Jump to content

Help with redirect issues and updating.


JustJen
 Share

Recommended Posts

First off thank you for taking the time to help me. I am a complete novice. My searchs keep getting redirected and I am unable to update Microsoft or anything else. I have Mcafee and Malware Bytes installed but whatever this is keeps coming back.

My logs...

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Jen at 18:55:27 on 2012-09-05

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7422.5290 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Windows\system32\AERTSr64.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Pogo Games\PGMTrusted.exe

C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\msiexec.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RAVCpl64.exe

C:\Windows\System32\WLTRAY.EXE

C:\Windows\System32\wpcumi.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Windows\SysWOW64\WDBtnMgr.exe

C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe

C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingApp.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingBar.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingSurrogate.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingSurrogate.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingSurrogate.exe

C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearch Bar = Preserve

uWindow Title = Internet Explorer provided by Dell

uStart Page = hxxp://www.rr.com/

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090116

mStart Page = hxxp://www.yahoo.com

mDefault_Page_URL = hxxp://www.yahoo.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=userinit.exe,

uWindows: Load=C:\Users\Jen\AppData\Local\Temp\{01236~1.EXE

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll"

TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {CE7499E7-AF3C-4662-AC92-454212345DDB} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRunOnce: [shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 1.1.4322; .NET CLR 3.0.30729; .NET4.0C; BRI/1)" -"http://online.gamesgames.com/gameshell/app/gameshell.aspx?carrier=-1&channel=110445270&code=115050913&device=-1&lc=en&origin=pgame_ol_u&refid=&room=44103aea-582a-402b-bdd9-e353d8655cf1&ui=C2kw1kVId7krVmLOQmXkGmznbas%3D&un=DA%3DYgjCbPcgRr9EH6OxLNOtbH94pvMdtF+dwR25zozvYJOeyfDZQKx70cdaoreiIBu5pvilAq8vgqNN6Vvk2L4Sxw%3D%3D%26SD%3Dmk0x3OCeif8IThoa+6ZHEvxeOFXXw3/vw/1ME7m/MD5usZQvr43vR27i//DGns2S%26LT%3D1%26CL%3DU%26TO%3D1294344782%26A%3DX6uQUhyCbLRoRpL2VVPrhZ1jFHU%3D%26SA%3DX6uQUhyCbLRoRpL2VVPrhZ1jFHU%3D&ux=691199036"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [WD Button Manager] WDBtnMgr.exe

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

mRun: [DMXLauncher] "C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe"

mRun: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

mRun: [PMBVolumeWatcher] "C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

LSP: C:\Windows\system32\wpclsp.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2F23932D-DF9C-47F4-AFE7-E7855F016713} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BC62BB9E-EBAF-4507-8D71-3AD90D89B2CA} : DhcpNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll"

TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File

TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {CE7499E7-AF3C-4662-AC92-454212345DDB} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [WD Button Manager] WDBtnMgr.exe

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

mRun-x64: [DMXLauncher] "C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe"

mRun-x64: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

mRun-x64: [PMBVolumeWatcher] "C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe"

.

============= SERVICES / DRIVERS ===============

.

R?2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSr64.exe --> C:\Windows\system32\AERTSr64.exe [?]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-11-24 200728]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-11-24 200728]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-11-24 200728]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-11-24 200728]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-11-24 237920]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-11-24 218320]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]

R2 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2012-1-4 519888]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-4-22 474168]

R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE [2012-2-20 240408]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE [2012-2-20 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-25 135664]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2008-5-24 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-5-24 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-5-24 166384]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-25 135664]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\system32\drivers\HipShieldK.sys --> C:\Windows\system32\drivers\HipShieldK.sys [?]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\system32\DRIVERS\btblan.sys --> C:\Windows\system32\DRIVERS\btblan.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2008-5-24 313840]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-5-24 1120752]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-19 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-09-05 22:49:44 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{656D8029-565E-4926-B9D2-E507FFB0FAB4}\mpengine.dll

2012-08-25 08:12:57 -------- d-----w- C:\Program Files (x86)\Pogo Games

2012-08-16 10:06:07 2769408 ----a-w- C:\Windows\System32\win32k.sys

2012-08-16 00:38:39 788480 ----a-w- C:\Windows\System32\localspl.dll

2012-08-16 00:38:39 623616 ----a-w- C:\Windows\SysWow64\localspl.dll

.

==================== Find3M ====================

.

2012-08-03 06:03:08 16200 ----a-w- C:\Windows\stinger.sys

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-28 03:28:35 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-28 03:21:17 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-28 03:20:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-28 03:16:25 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-28 03:12:35 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-28 00:27:12 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-28 00:19:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-28 00:18:16 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-28 00:12:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-28 00:07:44 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-22 14:40:58 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2012-06-22 14:38:16 335784 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2012-06-22 14:38:04 177144 ----a-w- C:\Windows\System32\mfevtps.exe

2012-06-22 14:37:04 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2012-06-22 14:36:54 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

2012-06-22 14:36:12 752672 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2012-06-22 14:35:02 513456 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2012-06-22 14:34:22 300392 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2012-06-22 14:34:00 169320 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2012-06-18 05:48:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-18 05:48:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2009-05-19 09:26:12 774144 ----a-w- C:\Program Files (x86)\RngInterstitial.dll

.

============= FINISH: 18:57:14.11 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 1/16/2009 7:08:46 AM

System Uptime: 9/5/2012 6:43:48 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0M017G

Processor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2003/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 176.674 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 7.799 GiB free.

E: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS

Adobe Reader 9.5.1

Adobe Shockwave Player

Amazon MP3 Downloader 1.0.15

Apple Application Support

Apple Software Update

ArcSoft PhotoStudio 6

ATI Catalyst Control Center

Bing Bar

Bing Rewards Client Installer

Browser Address Error Redirector

Canon CanoScan 9000F User Registration

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MP Navigator EX 3.1

Canon Utilities Solution Menu

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Turkish

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help English

CCC Help French

CCC Help German

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Portuguese

CCC Help Spanish

CCC Help Turkish

Compatibility Pack for the 2007 Office system

Cross Terrain Challenge

Dell-eBay

Dell Best of Web

Dell Driver Download Manager

Dell Getting Started Guide

Dell Video Chat (remove only)

DELL0604

eBook Library by Sony

EDocs

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

ImTOO DVD Ripper Standard 5

Java Auto Updater

Java 7 Update 4

JavaFX 2.1.0

join.me

Knoll Light Factory EZ Studio

KODAK EASYSHARE Gallery Upload ActiveX Control

LeapFrog Connect

LeapFrog LeapPad Explorer Plugin

Magic Bullet Looks Studio

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee Online Backup

McAfee Total Protection

McAfee Virtual Technician

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Home and Student 2007 Trial

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Works

Microsoft WSE 3.0 Runtime

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Octoshape add-in for Adobe Flash Player

Picasa 3

Pinnacle Studio 14

Pinnacle Studio Ultimate Collection Plugins

PlayMemories Home

Pogo Games (remove only)

PowerDVD

QuickTime

Realtek Ethernet Network Card Diagnostic tool for Windows Vista

Realtek High Definition Audio Driver

Red Giant ToonIt Studio

Roxio Activation Module

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio CinePlayer

Roxio CinePlayer Decoder Pack

Roxio Creator DE

Roxio Disc Gallery

Roxio Express Labeler 3

Roxio MediaShare

Roxio MyDVD Video Lab 10

Roxio Update Manager

Savings Bond Wizard

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Skins

Sony Image Data Suite

Spelling Dictionaries Support For Adobe Reader 9

The Sims Deluxe Edition

The Sims™ 3

The Sims™ 3 Pets

Trapcode 3DStroke Studio

Trapcode Particular Studio

Trapcode Shine Studio

TypingMaster Pro

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)

WD Diagnostics

Xilisoft DVD Ripper Ultimate

Yahoo! BrowserPlus 2.8.1

Yahoo! Messenger

Yahoo! Search Protection

Yahoo! Software Update

Zoo Tycoon 2 - Zookeeper Collection

.

==== Event Viewer Messages From Past Week ========

.

9/5/2012 9:50:37 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHARLIE-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BC62BB9E-EBAF-4507-8D71-3AD90D89B2CA}. The master browser is stopping or an election is being forced.

9/5/2012 6:46:16 PM, Error: Service Control Manager [7022] - The Client Virtualization Handler service hung on starting.

9/5/2012 6:45:44 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

9/5/2012 6:45:31 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

9/5/2012 6:42:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.

9/5/2012 3:49:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2656370).

9/5/2012 3:48:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2680317).

9/5/2012 3:40:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2656353).

9/5/2012 3:38:50 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

9/5/2012 3:36:27 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

9/5/2012 3:36:27 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/5/2012 3:36:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

9/5/2012 3:34:31 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.135.203.0 Loading engine version: 1.1.8704.0

9/5/2012 12:36:26 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}. The error: "5" Happened while starting this command: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe -Embedding

9/4/2012 3:00:32 AM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

9/4/2012 3:00:32 AM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/4/2012 3:00:32 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/4/2012 3:00:32 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/4/2012 3:00:32 AM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/4/2012 3:00:32 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/4/2012 3:00:32 AM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/4/2012 3:00:25 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 00234EC02861 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

9/4/2012 3:00:19 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.9 for the Network Card with network address 00217044DE20 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

9/4/2012 1:42:46 PM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

8/31/2012 4:09:43 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00217044DE20 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

8/30/2012 11:44:55 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.8 for the Network Card with network address 00234EC02861 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

8/29/2012 4:23:01 PM, Error: Microsoft-Windows-Windows Defender [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Alureon.FO&threatid=170134 Scan ID: {A74A5EE0-793C-4A41-A771-F8BFE59B82C8} User: Our-CPU\Jen Name: Trojan:Win32/Alureon.FO ID: 170134 Severity ID: 5 Category ID: 8 Path: Alert Type: Spyware or other potentially unwanted software Action: Quarantine Error Code: 0x80508025 Error description: To see how to finish removing spyware and other potentially unwanted software, see this support article on the Microsoft Security website.

.

==== End Of File ===========================

Link to post
Share on other sites

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Link to post
Share on other sites

Thank you for helping me.

Here is the log.

11:54:01.0220 7332 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

11:54:01.0623 7332 ============================================================

11:54:01.0623 7332 Current date / time: 2012/09/06 11:54:01.0623

11:54:01.0623 7332 SystemInfo:

11:54:01.0623 7332

11:54:01.0623 7332 OS Version: 6.0.6002 ServicePack: 2.0

11:54:01.0623 7332 Product type: Workstation

11:54:01.0623 7332 ComputerName: OUR-CPU

11:54:01.0624 7332 UserName: Jen

11:54:01.0624 7332 Windows directory: C:\Windows

11:54:01.0624 7332 System windows directory: C:\Windows

11:54:01.0624 7332 Running under WOW64

11:54:01.0624 7332 Processor architecture: Intel x64

11:54:01.0624 7332 Number of processors: 4

11:54:01.0624 7332 Page size: 0x1000

11:54:01.0624 7332 Boot type: Normal boot

11:54:01.0624 7332 ============================================================

11:54:02.0614 7332 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:54:02.0645 7332 ============================================================

11:54:02.0645 7332 \Device\Harddisk0\DR0:

11:54:02.0666 7332 MBR partitions:

11:54:02.0666 7332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000

11:54:02.0666 7332 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x38566000

11:54:02.0666 7332 ============================================================

11:54:02.0718 7332 C: <-> \Device\Harddisk0\DR0\Partition2

11:54:02.0774 7332 D: <-> \Device\Harddisk0\DR0\Partition1

11:54:02.0774 7332 ============================================================

11:54:02.0774 7332 Initialize success

11:54:02.0774 7332 ============================================================

11:54:07.0074 5992 ============================================================

11:54:07.0074 5992 Scan started

11:54:07.0074 5992 Mode: Manual;

11:54:07.0074 5992 ============================================================

11:54:07.0784 5992 ================ Scan system memory ========================

11:54:07.0784 5992 System memory - ok

11:54:07.0785 5992 ================ Scan services =============================

11:54:07.0948 5992 [ 78E902FB660BD5003FE726B9BEF300B6 ] 61883 C:\Windows\system32\DRIVERS\61883.sys

11:54:07.0949 5992 61883 - ok

11:54:08.0033 5992 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

11:54:08.0034 5992 ACDaemon - ok

11:54:08.0052 5992 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys

11:54:08.0055 5992 ACPI - ok

11:54:08.0094 5992 [ 5DDC0A8D2CD60BDA593DDAF45821CE08 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

11:54:08.0095 5992 Adobe LM Service - ok

11:54:08.0131 5992 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

11:54:08.0134 5992 adp94xx - ok

11:54:08.0190 5992 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys

11:54:08.0193 5992 adpahci - ok

11:54:08.0199 5992 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

11:54:08.0200 5992 adpu160m - ok

11:54:08.0216 5992 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

11:54:08.0217 5992 adpu320 - ok

11:54:08.0268 5992 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

11:54:08.0269 5992 AeLookupSvc - ok

11:54:08.0291 5992 [ 0D7A11395C0A33D9E7587CDB9866EFAD ] AERTFilters C:\Windows\system32\AERTSr64.exe

11:54:08.0293 5992 AERTFilters - ok

11:54:08.0315 5992 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys

11:54:08.0318 5992 AFD - ok

11:54:08.0345 5992 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys

11:54:08.0346 5992 agp440 - ok

11:54:08.0390 5992 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys

11:54:08.0391 5992 aic78xx - ok

11:54:08.0415 5992 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe

11:54:08.0416 5992 ALG - ok

11:54:08.0439 5992 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys

11:54:08.0440 5992 aliide - ok

11:54:08.0453 5992 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys

11:54:08.0454 5992 amdide - ok

11:54:08.0459 5992 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

11:54:08.0460 5992 AmdK8 - ok

11:54:08.0509 5992 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll

11:54:08.0510 5992 Appinfo - ok

11:54:08.0531 5992 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys

11:54:08.0533 5992 arc - ok

11:54:08.0538 5992 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys

11:54:08.0539 5992 arcsas - ok

11:54:08.0589 5992 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

11:54:08.0590 5992 AsyncMac - ok

11:54:08.0601 5992 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys

11:54:08.0602 5992 atapi - ok

11:54:08.0638 5992 [ 4B4E11DC0035C9B8FA97473EBF38D267 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe

11:54:08.0644 5992 Ati External Event Utility - ok

11:54:08.0734 5992 [ 844115F01F9058335CDEFD5E039CA112 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

11:54:08.0762 5992 atikmdag - ok

11:54:08.0792 5992 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

11:54:08.0795 5992 AudioEndpointBuilder - ok

11:54:08.0808 5992 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll

11:54:08.0812 5992 AudioSrv - ok

11:54:08.0841 5992 [ 295FA2878FF499C0EDFA0EBCC8C6EC66 ] Avc C:\Windows\system32\DRIVERS\avc.sys

11:54:08.0842 5992 Avc - ok

11:54:08.0945 5992 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe

11:54:08.0947 5992 BBSvc - ok

11:54:08.0960 5992 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

11:54:08.0962 5992 BBUpdate - ok

11:54:09.0011 5992 [ 97F98E5E6A83585E42B1E1E15716AAE8 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

11:54:09.0015 5992 BCM43XX - ok

11:54:09.0047 5992 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll

11:54:09.0050 5992 BFE - ok

11:54:09.0089 5992 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll

11:54:09.0097 5992 BITS - ok

11:54:09.0117 5992 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

11:54:09.0118 5992 blbdrive - ok

11:54:09.0138 5992 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

11:54:09.0139 5992 bowser - ok

11:54:09.0168 5992 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

11:54:09.0169 5992 BrFiltLo - ok

11:54:09.0188 5992 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

11:54:09.0188 5992 BrFiltUp - ok

11:54:09.0216 5992 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll

11:54:09.0217 5992 Browser - ok

11:54:09.0240 5992 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys

11:54:09.0241 5992 Brserid - ok

11:54:09.0246 5992 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

11:54:09.0247 5992 BrSerWdm - ok

11:54:09.0251 5992 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

11:54:09.0252 5992 BrUsbMdm - ok

11:54:09.0257 5992 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

11:54:09.0258 5992 BrUsbSer - ok

11:54:09.0263 5992 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

11:54:09.0264 5992 BTHMODEM - ok

11:54:09.0281 5992 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

11:54:09.0282 5992 cdfs - ok

11:54:09.0292 5992 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

11:54:09.0293 5992 cdrom - ok

11:54:09.0320 5992 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll

11:54:09.0321 5992 CertPropSvc - ok

11:54:09.0349 5992 [ 45B5A89DC41577282E5BF41B1165EA71 ] cfwids C:\Windows\system32\drivers\cfwids.sys

11:54:09.0351 5992 cfwids - ok

11:54:09.0367 5992 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys

11:54:09.0368 5992 circlass - ok

11:54:09.0390 5992 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys

11:54:09.0393 5992 CLFS - ok

11:54:09.0463 5992 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:54:09.0464 5992 clr_optimization_v2.0.50727_32 - ok

11:54:09.0513 5992 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:54:09.0514 5992 clr_optimization_v2.0.50727_64 - ok

11:54:09.0596 5992 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:54:09.0597 5992 clr_optimization_v4.0.30319_32 - ok

