Riccio Posted November 9, 2012 ID:611108 Share Posted November 9, 2012 Ok, so it wasnt very difficult to tell that when I recieved a million pop-ups for this so called "Error" that I had a virus on my hands. There was also a "Restore File" program that popped up along with it all. Seemed alittle suspicious that I had to register for it, so I backed off. My backround for my desktop is hidden, and programs on my Start menu are hidden (Until I click All Programs, they will show up). It also hid my internet explorer, but luckily I found a saved webpage from the internet. So I used the saved webpage to get on the internet. I downloaded Malwarebytes through the recommendation of a friend and I ran a scan. I also took a look on the subject on google and found this was a common problem. Unfortunatley I had it run a full scan for both C and D drives, and it was 3 hours in (Still scanning C) that I aborted the scan. I recieved the results and deleted the infected. When I restarted my computer, the pop-up messages have ended. I right clicked the "Restore File" program and got it's actual name and manually ended the process through task manager. The only problem now, is that my things are still hidden and I'm not sure I completely got rid of this virus. I also don't know what damage it's done or if my computer is compromised. I need help please. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 9, 2012 Staff ID:611199 Share Posted November 9, 2012 Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.[*]Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.[*]Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.[*]Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.I need to get some reports to get a base to start from so I need you to run these programs first.-DeFogger-Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.-Security Check-Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.-Download DDS-Please download DDS from one of the links below and save it to your desktop:Download DDS and save it to your desktopLink1Link2Link3Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear: DDS.txt Attach.txt[*]A window will open instructing you save & post the logs[*]Save the logs to a convenient place such as your desktop[*]Copy the contents of both logs & post in your next replyinformation and logsIn your next post I need the followingboth reports from DDS report from security checklet me know of any problems you may have hadGringo Link to post Share on other sites More sharing options...
Riccio Posted November 9, 2012 Author ID:611299 Share Posted November 9, 2012 How long does DDS typically run for before a command screen appears? Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 9, 2012 Staff ID:611301 Share Posted November 9, 2012 3 or so min - no more than tengringo Link to post Share on other sites More sharing options...
Riccio Posted November 9, 2012 Author ID:611304 Share Posted November 9, 2012 DDS has been running for about 20 minutes or so. I had a small window saying two logs will be created on my desktop, but I didn't have a command screen or anything of the sort. Still says it's running. Link to post Share on other sites More sharing options...
Riccio Posted November 9, 2012 Author ID:611307 Share Posted November 9, 2012 Sorry, Just popped up. Took a bit longer than expected, I was getting worried. Here are the logs you asked for. Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 29 Java version out of Date! Adobe Reader X 10.1.2 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4%````````````````````End of Log``````````````````````DDS (Ver_2012-11-07.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16450Run by aarons at 17:14:58 on 2012-11-09Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2630 [GMT -5:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Realtek\Audio\HDA\AERTSr64.EXEC:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exeC:\Windows\system32\taskhost.exec:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Windows\system32\mfevtps.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\PROGRA~2\MYWEBS~1\bar\2.bin\mwssvc.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\SysWOW64\rundll32.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exeC:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files (x86)\PictureMover\Bin\PictureMover.exeC:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exeC:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXEC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\SysWOW64\notepad.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLLmWinlogon: Userinit = userinit.exe,BHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLLBHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLLBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Dallas Cowboys BHO: {69CE821F-3668-475A-B66F-94719B322DE3} - C:\Program Files (x86)\Dallas Cowboys\Toolbar.dllBHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files (x86)\AppGraffiti\AppGraffiti.dllBHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623055355.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllBHO: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLLTB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLLTB: Dallas Cowboys: {27E7F580-724E-46EB-846F-96C2396D23ED} - C:\Program Files (x86)\Dallas Cowboys\Toolbar.dllTB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -trayuRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exeuRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activexmRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDEDmRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1mRun: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /hmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startupmRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exemRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentmRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScriptStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocxDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: NameServer = 192.168.1.254TCP: Interfaces\{2B85BAF0-EF2C-4A61-BAEA-C45EC4CDE511} : DHCPNameServer = 192.168.1.254Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120623055355.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exex64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /backgroundx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dllx64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-2-22 647208]R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-5-28 289664]R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2012-5-28 75936]R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-5-28 65264]R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-5-7 153712]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-8 25928]R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-5-28 229528]R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-5-28 487296]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-5-7 852256]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-7 346144]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-5-7 39480]S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2011-9-15 1849856]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-7-19 48488]S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-5-28 100912]S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-23 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712].