:44 - 2013-09-24 07:40 - 05148672 _____ () C:\Users\Sharon\my money.mny 2014-05-29 19:44 - 2008-12-13 14:42 - 00000000 ____D () C:\Users\Sharon 2014-05-29 19:43 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-29 19:43 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-29 19:36 - 2014-02-07 11:34 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job 2014-05-29 19:02 - 2014-04-28 19:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-29 18:39 - 2013-03-27 21:34 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job 2014-05-29 18:01 - 2011-05-04 15:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-29 15:25 - 2014-05-29 15:25 - 00000851 _____ () C:\Users\Sharon\Downloads\coupon_printer.jnlp 2014-05-29 14:35 - 2014-02-07 11:34 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job 2014-05-29 12:46 - 2008-12-03 15:48 - 01998007 _____ () C:\Windows\WindowsUpdate.log 2014-05-29 12:27 - 2012-09-21 17:04 - 00000436 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{1AA20150-EF88-4896-B0E4-6EEAF5644B98}.job 2014-05-29 12:27 - 2011-07-24 15:17 - 00004076 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1AA20150-EF88-4896-B0E4-6EEAF5644B98} 2014-05-29 10:36 - 2014-05-29 10:36 - 00052083 _____ () C:\Users\Sharon\Downloads\message_zdm (1).html 2014-05-29 10:17 - 2014-05-29 10:17 - 00045709 _____ () C:\Users\Sharon\Downloads\message_zdm.html 2014-05-28 21:39 - 2013-03-27 21:34 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job 2014-05-28 14:52 - 2014-05-23 18:17 - 00000000 ____D () C:\Users\Sharon\Desktop\Re-Fi statements 5_23_14 2014-05-28 12:13 - 2009-01-19 21:06 - 00000000 ____D () C:\Users\Sharon\AppData\Local\CutePDF Writer 2014-05-28 12:09 - 2009-01-02 11:09 - 00001123 ____H () C:\Windows\dsi.ini 2014-05-28 07:49 - 2012-03-30 07:37 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-28 07:48 - 2012-03-30 07:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-28 07:48 - 2011-06-14 07:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-28 07:44 - 2013-02-17 09:36 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1280911578-185664597-1390033846-1000 2014-05-28 07:44 - 2013-02-17 09:36 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1280911578-185664597-1390033846-1000 2014-05-28 07:43 - 2012-12-09 17:41 - 00000430 _____ () C:\Windows\Tasks\BeFrugal.com Toolbar.job 2014-05-28 07:43 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-27 21:38 - 2006-11-02 11:42 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-27 11:39 - 2014-05-27 11:36 - 00000000 ____D () C:\Users\Sharon\Documents\2014-05-27 2014-05-27 11:06 - 2014-05-27 11:06 - 00003387 _____ () C:\Users\Sharon\Downloads\attachment 2014-05-26 09:11 - 2012-12-28 08:08 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1280911578-185664597-1390033846-1000 2014-05-26 09:11 - 2012-12-28 08:08 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1280911578-185664597-1390033846-1000 2014-05-23 10:55 - 2014-05-23 10:54 - 03716256 _____ (LogMeIn, Inc.) C:\Users\Sharon\Downloads\LogMeIn Client (1).exe 2014-05-23 10:26 - 2014-05-23 10:25 - 00749844 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T201635.html 2014-05-23 10:17 - 2014-05-23 10:16 - 01437012 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T192142 (3).html 2014-05-23 10:15 - 2014-05-23 10:15 - 00108468 _____ () C:\Users\Sharon\Downloads\securedoc_20140516T182012.html 2014-05-23 10:13 - 2014-05-23 10:13 - 01437012 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T192142 (2).html 2014-05-22 14:13 - 2008-12-13 18:09 - 00000000 ____D () C:\Users\Sharon\Documents\REAL ESTATE 2014-05-22 07:36 - 2012-06-04 07:39 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-05-22 07:35 - 2008-01-20 23:26 - 00183166 _____ () C:\Windows\PFRO.log 2014-05-21 11:27 - 2011-02-06 15:22 - 05150312 ____R () C:\Users\Sharon\my money.mbf 2014-05-20 17:55 - 2008-12-03 20:58 - 00000000 ____D () C:\Program Files (x86)\Java 2014-05-20 17:54 - 2014-05-20 17:54 - 00000000 ____D () C:\Users\Sharon\AppData\Roaming\Oracle 2014-05-20 17:54 - 2014-05-20 17:54 - 00000000 ____D () C:\ProgramData\Oracle 2014-05-20 17:53 - 2014-05-20 17:52 - 00006556 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-20 17:52 - 2014-05-20 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-20 17:49 - 2014-05-20 17:49 - 00921512 _____ (Oracle