11:54:09.0657 5992 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

11:54:09.0658 5992 clr_optimization_v4.0.30319_64 - ok

11:54:09.0664 5992 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys

11:54:09.0664 5992 cmdide - ok

11:54:09.0670 5992 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

11:54:09.0670 5992 Compbatt - ok

11:54:09.0675 5992 COMSysApp - ok

11:54:09.0701 5992 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

11:54:09.0702 5992 crcdisk - ok

11:54:09.0733 5992 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll

11:54:09.0735 5992 CryptSvc - ok

11:54:09.0780 5992 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

11:54:09.0786 5992 cvhsvc - ok

11:54:09.0837 5992 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll

11:54:09.0844 5992 DcomLaunch - ok

11:54:09.0859 5992 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

11:54:09.0860 5992 DfsC - ok

11:54:09.0941 5992 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe

11:54:09.0963 5992 DFSR - ok

11:54:09.0994 5992 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll

11:54:09.0997 5992 Dhcp - ok

11:54:10.0011 5992 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys

11:54:10.0012 5992 disk - ok

11:54:10.0030 5992 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll

11:54:10.0032 5992 Dnscache - ok

11:54:10.0104 5992 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe

11:54:10.0105 5992 DockLoginService - ok

11:54:10.0119 5992 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll

11:54:10.0121 5992 dot3svc - ok

11:54:10.0132 5992 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll

11:54:10.0134 5992 DPS - ok

11:54:10.0158 5992 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

11:54:10.0159 5992 drmkaud - ok

11:54:10.0197 5992 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

11:54:10.0203 5992 DXGKrnl - ok

11:54:10.0242 5992 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys

11:54:10.0245 5992 e1express - ok

11:54:10.0251 5992 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys

11:54:10.0252 5992 E1G60 - ok

11:54:10.0285 5992 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll

11:54:10.0286 5992 EapHost - ok

11:54:10.0308 5992 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys

11:54:10.0310 5992 Ecache - ok

11:54:10.0376 5992 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe

11:54:10.0379 5992 ehRecvr - ok

11:54:10.0387 5992 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe

11:54:10.0389 5992 ehSched - ok

11:54:10.0402 5992 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll

11:54:10.0403 5992 ehstart - ok

11:54:10.0422 5992 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys

11:54:10.0424 5992 elxstor - ok

11:54:10.0448 5992 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll

11:54:10.0452 5992 EMDMgmt - ok

11:54:10.0470 5992 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys

11:54:10.0471 5992 ErrDev - ok

11:54:10.0506 5992 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll

11:54:10.0509 5992 EventSystem - ok

11:54:10.0535 5992 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys

11:54:10.0536 5992 exfat - ok

11:54:10.0571 5992 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys

11:54:10.0573 5992 fastfat - ok

11:54:10.0578 5992 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

11:54:10.0579 5992 fdc - ok

11:54:10.0584 5992 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll

11:54:10.0585 5992 fdPHost - ok

11:54:10.0601 5992 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll

11:54:10.0602 5992 FDResPub - ok

11:54:10.0612 5992 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

11:54:10.0613 5992 FileInfo - ok

11:54:10.0618 5992 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys

11:54:10.0619 5992 Filetrace - ok

11:54:10.0624 5992 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

11:54:10.0625 5992 flpydisk - ok

11:54:10.0634 5992 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

11:54:10.0636 5992 FltMgr - ok

11:54:10.0707 5992 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll

11:54:10.0716 5992 FontCache - ok

11:54:10.0765 5992 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

11:54:10.0766 5992 FontCache3.0.0.0 - ok

11:54:10.0771 5992 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

11:54:10.0772 5992 Fs_Rec - ok

11:54:10.0801 5992 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

11:54:10.0802 5992 gagp30kx - ok

11:54:10.0845 5992 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll

11:54:10.0851 5992 gpsvc - ok

11:54:10.0923 5992 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:54:10.0924 5992 gupdate - ok

11:54:10.0934 5992 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:54:10.0935 5992 gupdatem - ok

11:54:10.0997 5992 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

11:54:10.0998 5992 gusvc - ok

11:54:11.0032 5992 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

11:54:11.0034 5992 HdAudAddService - ok

11:54:11.0063 5992 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

11:54:11.0070 5992 HDAudBus - ok

11:54:11.0094 5992 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys

11:54:11.0095 5992 HidBth - ok

11:54:11.0100 5992 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys

11:54:11.0100 5992 HidIr - ok

11:54:11.0132 5992 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll

11:54:11.0133 5992 hidserv - ok

11:54:11.0144 5992 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

11:54:11.0145 5992 HidUsb - ok

11:54:11.0152 5992 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys

11:54:11.0154 5992 HipShieldK - ok

11:54:11.0185 5992 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll

11:54:11.0186 5992 hkmsvc - ok

11:54:11.0197 5992 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

11:54:11.0198 5992 HpCISSs - ok

11:54:11.0218 5992 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys

11:54:11.0223 5992 HTTP - ok

11:54:11.0242 5992 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys

11:54:11.0243 5992 i2omp - ok

11:54:11.0285 5992 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

11:54:11.0286 5992 i8042prt - ok

11:54:11.0295 5992 [ 07FB761600EFF44AF02C35B8B57E5863 ] iaStor C:\Windows\system32\drivers\iastor.sys

11:54:11.0298 5992 iaStor - ok

11:54:11.0311 5992 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

11:54:11.0313 5992 iaStorV - ok

11:54:11.0441 5992 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

11:54:11.0442 5992 IDriverT - ok

11:54:11.0512 5992 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:54:11.0517 5992 idsvc - ok

11:54:11.0524 5992 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys

11:54:11.0525 5992 iirsp - ok

11:54:11.0591 5992 [ C5B04409186A27409BD069580208A6D3 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

11:54:11.0592 5992 IJPLMSVC - ok

11:54:11.0609 5992 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll

11:54:11.0612 5992 IKEEXT - ok

11:54:11.0657 5992 [ 0DD17D4B59D0EC40E3C86A505BB0B6DD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

11:54:11.0666 5992 IntcAzAudAddService - ok

11:54:11.0685 5992 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\DRIVERS\intelide.sys

11:54:11.0685 5992 intelide - ok

11:54:11.0695 5992 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

11:54:11.0696 5992 intelppm - ok

11:54:11.0710 5992 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

11:54:11.0712 5992 IPBusEnum - ok

11:54:11.0717 5992 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:54:11.0718 5992 IpFilterDriver - ok

11:54:11.0733 5992 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

11:54:11.0735 5992 iphlpsvc - ok

11:54:11.0740 5992 IpInIp - ok

11:54:11.0746 5992 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

11:54:11.0747 5992 IPMIDRV - ok

11:54:11.0753 5992 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

11:54:11.0755 5992 IPNAT - ok

11:54:11.0774 5992 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys

11:54:11.0775 5992 IRENUM - ok

11:54:11.0808 5992 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys

11:54:11.0809 5992 isapnp - ok

11:54:11.0819 5992 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

11:54:11.0821 5992 iScsiPrt - ok

11:54:11.0827 5992 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

11:54:11.0828 5992 iteatapi - ok

11:54:11.0839 5992 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys

11:54:11.0840 5992 iteraid - ok

11:54:11.0851 5992 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

11:54:11.0852 5992 kbdclass - ok

11:54:11.0864 5992 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

11:54:11.0865 5992 kbdhid - ok

11:54:11.0880 5992 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe

11:54:11.0881 5992 KeyIso - ok

11:54:11.0898 5992 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

11:54:11.0902 5992 KSecDD - ok

11:54:11.0918 5992 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

11:54:11.0919 5992 ksthunk - ok

11:54:11.0952 5992 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll

11:54:11.0956 5992 KtmRm - ok

11:54:11.0986 5992 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll

11:54:11.0989 5992 LanmanServer - ok

11:54:12.0011 5992 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

11:54:12.0015 5992 LanmanWorkstation - ok

11:54:12.0196 5992 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

11:54:12.0234 5992 LeapFrog Connect Device Service - ok

11:54:12.0255 5992 [ 797289607A5EBF31353AA5EAD141F872 ] Leapfrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys

11:54:12.0255 5992 Leapfrog-USBLAN - ok

11:54:12.0277 5992 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

11:54:12.0278 5992 lltdio - ok

11:54:12.0312 5992 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll

11:54:12.0315 5992 lltdsvc - ok

11:54:12.0335 5992 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll

11:54:12.0337 5992 lmhosts - ok

11:54:12.0363 5992 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

11:54:12.0365 5992 LSI_FC - ok

11:54:12.0371 5992 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

11:54:12.0372 5992 LSI_SAS - ok

11:54:12.0399 5992 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

11:54:12.0401 5992 LSI_SCSI - ok

11:54:12.0408 5992 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys

11:54:12.0409 5992 luafv - ok

11:54:12.0437 5992 [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys

11:54:12.0439 5992 MarvinBus - ok

11:54:12.0533 5992 [ C121367D21599367F2ADB9C11B7BABAA ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

11:54:12.0535 5992 McAfee SiteAdvisor Service - ok

11:54:12.0547 5992 [ C121367D21599367F2ADB9C11B7BABAA ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

11:54:12.0548 5992 McMPFSvc - ok

11:54:12.0553 5992 [ C121367D21599367F2ADB9C11B7BABAA ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

11:54:12.0555 5992 mcmscsvc - ok

11:54:12.0614 5992 [ C121367D21599367F2ADB9C11B7BABAA ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

11:54:12.0615 5992 McNaiAnn - ok

11:54:12.0629 5992 [ C121367D21599367F2ADB9C11B7BABAA ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

11:54:12.0631 5992 McNASvc - ok

11:54:12.0709 5992 [ 9EF2FF066F067C140EB2CB776104C602 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

11:54:12.0712 5992 McODS - ok

11:54:12.0717 5992 [ C121367D21599367F2ADB9C11B7BABAA ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

11:54:12.0719 5992 McProxy - ok

11:54:12.0804 5992 [ 4DEC9B5BEDAA97B1FF6A3923E1C4F58A ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

11:54:12.0806 5992 McShield - ok

11:54:12.0829 5992 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

11:54:12.0830 5992 Mcx2Svc - ok

11:54:12.0862 5992 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys

11:54:12.0863 5992 megasas - ok

11:54:12.0909 5992 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys

11:54:12.0912 5992 MegaSR - ok

11:54:12.0946 5992 [ B574522827D94126C03975FD53F0B26B ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

11:54:12.0948 5992 mfeapfk - ok

11:54:12.0968 5992 [ B393753ECE9A9E2307CB1984ACF3DA9D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

11:54:12.0970 5992 mfeavfk - ok

11:54:12.0979 5992 mfeavfk01 - ok

11:54:13.0000 5992 [ 97C398750C8E80A48EB63999546F796E ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

11:54:13.0001 5992 mfefire - ok

11:54:13.0019 5992 [ C52A1ABF03DD219375EA0F6A8BE941C3 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys

11:54:13.0023 5992 mfefirek - ok

11:54:13.0053 5992 [ 7092A6C6158FC4F5AA39EBEB9D5AF03D ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

11:54:13.0058 5992 mfehidk - ok

11:54:13.0085 5992 [ D2A941C82A0A9227CD6F47AD40A40F69 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys

11:54:13.0086 5992 mferkdet - ok

11:54:13.0119 5992 [ 04D48692EFF181DA46DD8EA8BE9FFB2B ] mfevtp C:\Windows\system32\mfevtps.exe

11:54:13.0122 5992 mfevtp - ok

11:54:13.0138 5992 [ 1631E2DA6C4B47D97ECA94842836592E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys

11:54:13.0141 5992 mfewfpk - ok

11:54:13.0156 5992 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll

11:54:13.0158 5992 MMCSS - ok

11:54:13.0203 5992 [ 8CC001C65C31633171991FA72A551D43 ] MOBKbackup C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe

11:54:13.0205 5992 MOBKbackup - ok

11:54:13.0221 5992 [ 3800C23D0D90C59AAFCDEFDC82B5C4AF ] MOBKFilter C:\Windows\system32\DRIVERS\MOBK.sys

11:54:13.0222 5992 MOBKFilter - ok

11:54:13.0249 5992 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys

11:54:13.0250 5992 Modem - ok

11:54:13.0283 5992 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

11:54:13.0284 5992 monitor - ok

11:54:13.0294 5992 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

11:54:13.0295 5992 mouclass - ok

11:54:13.0313 5992 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

11:54:13.0314 5992 mouhid - ok

11:54:13.0329 5992 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

11:54:13.0331 5992 MountMgr - ok

11:54:13.0367 5992 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys

11:54:13.0368 5992 mpio - ok

11:54:13.0399 5992 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

11:54:13.0401 5992 mpsdrv - ok

11:54:13.0420 5992 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll

11:54:13.0425 5992 MpsSvc - ok

11:54:13.0430 5992 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

11:54:13.0431 5992 Mraid35x - ok

11:54:13.0437 5992 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

11:54:13.0439 5992 MRxDAV - ok

11:54:13.0454 5992 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

11:54:13.0456 5992 mrxsmb - ok

11:54:13.0472 5992 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:54:13.0474 5992 mrxsmb10 - ok

11:54:13.0480 5992 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:54:13.0482 5992 mrxsmb20 - ok

11:54:13.0503 5992 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys

11:54:13.0503 5992 msahci - ok

11:54:13.0510 5992 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys

11:54:13.0511 5992 msdsm - ok

11:54:13.0542 5992 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe

11:54:13.0544 5992 MSDTC - ok

11:54:13.0558 5992 [ DF674BA7DA5A4753D839A905B66D2FD9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys

11:54:13.0559 5992 MSDV - ok

11:54:13.0575 5992 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys

11:54:13.0576 5992 Msfs - ok

11:54:13.0597 5992 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

11:54:13.0598 5992 msisadrv - ok

11:54:13.0617 5992 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

11:54:13.0619 5992 MSiSCSI - ok

11:54:13.0624 5992 msiserver - ok

11:54:13.0629 5992 Msi_ssvawt - ok

11:54:13.0642 5992 [ C121367D21599367F2ADB9C11B7BABAA ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

11:54:13.0643 5992 MSK80Service - ok

11:54:13.0662 5992 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

11:54:13.0663 5992 MSKSSRV - ok

11:54:13.0668 5992 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

11:54:13.0669 5992 MSPCLOCK - ok

11:54:13.0674 5992 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

11:54:13.0675 5992 MSPQM - ok

11:54:13.0683 5992 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

11:54:13.0686 5992 MsRPC - ok

11:54:13.0693 5992 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

11:54:13.0694 5992 mssmbios - ok

11:54:13.0699 5992 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

11:54:13.0700 5992 MSTEE - ok

11:54:13.0735 5992 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys

11:54:13.0736 5992 Mup - ok

11:54:13.0762 5992 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll

11:54:13.0767 5992 napagent - ok

11:54:13.0786 5992 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

11:54:13.0787 5992 NativeWifiP - ok

11:54:13.0817 5992 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys

11:54:13.0822 5992 NDIS - ok

11:54:13.0832 5992 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

11:54:13.0833 5992 NdisTapi - ok

11:54:13.0842 5992 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

11:54:13.0842 5992 Ndisuio - ok

11:54:13.0859 5992 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

11:54:13.0861 5992 NdisWan - ok

11:54:13.0879 5992 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

11:54:13.0880 5992 NDProxy - ok

11:54:13.0890 5992 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

11:54:13.0891 5992 NetBIOS - ok

11:54:13.0907 5992 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

11:54:13.0909 5992 netbt - ok

11:54:13.0914 5992 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe

11:54:13.0916 5992 Netlogon - ok

11:54:13.0930 5992 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll

11:54:13.0933 5992 Netman - ok

11:54:13.0952 5992 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll

11:54:13.0956 5992 netprofm - ok

11:54:13.0988 5992 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:54:13.0989 5992 NetTcpPortSharing - ok

11:54:14.0068 5992 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

11:54:14.0069 5992 nfrd960 - ok

11:54:14.0121 5992 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll

11:54:14.0123 5992 NlaSvc - ok

11:54:14.0148 5992 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys

11:54:14.0149 5992 Npfs - ok

11:54:14.0174 5992 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll

11:54:14.0176 5992 nsi - ok

11:54:14.0206 5992 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

11:54:14.0207 5992 nsiproxy - ok

11:54:14.0249 5992 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

11:54:14.0258 5992 Ntfs - ok

11:54:14.0264 5992 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys

11:54:14.0265 5992 Null - ok

11:54:14.0287 5992 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys

11:54:14.0289 5992 nvraid - ok

11:54:14.0294 5992 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys

11:54:14.0295 5992 nvstor - ok

11:54:14.0309 5992 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

11:54:14.0310 5992 nv_agp - ok

11:54:14.0315 5992 NwlnkFlt - ok

11:54:14.0320 5992 NwlnkFwd - ok

11:54:14.0396 5992 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

11:54:14.0399 5992 odserv - ok

11:54:14.0432 5992 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

11:54:14.0433 5992 ohci1394 - ok

11:54:14.0487 5992 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:54:14.0489 5992 ose - ok

11:54:14.0650 5992 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

11:54:14.0680 5992 osppsvc - ok

11:54:14.0727 5992 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll

11:54:14.0733 5992 p2pimsvc - ok

11:54:14.0751 5992 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll

11:54:14.0758 5992 p2psvc - ok

11:54:14.0780 5992 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys

11:54:14.0781 5992 Parport - ok

11:54:14.0802 5992 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys

11:54:14.0803 5992 partmgr - ok

11:54:14.0819 5992 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll

11:54:14.0821 5992 PcaSvc - ok

11:54:14.0841 5992 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys

11:54:14.0842 5992 pci - ok

11:54:14.0857 5992 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys

11:54:14.0858 5992 pciide - ok

11:54:14.0865 5992 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

11:54:14.0867 5992 pcmcia - ok

11:54:14.0888 5992 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys

11:54:14.0892 5992 PEAUTH - ok

11:54:14.0989 5992 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe

11:54:14.0991 5992 PerfHost - ok

11:54:15.0067 5992 [ 8BA0E6570112C4F27571A3C21B3A02A6 ] PGMTrusted C:\Program Files (x86)\Pogo Games\PGMTrusted.exe

11:54:15.0071 5992 PGMTrusted - ok

11:54:15.0185 5992 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll

11:54:15.0194 5992 pla - ok

11:54:15.0226 5992 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

11:54:15.0230 5992 PlugPlay - ok

11:54:15.0329 5992 [ 3072137896BFCCF4B190D248F583B48E ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