=============== Created Last 30 ================.2012-11-09 19:28:00 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8872AE35-CC3C-4259-BA36-9B9F31FAD5C2}\offreg.dll2012-11-09 19:21:31 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8872AE35-CC3C-4259-BA36-9B9F31FAD5C2}\mpengine.dll2012-11-09 04:38:08 -------- d-----w- C:\Users\aarons\AppData\Roaming\Malwarebytes2012-11-09 04:37:52 -------- d-----w- C:\ProgramData\Malwarebytes2012-11-09 04:37:47 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-11-09 04:37:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-11-09 03:05:15 350208 ---ha-w- C:\ProgramData\hA8UYwv7FPqnAw.exe2012-11-02 22:43:59 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2012-11-02 04:46:08 -------- d-----w- C:\Users\aarons\AppData\Local\ElevatedDiagnostics2012-11-02 04:45:26 -------- d-----w- C:\Windows\pss.==================== Find3M ====================.2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll.============= FINISH: 17:36:58.01 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-07.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 11/29/2010 3:26:58 PMSystem Uptime: 11/9/2012 4:38:20 PM (1 hours ago).Motherboard: Hewlett-Packard | | 2A97Processor: AMD Athlon II X2 250 | Socket S1G2 | 1600/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 454 GiB total, 399.495 GiB free.D: is FIXED (NTFS) - 12 GiB total, 1.421 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP353: 10/7/2012 7:00:09 PM - Windows BackupRP354: 10/11/2012 3:00:27 AM - Windows UpdateRP355: 10/14/2012 7:00:08 PM - Windows BackupRP356: 10/21/2012 7:00:08 PM - Windows BackupRP357: 10/28/2012 7:00:09 PM - Windows BackupRP358: 11/1/2012 10:48:42 PM - Removed AVG 2012RP359: 11/1/2012 10:51:05 PM - Removed AVG 2012RP360: 11/1/2012 10:53:15 PM - Removed OblivionRP361: 11/1/2012 10:54:39 PM - Removed iTunesRP362: 11/1/2012 11:02:59 PM - Removed Visual Studio 2008 x64 RedistributablesRP363: 11/1/2012 11:03:52 PM - Removed Visual Studio 2008 x64 RedistributablesRP364: 11/1/2012 11:04:51 PM - Removed Apple Software UpdateRP365: 11/1/2012 11:06:22 PM - Removed Apple Mobile Device SupportRP366: 11/1/2012 11:07:46 PM - Removed Apple Application SupportRP367: 11/1/2012 11:12:06 PM - Removed BonjourRP368: 11/2/2012 12:30:11 AM - Windows BackupRP369: 11/2/2012 6:42:57 PM - Windows UpdateRP370: 11/4/2012 8:10:06 PM - Windows BackupRP371: 11/6/2012 3:28:58 AM - Windows UpdateRP372: 11/9/2012 2:20:27 PM - Windows UpdateRP374: 11/9/2012 2:29:19 PM - Windows Defender Checkpoint.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)ActiveCheck component for HP Active Support LibraryAdobe AIRAdobe Flash Player 11 ActiveX 64-bitAdobe Reader X (10.1.2)AMD USB Filter DriverAppGraffitiAsk Toolbar UpdaterATI Catalyst Install ManagerBejeweled 2 DeluxeBing Rewards Client InstallerBlackhawk Striker 2Blasterball 3Build-a-lot 2Cake ManiaCatalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews VistaCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishChuzzle DeluxeCinemaNow Media ManagerCompatibility Pack for the 2007 Office systemCoupon Printer for WindowsCyberLink DVD Suite DeluxeD3DX10Dallas CowboysDiner Dash 2 Restaurant RescueDora's Carnival AdventureDVD Menu Pack for HP MediaSmart VideoEscape Rosecliff IslandFaerie SolitaireFATEGoogle Toolbar for Internet ExplorerGoogle Update HelperHardware Diagnostic ToolsHP AdvisorHP Customer Experience EnhancementsHP Deskjet 3050 J610 series Basic Device SoftwareHP Deskjet 3050 J610 series HelpHP Deskjet 3050 J610 series Product Improvement StudyHP Game ConsoleHP GamesHP MediaSmart CinemaNow 2.0HP MediaSmart DVDHP MediaSmart MusicHP MediaSmart PhotoHP MediaSmart SmartMenuHP MediaSmart VideoHP MediaSmart WebcamHP MediaSmart/TouchSmart NetflixHP OdometerHP Photo CreationsHP SetupHP Support AssistantHP Support InformationHP UpdateHPAsset component for HP Active Support LibraryHulu DesktopJava Auto UpdaterJava 6 Update 29Jewel Quest 3Jewel Quest Solitaire 2JMicron Flash Media Controller DriverJunk Mail filter updateLabelPrintLightScribe System SoftwareMalwarebytes Anti-Malware version 1.65.1.1000McAfee SecurityCenterMesh RuntimeMessenger CompanionMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Suite Activation AssistantMicrosoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMicrosoft WSE 3.0 RuntimeMicrosoft_VC100_CRT_SP1_x64Microsoft_VC100_CRT_SP1_x86Movie Theme Pack for HP MediaSmart VideoMSVC80_x64_v2MSVC80_x86_v2MSVC90_x64MSVC90_x86MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)My Web SearchMystery P.I. - The New York FortuneNokia Connectivity Cable DriverNokia SuiteNorton Online BackupPC Connectivity SolutionPC Power Speed 1.0.0.17PDF Viewer 0.1Penguins!PhotoNow!PictureMoverPlants vs. ZombiesPlayReady PC Runtime amd64Poker Superstars IIIPolar BowlerPolar GolferPower2GoPowerDirectorQuickTimeRalink RT2860 Wireless LAN CardRealtek High Definition Audio DriverRecovery ManagerRoxio CinemaNow 2.0Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596856) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597162) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687314) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687441) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2687315) 32-Bit EditionTextTwist 2Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Virtual FamiliesVirtual Villagers - The Secret CityWheel of Fortune 2Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)Windows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesZuma's Revenge.==== Event Viewer Messages From Past Week ========.11/9/2012 3:37:25 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.11/8/2012 11:24:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}11/8/2012 10:18:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}11/8/2012 10:15:26 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.11/8/2012 10:14:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}11/8/2012 10:14:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}11/8/2012 10:14:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}11/8/2012 10:14:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}11/8/2012 10:14:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}11/8/2012 10:14:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}11/8/2012 10:13:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.11/8/2012 10:13:48 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning..==== End Of File =========================== Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 9, 2012 Staff ID:611311 Share Posted November 9, 2012 HelloThese are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.--RogueKiller-- Download & SAVE to your Desktop RogueKiller or from here Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on "Scan" button Wait until the Status box shows "Scan Finished"click on "delete" Wait until the Status box shows "Deleting Finished" Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Gringo Link to post Share on other sites More sharing options...