Corporation) C:\Users\Sharon\Downloads\chromeinstall-7u55.exe 2014-05-20 17:42 - 2009-01-04 16:54 - 00000000 ____D () C:\Users\Sharon\AppData\Roaming\Mozilla 2014-05-20 16:57 - 2014-05-20 16:57 - 00166550 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T200640.html 2014-05-20 15:25 - 2014-05-20 15:25 - 01437012 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T192142 (1).html 2014-05-20 15:23 - 2014-05-20 15:23 - 01437012 _____ () C:\Users\Sharon\Downloads\securedoc_20140520T192142.html 2014-05-18 10:12 - 2014-05-18 10:12 - 00018645 _____ () C:\Users\Sharon\Desktop\05_18_14hijackthis.log 2014-05-18 10:12 - 2014-05-14 19:06 - 00018645 _____ () C:\Users\Sharon\Desktop\hijackthis.log 2014-05-15 08:44 - 2012-06-04 15:16 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-05-15 03:05 - 2013-08-15 07:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-15 03:05 - 2008-12-13 15:55 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-15 03:02 - 2006-11-02 08:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-05-11 13:30 - 2014-05-11 13:30 - 31479296 _____ () C:\Windows\safetkn.dll 2014-05-09 17:11 - 2009-01-05 13:56 - 00000115 _____ () C:\Users\Sharon\AppData\Roaming\sview.ini 2014-05-09 17:05 - 2012-06-28 11:53 - 00131072 ____H () C:\Users\Sharon\AppData\Roaming\svfiles.log 2014-05-07 14:30 - 2014-02-07 11:34 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA 2014-05-07 14:30 - 2014-02-07 11:34 - 00003492 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core 2014-05-07 08:46 - 2012-06-02 19:51 - 00000000 ____D () C:\Program Files\Common Files\McAfee 2014-05-07 07:23 - 2013-11-14 09:43 - 00052462 _____ () C:\Windows\SysWOW64\ourlog.dat 2014-05-07 07:22 - 2006-11-02 09:33 - 00000000 __RSD () C:\Windows\Media 2014-05-07 07:08 - 2014-05-06 20:46 - 00000000 ____D () C:\Users\Sharon\AppData\Roaming\USTechSupport 2014-05-07 07:08 - 2014-05-06 20:46 - 00000000 ____D () C:\Program Files (x86)\USTechSupport 2014-05-07 07:08 - 2014-05-06 20:44 - 00000000 ____D () C:\ProgramData\USTechSupport 2014-05-05 17:56 - 2011-05-04 15:45 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-05 17:56 - 2011-05-04 15:45 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-05 16:06 - 2014-05-14 03:39 - 09348096 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-05 16:06 - 2014-05-14 03:39 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-05 15:31 - 2014-05-14 03:39 - 06021120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-05 15:31 - 2014-05-14 03:39 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-05 15:17 - 2014-05-14 03:39 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-05 14:47 - 2014-05-14 03:39 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-03 07:22 - 2014-05-03 07:22 - 00008224 _____ () C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-03 07:21 - 2014-05-03 07:21 - 00000000 ____D () C:\Users\George\AppData\Roaming\Real 2014-05-03 07:21 - 2014-05-03 07:21 - 00000000 ____D () C:\Users\George\AppData\Roaming\Apple Computer 2014-05-03 07:21 - 2013-05-11 18:33 - 00001234 __RSH () C:\Users\George\ntuser.pol 2014-05-03 07:21 - 2012-06-06 20:33 - 00000000 ____D () C:\Users\George\AppData\Local\temp 2014-05-03 07:21 - 2012-06-06 20:33 - 00000000 ____D () C:\Users\George 2014-05-01 15:50 - 2014-05-01 15:50 - 00362029 _____ () C:\Windows\SysWOW64\sqlite3.dll 2014-05-01 15:46 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\IME 2014-05-01 14:22 - 2009-01-04 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons 2014-05-01 14:22 - 2008-12-16 17:02 - 00000000 ____D () C:\Program Files (x86)\Coupons ZeroAccess: C:\Users\Sharon\AppData\Local\35fdb1a3 ZeroAccess: C:\Users\Sharon\AppData\Local\{b0b2e9a6-e8ff-c1b2-3fb9-797ec509843a} Some content of TEMP: ==================== C:\Users\Sharon\AppData\Local\temp\DefaultPack.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-29 20:02 ==================== End Of Log ============================
  24. Hello, Malwarebytes keeps detecting this registry hack and I quarantine it but it returns. OS is Vista Home premium Service Pack 2, 64 bit. Running MS security Essentials and Malwarebytes Pro. Been reading about this and it seems that the sooner the better as far as getting rid of it. Hopefully someone knows something about this and can give me a hand removing it. Thanks again
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.