11:54:15.0333 5992 PMBDeviceInfoProvider - ok

11:54:15.0355 5992 [ 5C42FA1FCEA58C6F7D6614504BF88F4F ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

11:54:15.0356 5992 Pml Driver HPZ12 - ok

11:54:15.0376 5992 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

11:54:15.0383 5992 PNRPAutoReg - ok

11:54:15.0402 5992 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll

11:54:15.0408 5992 PNRPsvc - ok

11:54:15.0445 5992 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

11:54:15.0449 5992 PolicyAgent - ok

11:54:15.0503 5992 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

11:54:15.0504 5992 PptpMiniport - ok

11:54:15.0531 5992 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys

11:54:15.0532 5992 Processor - ok

11:54:15.0557 5992 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll

11:54:15.0560 5992 ProfSvc - ok

11:54:15.0580 5992 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe

11:54:15.0582 5992 ProtectedStorage - ok

11:54:15.0599 5992 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys

11:54:15.0601 5992 PSched - ok

11:54:15.0609 5992 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

11:54:15.0610 5992 PxHlpa64 - ok

11:54:15.0656 5992 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys

11:54:15.0664 5992 ql2300 - ok

11:54:15.0670 5992 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

11:54:15.0672 5992 ql40xx - ok

11:54:15.0680 5992 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll

11:54:15.0684 5992 QWAVE - ok

11:54:15.0714 5992 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

11:54:15.0715 5992 QWAVEdrv - ok

11:54:15.0826 5992 [ 844115F01F9058335CDEFD5E039CA112 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys

11:54:15.0855 5992 R300 - ok

11:54:15.0873 5992 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

11:54:15.0874 5992 RasAcd - ok

11:54:15.0893 5992 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll

11:54:15.0895 5992 RasAuto - ok

11:54:15.0906 5992 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

11:54:15.0907 5992 Rasl2tp - ok

11:54:15.0921 5992 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll

11:54:15.0924 5992 RasMan - ok

11:54:15.0936 5992 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

11:54:15.0937 5992 RasPppoe - ok

11:54:15.0943 5992 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

11:54:15.0944 5992 RasSstp - ok

11:54:15.0955 5992 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

11:54:15.0958 5992 rdbss - ok

11:54:15.0966 5992 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

11:54:15.0967 5992 RDPCDD - ok

11:54:16.0001 5992 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

11:54:16.0003 5992 rdpdr - ok

11:54:16.0008 5992 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

11:54:16.0009 5992 RDPENCDD - ok

11:54:16.0019 5992 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

11:54:16.0021 5992 RDPWD - ok

11:54:16.0061 5992 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll

11:54:16.0064 5992 RemoteAccess - ok

11:54:16.0089 5992 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll

11:54:16.0092 5992 RemoteRegistry - ok

11:54:16.0160 5992 [ 5B5776FDD51DD4359036C84D31A0FA3A ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

11:54:16.0162 5992 Roxio UPnP Renderer 10 - ok

11:54:16.0198 5992 [ AF8327ED3DFDB2367351E17D7DF764FE ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe

11:54:16.0201 5992 Roxio Upnp Server 10 - ok

11:54:16.0252 5992 [ FB65197A47B6E14229A8F631CACC7D35 ] RoxLiveShare10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

11:54:16.0255 5992 RoxLiveShare10 - ok

11:54:16.0291 5992 [ 9ACC31E4154975FFBFFEE3FCF3523629 ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

11:54:16.0298 5992 RoxMediaDB10 - ok

11:54:16.0325 5992 [ 7500A0E1237083FF6211AFAA1693AEE1 ] RoxWatch10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

11:54:16.0326 5992 RoxWatch10 - ok

11:54:16.0349 5992 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe

11:54:16.0351 5992 RpcLocator - ok

11:54:16.0380 5992 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll

11:54:16.0385 5992 RpcSs - ok

11:54:16.0395 5992 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

11:54:16.0397 5992 rspndr - ok

11:54:16.0413 5992 [ F49D8DF8895D809CB0A4DEB44113DE6F ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys

11:54:16.0414 5992 RTL8169 - ok

11:54:16.0435 5992 [ 5532C4BF15173270757A75B46BAEB960 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys

11:54:16.0435 5992 RtNdPt60 - ok

11:54:16.0447 5992 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe

11:54:16.0448 5992 SamSs - ok

11:54:16.0470 5992 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

11:54:16.0471 5992 sbp2port - ok

11:54:16.0496 5992 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll

11:54:16.0499 5992 SCardSvr - ok

11:54:16.0523 5992 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll

11:54:16.0530 5992 Schedule - ok

11:54:16.0562 5992 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll

11:54:16.0563 5992 SCPolicySvc - ok

11:54:16.0577 5992 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll

11:54:16.0579 5992 SDRSVC - ok

11:54:16.0591 5992 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

11:54:16.0592 5992 secdrv - ok

11:54:16.0606 5992 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll

11:54:16.0609 5992 seclogon - ok

11:54:16.0626 5992 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll

11:54:16.0628 5992 SENS - ok

11:54:16.0649 5992 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys

11:54:16.0650 5992 Serenum - ok

11:54:16.0656 5992 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys

11:54:16.0657 5992 Serial - ok

11:54:16.0662 5992 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys

11:54:16.0663 5992 sermouse - ok

11:54:16.0691 5992 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll

11:54:16.0693 5992 SessionEnv - ok

11:54:16.0712 5992 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

11:54:16.0713 5992 sffdisk - ok

11:54:16.0718 5992 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

11:54:16.0719 5992 sffp_mmc - ok

11:54:16.0724 5992 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

11:54:16.0725 5992 sffp_sd - ok

11:54:16.0730 5992 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

11:54:16.0731 5992 sfloppy - ok

11:54:16.0775 5992 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

11:54:16.0780 5992 Sftfs - ok

11:54:16.0827 5992 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

11:54:16.0831 5992 sftlist - ok

11:54:16.0839 5992 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

11:54:16.0841 5992 Sftplay - ok

11:54:16.0859 5992 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

11:54:16.0860 5992 Sftredir - ok

11:54:16.0873 5992 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

11:54:16.0874 5992 Sftvol - ok

11:54:16.0888 5992 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

11:54:16.0889 5992 sftvsa - ok

11:54:16.0916 5992 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll

11:54:16.0919 5992 SharedAccess - ok

11:54:16.0928 5992 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

11:54:16.0931 5992 ShellHWDetection - ok

11:54:16.0957 5992 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

11:54:16.0957 5992 SiSRaid2 - ok

11:54:16.0963 5992 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

11:54:16.0964 5992 SiSRaid4 - ok

11:54:17.0028 5992 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe

11:54:17.0045 5992 slsvc - ok

11:54:17.0064 5992 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll

11:54:17.0066 5992 SLUINotify - ok

11:54:17.0083 5992 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys

11:54:17.0084 5992 Smb - ok

11:54:17.0108 5992 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe

11:54:17.0110 5992 SNMPTRAP - ok

11:54:17.0165 5992 [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

11:54:17.0166 5992 Sony SCSI Helper Service - ok

11:54:17.0171 5992 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys

11:54:17.0172 5992 spldr - ok

11:54:17.0207 5992 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe

11:54:17.0210 5992 Spooler - ok

11:54:17.0233 5992 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys

11:54:17.0236 5992 srv - ok

11:54:17.0260 5992 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

11:54:17.0262 5992 srv2 - ok

11:54:17.0274 5992 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

11:54:17.0275 5992 srvnet - ok

11:54:17.0290 5992 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

11:54:17.0293 5992 SSDPSRV - ok

11:54:17.0310 5992 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll

11:54:17.0313 5992 SstpSvc - ok

11:54:17.0335 5992 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll

11:54:17.0341 5992 stisvc - ok

11:54:17.0398 5992 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

11:54:17.0399 5992 stllssvr - ok

11:54:17.0432 5992 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys

11:54:17.0432 5992 swenum - ok

11:54:17.0452 5992 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll

11:54:17.0457 5992 swprv - ok

11:54:17.0482 5992 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

11:54:17.0483 5992 Symc8xx - ok

11:54:17.0498 5992 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

11:54:17.0499 5992 Sym_hi - ok

11:54:17.0505 5992 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

11:54:17.0506 5992 Sym_u3 - ok

11:54:17.0558 5992 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll

11:54:17.0565 5992 SysMain - ok

11:54:17.0575 5992 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll

11:54:17.0577 5992 TabletInputService - ok

11:54:17.0588 5992 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll

11:54:17.0591 5992 TapiSrv - ok

11:54:17.0606 5992 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll

11:54:17.0608 5992 TBS - ok

11:54:17.0641 5992 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys

11:54:17.0650 5992 Tcpip - ok

11:54:17.0683 5992 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

11:54:17.0692 5992 Tcpip6 - ok

11:54:17.0704 5992 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

11:54:17.0705 5992 tcpipreg - ok

11:54:17.0730 5992 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

11:54:17.0731 5992 TDPIPE - ok

11:54:17.0736 5992 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

11:54:17.0737 5992 TDTCP - ok

11:54:17.0771 5992 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

11:54:17.0773 5992 tdx - ok

11:54:17.0783 5992 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

11:54:17.0784 5992 TermDD - ok

11:54:17.0808 5992 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll

11:54:17.0813 5992 TermService - ok

11:54:17.0829 5992 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll

11:54:17.0833 5992 Themes - ok

11:54:17.0856 5992 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll

11:54:17.0858 5992 THREADORDER - ok

11:54:17.0867 5992 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll

11:54:17.0870 5992 TrkWks - ok

11:54:17.0908 5992 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

11:54:17.0909 5992 TrustedInstaller - ok

11:54:17.0916 5992 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

11:54:17.0917 5992 tssecsrv - ok

11:54:17.0940 5992 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

11:54:17.0941 5992 tunmp - ok

11:54:17.0954 5992 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

11:54:17.0955 5992 tunnel - ok

11:54:17.0961 5992 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

11:54:17.0962 5992 uagp35 - ok

11:54:17.0983 5992 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

11:54:17.0985 5992 udfs - ok

11:54:18.0002 5992 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe

11:54:18.0005 5992 UI0Detect - ok

11:54:18.0032 5992 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

11:54:18.0033 5992 uliagpkx - ok

11:54:18.0042 5992 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys

11:54:18.0044 5992 uliahci - ok

11:54:18.0051 5992 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys

11:54:18.0052 5992 UlSata - ok

11:54:18.0065 5992 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

11:54:18.0067 5992 ulsata2 - ok

11:54:18.0073 5992 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

11:54:18.0074 5992 umbus - ok

11:54:18.0108 5992 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll

11:54:18.0112 5992 upnphost - ok

11:54:18.0121 5992 USBAAPL64 - ok

11:54:18.0144 5992 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

11:54:18.0145 5992 usbccgp - ok

11:54:18.0164 5992 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys

11:54:18.0165 5992 usbcir - ok

11:54:18.0185 5992 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

11:54:18.0186 5992 usbehci - ok

11:54:18.0201 5992 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

11:54:18.0203 5992 usbhub - ok

11:54:18.0225 5992 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys

11:54:18.0226 5992 usbohci - ok

11:54:18.0278 5992 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

11:54:18.0278 5992 usbprint - ok

11:54:18.0297 5992 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

11:54:18.0298 5992 usbscan - ok

11:54:18.0307 5992 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:54:18.0308 5992 USBSTOR - ok

11:54:18.0323 5992 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

11:54:18.0325 5992 usbuhci - ok

11:54:18.0341 5992 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll

11:54:18.0344 5992 UxSms - ok

11:54:18.0362 5992 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe

11:54:18.0367 5992 vds - ok

11:54:18.0389 5992 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

11:54:18.0390 5992 vga - ok

11:54:18.0408 5992 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys

11:54:18.0409 5992 VgaSave - ok

11:54:18.0414 5992 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys

11:54:18.0415 5992 viaide - ok

11:54:18.0447 5992 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys

11:54:18.0449 5992 volmgr - ok

11:54:18.0472 5992 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

11:54:18.0475 5992 volmgrx - ok

11:54:18.0484 5992 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys

11:54:18.0486 5992 volsnap - ok

11:54:18.0511 5992 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

11:54:18.0512 5992 vsmraid - ok

11:54:18.0566 5992 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe

11:54:18.0576 5992 VSS - ok

11:54:18.0586 5992 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll

11:54:18.0591 5992 W32Time - ok

11:54:18.0612 5992 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

11:54:18.0613 5992 WacomPen - ok

11:54:18.0635 5992 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

11:54:18.0636 5992 Wanarp - ok

11:54:18.0640 5992 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

11:54:18.0642 5992 Wanarpv6 - ok

11:54:18.0676 5992 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll

11:54:18.0682 5992 wcncsvc - ok

11:54:18.0692 5992 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

11:54:18.0695 5992 WcsPlugInService - ok

11:54:18.0700 5992 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys

11:54:18.0701 5992 Wd - ok

11:54:18.0729 5992 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

11:54:18.0734 5992 Wdf01000 - ok

11:54:18.0744 5992 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll

11:54:18.0747 5992 WdiServiceHost - ok

11:54:18.0751 5992 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll

11:54:18.0753 5992 WdiSystemHost - ok

11:54:18.0762 5992 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll

11:54:18.0765 5992 WebClient - ok

11:54:18.0773 5992 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll

11:54:18.0776 5992 Wecsvc - ok

11:54:18.0791 5992 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll

11:54:18.0794 5992 wercplsupport - ok

11:54:18.0803 5992 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll

11:54:18.0807 5992 WerSvc - ok

11:54:18.0824 5992 WinDefend - ok

11:54:18.0830 5992 WinHttpAutoProxySvc - ok

11:54:18.0878 5992 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

11:54:18.0880 5992 Winmgmt - ok

11:54:18.0935 5992 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll

11:54:18.0949 5992 WinRM - ok

11:54:18.0967 5992 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll

11:54:18.0973 5992 Wlansvc - ok

11:54:19.0076 5992 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

11:54:19.0090 5992 wlidsvc - ok

11:54:19.0095 5992 wltrysvc - ok

11:54:19.0115 5992 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

11:54:19.0116 5992 WmiAcpi - ok

11:54:19.0143 5992 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

11:54:19.0145 5992 wmiApSrv - ok

11:54:19.0149 5992 WMPNetworkSvc - ok

11:54:19.0161 5992 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll

11:54:19.0164 5992 WPCSvc - ok

11:54:19.0174 5992 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

11:54:19.0177 5992 WPDBusEnum - ok

11:54:19.0183 5992 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

11:54:19.0184 5992 WpdUsb - ok

11:54:19.0317 5992 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

11:54:19.0323 5992 WPFFontCache_v0400 - ok

11:54:19.0336 5992 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

11:54:19.0337 5992 ws2ifsl - ok

11:54:19.0355 5992 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll

11:54:19.0358 5992 wscsvc - ok

11:54:19.0363 5992 [ DE5F5212AB34221DD1618B5FEFE8DB6C ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

11:54:19.0364 5992 WSDPrintDevice - ok

11:54:19.0388 5992 [ C48E6EF92BE6BFEF9EE2430C42EAF2BD ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys

11:54:19.0389 5992 WSDScan - ok

11:54:19.0394 5992 WSearch - ok

11:54:19.0464 5992 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

11:54:19.0481 5992 wuauserv - ok

11:54:19.0501 5992 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

11:54:19.0502 5992 WUDFRd - ok

11:54:19.0516 5992 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll

11:54:19.0519 5992 wudfsvc - ok

11:54:19.0612 5992 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

11:54:19.0616 5992 YahooAUService - ok

11:54:19.0628 5992 ================ Scan global ===============================

11:54:19.0657 5992 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll

11:54:19.0673 5992 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll

11:54:19.0698 5992 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll

11:54:19.0748 5992 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe

11:54:19.0752 5992 [Global] - ok

11:54:19.0752 5992 ================ Scan MBR ==================================

11:54:19.0764 5992 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

11:54:20.0173 5992 \Device\Harddisk0\DR0 - ok

11:54:20.0173 5992 ================ Scan VBR ==================================

11:54:20.0207 5992 [ A7B3B8A0C49322305842B456B778ABF3 ] \Device\Harddisk0\DR0\Partition1

11:54:20.0209 5992 \Device\Harddisk0\DR0\Partition1 - ok

11:54:20.0212 5992 [ AB954F0189FB6210ABD81B132BE7039F ] \Device\Harddisk0\DR0\Partition2

11:54:20.0213 5992 \Device\Harddisk0\DR0\Partition2 - ok

11:54:20.0214 5992 ============================================================

11:54:20.0214 5992 Scan finished

11:54:20.0214 5992 ============================================================

11:54:20.0225 5732 Detected object count: 0

11:54:20.0225 5732 Actual detected object count: 0

11:55:17.0174 6456 Deinitialize success

Link to post
Share on other sites

Download ComboFix from this location:

Link 1

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

Link to post
Share on other sites

Thank you. Here is the log.

ComboFix 12-09-07.03 - Jen 09/07/2012 8:32.1.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7422.5199 [GMT -7:00]

Running from: c:\users\Jen\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - Windows: deleted 24 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Pogo Games\iWINgameshookie.dll

c:\users\Jen\AppData\Local\.#

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 )))))))))))))))))))))))))))))))

.

.