Riccio Posted November 9, 2012 Author ID:611331 Share Posted November 9, 2012 # AdwCleaner v2.007 - Logfile created 11/09/2012 at 18:13:32# Updated 06/11/2012 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : aarons - AARONS-HP# Boot Mode : Normal# Running from : C:\Users\Michael Riccio\Downloads\adwcleaner.exe# Option [Delete]***** [services] *****Stopped & Deleted : MyWebSearchService***** [Files / Folders] *****Deleted on reboot : C:\Program Files (x86)\MyWebSearchFile Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnkFile Deleted : C:\Users\aarons\AppData\Local\Temp\Uninstall.exeFile Deleted : C:\Users\Public\Desktop\eBay.lnkFile Deleted : C:\Windows\SysWOW64\f3PSSavr.scrFolder Deleted : C:\Program Files (x86)\AppGraffitiFolder Deleted : C:\Program Files (x86)\Common Files\FreeCauseFolder Deleted : C:\Program Files (x86)\FunWebProductsFolder Deleted : C:\ProgramData\AskFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffitiFolder Deleted : C:\Users\aarons\AppData\LocalLow\AppGraffitiFolder Deleted : C:\Users\aarons\AppData\LocalLow\FunWebProductsFolder Deleted : C:\Users\aarons\AppData\LocalLow\MyWebSearchFolder Deleted : C:\Users\Beth Riccio\AppData\LocalLow\AppGraffitiFolder Deleted : C:\Users\Beth Riccio\AppData\LocalLow\FunWebProductsFolder Deleted : C:\Users\Beth Riccio\AppData\LocalLow\MyWebSearchFolder Deleted : C:\Users\Beth Riccio\AppData\LocalLow\RebateInformerFolder Deleted : C:\Users\Michael Riccio\AppData\LocalLow\AppGraffitiFolder Deleted : C:\Users\Michael Riccio\AppData\LocalLow\FunWebProductsFolder Deleted : C:\Users\Michael Riccio\AppData\LocalLow\MyWebSearchFolder Deleted : C:\Users\Michael Riccio\AppData\LocalLow\RebateInformerFolder Deleted : C:\Users\Mike Riccio\AppData\Local\Temp\avg@toolbarFolder Deleted : C:\Users\Mike Riccio\AppData\LocalLow\AppGraffitiFolder Deleted : C:\Users\Mike Riccio\AppData\LocalLow\AVG Secure SearchFolder Deleted : C:\Users\Mike Riccio\AppData\LocalLow\FunWebProductsFolder Deleted : C:\Users\Mike Riccio\AppData\LocalLow\Inbox ToolbarFolder Deleted : C:\Users\Mike Riccio\AppData\LocalLow\MyWebSearchFolder Deleted : C:\Users\Mike Riccio\AppData\LocalLow\RebateInformer***** [Registry] *****Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web ProductsKey Deleted : HKCU\Software\AppDataLow\Software\MyWebSearchKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}Key Deleted : HKCU\Software\MyWebSearchKey Deleted : HKCU\Software\StartNow ToolbarKey Deleted : HKCU\Software\ZugoKey Deleted : HKLM\Software\AppGraffitiKey Deleted : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJSKey Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\dca-api.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLLKey Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitorKey Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1Key Deleted : HKLM\SOFTWARE\Classes\dcabho.DcaKey Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1Key Deleted : HKLM\SOFTWARE\Classes\FCTB000056891.FCTB000056891PosKey Deleted : HKLM\SOFTWARE\Classes\FCTB000056891.FCTB000056891Pos.1Key Deleted : HKLM\SOFTWARE\Classes\FCTB000056891.IEToolbarKey Deleted : HKLM\SOFTWARE\Classes\FCTB000056891.IEToolbar.1Key Deleted : HKLM\SOFTWARE\Classes\FCTB000056891.JSOptionsImplKey Deleted : HKLM\SOFTWARE\Classes\FCTB000056891.JSOptionsImpl.1Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHookKey Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControlKey Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerSchedulerKey Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBarKey Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenuKey Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManagerKey Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManagerKey Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButtonKey Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControlKey Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPluginKey Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanelKey Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButtonKey Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton.1Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddinKey Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPluginKey Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstallerKey Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButtonKey Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton.1Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPluginKey Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPluginKey Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstallerKey Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}Key Deleted : HKLM\SOFTWARE\FCTB000056891Key Deleted : HKLM\Software\FocusInteractiveKey Deleted : HKLM\Software\Fun Web ProductsKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dllKey Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pssKey Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddinKey Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddinKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/PluginKey Deleted : HKLM\Software\MyWebSearchKey Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F2CF666-0EC7-418E-B86A-459AD43BCAB1}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstallKey Deleted : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F2CF666-0EC7-418E-B86A-459AD43BCAB1}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEFKey Deleted : HKLM\SOFTWARE\SoftwareKey Deleted : HKU\S-1-5-21-4091956286-139085011-1590961876-1004\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKU\S-1-5-21-4091956286-139085011-1590961876-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00A6FAF6-072E-44CF-8957-5838F569A31D}]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [My Web Search Bar Search Scope Monitor]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin]Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16421[OK] Registry is clean.*************************AdwCleaner[s1].txt - [26996 octets] - [09/11/2012 18:13:32]########## EOF - \AdwCleaner[s1].txt - [27057 octets] ##########RogueKiller V8.2.3 [11/07/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Website: http://tigzy.geekstogo.com/roguekiller.phpBlog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : aarons [Admin rights]Mode : Remove -- Date : 11/09/2012 18:26:26¤¤¤ Bad processes : 1 ¤¤¤[Rogue.FakeHDD] hA8UYwv7FPqnAw.exe -- C:\ProgramData\hA8UYwv7FPqnAw.exe -> KILLED [TermProc][sUSP PATH] hA8UYwv7FPqnAw.exe -- C:\ProgramData\hA8UYwv7FPqnAw.exe -> KILLED [TermThr]¤¤¤ Registry Entries : 6 ¤¤¤[RUN][sUSP PATH] HKUS\S-1-5-21-4091956286-139085011-1590961876-1004[...]\Run : RbKbMIMhDLR.exe (C:\ProgramData\RbKbMIMhDLR.exe) -> DELETED[RUN][sUSP PATH] HKUS\S-1-5-21-4091956286-139085011-1590961876-1004[...]\Run : hA8UYwv7FPqnAw (C:\ProgramData\hA8UYwv7FPqnAw.exe) -> DELETED[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : DeleteOnReboot (C:\Windows\DeleteOnReboot.bat) -> DELETED[TASK][sUSP PATH] {89B3C1F7-3F4E-4F66-A520-0EA62E6F48E0} : C:\Users\Michael Riccio\Desktop\Minecraft.exe -> DELETED[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ Infection : Rans.Gendarm ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST350041 8AS SATA Disk Device +++++--- User ---[MBR] bb2bd3a5274e2c700c1b2ebf66cad5fe[bSP] 5175452bc82f34ba48f324bbf3b5134d : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 464913 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 952348672 | Size: 11925 MoUser = LL1 ... OK!User != LL2 ... KO!--- LL2 ---[MBR] c102c963b79552c694ecfccabfaa3715[bSP] 980895ef88e6d724bf1643e709222162 : Windows Vista MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 234989568 | Size: 300 MoFinished : << RKreport[2]_D_11092012_02d1826.txt >>RKreport[1]_S_11092012_02d1824.txt ; RKreport[2]_D_11092012_02d1826.txt Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 10, 2012 Staff ID:611414 Share Posted November 10, 2012 HelloI Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
Riccio Posted November 10, 2012 Author ID:611607 Share Posted November 10, 2012 Do I turn off malwarebytes security for this as well? Link to post Share on other sites More sharing options...
Riccio Posted November 10, 2012 Author ID:611620 Share Posted November 10, 2012 ComboFix 12-11-09.02 - aarons 11/10/2012 10:29:56.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2729 [GMT -5:00]Running from: c:\users\aarons\Downloads\ComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\MyWebSearchc:\program files (x86)\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JARc:\program files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXEc:\program files (x86)\MyWebSearch\bar\2.bin\MWSOEPLG.DLLc:\program files (x86)\MyWebSearch\bar\2.bin\MWSOESTB.DLLc:\program files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLLc:\program files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXEc:\program files (x86)\MyWebSearch\bar\2.bin\MWSUABTN.DLLc:\program files (x86)\MyWebSearch\bar\2.bin\NPMYWEBS.DLLc:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3Sc:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3Sc:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3Sc:\program files (x86)\MyWebSearch\bar\icons\CM.ICOc:\program files (x86)\MyWebSearch\bar\icons\MFC.ICOc:\program files (x86)\MyWebSearch\bar\icons\PSS.ICOc:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICOc:\program files (x86)\MyWebSearch\bar\icons\WB.ICOc:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICOc:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3Sc:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Settings\s_pid.datc:\programdata\hA8UYwv7FPqnAwc:\programdata\hA8UYwv7FPqnAw.exec:\users\Michael Riccio\AppData\Local\My Web Search Installer(1174fa9f).exe..((((((((((((((((((((((((( Files Created from 2012-10-10 to 2012-11-10 )))))))))))))))))))))))))))))))..2012-11-10 15:42 . 2012-11-10 15:42 -------- d-----w- c:\users\Mike Riccio\AppData\Local\temp2012-11-10 15:42 . 2012-11-10 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp2012-11-09 23:30 . 2012-11-09 23:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8872AE35-CC3C-4259-BA36-9B9F31FAD5C2}\offreg.dll2012-11-09 23:13 . 2012-11-09 23:13 102 ----a-w- c:\windows\DeleteOnReboot.bat2012-11-09 19:21 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8872AE35-CC3C-4259-BA36-9B9F31FAD5C2}\mpengine.dll2012-11-09 08:07 . 2012-11-09 08:07 -------- d-----w- c:\users\Michael Riccio\AppData\Roaming\Malwarebytes2012-11-09 04:38 . 2012-11-09 04:38 -------- d-----w- c:\users\aarons\AppData\Roaming\Malwarebytes2012-11-09 04:37 . 2012-11-09 04:37 -------- d-----w- c:\programdata\Malwarebytes2012-11-09 04:37 . 2012-11-09 04:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-11-09 04:37 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2012-11-02 04:46 . 2012-11-02 22:55 -------- d-----w- c:\users\aarons\AppData\Local\ElevatedDiagnostics...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-10-11 07:04 . 2011-02-22 12:02 65309168 ----a-w- c:\windows\system32\MRT.exe2012-09-14 19:19 . 2012-10-10 16:45 2048 ----a-w- c:\windows\system32\tzres.dll2012-09-14 18:28 . 2012-10-10 16:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll2012-08-31 18:19 . 2012-10-10 16:52 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys2012-08-30 18:03 . 2012-10-10 16:52 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe2012-08-30 17:12 . 2012-10-10 16:52 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-08-30 17:12 . 2012-10-10 16:52 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-08-24 18:05 . 2012-10-10 16:47 220160 ----a-w- c:\windows\system32\wintrust.dll2012-08-24 16:57 . 2012-10-10 16:47 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-08-24 11:15 . 2012-09-22 07:00 17810944 ----a-w- c:\windows\system32\mshtml.dll2012-08-24 10:39 . 2012-09-22 07:00 10925568 ----a-w- c:\windows\system32\ieframe.dll2012-08-24 10:31 . 2012-09-22 07:00 2312704 ----a-w- c:\windows\system32\jscript9.dll2012-08-24 10:22 . 2012-09-22 07:00 1346048 ----a-w- c:\windows\system32\urlmon.dll2012-08-24 10:21 . 2012-09-22 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll2012-08-24 10:20 . 2012-09-22 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl2012-08-24 10:18 . 2012-09-22 07:00 237056 ----a-w- c:\windows\system32\url.dll2012-08-24 10:17 . 2012-09-22 07:00 85504 ----a-w- c:\windows\system32\jsproxy.dll2012-08-24 10:14 . 2012-09-22 07:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe2012-08-24 10:14 . 2012-09-22 07:00 816640 ----a-w- c:\windows\system32\jscript.dll2012-08-24 10:13 . 2012-09-22 07:00 599040 ----a-w- c:\windows\system32\vbscript.dll2012-08-24 10:12 . 2012-09-22 07:00 2144768 ----a-w- c:\windows\system32\iertutil.dll2012-08-24 10:11 . 2012-09-22 07:00 729088 ----a-w- c:\windows\system32\msfeeds.dll2012-08-24 10:10 . 2012-09-22 07:00 96768 ----a-w- c:\windows\system32\mshtmled.dll2012-08-24 10:09 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-08-24 10:04 . 2012-09-22 07:00 248320 ----a-w- c:\windows\system32\ieui.dll2012-08-24 06:59 . 2012-09-22 07:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll2012-08-24 06:51 . 2012-09-22 07:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll2012-08-24 06:51 . 2012-09-22 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl2012-08-24 06:47 . 2012-09-22 07:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe2012-08-24 06:47 . 2012-09-22 07:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll2012-08-24 06:43 . 2012-09-22 07:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2012-08-22 18:12 . 