2012-09-07 15:54 . 2012-09-07 15:54 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp

2012-09-07 15:54 . 2012-09-07 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-07 15:54 . 2012-09-07 15:54 -------- d-----w- c:\users\Nena\AppData\Local\temp

2012-09-07 15:54 . 2012-09-07 15:54 -------- d-----w- c:\users\Nena.Our-CPU\AppData\Local\temp

2012-09-07 15:54 . 2012-09-07 15:54 -------- d-----w- c:\users\Mel\AppData\Local\temp

2012-09-07 15:54 . 2012-09-07 15:54 -------- d-----w- c:\users\Jeb\AppData\Local\temp

2012-09-07 15:54 . 2012-09-07 15:54 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-09-07 12:27 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D456A02F-092E-4C4E-873A-58BE97035797}\mpengine.dll

2012-09-06 05:53 . 2012-09-06 05:53 -------- d-----w- c:\users\Jen\AppData\Local\SmugMug

2012-09-06 05:51 . 2012-09-06 05:51 -------- d-----w- c:\program files (x86)\Send to SmugMug

2012-08-30 17:06 . 2012-08-30 17:06 -------- d-----w- c:\users\Guest\AppData\Local\ArcSoft

2012-08-30 17:06 . 2012-08-30 17:06 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer

2012-08-30 17:06 . 2012-08-30 17:07 -------- d-----w- c:\users\Guest\AppData\Roaming\ArcSoft

2012-08-25 08:20 . 2012-09-05 22:27 -------- d-----w- c:\users\protected

2012-08-25 08:12 . 2012-09-07 15:53 -------- d-----w- c:\program files (x86)\Pogo Games

2012-08-16 10:06 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys

2012-08-16 00:38 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll

2012-08-16 00:38 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll

2012-08-16 00:38 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-16 10:01 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe

2012-08-03 06:03 . 2012-08-03 06:03 16200 ----a-w- c:\windows\stinger.sys

2012-07-17 23:07 . 2012-07-17 23:07 520 ----a-w- c:\users\Jen\AppData\Local\TempPSTEMPFILEon080901212384_1.tmp

2012-07-13 04:16 . 2012-07-13 04:16 520 ----a-w- c:\users\Jen\AppData\Local\TempPSTEMPFILEon0809017140_1.tmp

2012-07-13 04:15 . 2012-07-13 04:15 520 ----a-w- c:\users\Jen\AppData\Local\TempPSTEMPFILEon0809017036_1.tmp

2012-07-11 00:35 . 2012-07-11 00:35 520 ----a-w- c:\users\Jen\AppData\Local\TempPSTEMPFILEon0809019784_1.tmp

2012-07-11 00:34 . 2012-07-11 00:34 520 ----a-w- c:\users\Jen\AppData\Local\TempPSTEMPFILEon0809019896_1.tmp

2012-07-10 08:24 . 2012-07-10 08:24 520 ----a-w- c:\users\Jen\AppData\Local\TempPSTEMPFILEon0809016612_1.tmp

2012-07-03 20:46 . 2012-08-03 06:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-22 14:40 . 2010-11-24 10:39 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-06-22 14:38 . 2010-11-24 10:39 335784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-06-22 14:38 . 2010-11-24 10:20 177144 ----a-w- c:\windows\system32\mfevtps.exe

2012-06-22 14:37 . 2010-11-24 10:40 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-06-22 14:36 . 2010-11-24 10:39 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-06-22 14:36 . 2010-10-14 06:28 752672 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-06-22 14:35 . 2010-11-24 10:39 513456 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-06-22 14:34 . 2010-11-24 10:39 300392 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-06-22 14:34 . 2010-10-14 06:28 169320 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-06-18 05:48 . 2012-05-23 14:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-18 05:48 . 2011-10-07 03:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2009-05-19 09:26 . 2009-05-19 09:26 774144 ----a-w- c:\program files (x86)\RngInterstitial.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"WD Button Manager"="WDBtnMgr.exe" [2009-02-09 364544]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-05-24 244208]

"DMXLauncher"="c:\program files (x86)\Roxio\CinePlayer\DMXLauncher.exe" [2008-05-24 113136]

"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-06-22 1527896]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-04-22 724536]

.

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

c:\users\Mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

c:\users\Nena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

c:\users\Nena.Our-CPU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

c:\users\protected\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-20 113664]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2008-07-18 86016]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-25 21:00]

.

2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-25 21:00]

.

2012-09-07 c:\windows\Tasks\RtlNICDiagVistaStart.job

- c:\program files (x86)\Realtek\RTNICDiag\RTNICDiag.exe [2009-01-16 11:18]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-14 04:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-14 04:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-14 04:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6431232]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1683456]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.rr.com/

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

LSP: c:\windows\system32\wpclsp.dll

TCP: DhcpNameServer = 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

WebBrowser-{CE7499E7-AF3C-4662-AC92-454212345DDB} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

HKLM-Run-Skytel - Skytel.exe

AddRemove-Adobe Shockwave Player - c:\windows\System32\Adobe\SHOCKW~1\UNWISE.EXE

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

Completion time: 2012-09-07 08:58:03

ComboFix-quarantined-files.txt 2012-09-07 15:58

.

Pre-Run: 197,994,668,032 bytes free

Post-Run: 198,170,599,424 bytes free

.

- - End Of File - - 5734BABB844984676DB27DAE6574011E

Link to post
Share on other sites

Download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst64 and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log ( FRST.txt ) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Sorry for the delay.

Scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2012

Ran by SYSTEM at 11-09-2012 00:36:32

Running from E:\

Windows Vista Home Premium Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]

HKLM\...\Run: [skytel] Skytel.exe [x]

HKLM\...\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [1683456 2007-08-07] (Dell Inc.)

HKLM\...\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-01-21] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128296 2008-05-23] (CyberLink Corp.)

HKLM-x32\...\Run: [WD Button Manager] WDBtnMgr.exe [x]

HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [244208 2008-05-24] (Sonic Solutions)

HKLM-x32\...\Run: [DMXLauncher] "C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe" [113136 2008-05-24] ()

HKLM-x32\...\Run: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [111856 2009-02-23] (Yahoo! Inc)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1527896 2012-06-21] (McAfee, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [207424 2010-10-27] (ArcSoft Inc.)

HKLM-x32\...\Run: [PMBVolumeWatcher] "C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [724536 2012-04-22] (Sony Corporation)

HKU\Guest\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6276408 2011-08-22] (Yahoo! Inc.)

HKU\Guest\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]

HKU\Guest\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKU\Guest\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]

HKU\Guest\...\RunOnce: [shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 1.1.4322; .NET CLR 3.0.30729; .NET4.0C; BRI/1)" -"http://online.gamesgames.com/gameshell/app/gameshell.aspx?carrier=-1&channel=110445270&code=115050913&device=-1&lc=en&origin=pgame_ol_u&refid=&room=44103aea-582a-402b-bdd9-e353d8655cf1&ui=C2kw1kVId7krVmLOQmXkGmznbas%3D&un=DA%3DYgjCbPcgRr9EH6OxLNOtbH94pvMdtF+dwR25zozvYJOeyfDZQKx70cdaoreiIBu5pvilAq8vgqNN6Vvk2L4Sxw%3D%3D%26SD%3Dmk0x3OCeif8IThoa+6ZHEvxeOFXXw3/vw/1ME7m/MD5usZQvr43vR27i//DGns2S%26LT%3D1%26CL%3DU%26TO%3D1294344782%26A%3DX6uQUhyCbLRoRpL2VVPrhZ1jFHU%3D%26SA%3DX6uQUhyCbLRoRpL2VVPrhZ1jFHU%3D&ux=691199036" [460216 2009-01-16] (Adobe Systems, Inc.)

HKU\Guest\...\Policies\system: [LogonHoursAction] 2

HKU\Guest\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Jeb\...\Policies\system: [LogonHoursAction] 2

HKU\Jeb\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Jen\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6276408 2011-08-22] (Yahoo! Inc.)

HKU\Jen\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKU\Jen\...\Policies\system: [LogonHoursAction] 2

HKU\Jen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Mel\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]

HKU\Mel\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]

HKU\Mel\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6276408 2011-08-22] (Yahoo! Inc.)

HKU\Mel\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]

HKU\Mel\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKU\Mel\...\RunOnce: [shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 1.1.4322; .NET CLR 3.0.30729; .NET4.0C)" -"http://www8.agame.com/games/shockwave/d/dance_trends_3d/dance_trends_3d_girlsgogames_com.htm" [460216 2009-01-16] (Adobe Systems, Inc.)

HKU\Mel\...\Policies\system: [LogonHoursAction] 2

HKU\Mel\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Nena\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]

HKU\Nena\...\Run: [search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)

HKU\Nena\...\Policies\system: [LogonHoursAction] 2

HKU\Nena\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Nena.Our-CPU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]

HKU\Nena.Our-CPU\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6276408 2011-08-22] (Yahoo! Inc.)

HKU\Nena.Our-CPU\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]

HKU\Nena.Our-CPU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKU\Nena.Our-CPU\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]

HKU\Nena.Our-CPU\...\RunOnce: [shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 1.1.4322; .NET CLR 3.0.30729; .NET4.0C; BRI/1)" -"http://online.gamesgames.com/gameshell/app/gameshell.aspx?carrier=-1&channel=110445270&code=115050913&device=-1&lc=en&origin=pgame_ol_u&refid=&room=44103aea-582a-402b-bdd9-e353d8655cf1&ui=C2kw1kVId7krVmLOQmXkGmznbas%3D&un=DA%3DYgjCbPcgRr9EH6OxLNOtbH94pvMdtF+dwR25zozvYJOeyfDZQKx70cdaoreiIBu5pvilAq8vgqNN6Vvk2L4Sxw%3D%3D%26SD%3Dmk0x3OCeif8IThoa+6ZHEvxeOFXXw3/vw/1ME7m/MD5usZQvr43vR27i//DGns2S%26LT%3D1%26CL%3DU%26TO%3D1294344782%26A%3DX6uQUhyCbLRoRpL2VVPrhZ1jFHU%3D%26SA%3DX6uQUhyCbLRoRpL2VVPrhZ1jFHU%3D&ux=691199036" [460216 2009-01-16] (Adobe Systems, Inc.)

HKU\Nena.Our-CPU\...\Policies\system: [LogonHoursAction] 2

HKU\Nena.Our-CPU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\protected\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKU\protected\...\Policies\system: [LogonHoursAction] 2

HKU\protected\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

Winlogon\Notify\PFW:

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Guest\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Mel\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Nena\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Nena.Our-CPU\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\protected\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\RA Media Server\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services ====================

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [68096 2009-12-20] ()

2 AERTFilters; C:\Windows\System32\AERTSr64.exe [86016 2008-07-18] (Andrea Electronics Corporation)

2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()

2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)

2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)

2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)

3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [383608 2012-08-24] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-06-22] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-06-22] (McAfee, Inc.)

2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-06-22] (McAfee, Inc.)

2 MOBKbackup; "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [231224 2010-04-13] (McAfee, Inc.)

2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)

2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [519888 2012-01-04] (iWin Inc.)

2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe" [474168 2012-04-22] (Sony Corporation)

3 Roxio UPnP Renderer 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [313840 2008-05-24] (Sonic Solutions)

2 Roxio Upnp Server 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe" [362992 2008-05-24] (Sonic Solutions)

2 wltrysvc; C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe [1889792 2007-08-07] (Dell Inc.)

==================== Drivers =================================

3 61883; C:\Windows\System32\Drivers\61883.sys [58496 2008-01-20] (Microsoft Corporation)

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)

3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)

1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)

1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)

2 RtNdPt60; C:\Windows\System32\Drivers\RtNdPt60.sys [26624 2008-07-21] (Windows ® Codename Longhorn DDK provider)

1 Beep; [x]

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 mfeavfk01; [x]

3 Msi_ssvawt; [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [x]

==================== NetSvcs (Whitelisted) =================

==================== One Month Created Files and Folders ======================

2012-09-10 22:45 - 2012-09-10 22:49 - 00002142 ____A C:\Windows\setupact.log

2012-09-10 22:45 - 2012-09-10 22:45 - 00000000 ____A C:\Windows\setuperr.log

2012-09-07 08:27 - 2012-09-07 08:27 - 00016217 ____A C:\Users\Jen\Desktop\combofix.txt

2012-09-07 07:58 - 2012-09-07 07:58 - 00016217 ____A C:\ComboFix.txt

2012-09-07 07:27 - 2012-09-07 07:58 - 00000000 ____D C:\Qoobox

2012-09-07 07:27 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-09-07 07:27 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-09-07 07:27 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-09-07 07:27 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-09-07 07:27 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-09-07 07:27 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-09-07 07:27 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-09-07 07:27 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-09-07 07:26 - 2012-09-07 07:55 - 00000000 ____D C:\Windows\erdnt

2012-09-07 07:14 - 2012-09-07 07:22 - 04749820 ____R (Swearware) C:\Users\Jen\Desktop\ComboFix.exe

2012-09-06 10:47 - 2012-09-06 10:47 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Jen\Desktop\tdsskiller.exe

2012-09-05 21:53 - 2012-09-05 21:53 - 00000000 ____D C:\Users\Jen\AppData\Local\SmugMug

2012-09-05 21:51 - 2012-09-05 21:51 - 00000000 ____D C:\Program Files (x86)\Send to SmugMug

2012-09-05 21:37 - 2012-09-05 21:37 - 00000000 ____D C:\Users\Jen\Documents\InstantCDDVD

2012-09-05 18:03 - 2012-09-05 18:03 - 00016285 ____A C:\Users\Jen\Desktop\Attach.txt

2012-09-05 18:01 - 2012-09-05 18:01 - 00020488 ____A C:\Users\Jen\Desktop\DDS.txt

2012-09-05 17:54 - 2012-09-05 17:55 - 00607260 ____R (Swearware) C:\Users\Jen\Downloads\dds.com

2012-08-30 09:10 - 2012-08-30 09:10 - 00000000 ____D C:\Users\Guest\Documents\Electronic Arts

2012-08-30 09:07 - 2012-08-30 09:07 - 00000008 _RASH C:\Users\Guest\ntuser.pol

2012-08-30 09:07 - 2012-08-30 09:07 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe

2012-08-30 09:06 - 2012-08-30 09:07 - 00000000 ____D C:\Users\Guest\AppData\Roaming\ArcSoft

2012-08-30 09:06 - 2012-08-30 09:06 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer

2012-08-30 09:06 - 2012-08-30 09:06 - 00000000 ____D C:\Users\Guest\AppData\Local\ArcSoft

2012-08-29 15:47 - 2012-08-29 15:47 - 00000000 ____D C:\Users\protected\AppData\Roaming\Malwarebytes

2012-08-29 11:26 - 2012-08-29 11:26 - 00000000 ____D C:\Users\protected\Documents\Sony PMB

2012-08-29 11:26 - 2012-08-29 11:26 - 00000000 ____D C:\Users\protected\AppData\Roaming\Sony Corporation

2012-08-27 10:34 - 2012-08-27 10:34 - 00000000 ____D C:\Users\protected\AppData\Local\Adobe

2012-08-25 11:56 - 2012-09-05 21:02 - 00006836 ____A C:\Users\protected\AppData\Local\d3d9caps.dat

2012-08-25 00:35 - 2012-08-25 00:35 - 00000000 ____D C:\Users\protected\AppData\Local\Pinnacle

2012-08-25 00:31 - 2012-08-25 00:31 - 00000000 ____D C:\Users\protected\AppData\Local\Google

2012-08-25 00:23 - 2012-08-25 00:55 - 00000000 ____D C:\Users\protected\AppData\Roaming\Adobe

2012-08-25 00:22 - 2012-08-25 00:22 - 00000000 ____D C:\Users\protected\AppData\Roaming\Dell

2012-08-25 00:22 - 2012-08-25 00:22 - 00000000 ____D C:\Users\protected\AppData\Local\Stardock_Corporation

2012-08-25 00:21 - 2012-08-29 11:28 - 00000000 ____D C:\Users\protected\AppData\Roaming\yahoo!