2012-09-12 12:03 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-08-22 18:12 . 2012-09-12 12:03 950128 ----a-w- c:\windows\system32\drivers\ndis.sys2012-08-22 18:12 . 2012-09-12 12:03 376688 ----a-w- c:\windows\system32\drivers\netio.sys2012-08-22 18:12 . 2012-09-12 12:03 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS2012-08-21 21:01 . 2012-09-26 07:10 245760 ----a-w- c:\windows\system32\OxpsConverter.exe2012-08-20 18:48 . 2012-10-10 16:51 243200 ----a-w- c:\windows\system32\wow64.dll2012-08-20 18:48 . 2012-10-10 16:51 362496 ----a-w- c:\windows\system32\wow64win.dll2012-08-20 18:48 . 2012-10-10 16:51 13312 ----a-w- c:\windows\system32\wow64cpu.dll2012-08-20 18:48 . 2012-10-10 16:51 215040 ----a-w- c:\windows\system32\winsrv.dll2012-08-20 18:48 . 2012-10-10 16:51 16384 ----a-w- c:\windows\system32\ntvdm64.dll2012-08-20 18:48 . 2012-10-10 16:51 424448 ----a-w- c:\windows\system32\KernelBase.dll2012-08-20 18:48 . 2012-10-10 16:51 1162240 ----a-w- c:\windows\system32\kernel32.dll2012-08-20 18:46 . 2012-10-10 16:51 338432 ----a-w- c:\windows\system32\conhost.exe2012-08-20 18:38 . 2012-10-10 16:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:48 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:48 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2012-08-20 18:38 . 2012-10-10 16:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll2012-08-20 17:40 . 2012-10-10 16:51 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2012-08-20 17:38 . 2012-10-10 16:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll2012-08-20 17:38 . 2012-10-10 16:51 25600 ----a-w- c:\windows\SysWow64\setup16.exe2012-08-20 17:37 . 2012-10-10 16:50 5120 ----a-w- c:\windows\SysWow64\wow32.dll2012-08-20 17:37 . 2012-10-10 16:51 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll2012-08-20 17:32 . 2012-10-10 16:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:50 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:50 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll2012-08-20 17:32 . 2012-10-10 16:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{69CE821F-3668-475A-B66F-94719B322DE3}]2011-11-29 12:13 1610752 ----a-w- c:\program files (x86)\Dallas Cowboys\Toolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{27E7F580-724E-46EB-846F-96C2396D23ED}"= "c:\program files (x86)\Dallas Cowboys\Toolbar.dll" [2011-11-29 1610752].[HKEY_CLASSES_ROOT\clsid\{27e7f580-724e-46eb-846f-96c2396d23ed}][HKEY_CLASSES_ROOT\FCTB000056891.IEToolbar.1][HKEY_CLASSES_ROOT\TypeLib\{48278695-E203-419E-99F3-EAB173862A53}][HKEY_CLASSES_ROOT\FCTB000056891.IEToolbar].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2011-11-01 1053056]"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]"PCPowerSpeed"="c:\program files (x86)\PCPowerSpeed\PCPowerTray.exe" [2011-09-27 385664]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160].c:\users\Michael Riccio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-6-20 46432].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-03-09 1849856]R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-23 1255736]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 202752]S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-12-02 153712]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]..--- Other Services/Drivers In Memory ---.*Deregistered* - mfeavfk01.Contents of the 'Scheduled Tasks' folder.2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 17:12].2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 17:12].2012-11-10 c:\windows\Tasks\HPCeeScheduleForaarons.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53].2012-10-31 c:\windows\Tasks\PCDRScheduledMaintenance.job- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10081312].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exeWow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exeAddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-11-10 10:49:43ComboFix-quarantined-files.txt 2012-11-10 15:49.Pre-Run: 428,436,045,824 bytes freePost-Run: 428,551,262,208 bytes free.- - End Of File - - 6833EF58F4535A381C18FFFC0472063DDidn't run into any problems, I had to log into an admin profile to disable the virus protection, so I'll be back to let you know how everything turned out on mine. I appreciate everything you've done. Thank you very much. Link to post Share on other sites More sharing options...
Riccio Posted November 10, 2012 Author ID:611623 Share Posted November 10, 2012 So everything turned out fine. No pop ups, or programs like "File Restore" to be found. Only thing is, is that things like my internet explorer, desktop backround, and options on the start menu are still hidden. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 10, 2012 Staff ID:611652 Share Posted November 10, 2012 HelloTry running this and see if it helps - http://download.bleepingcomputer.com/grinler/unhide.exeI want you to run these next,tdsskiller:Please read carefully and follow these steps.Download TDSSKiller and save it to your Desktop.doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.Please download aswMBR to your desktop.Double click the aswMBR.exe icon to run it it will ask to download extra definitions - ALLOW ITClick the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.If you have any problems running either one come back and let me knowplease reply with the reports from TDSSKiller and aswMBRGringo Link to post Share on other sites More sharing options...
Riccio Posted November 11, 2012 Author ID:612173 Share Posted November 11, 2012 02:04:53.0735 6304 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:3502:04:55.0745 6304 ============================================================02:04:55.0745 6304 Current date / time: 2012/11/11 02:04:55.074502:04:55.0745 6304 SystemInfo:02:04:55.0745 6304 02:04:55.0745 6304 OS Version: 6.1.7601 ServicePack: 1.002:04:55.0745 6304 Product type: Workstation02:04:55.0745 6304 ComputerName: AARONS-HP02:04:55.0745 6304 UserName: aarons02:04:55.0745 6304 Windows directory: C:\Windows02:04:55.0745 6304 System windows directory: C:\Windows02:04:55.0745 6304 Running under WOW6402:04:55.0745 6304 Processor architecture: Intel x6402:04:55.0745 6304 Number of processors: 202:04:55.0745 6304 Page size: 0x100002:04:55.0745 6304 Boot type: Normal boot02:04:55.0745 6304 ============================================================02:04:57.0565 6304 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004002:04:57.0565 6304 ============================================================02:04:57.0565 6304 \Device\Harddisk0\DR0:02:04:57.0565 6304 MBR partitions:02:04:57.0565 6304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200002:04:57.0565 6304 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38C0880002:04:57.0565 6304 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38C3B000, BlocksNum 0x174A80002:04:57.0565 6304 ============================================================02:04:57.0585 6304 C: <-> \Device\Harddisk0\DR0\Partition202:04:57.0625 6304 D: <-> \Device\Harddisk0\DR0\Partition302:04:57.0625 6304 ============================================================02:04:57.0625 6304 Initialize success02:04:57.0625 6304 ============================================================02:05:01.0141 3196 ============================================================02:05:01.0141 3196 Scan started02:05:01.0141 3196 Mode: Manual;02:05:01.0141 3196 ============================================================02:05:02.0473 3196 ================ Scan system memory ========================02:05:02.0473 3196 System memory - ok02:05:02.0483 3196 ================ Scan services =============================02:05:02.0613 3196 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys02:05:02.0713 3196 1394ohci - ok02:05:02.0733 3196 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys02:05:02.0833 3196 ACPI - ok02:05:02.0853 3196 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys02:05:02.0933 3196 AcpiPmi - ok02:05:03.0033 3196 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe02:05:03.0163 3196 AdobeARMservice - ok02:05:03.0203 3196 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys02:05:03.0223 3196 adp94xx - ok02:05:03.0263 3196 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys02:05:03.0293 3196 adpahci - ok02:05:03.0313 3196 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys02:05:03.0323 3196 adpu320 - ok02:05:03.0353 3196 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll02:05:03.0353 3196 AeLookupSvc - ok02:05:03.0413 3196 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE02:05:03.0523 3196 AERTFilters - ok02:05:03.0583 3196 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys02:05:03.0703 3196 AFD - ok02:05:03.0753 3196 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys02:05:03.0763 3196 agp440 - ok02:05:03.0783 3196 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe02:05:03.0793 3196 ALG - ok02:05:03.0833 3196 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys02:05:03.0843 3196 aliide - ok02:05:03.0873 3196 [ C4C88CD854B28FC85495C841A0F6A069 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe02:05:03.0963 3196 AMD External Events Utility - ok02:05:03.0983 3196 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys02:05:03.0993 3196 amdide - ok02:05:04.0013 3196 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys02:05:04.0023 3196 AmdK8 - ok02:05:04.0173 3196 [ 1147F8816D4DDC9FC43A40DF52F40500 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys02:05:04.0403 3196 amdkmdag - ok02:05:04.0443 3196 [ EBC963D8F5B04C98F5EF597AAE79CDDD ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys02:05:04.0543 3196 amdkmdap - ok02:05:04.0553 3196 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys02:05:04.0563 3196 AmdPPM - ok02:05:04.0593 3196 [ F747497A0EE5498F79B207F215B3D2D8 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys02:05:04.0593 3196 amdsata - ok02:05:04.0623 3196 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys02:05:04.0633 3196 amdsbs - ok02:05:04.0653 3196 [ 2946D695E158615BAAA16248E63C7ADB ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys02:05:04.0763 3196 amdxata - ok02:05:04.0803 3196 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys02:05:04.0913 3196 AppID - ok02:05:04.0963 3196 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll02:05:04.0973 3196 AppIDSvc - ok02:05:05.0003 3196 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll02:05:05.0093 3196 Appinfo - ok02:05:05.0143 3196 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys02:05:05.0153 3196 arc - ok02:05:05.0173 3196 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys02:05:05.0183 3196 arcsas - ok02:05:05.0213 3196 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys02:05:05.0223 3196 AsyncMac - ok02:05:05.0263 3196 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys02:05:05.0273 3196 atapi - ok02:05:05.0333 3196 [ A42A4052A7DC86E3A01DFAE97FFE2ED1 ] athur C:\Windows\system32\DRIVERS\athurx.sys02:05:05.0453 3196 athur - ok02:05:05.0483 3196 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys02:05:05.0583 3196 AtiPcie - ok02:05:05.0643 3196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll02:05:05.0653 3196 AudioEndpointBuilder - ok02:05:05.0673 3196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll02:05:05.0673 3196 AudioSrv - ok02:05:05.0703 3196 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll02:05:05.0773 3196 AxInstSV - ok02:05:05.0803 3196 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys02:05:05.0823 3196 b06bdrv - ok02:05:05.0863 3196 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys02:05:05.0873 3196 b57nd60a - ok02:05:05.0913 3196 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll02:05:05.0923 3196 BDESVC - ok02:05:05.0933 3196 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys02:05:05.0943 3196 Beep - ok02:05:05.0993 3196 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll02:05:06.0083 3196 BFE - ok02:05:06.0113 3196 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll02:05:06.0123 3196 BITS - ok02:05:06.0154 3196 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys02:05:06.0164 3196 blbdrive - ok02:05:06.0194 3196 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys02:05:06.0284 3196 bowser - ok02:05:06.0304 3196 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys02:05:06.0314 3196 BrFiltLo - ok02:05:06.0334 3196 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys02:05:06.0344 3196 BrFiltUp - ok02:05:06.0394 3196 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys02:05:06.0404 3196 BridgeMP - ok02:05:06.0434 3196 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll02:05:06.0524 3196 Browser - ok02:05:06.0554 