2012-08-25 00:21 - 2012-08-25 00:21 - 00120440 ____A C:\Users\protected\AppData\Local\GDIPFONTCACHEV1.DAT

2012-08-25 00:21 - 2012-08-25 00:21 - 00000000 ____D C:\Users\protected\AppData\Roaming\ATI

2012-08-25 00:21 - 2012-08-25 00:21 - 00000000 ____D C:\Users\protected\AppData\Roaming\ArcSoft

2012-08-25 00:21 - 2012-08-25 00:21 - 00000000 ____D C:\Users\protected\AppData\Roaming\Apple Computer

2012-08-25 00:21 - 2012-08-25 00:21 - 00000000 ____D C:\Users\protected\AppData\Local\PowerDVD DX

2012-08-25 00:21 - 2012-08-25 00:21 - 00000000 ____D C:\Users\protected\AppData\Local\ATI

2012-08-25 00:21 - 2012-08-25 00:21 - 00000000 ____D C:\Users\protected\AppData\Local\ArcSoft

2012-08-25 00:20 - 2012-09-05 14:27 - 00000000 ____D C:\users\protected

2012-08-25 00:20 - 2012-08-29 11:27 - 00000000 ____D C:\Users\protected\AppData\Local\VirtualStore

2012-08-25 00:20 - 2012-08-25 00:20 - 00000632 _RASH C:\Users\protected\ntuser.pol

2012-08-25 00:20 - 2012-08-25 00:20 - 00000020 ___SH C:\Users\protected\ntuser.ini

2012-08-25 00:20 - 2010-02-20 19:02 - 00000000 ____D C:\Users\protected\AppData\Roaming\Macromedia

2012-08-25 00:20 - 2009-02-09 01:21 - 00000000 ____D C:\Users\protected\AppData\Local\Microsoft Help

2012-08-25 00:12 - 2012-09-07 07:53 - 00000000 ____D C:\Program Files (x86)\Pogo Games

2012-08-24 09:27 - 2012-08-24 09:27 - 00001985 ____A C:\Users\Public\Desktop\McAfee Virtual Technician.lnk

2012-08-23 14:07 - 2012-09-10 23:27 - 00010184 ____A C:\Windows\PFRO.log

2012-08-23 13:46 - 2012-08-23 13:47 - 00259152 ____A C:\Users\Jen\Documents\cc_20120823_144442.reg

2012-08-21 07:42 - 2012-08-21 08:28 - 00000000 ____D C:\Users\Jen\AppData\Local\Apps\Apple

2012-08-16 02:09 - 2012-06-27 20:10 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-16 02:09 - 2012-06-27 19:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-16 02:09 - 2012-06-27 19:28 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-16 02:09 - 2012-06-27 19:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-16 02:09 - 2012-06-27 19:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-16 02:09 - 2012-06-27 19:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-16 02:09 - 2012-06-27 19:19 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-16 02:09 - 2012-06-27 19:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-16 02:09 - 2012-06-27 19:16 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-16 02:09 - 2012-06-27 19:16 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-16 02:09 - 2012-06-27 19:14 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-16 02:09 - 2012-06-27 19:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-16 02:09 - 2012-06-27 19:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-16 02:09 - 2012-06-27 19:08 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-08-16 02:09 - 2012-06-27 16:50 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-08-16 02:09 - 2012-06-27 16:28 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-08-16 02:09 - 2012-06-27 16:27 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-08-16 02:09 - 2012-06-27 16:19 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-08-16 02:09 - 2012-06-27 16:18 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-08-16 02:09 - 2012-06-27 16:18 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-08-16 02:09 - 2012-06-27 16:16 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-08-16 02:09 - 2012-06-27 16:13 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-08-16 02:09 - 2012-06-27 16:12 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-08-16 02:09 - 2012-06-27 16:10 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-08-16 02:09 - 2012-06-27 16:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-08-16 02:09 - 2012-06-27 16:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-08-16 02:09 - 2012-06-27 16:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-08-16 02:09 - 2012-06-27 16:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-08-16 02:06 - 2012-07-04 06:33 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-08-15 16:38 - 2012-06-29 08:20 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-08-15 16:38 - 2012-06-29 08:01 - 00467968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-08-15 16:38 - 2012-05-11 08:34 - 00788480 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll

2012-08-15 16:38 - 2012-05-11 07:57 - 00623616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll

2012-08-14 23:12 - 2012-08-14 23:12 - 00192057 ____A C:\Users\Jen\Documents\getFile.aspx

==================== 3 Months Modified Files ================================

2012-09-10 23:28 - 2006-11-02 07:42 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-09-10 23:28 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-09-10 23:27 - 2012-08-23 14:07 - 00010184 ____A C:\Windows\PFRO.log

2012-09-10 23:27 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-09-10 23:27 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-09-10 23:26 - 2009-01-16 07:07 - 01764170 ____A C:\Windows\WindowsUpdate.log

2012-09-10 23:10 - 2010-03-25 13:00 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-09-10 22:53 - 2006-11-02 04:46 - 00809504 ____A C:\Windows\System32\PerfStringBackup.INI

2012-09-10 22:49 - 2012-09-10 22:45 - 00002142 ____A C:\Windows\setupact.log

2012-09-10 22:45 - 2012-09-10 22:45 - 00000000 ____A C:\Windows\setuperr.log

2012-09-10 19:02 - 2010-11-24 02:45 - 00001693 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk

2012-09-10 01:10 - 2010-03-25 13:00 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-09-07 08:27 - 2012-09-07 08:27 - 00016217 ____A C:\Users\Jen\Desktop\combofix.txt

2012-09-07 07:58 - 2012-09-07 07:58 - 00016217 ____A C:\ComboFix.txt

2012-09-07 07:55 - 2006-11-02 04:34 - 00000215 ____A C:\Windows\system.ini

2012-09-07 07:22 - 2012-09-07 07:14 - 04749820 ____R (Swearware) C:\Users\Jen\Desktop\ComboFix.exe

2012-09-07 01:55 - 2009-01-16 12:22 - 00000288 ____A C:\Windows\Tasks\RtlNICDiagVistaStart.job

2012-09-06 21:11 - 2009-01-23 23:23 - 00097792 ____A C:\Users\Jen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-09-06 20:52 - 2010-08-18 01:42 - 00001460 ____A C:\Users\Jen\AppData\Local\d3d9caps64.dat

2012-09-06 10:47 - 2012-09-06 10:47 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Jen\Desktop\tdsskiller.exe

2012-09-05 21:36 - 2011-11-25 17:44 - 00000349 ____A C:\Users\Public\Documents\PCLECHAL.INI

2012-09-05 21:02 - 2012-08-25 11:56 - 00006836 ____A C:\Users\protected\AppData\Local\d3d9caps.dat

2012-09-05 18:03 - 2012-09-05 18:03 - 00016285 ____A C:\Users\Jen\Desktop\Attach.txt

2012-09-05 18:01 - 2012-09-05 18:01 - 00020488 ____A C:\Users\Jen\Desktop\DDS.txt

2012-09-05 17:55 - 2012-09-05 17:54 - 00607260 ____R (Swearware) C:\Users\Jen\Downloads\dds.com

2012-09-05 14:28 - 2006-11-02 04:33 - 78118912 ____A C:\Windows\System32\config\software_previous

2012-09-05 14:28 - 2006-11-02 04:33 - 52690944 ____A C:\Windows\System32\config\components_previous

2012-09-05 14:28 - 2006-11-02 04:33 - 28311552 ____A C:\Windows\System32\config\system_previous

2012-09-05 14:28 - 2006-11-02 04:33 - 01048576 ____A C:\Windows\System32\config\default_previous

2012-09-05 14:28 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\security_previous

2012-09-05 14:28 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\sam_previous

2012-09-04 02:52 - 2009-06-03 08:37 - 00006836 ____A C:\Users\Jen\AppData\Local\d3d9caps.dat

2012-08-30 09:07 - 2012-08-30 09:07 - 00000008 _RASH C:\Users\Guest\ntuser.pol

2012-08-30 09:06 - 2010-03-25 12:49 - 00120440 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT

2012-08-25 00:21 - 2012-08-25 00:21 - 00120440 ____A C:\Users\protected\AppData\Local\GDIPFONTCACHEV1.DAT

2012-08-25 00:20 - 2012-08-25 00:20 - 00000632 _RASH C:\Users\protected\ntuser.pol

2012-08-25 00:20 - 2012-08-25 00:20 - 00000020 ___SH C:\Users\protected\ntuser.ini

2012-08-25 00:13 - 2011-12-13 12:45 - 00001735 ____A C:\Users\Public\Desktop\Play Pogo Games.lnk

2012-08-24 09:27 - 2012-08-24 09:27 - 00001985 ____A C:\Users\Public\Desktop\McAfee Virtual Technician.lnk

2012-08-23 13:47 - 2012-08-23 13:46 - 00259152 ____A C:\Users\Jen\Documents\cc_20120823_144442.reg

2012-08-16 02:29 - 2006-11-02 07:21 - 00415040 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-16 02:01 - 2006-11-02 04:35 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2012-08-14 23:12 - 2012-08-14 23:12 - 00192057 ____A C:\Users\Jen\Documents\getFile.aspx

2012-08-07 13:52 - 2012-08-07 13:52 - 00256049 ____A C:\Users\Jen\Downloads\GreenPath_DMP_Agreement_For_Jennifer_Wilborn_.zip

2012-08-02 22:46 - 2012-08-02 22:46 - 00000039 ___RH C:\Users\Jen\Downloads\stinger.opt

2012-08-02 22:18 - 2012-08-02 22:18 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-02 22:03 - 2012-08-02 22:03 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys

2012-08-02 22:00 - 2012-08-02 22:00 - 09763944 ____A (McAfee Inc.) C:\Users\Jen\Downloads\stinger.exe

2012-07-26 17:07 - 2012-07-26 17:07 - 00594333 ____A C:\Users\Jen\Downloads\makeyourmark-somethingtodancefor-zendaya-30.zip

2012-07-20 23:22 - 2012-07-20 23:22 - 00001936 ____A C:\Users\Public\Desktop\PlayMemories Home Help.lnk

2012-07-20 23:22 - 2012-07-20 23:22 - 00001122 ____A C:\Users\Public\Desktop\PlayMemories Home.lnk

2012-07-20 22:53 - 2012-07-20 22:47 - 78419576 ____A C:\Users\Jen\Documents\R215398.exe

2012-07-20 22:45 - 2012-07-20 22:42 - 55328776 ____A C:\Users\Jen\Downloads\R200274.exe

2012-07-20 22:34 - 2012-07-08 18:28 - 00186300 ____A C:\Users\Jen\Documents\CineMagic.dmsm

2012-07-20 22:27 - 2012-07-20 22:27 - 00192032 ____A C:\Users\Jen\Documents\CineMagic6.dmsm

2012-07-20 22:27 - 2012-07-20 22:27 - 00030208 ____A C:\Users\Jen\Documents\CineMagic6.dat

2012-07-20 22:21 - 2012-07-20 22:21 - 00192032 ____A C:\Users\Jen\Documents\CineMagic5.dmsm

2012-07-20 22:21 - 2012-07-20 22:21 - 00030208 ____A C:\Users\Jen\Documents\CineMagic5.dat

2012-07-20 22:12 - 2012-07-20 22:12 - 00192032 ____A C:\Users\Jen\Documents\CineMagic4.dmsm

2012-07-20 22:12 - 2012-07-20 22:12 - 00030208 ____A C:\Users\Jen\Documents\CineMagic4.dat

2012-07-20 22:10 - 2012-07-20 22:10 - 05864482 ____A C:\Users\Jen\Documents\CineMagic3.dmsm

2012-07-20 22:10 - 2012-07-20 22:08 - 00930304 ____A C:\Users\Jen\Documents\CineMagic3.dat

2012-07-20 22:08 - 2012-07-20 22:08 - 05864482 ____A C:\Users\Jen\Documents\CineMagic2.dmsm

2012-07-20 22:08 - 2012-07-20 22:07 - 00930304 ____A C:\Users\Jen\Documents\CineMagic2.dat

2012-07-20 22:00 - 2012-07-20 22:00 - 05864482 ____A C:\Users\Jen\Documents\CineMagic1.dmsm

2012-07-20 22:00 - 2012-07-20 21:58 - 00930304 ____A C:\Users\Jen\Documents\CineMagic1.dat

2012-07-20 21:48 - 2012-07-20 21:48 - 05864482 ____A C:\Users\Jen\Documents\CineMagic0.dmsm

2012-07-20 21:48 - 2012-07-20 21:47 - 00930304 ____A C:\Users\Jen\Documents\CineMagic0.dat

2012-07-19 23:38 - 2012-07-19 23:38 - 00006184 ____A C:\Users\Jen\Downloads\AmazonMP3-1342769938.amz

2012-07-18 22:52 - 2012-07-18 22:52 - 00634814 ____A C:\Users\Jen\Documents\Slideshow.dmsm

2012-07-18 22:52 - 2012-07-18 22:52 - 00350720 ____A C:\Users\Jen\Documents\Slideshow.dat

2012-07-17 22:33 - 2012-07-08 18:28 - 00119808 ____A C:\Users\Jen\Documents\CineMagic.dat

2012-07-17 15:07 - 2012-07-17 15:07 - 00000520 ____A C:\Users\Jen\AppData\Local\TempPSTEMPFILEon080901212384_1.tmp

2012-07-12 20:16 - 2012-07-12 20:16 - 00000520 ____A C:\Users\Jen\AppData\Local\TempPSTEMPFILEon0809017140_1.tmp

2012-07-12 20:15 - 2012-07-12 20:15 - 00000520 ____A C:\Users\Jen\AppData\Local\TempPSTEMPFILEon0809017036_1.tmp

2012-07-10 16:35 - 2012-07-10 16:35 - 00000520 ____A C:\Users\Jen\AppData\Local\TempPSTEMPFILEon0809019784_1.tmp

2012-07-10 16:34 - 2012-07-10 16:34 - 00000520 ____A C:\Users\Jen\AppData\Local\TempPSTEMPFILEon0809019896_1.tmp

2012-07-10 00:24 - 2012-07-10 00:24 - 00000520 ____A C:\Users\Jen\AppData\Local\TempPSTEMPFILEon0809016612_1.tmp

2012-07-04 20:35 - 2009-01-23 22:38 - 00120440 ____A C:\Users\Jen\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-04 06:33 - 2012-08-16 02:06 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-03 19:03 - 2012-07-03 19:02 - 00051716 ____A C:\Users\Jen\Downloads\Nighbb__.ttf

2012-07-03 12:46 - 2012-08-02 22:18 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-03 02:13 - 2012-08-03 01:08 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe

2012-06-29 13:37 - 2012-06-29 13:37 - 00000761 ____A C:\Users\Jen\Desktop\join.me.lnk

2012-06-29 08:20 - 2012-08-15 16:38 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-06-29 08:01 - 2012-08-15 16:38 - 00467968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-06-27 20:10 - 2012-08-16 02:09 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-27 19:39 - 2012-08-16 02:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-27 19:28 - 2012-08-16 02:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-27 19:22 - 2012-08-16 02:09 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-27 19:21 - 2012-08-16 02:09 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-27 19:20 - 2012-08-16 02:09 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-27 19:19 - 2012-08-16 02:09 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-27 19:17 - 2012-08-16 02:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-27 19:16 - 2012-08-16 02:09 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-27 19:16 - 2012-08-16 02:09 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-27 19:14 - 2012-08-16 02:09 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-27 19:13 - 2012-08-16 02:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-27 19:12 - 2012-08-16 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-27 19:08 - 2012-08-16 02:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-27 16:50 - 2012-08-16 02:09 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-27 16:28 - 2012-08-16 02:09 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-27 16:27 - 2012-08-16 02:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-27 16:19 - 2012-08-16 02:09 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-27 16:18 - 2012-08-16 02:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-27 16:18 - 2012-08-16 02:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-27 16:16 - 2012-08-16 02:09 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-27 16:13 - 2012-08-16 02:09 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-27 16:12 - 2012-08-16 02:09 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-27 16:10 - 2012-08-16 02:09 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-27 16:08 - 2012-08-16 02:09 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-27 16:08 - 2012-08-16 02:09 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-27 16:07 - 2012-08-16 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-27 16:04 - 2012-08-16 02:09 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-22 06:40 - 2010-11-24 02:39 - 00069672 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys

2012-06-22 06:38 - 2010-11-24 02:39 - 00335784 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys

2012-06-22 06:38 - 2010-11-24 02:20 - 00177144 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe

2012-06-22 06:37 - 2010-11-24 02:40 - 00010288 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys

2012-06-22 06:36 - 2010-11-24 02:39 - 00106112 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys

2012-06-22 06:36 - 2010-10-13 22:28 - 00752672 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys

2012-06-22 06:35 - 2010-11-24 02:39 - 00513456 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys

2012-06-22 06:34 - 2010-11-24 02:39 - 00300392 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys

2012-06-22 06:34 - 2010-10-13 22:28 - 00169320 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeapfk.sys

2012-06-19 11:28 - 2012-06-17 21:42 - 00001901 ____A C:\Users\Public\Desktop\Canon CanoScan 9000F User Registration.LNK

2012-06-17 21:51 - 2012-06-17 21:51 - 00000000 ____A C:\Users\Jen\Sti_Trace.log

2012-06-17 21:48 - 2012-05-23 06:56 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-06-17 21:48 - 2011-10-06 19:14 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-06-17 21:40 - 2012-06-17 21:40 - 00001836 ____A C:\Users\Public\Desktop\PhotoStudio 6.lnk

2012-06-17 21:39 - 2012-06-17 21:39 - 00001932 ____A C:\Users\Public\Desktop\Canon MP Navigator EX 3.1.lnk

2012-06-17 21:39 - 2012-06-17 21:39 - 00001876 ____A C:\Users\Public\Desktop\Canon Solution Menu.lnk

2012-06-17 21:38 - 2012-06-17 21:38 - 00002195 ____A C:\Users\Public\Desktop\Canon CanoScan 9000F On-screen Manual.lnk

2012-06-17 17:35 - 2012-06-17 17:35 - 00002048 ____A C:\Users\Public\Desktop\Amazon Cloud Player.lnk

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-05 21:51:39

Restore point made on: 2012-09-06 02:00:24

Restore point made on: 2012-09-07 02:00:39

Restore point made on: 2012-09-08 00:04:22

Restore point made on: 2012-09-08 02:00:20

Restore point made on: 2012-09-08 23:00:23

Restore point made on: 2012-09-09 02:00:21

Restore point made on: 2012-09-09 14:33:32

Restore point made on: 2012-09-10 02:00:37

==================== Memory info ===========================

Percentage of memory in use: 8%

Total physical RAM: 8190.26 MB

Available physical RAM: 7476.62 MB

Total Pagefile: 7939.66 MB

Available Pagefile: 7526.75 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

==================== Partitions ============================

1 Drive c: (OS) (Fixed) (Total:450.7 GB) (Free:182.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

3 Drive e: () (Removable) (Total:14.9 GB) (Free:14.9 GB) FAT32

8 Drive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.8 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 466 GB 0 B

Disk 1 Online 15 GB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 63 MB 32 KB

Partition 2 Primary 15 GB 63 MB

Partition 3 Primary 451 GB 15 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 8 FAT Partition 63 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 X RECOVERY NTFS Partition 15 GB Healthy Boot

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 451 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 15 GB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E FAT32 Removable 15 GB Healthy

==================================================================================

Last Boot: 2012-09-10 15:17

==================== End Of Log =============================

Link to post
Share on other sites

Please download Farbar's Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan".[*]It will create a log (FSS.txt) in the same directory the tool is run.[*]Please copy and paste the log to your reply.

Link to post
Share on other sites

Thank you again!

Farbar Service Scanner Version: 06-08-2012

Ran by Jen (administrator) on 11-09-2012 at 13:00:46

Running from "C:\Users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9IN0AP0"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcsvc.dll

[2009-08-19 20:32] - [2009-04-11 00:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys

[2012-02-14 22:50] - [2012-01-03 07:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2012-05-10 17:19] - [2012-03-30 05:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll

[2011-04-13 21:19] - [2011-03-02 09:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll

[2009-08-19 20:32] - [2009-04-11 00:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll

[2009-08-19 20:32] - [2009-04-11 00:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe

[2009-08-19 20:32] - [2009-04-11 00:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll

[2009-08-19 20:31] - [2009-04-11 00:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll

[2009-08-19 20:32] - [2009-04-11 00:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll

[2009-08-19 20:32] - [2009-04-11 00:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll

[2009-08-19 20:32] - [2009-04-11 00:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll

[2012-06-13 19:08] - [2012-04-23 09:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll

[2009-08-19 20:32] - [2009-04-11 00:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

**** End of log ****

Link to post
Share on other sites

I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.