3196 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys02:05:06.0574 3196 Brserid - ok02:05:06.0584 3196 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys02:05:06.0594 3196 BrSerWdm - ok02:05:06.0614 3196 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys02:05:06.0624 3196 BrUsbMdm - ok02:05:06.0634 3196 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys02:05:06.0634 3196 BrUsbSer - ok02:05:06.0644 3196 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys02:05:06.0654 3196 BTHMODEM - ok02:05:06.0694 3196 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll02:05:06.0704 3196 bthserv - ok02:05:06.0747 3196 catchme - ok02:05:06.0776 3196 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys02:05:06.0786 3196 cdfs - ok02:05:06.0826 3196 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys02:05:06.0926 3196 cdrom - ok02:05:06.0978 3196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll02:05:07.0054 3196 CertPropSvc - ok02:05:07.0087 3196 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys02:05:07.0177 3196 cfwids - ok02:05:07.0212 3196 [ 2C24DB5F78F0ACA759803001E6B4F320 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe02:05:07.0324 3196 CinemaNow Service - ok02:05:07.0364 3196 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys02:05:07.0364 3196 circlass - ok02:05:07.0415 3196 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys02:05:07.0466 3196 CLFS - ok02:05:07.0586 3196 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe02:05:07.0596 3196 clr_optimization_v2.0.50727_32 - ok02:05:07.0636 3196 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe02:05:07.0646 3196 clr_optimization_v2.0.50727_64 - ok02:05:07.0726 3196 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe02:05:07.0830 3196 clr_optimization_v4.0.30319_32 - ok02:05:07.0848 3196 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe02:05:07.0953 3196 clr_optimization_v4.0.30319_64 - ok02:05:07.0988 3196 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys02:05:07.0988 3196 CmBatt - ok02:05:07.0998 3196 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys02:05:08.0008 3196 cmdide - ok02:05:08.0058 3196 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys02:05:08.0128 3196 CNG - ok02:05:08.0148 3196 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys02:05:08.0158 3196 Compbatt - ok02:05:08.0198 3196 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys02:05:08.0308 3196 CompositeBus - ok02:05:08.0308 3196 COMSysApp - ok02:05:08.0348 3196 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys02:05:08.0358 3196 crcdisk - ok02:05:08.0398 3196 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll02:05:08.0398 3196 CryptSvc - ok02:05:08.0438 3196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll02:05:08.0448 3196 DcomLaunch - ok02:05:08.0478 3196 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll02:05:08.0498 3196 defragsvc - ok02:05:08.0538 3196 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys02:05:08.0628 3196 DfsC - ok02:05:08.0660 3196 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll02:05:08.0660 3196 Dhcp - ok02:05:08.0690 3196 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys02:05:08.0700 3196 discache - ok02:05:08.0740 3196 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys02:05:08.0750 3196 Disk - ok02:05:08.0770 3196 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll02:05:08.0780 3196 Dnscache - ok02:05:08.0810 3196 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll02:05:08.0910 3196 dot3svc - ok02:05:08.0952 3196 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll02:05:09.0022 3196 DPS - ok02:05:09.0042 3196 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys02:05:09.0052 3196 drmkaud - ok02:05:09.0102 3196 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys02:05:09.0212 3196 DXGKrnl - ok02:05:09.0262 3196 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll02:05:09.0272 3196 EapHost - ok02:05:09.0362 3196 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys02:05:09.0442 3196 ebdrv - ok02:05:09.0462 3196 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe02:05:09.0552 3196 EFS - ok02:05:09.0612 3196 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe02:05:09.0722 3196 ehRecvr - ok02:05:09.0762 3196 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe02:05:09.0772 3196 ehSched - ok02:05:09.0792 3196 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys02:05:09.0802 3196 elxstor - ok02:05:09.0832 3196 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys02:05:09.0842 3196 ErrDev - ok02:05:09.0892 3196 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll02:05:09.0902 3196 EventSystem - ok02:05:09.0962 3196 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys02:05:09.0972 3196 exfat - ok02:05:09.0992 3196 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys02:05:10.0002 3196 fastfat - ok02:05:10.0052 3196 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe02:05:10.0062 3196 Fax - ok02:05:10.0082 3196 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys02:05:10.0082 3196 fdc - ok02:05:10.0102 3196 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll02:05:10.0112 3196 fdPHost - ok02:05:10.0132 3196 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll02:05:10.0132 3196 FDResPub - ok02:05:10.0142 3196 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys02:05:10.0152 3196 FileInfo - ok02:05:10.0152 3196 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys02:05:10.0162 3196 Filetrace - ok02:05:10.0192 3196 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys02:05:10.0202 3196 flpydisk - ok02:05:10.0232 3196 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys02:05:10.0312 3196 FltMgr - ok02:05:10.0362 3196 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll02:05:10.0452 3196 FontCache - ok02:05:10.0522 3196 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe02:05:10.0642 3196 FontCache3.0.0.0 - ok02:05:10.0662 3196 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys02:05:10.0672 3196 FsDepends - ok02:05:10.0722 3196 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys02:05:10.0842 3196 fssfltr - ok02:05:10.0942 3196 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe02:05:11.0102 3196 fsssvc - ok02:05:11.0132 3196 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys02:05:11.0232 3196 Fs_Rec - ok02:05:11.0272 3196 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys02:05:11.0372 3196 fvevol - ok02:05:11.0402 3196 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys02:05:11.0412 3196 gagp30kx - ok02:05:11.0472 3196 [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe02:05:11.0582 3196 GameConsoleService - ok02:05:11.0632 3196 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys02:05:11.0722 3196 GEARAspiWDM - ok02:05:11.0762 3196 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll02:05:11.0842 3196 gpsvc - ok02:05:11.0912 3196 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe02:05:11.0912 3196 gupdate - ok02:05:11.0932 3196 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe02:05:11.0932 3196 gupdatem - ok02:05:12.0002 3196 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe02:05:12.0142 3196 gusvc - ok02:05:12.0162 3196 