  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Start
  • Wait for the scan to finish
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name.
  • Push the Back button.
  • Push Finish

Please post this logfile in your next reply

Link to post
Share on other sites

Here are the logs.

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.12.06

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Jen :: OUR-CPU [administrator]

9/12/2012 3:27:49 PM

mbam-log-2012-09-12 (15-27-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 360723

Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

C:\Users\Jen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\53b37f7a-3e4c091c a variant of Java/Exploit.Agent.NDH trojan

Link to post
Share on other sites

All appears clean here.

Download OTL to your Desktop.

  • Double click on the icon to run it.
  • Under the Custom.jpg box paste this in


activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
services.exe
user32.dll
/md5stop
CREATERESTOREPOINT

  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

Link to post
Share on other sites

OTL Extras logfile created on: 9/13/2012 1:53:16 PM - Run 1

OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Jen\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.25 Gb Total Physical Memory | 4.22 Gb Available Physical Memory | 58.15% Memory free

14.71 Gb Paging File | 11.82 Gb Available in Paging File | 80.34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450.70 Gb Total Space | 194.60 Gb Free Space | 43.18% Space Free | Partition Type: NTFS

Drive D: | 15.00 Gb Total Space | 7.80 Gb Free Space | 51.98% Space Free | Partition Type: NTFS

Computer Name: OUR-CPU | User Name: Jen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = CF CC A1 61 B5 91 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{103BE8B8-292C-439B-9755-249B06A43179}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |

"{19D35ABF-7E19-422C-8912-5F4EEB965687}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe |

"{42553815-5F56-4FE0-AA8C-20C3EAA42E3B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{4C8F8041-0026-45A9-94A9-352002B5FD68}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe |

"{4E70BD25-DD26-4A80-B969-2FEDC509F30F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{5840AF28-5F81-4999-ACFA-FB3121DEEEE0}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |

"{5CF50415-CF69-4954-AB16-768D146F09C3}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |

"{730D6852-D186-4E8E-882B-AAEBA9A73FB5}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |

"{883DB202-A142-4DF4-8076-88E1771BB959}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe |

"{9541A8F9-FDFD-4F08-A182-14B50CE3C3AD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{96D4957F-0880-43C3-AD9B-72934196C7EE}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe |

"{9FE9FAF6-13C1-4CBA-BE9A-F71893AADBFA}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe |

"{AA6F4555-F497-4562-AEDE-8CFECA441F1E}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{B0FAF3DF-53CD-40AA-BBFE-0A965518DD89}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{B87E77C0-1261-4175-9C61-0DBEBAFFA432}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe |

"{BDC80BCC-9F2F-4306-8056-5A23AC263B9C}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe |

"{BEABB76A-F6B2-4E04-8051-C6F86C38DABA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{C7BEB824-16E8-4A58-A02D-11005E4AC081}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe |

"{D1B9F529-1FC5-411B-9FCC-B3A3ED6FFFF1}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe |

"{E2B6D00D-F5E7-483D-9CA3-8D6D3B6B6B4F}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{E6526CB3-D605-4E43-82D0-9B652EA503FF}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{F2063148-71B2-4038-AA91-90FEB313CCCF}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{F3C492DC-C335-4AC3-BFF3-2318FEF4D402}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9602" = CanoScan 9000F Scanner Driver

"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver

"{838F7AB2-5DFE-60B3-1030-43ACC3454CD2}" = ccc-utility64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock

"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{0DB1C665-97DD-F405-1D03-60ED1DA95510}" = Catalyst Control Center Graphics Previews Vista

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{105CA5BB-9F30-149D-1AD4-144040CB3C1B}" = Catalyst Control Center Localization Spanish

"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar

"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools

"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista

"{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}" = Zoo Tycoon 2 - Zookeeper Collection

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4

"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup

"{2BEF1AF7-845D-78AE-D826-A87E8CDB0E7F}" = CCC Help Chinese Standard

"{2E66AD7E-CF67-47CB-B599-5E51112CA0A3}" = Roxio MyDVD Video Lab 10

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite

"{3C36015E-F0F6-43D7-58ED-F4210D355CF9}" = Catalyst Control Center Localization Turkish

"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604

"{3E67A8DA-FE7B-4160-8465-F5571EA18753}" = Roxio Disc Gallery

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector

"{44033AD6-17D0-3611-1D73-2791646B0892}" = CCC Help Portuguese

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{47244975-454F-770B-79C1-0A705F17AA68}" = Catalyst Control Center Localization Chinese Standard

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C4759BE-2BA4-2DA7-58F6-E5188062E6EB}" = CCC Help French

"{4D125AFC-0817-C6AC-B225-3C4E6EDB696D}" = CCC Help Japanese

"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio MyDVD Video Lab 10

"{57D57F9A-0CED-61D0-B3C6-75A874CB9F4D}" = Skins

"{5E0322C6-8CA9-A4BD-E9DC-CC8D8E7CB99E}" = Catalyst Control Center Graphics Previews Common

"{5F06BE49-28E6-771F-A57A-7AC8C97F38E1}" = Catalyst Control Center Core Implementation

"{60E5FF66-3F28-148C-8EE0-CE623C26233D}" = Catalyst Control Center Localization Portuguese

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{672BEEF8-6C95-8F97-74D4-BDF37412437B}" = CCC Help Spanish

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio

"{746F3251-0E32-08E4-D18F-43794D57588D}" = Catalyst Control Center Localization Italian

"{75C89AB1-F888-6B0B-6BB4-A06ED4BDDFC0}" = Catalyst Control Center Graphics Full Existing

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7C7088C6-6347-150C-AEF4-A3190FF2F5AA}" = Catalyst Control Center Localization Hungarian

"{7CF7894B-D52C-F9E5-2ABF-DB6756CE21AC}" = CCC Help Turkish

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{7EDFEE8E-F4F2-CB4E-618B-846D4A95CAC8}" = CCC Help Chinese Traditional

"{8380D40E-291B-144A-554F-4877F4B439DB}" = Catalyst Control Center InstallProxy

"{8587A68A-BF5F-9492-228C-FACFDBA1A4F4}" = CCC Help Hungarian

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack

"{8D445B72-D4AB-4769-A5AF-5056D9D019BD}" = Send to SmugMug

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91155C7C-3404-C96D-78DA-E1D6AF73F6DA}" = Catalyst Control Center Graphics Full New

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro

"{9A9A1828-31D1-4590-A99F-022B7237AFAE}" = Roxio MediaShare

"{9BD9026D-C3C6-0C40-9FD2-DD95A24CDEB2}" = Catalyst Control Center Localization French

"{A0422738-2E4A-B01F-D19E-ED0379A3C3CC}" = CCC Help English

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{ACE0BCCF-27A6-C275-0318-651F6388882F}" = CCC Help German

"{ADAF679D-F9E3-4095-9CB5-335DC7324618}" = eBook Library by Sony

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy

"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3

"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets

"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web

"{C4B556FF-ABE6-8FBE-EF7A-909F72492DA8}" = CCC Help Korean

"{CA06B6B3-A775-50D6-3031-53C40A5202A6}" = Catalyst Control Center Localization Chinese Traditional

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D0338BF1-DD06-8565-48A1-C8F3F991B959}" = Catalyst Control Center Localization Japanese

"{D259350E-936C-C6C0-5FDF-B6B4B95731ED}" = Catalyst Control Center Graphics Light

"{D81230AD-71DF-CFCB-CD05-52CFF26F8634}" = Catalyst Control Center Localization Korean

"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E4A185BB-8E95-6FA7-2637-C9E4768DE2C3}" = ccc-core-static

"{E5F1AAA6-C0C8-326C-CAD2-B413CE1F5512}" = Catalyst Control Center Localization German

"{E62FFFA6-DCBC-189B-443E-D10A44901385}" = CCC Help Italian

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core

"{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}" = ArcSoft PhotoStudio 6

"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins

"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect

"{FE5ED1C0-A340-4EAC-B4BE-FA0AB173436C}" = LeapFrog LeapPad Explorer Plugin

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15

"Canon CanoScan 9000F User Registration" = Canon CanoScan 9000F User Registration

"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program

"CanonSolutionMenu" = Canon Utilities Solution Menu

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Cross Terrain Challenge" = Cross Terrain Challenge

"Dell Video Chat" = Dell Video Chat (remove only)

"ESET Online Scanner" = ESET Online Scanner v3

"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial

"ImTOO DVD Ripper Standard 5" = ImTOO DVD Ripper Standard 5

"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio

"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)

"Magic Bullet Looks Studio" = Magic Bullet Looks Studio

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400

"McAfee Virtual Technician" = McAfee Virtual Technician

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1

"MSC" = McAfee Total Protection

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control

"Picasa 3" = Picasa 3

"PogoDGC" = Pogo Games (remove only)

"Red Giant ToonIt Studio" = Red Giant ToonIt Studio

"Savings Bond Wizard" = Savings Bond Wizard

"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio

"Trapcode Particular Studio" = Trapcode Particular Studio

"Trapcode Shine Studio" = Trapcode Shine Studio

"UnityWebPlayer" = Unity Web Player

"UPCShell" = LeapFrog Connect

"Xilisoft DVD Ripper Ultimate 5" = Xilisoft DVD Ripper Ultimate

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Search Defender" = Yahoo! Search Protection

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"bd4d3a0508d364f5" = Dell Driver Download Manager

"JoinMe" = join.me

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 1/10/2011 7:04:59 AM | Computer Name = Our-CPU | Source = MsiInstaller | ID = 1024

Description =

Error - 1/10/2011 7:06:05 AM | Computer Name = Our-CPU | Source = MsiInstaller | ID = 11606

Description =

Error - 1/10/2011 7:06:05 AM | Computer Name = Our-CPU | Source = MsiInstaller | ID = 11606

Description =

Error - 1/10/2011 7:06:05 AM | Computer Name = Our-CPU | Source = MsiInstaller | ID = 1024

Description =

Error - 1/10/2011 7:07:02 AM | Computer Name = Our-CPU | Source = MsiInstaller | ID = 11606

Description =

Error - 1/10/2011 7:07:02 AM | Computer Name = Our-CPU | Source = MsiInstaller | ID = 11606

Description =

Error - 1/10/2011 7:07:02 AM | Computer Name = Our-CPU | Source = MsiInstaller | ID = 1024

Description =

Error - 1/10/2011 7:07:49 AM | Computer Name = Our-CPU | Source = MsiInstaller | ID = 11606

Description =

Error - 1/10/2011 7:07:49 AM | Computer Name = Our-CPU | Source = MsiInstaller | ID = 11606

Description =

Error - 1/10/2011 7:07:49 AM | Computer Name = Our-CPU | Source = MsiInstaller | ID = 1024

Description =

[ Broadcom Wireless LAN Events ]

Error - 4/22/2012 6:31:02 PM | Computer Name = OUR-CPU | Source = WLAN-Tray | ID = 0

Description = 15:31:02, Sun, Apr 22, 12 Error - Unable to gain access to user store

Error - 4/28/2012 2:03:55 PM | Computer Name = Our-CPU | Source = WLAN-Tray | ID = 0

Description = 11:03:54, Sat, Apr 28, 12 Error - Unable to gain access to user store

Error - 4/28/2012 11:59:20 PM | Computer Name = Our-CPU | Source = WLAN-Tray | ID = 0

Description = 20:59:20, Sat, Apr 28, 12 Error - Unable to gain access to user store

Error - 5/4/2012 9:31:24 AM | Computer Name = Our-CPU | Source = WLAN-Tray | ID = 0

Description = 06:31:21, Fri, May 04, 12 Error - Unable to gain access to user store

Error - 5/13/2012 11:49:10 AM | Computer Name = Our-CPU | Source = WLAN-Tray | ID = 0

Description = 08:49:10, Sun, May 13, 12 Error - Unable to gain access to user store

Error - 6/30/2012 12:06:18 PM | Computer Name = OUR-CPU | Source = WLAN-Tray | ID = 0

Description = 09:06:18, Sat, Jun 30, 12 Error - Unable to gain access to user store

Error - 7/1/2012 12:26:26 PM | Computer Name = Our-CPU | Source = WLAN-Tray | ID = 0

Description = 09:26:26, Sun, Jul 01, 12 Error - Unable to gain access to user store

Error - 8/7/2012 3:30:02 PM | Computer Name = Our-CPU | Source = WLAN-Tray | ID = 0

Description = 12:30:01, Tue, Aug 07, 12 Error - Unable to gain access to user store

Error - 9/5/2012 6:31:02 PM | Computer Name = Our-CPU | Source = WLAN-Tray | ID = 0

Description = 15:31:01, Wed, Sep 05, 12 Error - Unable to gain access to user store

Error - 9/7/2012 5:37:06 AM | Computer Name = Our-CPU | Source = WLAN-Tray | ID = 0

Description = 02:37:03, Fri, Sep 07, 12 Error - Unable to gain access to user store

[ Media Center Events ]

Error - 10/11/2009 10:13:00 PM | Computer Name = Our-CPU | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]

Error - 9/13/2012 6:02:40 AM | Computer Name = Our-CPU | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

Error - 9/13/2012 6:04:06 AM | Computer Name = Our-CPU | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

Error - 9/13/2012 6:05:55 AM | Computer Name = Our-CPU | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

Error - 9/13/2012 6:32:22 AM | Computer Name = Our-CPU | Source = Service Control Manager | ID = 7011

Description =

Error - 9/13/2012 7:19:21 AM | Computer Name = Our-CPU | Source = Service Control Manager | ID = 7011

Description =

Error - 9/13/2012 7:19:52 AM | Computer Name = Our-CPU | Source = Service Control Manager | ID = 7011

Description =

Error - 9/13/2012 3:04:54 PM | Computer Name = Our-CPU | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.5 for the Network Card with network

address 00217044DE20 has been denied by the DHCP server 0.0.0.0 (The DHCP Server

sent a DHCPNACK message).

Error - 9/13/2012 3:05:02 PM | Computer Name = Our-CPU | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.9 for the Network Card with network

address 00234EC02861 has been denied by the DHCP server 0.0.0.0 (The DHCP Server

sent a DHCPNACK message).

Error - 9/13/2012 3:05:19 PM | Computer Name = Our-CPU | Source = Service Control Manager | ID = 7011

Description =

Error - 9/13/2012 3:05:52 PM | Computer Name = Our-CPU | Source = Service Control Manager | ID = 7011

Description =

< End of report >

OTL logfile created on: 9/13/2012 1:53:16 PM - Run 1

OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Jen\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.25 Gb Total Physical Memory | 4.22 Gb Available Physical Memory | 58.15% Memory free

14.71 Gb Paging File | 11.82 Gb Available in Paging File | 80.34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450.70 Gb Total Space | 194.60 Gb Free Space | 43.18% Space Free | Partition Type: NTFS

Drive D: | 15.00 Gb Total Space | 7.80 Gb Free Space | 51.98% Space Free | Partition Type: NTFS

Computer Name: OUR-CPU | User Name: Jen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/13 13:51:17 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Jen\Desktop\OTL.exe

PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE

PRC - [2012/04/22 10:05:38 | 000,474,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

PRC - [2012/04/22 09:58:48 | 000,724,536 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

PRC - [2012/01/04 07:40:48 | 000,519,888 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe

PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/08/22 01:18:08 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009/09/08 14:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

PRC - [2009/02/23 06:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe

PRC - [2009/02/09 02:27:53 | 000,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Windows\SysWOW64\WDBtnMgr.exe

PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2008/05/24 11:27:30 | 000,113,136 | ---- | M] () -- C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe

PRC - [2008/05/23 12:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

MOD - [2011/08/22 01:18:06 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll

MOD - [2008/05/24 11:27:30 | 000,113,136 | ---- | M] () -- C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/08/24 23:46:28 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2012/06/22 07:38:04 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2012/06/22 07:34:52 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2012/06/22 07:33:12 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV:64bit: - [2008/10/28 23:06:44 | 000,901,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)

SRV:64bit: - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV:64bit: - [2008/07/18 05:42:16 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)

SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/03/15 19:41:02 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)

SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)

SRV - [2012/04/22 10:05:38 | 000,474,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2012/01/04 07:40:48 | 000,519,888 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe -- (PGMTrusted)

SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010/04/13 21:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009/09/11 15:55:30 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2009/09/08 14:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/05/24 09:02:16 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)

SRV - [2008/05/24 09:02:10 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)

SRV - [2008/05/24 09:00:12 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)

SRV - [2008/05/24 09:00:06 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)

SRV - [2008/05/24 08:59:36 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/22 07:40:58 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2012/06/22 07:38:16 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2012/06/22 07:36:54 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2012/06/22 07:36:12 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2012/06/22 07:35:02 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2012/06/22 07:34:22 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2012/06/22 07:34:00 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)

DRV:64bit: - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/11/12 12:18:12 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btblan.sys -- (Leapfrog-USBLAN)

DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2010/04/13 21:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\MOBK.sys -- (MOBKFilter)

DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/04/10 23:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2008/10/28 23:06:48 | 004,598,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

DRV:64bit: - [2008/10/28 23:06:48 | 004,598,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2008/07/21 04:18:30 | 000,026,624 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys -- (RtNdPt60)

DRV:64bit: - [2008/07/15 05:14:10 | 000,395,288 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)

DRV:64bit: - [2008/07/10 04:28:50 | 000,170,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/04/08 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2008/01/20 19:47:28 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)

DRV:64bit: - [2008/01/20 19:46:57 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)

DRV:64bit: - [2008/01/20 19:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2008/01/20 19:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)

DRV:64bit: - [2008/01/20 19:46:53 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)

DRV:64bit: - [2006/12/19 13:19:26 | 000,640,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)

DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys -- (MarvinBus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090116

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2929250

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{2964F230-6750-4F92-8A6A-FC0FFD9B8656}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7

IE - HKCU\..\SearchScopes\{DE83D8E5-54D8-4CE6-AAFD-AD7D0B8E4CCC}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )

FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files (x86)\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)

FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.8.1: C:\Users\Jen\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll (Yahoo! Inc.)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/09/05 15:07:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/09/05 15:44:01 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://start.pogo.iplay.com/?o=shp

CHR - plugin: Silverlight 4 (Enabled) = default_plugin

CHR - plugin: Error reading preferences file

O1 HOSTS File: ([2012/09/07 08:54:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CE7499E7-AF3C-4662-AC92-454212345DDB} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.

O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] Skytel.exe File not found

O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [DMXLauncher] C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe ()

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [WD Button Manager] C:\Windows\SysWow64\WDBtnMgr.exe (Western Digital Technologies, Inc.)

O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe (Adobe Systems Incorporated)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F23932D-DF9C-47F4-AFE7-E7855F016713}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC62BB9E-EBAF-4507-8D71-3AD90D89B2CA}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\gopher - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/13 13:51:17 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Jen\Desktop\OTL.exe

[2012/09/12 20:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012/09/12 16:08:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/09/11 01:36:26 | 000,000,000 | ---D | C] -- C:\FRST

[2012/09/07 13:43:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/09/07 08:27:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/09/07 08:27:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/09/07 08:27:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/09/07 08:27:19 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/09/07 08:26:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/09/07 08:14:28 | 004,749,820 | R--- | C] (Swearware) -- C:\Users\Jen\Desktop\ComboFix.exe

[2012/09/06 11:47:45 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jen\Desktop\tdsskiller.exe

[2012/09/05 22:53:30 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Local\SmugMug

[2012/09/05 22:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Send to SmugMug

[2012/09/05 22:37:54 | 000,000,000 | ---D | C] -- C:\Users\Jen\Documents\InstantCDDVD

[2012/08/25 01:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pogo Games

[2010/05/17 21:53:10 | 000,942,960 | ---- | C] (McAfee Inc.) -- C:\Users\Jen\AppData\Local\MvtApp.exe

[2009/05/19 02:26:19 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\RngInterstitial.dll

[6 C:\Users\Jen\AppData\Local\*.tmp files -> C:\Users\Jen\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/13 13:51:17 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Jen\Desktop\OTL.exe

[2012/09/13 13:10:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/09/13 12:05:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/09/13 03:01:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/13 03:01:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/13 03:00:34 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/09/12 20:02:08 | 000,001,693 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk

[2012/09/11 12:50:32 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job

[2012/09/11 01:28:58 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/10 23:53:51 | 000,809,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/09/10 23:53:51 | 000,677,136 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/09/10 23:53:51 | 000,134,102 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/09/07 08:54:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/09/07 08:22:36 | 004,749,820 | R--- | M] (Swearware) -- C:\Users\Jen\Desktop\ComboFix.exe

[2012/09/06 22:11:51 | 000,097,792 | ---- | M] () -- C:\Users\Jen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/09/06 21:52:27 | 000,001,460 | ---- | M] () -- C:\Users\Jen\AppData\Local\d3d9caps64.dat

[2012/09/06 11:47:45 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jen\Desktop\tdsskiller.exe

[2012/09/05 22:36:13 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

[2012/09/04 03:52:56 | 000,006,836 | ---- | M] () -- C:\Users\Jen\AppData\Local\d3d9caps.dat

[2012/08/25 01:13:01 | 000,001,759 | ---- | M] () -- C:\Users\Jen\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Pogo Games.lnk

[2012/08/25 01:13:01 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\Play Pogo Games.lnk

[2012/08/24 10:27:20 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk

[2012/08/23 14:47:18 | 000,259,152 | ---- | M] () -- C:\Users\Jen\Documents\cc_20120823_144442.reg

[2012/08/16 03:29:13 | 000,415,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/08/15 00:12:35 | 000,192,057 | ---- | M] () -- C:\Users\Jen\Documents\getFile.aspx

[6 C:\Users\Jen\AppData\Local\*.tmp files -> C:\Users\Jen\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/12 16:44:58 | 000,001,693 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk

[2012/09/07 08:27:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/09/07 08:27:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/09/07 08:27:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/09/07 08:27:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/09/07 08:27:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/08/25 01:13:01 | 000,001,759 | ---- | C] () -- C:\Users\Jen\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Pogo Games.lnk

[2012/08/24 10:27:20 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk

[2012/08/24 10:25:54 | 000,001,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk

[2012/08/23 14:46:21 | 000,259,152 | ---- | C] () -- C:\Users\Jen\Documents\cc_20120823_144442.reg

[2012/08/15 00:12:34 | 000,192,057 | ---- | C] () -- C:\Users\Jen\Documents\getFile.aspx

[2012/06/17 22:37:26 | 000,786,504 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602N.DAT

[2012/06/17 22:37:26 | 000,296,064 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602W.DAT

[2011/05/16 13:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll

[2011/04/17 00:10:32 | 000,000,227 | ---- | C] () -- C:\Windows\PowerReg.dat

[2011/04/17 00:10:27 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe

[2011/04/16 23:59:17 | 000,000,034 | ---- | C] () -- C:\Windows\Disney.ini

[2011/04/16 23:58:15 | 000,000,310 | ---- | C] () -- C:\Windows\EReg515.dat

[2010/09/02 03:07:24 | 000,000,020 | ---- | C] () -- C:\Users\Jen\AppData\Roaming\hngmfc.dat

[2010/08/18 02:42:23 | 000,001,460 | ---- | C] () -- C:\Users\Jen\AppData\Local\d3d9caps64.dat

[2010/03/30 23:37:21 | 000,009,842 | -HS- | C] () -- C:\Users\Jen\AppData\Local\80AsEM

[2010/03/30 23:37:21 | 000,009,842 | -HS- | C] () -- C:\ProgramData\80AsEM

[2010/02/17 19:15:24 | 000,009,086 | -HS- | C] () -- C:\Users\Jen\AppData\Local\Q8T6845

[2009/08/21 15:54:09 | 000,000,091 | ---- | C] () -- C:\Users\Jen\AppData\Local\fusioncache.dat

[2009/08/11 18:28:10 | 000,258,348 | ---- | C] () -- C:\Users\Jen\AppData\Local\rx_image32.Cache

[2009/08/10 01:31:31 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009/06/03 09:37:04 | 000,006,836 | ---- | C] () -- C:\Users\Jen\AppData\Local\d3d9caps.dat

[2009/02/09 00:49:05 | 000,000,170 | ---- | C] () -- C:\Users\Jen\AppData\Roaming\wklnhst.dat

[2009/01/26 23:54:55 | 000,000,632 | RHS- | C] () -- C:\Users\Jen\ntuser.pol

[2009/01/24 00:23:08 | 000,097,792 | ---- | C] () -- C:\Users\Jen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/06/17 18:35:45 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Amazon

[2009/06/23 20:58:10 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\BlamGames

[2009/06/24 13:18:00 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\blg

[2012/06/17 22:51:15 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Canon

[2012/09/05 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Catalina Marketing Corp

[2012/07/12 20:53:05 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/12/13 21:34:58 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\com.Shutterfly.ExpressUploader

[2012/09/05 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\CupcakeCafe

[2010/02/02 21:36:47 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\EleFun Games

[2011/11/26 19:01:38 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Gamelab

[2012/09/05 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\GetRightToGo

[2012/09/05 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Jane s Hotel Family Hero

[2009/06/08 02:53:27 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\JewelMatch2

[2009/09/26 15:35:55 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Merscom

[2009/09/26 15:51:19 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\MysteryStudio

[2012/06/01 19:21:48 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Oberon Media

[2009/06/09 14:21:57 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Orneon

[2011/11/26 22:35:49 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\PlayFirst

[2010/01/31 20:53:18 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Pogo Games

[2009/07/11 02:54:35 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\RoadRunner

[2009/07/10 00:37:24 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Skunk Studios

[2009/06/22 17:36:45 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Sudden Games

[2009/02/09 00:49:07 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Template

[2010/12/09 03:00:44 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\TP

[2012/09/05 15:09:10 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\TypingMaster7

[2009/05/22 22:12:24 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\URSE Games

[2009/05/29 13:01:49 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\WildTangent

[2012/09/11 12:50:32 | 000,000,288 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job

[2012/09/11 04:14:27 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:6FDE1666

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:33611CFB

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:4363DE71

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:ED810E46

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:89C2A42C

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\Slideshow.dmsm:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\dvd cover.jwl:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\CineMagic6.dmsm:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\CineMagic5.dmsm:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\CineMagic4.dmsm:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\CineMagic3.dmsm:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\CineMagic2.dmsm:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\CineMagic1.dmsm:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\CineMagic0.dmsm:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\CineMagic.dmsm:Roxio EMC Stream

@Alternate Data Stream - 64 bytes -> C:\Users\Jen\Documents\The Beatles - Beetles - Yesterday.mp3:TOC.WMV

@Alternate Data Stream - 64 bytes -> C:\Users\Jen\Documents\MVI_0291.AVI:TOC.WMV

@Alternate Data Stream - 64 bytes -> C:\Users\Jen\Documents\Jason Mraz - I'm Yours (2008 Version).mp3:TOC.WMV

@Alternate Data Stream - 64 bytes -> C:\Users\Jen\Documents\Bobbie Vinton - Blue moon.mp3:TOC.WMV

@Alternate Data Stream - 64 bytes -> C:\Users\Jen\Documents\Beatles - Here Comes The Sun.mp3:TOC.WMV

@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:C3C72D5F

@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:BB709C37

@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:2686AB70

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:F86D323F

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:FA322695

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:9FB90B04

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:A73E7104

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:1D6686D8

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:AAB23F74

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:06F77AFE

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:F50F1555

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:55C54F7C

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2D69529A

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2B3CA77E

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E6B1AD87

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:625C7287

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:122B409D

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9AE67195

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2B99FE60

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F3C5E5A0

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D8134D8F

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:593E515D

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:CEE4A457

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:BAC2F271

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:413E2927

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:38E2864F

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D95DAC38

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:BBF60A29

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E07EA07E

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F67AAFC5

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:770A9BD8

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:33384BC0

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AEABFEC4

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:471AD3D0

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3BAD65EA

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:31F2397C

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E0AE69BE

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D1AA075A

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C0A2E219

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:91486201

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8BCF4DE2

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:57EE48CA

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:439E3411

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0DFE2AE1

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9950163C

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:14FA5E46

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B3942462

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:19C3BC3A

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:102394C6

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D2A5A561

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EA701346

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A688EF17

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6BD304B9

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:5D9A374E

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:22741C1F

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8C81B36D

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:483AC68A

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CE87230

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A97FF73C

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A6CDBCAC

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:56C17A93

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:52E1DB1D

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:EF4FB3C5

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:A4BF246C

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3A6BC948

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3790BACD

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FC60E0F8

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:37994DBE

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:126591AF

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:D02FBAEC

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:966CEAE7

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:00811B66

@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4AD2C54D

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:49EB0FDC

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F2AF86D9

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:02B823FE

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C74009E5

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:80B291A7

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:67BA17B9

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:60A4BB64

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:43982D5E

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4EF94CF3

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:1A8BB29B

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:11FC043F

< End of report >

Link to post
Share on other sites

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Double click on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.

Link to post
Share on other sites

ComboFix 12-09-18.07 - Jen 09/18/2012 21:50:42.2.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7422.5161 [GMT -7:00]

Running from: c:\users\Jen\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jen\AppData\Local\Downloaded Installations\ATI\atxeauuls.dll

c:\users\Jen\AppData\Roaming\Adobe\sp.DLL

.

.

((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 )))))))))))))))))))))))))))))))

.

.

2012-09-19 05:07 . 2012-09-19 05:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-09-19 05:07 . 2012-09-19 05:07 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp

2012-09-19 05:07 . 2012-09-19 05:07 -------- d-----w- c:\users\Nena\AppData\Local\temp

2012-09-19 05:07 . 2012-09-19 05:07 -------- d-----w- c:\users\Nena.Our-CPU\AppData\Local\temp

2012-09-19 05:07 . 2012-09-19 05:07 -------- d-----w- c:\users\Mel\AppData\Local\temp

2012-09-19 05:07 . 2012-09-19 05:07 -------- d-----w- c:\users\Jeb\AppData\Local\temp

2012-09-19 05:07 . 2012-09-19 05:07 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-09-19 05:07 . 2012-09-19 05:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-12 23:08 . 2012-09-12 23:08 -------- d-----w- c:\program files (x86)\ESET

2012-09-12 05:45 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46F6BB1A-12A9-461F-B13E-3B08DE790943}\mpengine.dll

2012-09-11 08:36 . 2012-09-11 08:36 -------- d-----w- C:\FRST

2012-09-06 05:53 . 2012-09-06 05:53 -------- d-----w- c:\users\Jen\AppData\Local\SmugMug

2012-09-06 05:51 . 2012-09-06 05:51 -------- d-----w- c:\program files (x86)\Send to SmugMug

2012-08-30 17:06 . 2012-08-30 17:06 -------- d-----w- c:\users\Guest\AppData\Local\ArcSoft

2012-08-30 17:06 . 2012-08-30 17:06 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer

2012-08-30 17:06 . 2012-08-30 17:07 -------- d-----w- c:\users\Guest\AppData\Roaming\ArcSoft

2012-08-25 08:20 . 2012-09-05 22:27 -------- d-----w- c:\users\protected

2012-08-25 08:12 . 2012-09-07 15:53 -------- d-----w- c:\program files (x86)\Pogo Games

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-12 10:00 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe

2012-09-08 00:04 . 2012-08-03 06:18 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-03 06:03 . 2012-08-03 06:03 16200 ----a-w- c:\windows\stinger.sys

2012-07-17 23:07 . 2012-07-17 23:07 520 ----a-w- c:\users\Jen\AppData\Local\TempPSTEMPFILEon080901212384_1.tmp

2012-07-13 04:16 . 2012-07-13 04:16 520 ----a-w- c:\users\Jen\AppData\Local\TempPSTEMPFILEon0809017140_1.tmp

2012-07-13 04:15 . 2012-07-13 04:15 520 ----a-w- c:\users\Jen\AppData\Local\TempPSTEMPFILEon0809017036_1.tmp

2012-07-11 00:35 . 2012-07-11 00:35 520 ----a-w- c:\users\Jen\AppData\Local\TempPSTEMPFILEon0809019784_1.tmp

2012-07-11 00:34 . 2012-07-11 00:34 520 ----a-w- c:\users\Jen\AppData\Local\TempPSTEMPFILEon0809019896_1.tmp

2012-07-10 08:24 . 2012-07-10 08:24 520 ----a-w- c:\users\Jen\AppData\Local\TempPSTEMPFILEon0809016612_1.tmp

2012-07-04 14:33 . 2012-08-16 10:06 2769408 ----a-w- c:\windows\system32\win32k.sys

2012-06-29 16:20 . 2012-08-16 00:38 648192 ----a-w- c:\windows\system32\netapi32.dll

2012-06-28 04:10 . 2012-08-16 10:09 17809920 ----a-w- c:\windows\system32\mshtml.dll

2012-06-28 03:39 . 2012-08-16 10:09 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-06-28 03:28 . 2012-08-16 10:09 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-06-28 03:22 . 2012-08-16 10:09 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-28 03:21 . 2012-08-16 10:09 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-28 03:20 . 2012-08-16 10:09 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-28 03:19 . 2012-08-16 10:09 237056 ----a-w- c:\windows\system32\url.dll

2012-06-28 03:17 . 2012-08-16 10:09 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-28 03:16 . 2012-08-16 10:09 816640 ----a-w- c:\windows\system32\jscript.dll

2012-06-28 03:16 . 2012-08-16 10:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-28 03:14 . 2012-08-16 10:09 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-28 03:13 . 2012-08-16 10:09 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-28 03:12 . 2012-08-16 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-28 03:08 . 2012-08-16 10:09 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-28 00:27 . 2012-08-16 10:09 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-28 00:19 . 2012-08-16 10:09 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-28 00:18 . 2012-08-16 10:09 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-28 00:12 . 2012-08-16 10:09 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-28 00:07 . 2012-08-16 10:09 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-22 14:40 . 2010-11-24 10:39 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-06-22 14:38 . 2010-11-24 10:39 335784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-06-22 14:38 . 2010-11-24 10:20 177144 ----a-w- c:\windows\system32\mfevtps.exe

2012-06-22 14:37 . 2010-11-24 10:40 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-06-22 14:36 . 2010-11-24 10:39 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-06-22 14:36 . 2010-10-14 06:28 752672 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-06-22 14:35 . 2010-11-24 10:39 513456 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-06-22 14:34 . 2010-11-24 10:39 300392 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-06-22 14:34 . 2010-10-14 06:28 169320 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2009-05-19 09:26 . 2009-05-19 09:26 774144 ----a-w- c:\program files (x86)\RngInterstitial.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"WD Button Manager"="WDBtnMgr.exe" [2009-02-09 364544]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-05-24 244208]

"DMXLauncher"="c:\program files (x86)\Roxio\CinePlayer\DMXLauncher.exe" [2008-05-24 113136]

"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-06-22 1527896]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-04-22 724536]

.

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

c:\users\Mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

c:\users\Nena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

c:\users\Nena.Our-CPU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

c:\users\protected\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-20 113664]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2008-07-18 86016]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-25 21:00]

.

2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-25 21:00]

.

2012-09-15 c:\windows\Tasks\RtlNICDiagVistaStart.job

- c:\program files (x86)\Realtek\RTNICDiag\RTNICDiag.exe [2009-01-16 11:18]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-14 04:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-14 04:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-14 04:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6431232]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1683456]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.rr.com/

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

LSP: c:\windows\system32\wpclsp.dll

TCP: DhcpNameServer = 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

Wow6432Node-HKCU-Run-ATI - c:\users\Jen\AppData\Local\Downloaded Installations\ATI\atxeauuls.dll

WebBrowser-{CE7499E7-AF3C-4662-AC92-454212345DDB} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-Skytel - Skytel.exe

AddRemove-Adobe Shockwave Player - c:\windows\System32\Adobe\SHOCKW~1\UNWISE.EXE

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

Completion time: 2012-09-18 22:11:28

ComboFix-quarantined-files.txt 2012-09-19 05:11

ComboFix2.txt 2012-09-07 15:58

.

Pre-Run: 196,652,253,184 bytes free

Post-Run: 197,994,291,200 bytes free

.

- - End Of File - - C597E93D68DFE8A5BFEA181C525CCF36

Link to post
Share on other sites

Looks good.

Are the redirections still present ?

Double click on the OTL icon to run it.

  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button.
  • When the scan completes, it will create a logfile ( OTL.txt ). This is saved in the same location as OTL.

Please post this in your next reply.

Link to post
Share on other sites

It is not redirecting for now, but I dont want to use it until we are done correcting the problems.

OTL logfile created on: 9/19/2012 8:17:24 AM - Run 2

OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Jen\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.25 Gb Total Physical Memory | 4.64 Gb Available Physical Memory | 64.00% Memory free

14.58 Gb Paging File | 12.01 Gb Available in Paging File | 82.36% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450.70 Gb Total Space | 196.09 Gb Free Space | 43.51% Space Free | Partition Type: NTFS

Drive D: | 15.00 Gb Total Space | 7.80 Gb Free Space | 51.98% Space Free | Partition Type: NTFS

Computer Name: OUR-CPU | User Name: Jen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/19 08:16:50 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Jen\Desktop\OTL.exe

PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE

PRC - [2012/04/22 10:05:38 | 000,474,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

PRC - [2012/04/22 09:58:48 | 000,724,536 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

PRC - [2012/01/04 07:40:48 | 000,519,888 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe

PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/08/22 01:18:08 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009/09/08 14:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

PRC - [2009/04/10 23:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

PRC - [2009/02/23 06:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe

PRC - [2009/02/09 02:27:53 | 000,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Windows\SysWOW64\WDBtnMgr.exe

PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2008/05/24 11:27:30 | 000,113,136 | ---- | M] () -- C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe

PRC - [2008/05/23 12:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

MOD - [2011/08/22 01:18:06 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll

MOD - [2008/05/24 11:27:30 | 000,113,136 | ---- | M] () -- C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/08/24 23:46:28 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2012/06/22 07:38:04 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2012/06/22 07:34:52 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2012/06/22 07:33:12 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV:64bit: - [2008/10/28 23:06:44 | 000,901,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)

SRV:64bit: - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV:64bit: - [2008/07/18 05:42:16 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)

SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/03/15 19:41:02 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)

SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)

SRV - [2012/04/22 10:05:38 | 000,474,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2012/01/04 07:40:48 | 000,519,888 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe -- (PGMTrusted)

SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010/04/13 21:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009/09/11 15:55:30 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2009/09/08 14:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/05/24 09:02:16 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)

SRV - [2008/05/24 09:02:10 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)

SRV - [2008/05/24 09:00:12 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)

SRV - [2008/05/24 09:00:06 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)

SRV - [2008/05/24 08:59:36 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/22 07:40:58 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2012/06/22 07:38:16 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2012/06/22 07:36:54 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2012/06/22 07:36:12 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2012/06/22 07:35:02 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2012/06/22 07:34:22 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2012/06/22 07:34:00 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)

DRV:64bit: - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/11/12 12:18:12 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btblan.sys -- (Leapfrog-USBLAN)

DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2010/04/13 21:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\MOBK.sys -- (MOBKFilter)

DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/04/10 23:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2008/10/28 23:06:48 | 004,598,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

DRV:64bit: - [2008/10/28 23:06:48 | 004,598,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2008/07/21 04:18:30 | 000,026,624 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys -- (RtNdPt60)

DRV:64bit: - [2008/07/15 05:14:10 | 000,395,288 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)

DRV:64bit: - [2008/07/10 04:28:50 | 000,170,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/04/08 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2008/01/20 19:47:28 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)

DRV:64bit: - [2008/01/20 19:46:57 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)

DRV:64bit: - [2008/01/20 19:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2008/01/20 19:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)

DRV:64bit: - [2008/01/20 19:46:53 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)

DRV:64bit: - [2006/12/19 13:19:26 | 000,640,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)

DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys -- (MarvinBus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090116

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2929250

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{2964F230-6750-4F92-8A6A-FC0FFD9B8656}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7

IE - HKCU\..\SearchScopes\{DE83D8E5-54D8-4CE6-AAFD-AD7D0B8E4CCC}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )

FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files (x86)\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)

FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.8.1: C:\Users\Jen\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll (Yahoo! Inc.)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/09/05 15:07:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/09/05 15:44:01 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://start.pogo.iplay.com/?o=shp

CHR - plugin: Silverlight 4 (Enabled) = default_plugin

CHR - plugin: Error reading preferences file

O1 HOSTS File: ([2012/09/18 22:09:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CE7499E7-AF3C-4662-AC92-454212345DDB} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.

O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] Skytel.exe File not found

O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [DMXLauncher] C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe ()

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [WD Button Manager] C:\Windows\SysWow64\WDBtnMgr.exe (Western Digital Technologies, Inc.)

O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe (Adobe Systems Incorporated)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F23932D-DF9C-47F4-AFE7-E7855F016713}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC62BB9E-EBAF-4507-8D71-3AD90D89B2CA}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\gopher - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/19 08:16:46 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Jen\Desktop\OTL.exe

[2012/09/18 22:31:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/09/18 21:46:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/09/18 21:46:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/09/18 21:46:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/09/18 21:45:44 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/09/18 21:44:58 | 004,752,754 | R--- | C] (Swearware) -- C:\Users\Jen\Desktop\ComboFix.exe

[2012/09/18 21:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012/09/12 16:08:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/09/11 01:36:26 | 000,000,000 | ---D | C] -- C:\FRST

[2012/09/07 08:26:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/09/06 11:47:45 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jen\Desktop\tdsskiller.exe

[2012/09/05 22:53:30 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Local\SmugMug

[2012/09/05 22:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Send to SmugMug

[2012/09/05 22:37:54 | 000,000,000 | ---D | C] -- C:\Users\Jen\Documents\InstantCDDVD

[2012/08/25 01:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pogo Games

[2010/05/17 21:53:10 | 000,942,960 | ---- | C] (McAfee Inc.) -- C:\Users\Jen\AppData\Local\MvtApp.exe

[2009/05/19 02:26:19 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\RngInterstitial.dll

[6 C:\Users\Jen\AppData\Local\*.tmp files -> C:\Users\Jen\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/19 08:17:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/09/19 08:16:50 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Jen\Desktop\OTL.exe

[2012/09/19 07:00:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/19 07:00:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/19 05:17:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/09/19 03:23:03 | 000,006,836 | ---- | M] () -- C:\Users\Jen\AppData\Local\d3d9caps.dat

[2012/09/19 03:00:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/09/18 22:09:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/09/18 21:45:07 | 004,752,754 | R--- | M] (Swearware) -- C:\Users\Jen\Desktop\ComboFix.exe

[2012/09/18 21:15:51 | 000,001,693 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk

[2012/09/14 19:29:59 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job

[2012/09/11 01:28:58 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/10 23:53:51 | 000,809,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/09/10 23:53:51 | 000,677,136 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/09/10 23:53:51 | 000,134,102 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/09/06 22:11:51 | 000,097,792 | ---- | M] () -- C:\Users\Jen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/09/06 21:52:27 | 000,001,460 | ---- | M] () -- C:\Users\Jen\AppData\Local\d3d9caps64.dat

[2012/09/06 11:47:45 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jen\Desktop\tdsskiller.exe

[2012/09/05 22:36:13 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

[2012/08/25 01:13:01 | 000,001,759 | ---- | M] () -- C:\Users\Jen\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Pogo Games.lnk

[2012/08/25 01:13:01 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\Play Pogo Games.lnk

[2012/08/24 10:27:20 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk

[2012/08/23 14:47:18 | 000,259,152 | ---- | M] () -- C:\Users\Jen\Documents\cc_20120823_144442.reg

[6 C:\Users\Jen\AppData\Local\*.tmp files -> C:\Users\Jen\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/18 21:46:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/09/18 21:46:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/09/18 21:46:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/09/18 21:46:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/09/18 21:46:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/09/12 16:44:58 | 000,001,693 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk

[2012/08/25 01:13:01 | 000,001,759 | ---- | C] () -- C:\Users\Jen\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Pogo Games.lnk

[2012/08/24 10:27:20 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk

[2012/08/24 10:25:54 | 000,001,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk

[2012/08/23 14:46:21 | 000,259,152 | ---- | C] () -- C:\Users\Jen\Documents\cc_20120823_144442.reg

[2012/06/17 22:37:26 | 000,786,504 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602N.DAT

[2012/06/17 22:37:26 | 000,296,064 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602W.DAT

[2011/05/16 13:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll

[2011/04/17 00:10:32 | 000,000,227 | ---- | C] () -- C:\Windows\PowerReg.dat

[2011/04/17 00:10:27 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe

[2011/04/16 23:59:17 | 000,000,034 | ---- | C] () -- C:\Windows\Disney.ini

[2011/04/16 23:58:15 | 000,000,310 | ---- | C] () -- C:\Windows\EReg515.dat

[2010/09/02 03:07:24 | 000,000,020 | ---- | C] () -- C:\Users\Jen\AppData\Roaming\hngmfc.dat

[2010/08/18 02:42:23 | 000,001,460 | ---- | C] () -- C:\Users\Jen\AppData\Local\d3d9caps64.dat

[2010/03/30 23:37:21 | 000,009,842 | -HS- | C] () -- C:\Users\Jen\AppData\Local\80AsEM

[2010/03/30 23:37:21 | 000,009,842 | -HS- | C] () -- C:\ProgramData\80AsEM

[2010/02/17 19:15:24 | 000,009,086 | -HS- | C] () -- C:\Users\Jen\AppData\Local\Q8T6845

[2009/08/21 15:54:09 | 000,000,091 | ---- | C] () -- C:\Users\Jen\AppData\Local\fusioncache.dat

[2009/08/11 18:28:10 | 000,258,348 | ---- | C] () -- C:\Users\Jen\AppData\Local\rx_image32.Cache

[2009/08/10 01:31:31 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009/06/03 09:37:04 | 000,006,836 | ---- | C] () -- C:\Users\Jen\AppData\Local\d3d9caps.dat

[2009/02/09 00:49:05 | 000,000,170 | ---- | C] () -- C:\Users\Jen\AppData\Roaming\wklnhst.dat

[2009/01/26 23:54:55 | 000,000,632 | RHS- | C] () -- C:\Users\Jen\ntuser.pol

[2009/01/24 00:23:08 | 000,097,792 | ---- | C] () -- C:\Users\Jen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/04/29 10:06:36 | 000,001,364 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mcafee[2].txt

[2010/04/19 07:10:13 | 000,000,079 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yahoo[1].txt

[2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2012/06/17 18:35:45 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Amazon

[2009/06/23 20:58:10 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\BlamGames

[2009/06/24 13:18:00 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\blg

[2012/06/17 22:51:15 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Canon

[2012/09/05 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Catalina Marketing Corp

[2012/07/12 20:53:05 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/12/13 21:34:58 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\com.Shutterfly.ExpressUploader

[2012/09/05 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\CupcakeCafe

[2010/02/02 21:36:47 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\EleFun Games

[2011/11/26 19:01:38 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Gamelab

[2012/09/05 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\GetRightToGo

[2012/09/05 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Jane s Hotel Family Hero

[2009/06/08 02:53:27 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\JewelMatch2

[2009/09/26 15:35:55 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Merscom

[2009/09/26 15:51:19 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\MysteryStudio

[2012/06/01 19:21:48 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Oberon Media

[2009/06/09 14:21:57 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Orneon

[2011/11/26 22:35:49 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\PlayFirst

[2010/01/31 20:53:18 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Pogo Games

[2009/07/11 02:54:35 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\RoadRunner

[2009/07/10 00:37:24 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Skunk Studios

[2009/06/22 17:36:45 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Sudden Games

[2009/02/09 00:49:07 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Template

[2010/12/09 03:00:44 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\TP

[2012/09/05 15:09:10 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\TypingMaster7

[2009/05/22 22:12:24 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\URSE Games

[2009/05/29 13:01:49 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\WildTangent

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:6FDE1666

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:33611CFB

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:4363DE71

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:ED810E46

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:89C2A42C

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\Slideshow.dmsm:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\dvd cover.jwl:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\CineMagic6.dmsm:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\CineMagic5.dmsm:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\CineMagic4.dmsm:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\CineMagic3.dmsm:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\CineMagic2.dmsm:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\CineMagic1.dmsm:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\CineMagic0.dmsm:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Jen\Documents\CineMagic.dmsm:Roxio EMC Stream

@Alternate Data Stream - 64 bytes -> C:\Users\Jen\Documents\The Beatles - Beetles - Yesterday.mp3:TOC.WMV

@Alternate Data Stream - 64 bytes -> C:\Users\Jen\Documents\MVI_0291.AVI:TOC.WMV

@Alternate Data Stream - 64 bytes -> C:\Users\Jen\Documents\Jason Mraz - I'm Yours (2008 Version).mp3:TOC.WMV

@Alternate Data Stream - 64 bytes -> C:\Users\Jen\Documents\Bobbie Vinton - Blue moon.mp3:TOC.WMV

@Alternate Data Stream - 64 bytes -> C:\Users\Jen\Documents\Beatles - Here Comes The Sun.mp3:TOC.WMV

@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:C3C72D5F

@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:BB709C37

@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:2686AB70

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:F86D323F

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:FA322695

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:9FB90B04

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:A73E7104

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:1D6686D8

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:AAB23F74

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:06F77AFE

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:F50F1555

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:55C54F7C

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2D69529A

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2B3CA77E

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E6B1AD87

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:625C7287

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:122B409D

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9AE67195

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2B99FE60

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F3C5E5A0

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D8134D8F

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:593E515D

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:CEE4A457

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:BAC2F271

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:413E2927

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:38E2864F

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D95DAC38

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:BBF60A29

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E07EA07E

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F67AAFC5

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:770A9BD8

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:33384BC0

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AEABFEC4

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:471AD3D0

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3BAD65EA

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:31F2397C

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E0AE69BE

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D1AA075A

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C0A2E219

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:91486201

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8BCF4DE2

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:57EE48CA

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:439E3411

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0DFE2AE1

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9950163C

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:14FA5E46

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B3942462

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:19C3BC3A

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:102394C6

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D2A5A561

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EA701346

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A688EF17

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6BD304B9

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:5D9A374E

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:22741C1F

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8C81B36D

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:483AC68A

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CE87230

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A97FF73C

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A6CDBCAC

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:56C17A93

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:52E1DB1D

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:EF4FB3C5

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:A4BF246C

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3A6BC948

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3790BACD

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FC60E0F8

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:37994DBE

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:126591AF

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:D02FBAEC

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:966CEAE7

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:00811B66

@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4AD2C54D

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:49EB0FDC

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F2AF86D9

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:02B823FE

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C74009E5

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:80B291A7

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:67BA17B9

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:60A4BB64

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:43982D5E

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4EF94CF3

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:1A8BB29B

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:11FC043F

< End of report >

Link to post
Share on other sites

but I dont want to use it until we are done correcting the problems

I need to know if you are still redirected otherwise I am looking in the dark. Your logs appears clean.

About your Icon. Combofix create a the icon on your desktop but not sure what "the internet" could mean. Please do a rightclick on the icon --> Properities and tell me what is written in Target:

Please download aswMBR.exe and save it to your desktop.

  • Double click aswMBR.exe to start the tool.
    Vista/Windows 7 users: Right click to "Run as Administrator
  • The tool may ask you
    This application can use AVAST! Free Antivirus to scanning
    Would you like to download latest AVAST! virus definitions ?
    Please click Yes ( The download could take some time )
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post the aswmbr.txt in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Link to post
Share on other sites

Hello Daniel. I am getting redirected everytime I search. It comes up as "us-searches-one.net" and "searchmany.com." For the internet icon when I right click and go to properities I see nothing called target. Here are logs you requested.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-20 07:55:36

-----------------------------

07:55:36.060 OS Version: Windows x64 6.0.6002 Service Pack 2

07:55:36.060 Number of processors: 4 586 0x1707

07:55:36.061 ComputerName: OUR-CPU UserName: Jen

07:55:38.318 Initialize success

07:56:52.067 AVAST engine defs: 12092000

07:57:16.931 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

07:57:16.933 Disk 0 Vendor: WDC_WD5000AAKS-75A7B2 01.03B01 Size: 476940MB BusType: 3

07:57:16.948 Disk 0 MBR read successfully

07:57:16.951 Disk 0 MBR scan

07:57:16.958 Disk 0 Windows VISTA default MBR code

07:57:16.961 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63

07:57:16.975 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024

07:57:16.992 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304

07:57:17.024 Disk 0 scanning C:\Windows\system32\drivers

07:57:27.349 Service scanning

07:57:46.421 Modules scanning

07:57:46.430 Disk 0 trace - called modules:

07:57:46.448 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

07:57:46.454 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80080e6790]

07:57:46.460 3 CLASSPNP.SYS[fffffa600109fc33] -> nt!IofCallDriver -> [0xfffffa800705c520]

07:57:46.467 5 acpi.sys[fffffa60008fefde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800704f940]

07:57:49.195 AVAST engine scan C:\Windows

07:58:03.170 AVAST engine scan C:\Windows\system32

08:02:10.349 AVAST engine scan C:\Windows\system32\drivers

08:02:21.332 AVAST engine scan C:\Users\Jen

08:39:26.122 File: C:\Users\Jen\Documents\WDBMInst[1]\WDBMInst.exe **INFECTED** Win32:Malware-gen

09:01:37.966 AVAST engine scan C:\ProgramData

10:20:31.283 Scan finished successfully

12:04:58.427 Disk 0 MBR has been saved successfully to "C:\Users\Jen\Desktop\MBR.dat"

12:04:58.433 The log file has been saved successfully to "C:\Users\Jen\Desktop\aswMBR.txt"

MBR.zip

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.