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys02:05:12.0162 3196 hcw85cir - ok02:05:12.0212 3196 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys02:05:12.0302 3196 HdAudAddService - ok02:05:12.0332 3196 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys02:05:12.0432 3196 HDAudBus - ok02:05:12.0442 3196 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys02:05:12.0452 3196 HidBatt - ok02:05:12.0472 3196 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys02:05:12.0482 3196 HidBth - ok02:05:12.0502 3196 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys02:05:12.0502 3196 HidIr - ok02:05:12.0532 3196 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll02:05:12.0542 3196 hidserv - ok02:05:12.0572 3196 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys02:05:12.0682 3196 HidUsb - ok02:05:12.0712 3196 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll02:05:12.0802 3196 hkmsvc - ok02:05:12.0852 3196 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll02:05:12.0922 3196 HomeGroupListener - ok02:05:12.0942 3196 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll02:05:12.0952 3196 HomeGroupProvider - ok02:05:13.0012 3196 [ C84BCC03858DAEAC4DB1E95EFCCE1934 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe02:05:13.0122 3196 HP Health Check Service - ok02:05:13.0162 3196 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe02:05:13.0332 3196 hpqwmiex - ok02:05:13.0362 3196 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys02:05:13.0452 3196 HpSAMD - ok02:05:13.0492 3196 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys02:05:13.0602 3196 HTTP - ok02:05:13.0632 3196 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys02:05:13.0702 3196 hwpolicy - ok02:05:13.0732 3196 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys02:05:13.0742 3196 i8042prt - ok02:05:13.0772 3196 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys02:05:13.0872 3196 iaStorV - ok02:05:13.0932 3196 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe02:05:14.0072 3196 idsvc - ok02:05:14.0092 3196 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys02:05:14.0092 3196 iirsp - ok02:05:14.0142 3196 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll02:05:14.0252 3196 IKEEXT - ok02:05:14.0352 3196 [ 28CEEFBD2C63F91DC17DED3E8D27ECF5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys02:05:14.0492 3196 IntcAzAudAddService - ok02:05:14.0522 3196 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys02:05:14.0522 3196 intelide - ok02:05:14.0552 3196 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys02:05:14.0562 3196 intelppm - ok02:05:14.0592 3196 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll02:05:14.0602 3196 IPBusEnum - ok02:05:14.0642 3196 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys02:05:14.0732 3196 IpFilterDriver - ok02:05:14.0772 3196 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll02:05:14.0862 3196 iphlpsvc - ok02:05:14.0882 3196 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys02:05:14.0962 3196 IPMIDRV - ok02:05:14.0992 3196 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys02:05:15.0002 3196 IPNAT - ok02:05:15.0032 3196 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys02:05:15.0042 3196 IRENUM - ok02:05:15.0052 3196 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys02:05:15.0062 3196 isapnp - ok02:05:15.0082 3196 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys02:05:15.0182 3196 iScsiPrt - ok02:05:15.0212 3196 [ 364F2281F960895788EF55C401E946E9 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys02:05:15.0332 3196 JMCR - ok02:05:15.0362 3196 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys02:05:15.0372 3196 kbdclass - ok02:05:15.0402 3196 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys02:05:15.0492 3196 kbdhid - ok02:05:15.0512 3196 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe02:05:15.0612 3196 KeyIso - ok02:05:15.0652 3196 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys02:05:15.0762 3196 KSecDD - ok02:05:15.0792 3196 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys02:05:15.0892 3196 KSecPkg - ok02:05:15.0922 3196 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys02:05:15.0932 3196 ksthunk - ok02:05:15.0962 3196 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll02:05:15.0982 3196 KtmRm - ok02:05:16.0012 3196 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll02:05:16.0022 3196 LanmanServer - ok02:05:16.0042 3196 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll02:05:16.0052 3196 LanmanWorkstation - ok02:05:16.0102 3196 [ 3503F257B3203F824B1567238EBE17E2 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe02:05:16.0212 3196 LightScribeService - ok02:05:16.0252 3196 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys02:05:16.0262 3196 lltdio - ok02:05:16.0292 3196 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll02:05:16.0302 3196 lltdsvc - ok02:05:16.0322 3196 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll02:05:16.0332 3196 lmhosts - ok02:05:16.0362 3196 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys02:05:16.0372 3196 LSI_FC - ok02:05:16.0422 3196 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys02:05:16.0422 3196 LSI_SAS - ok02:05:16.0442 3196 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys02:05:16.0442 3196 LSI_SAS2 - ok02:05:16.0462 3196 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys02:05:16.0472 3196 LSI_SCSI - ok02:05:16.0492 3196 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys02:05:16.0492 3196 luafv - ok02:05:16.0542 3196 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys02:05:16.0642 3196 MBAMProtector - ok02:05:16.0702 3196 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe02:05:16.0832 3196 MBAMScheduler - ok02:05:16.0862 3196 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe02:05:17.0002 3196 MBAMService - ok02:05:17.0112 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe02:05:17.0222 3196 McAfee SiteAdvisor Service - ok02:05:17.0252 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe02:05:17.0342 3196 McMPFSvc - ok02:05:17.0352 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe02:05:17.0452 3196 mcmscsvc - ok02:05:17.0462 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe02:05:17.0562 3196 McNaiAnn - ok02:05:17.0632 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe02:05:17.0742 3196 McNASvc - ok02:05:17.0872 3196 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe02:05:17.0882 3196 McODS - ok02:05:17.0952 3196 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe02:05:18.0044 3196 McProxy - ok02:05:18.0104 3196 [ E998E3B12101288D716558466CBF6AE1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe02:05:18.0104 3196 McShield - ok02:05:18.0134 3196 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll02:05:18.0234 3196 Mcx2Svc - ok02:05:18.0244 3196 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys02:05:18.0254 3196 megasas - ok02:05:18.0284 3196 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys02:05:18.0304 3196 MegaSR - ok02:05:18.0344 3196 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys02:05:18.0454 3196 mfeapfk - ok02:05:18.0494 3196 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys02:05:18.0594 3196 mfeavfk - ok02:05:18.0654 3196 mfeavfk01 - ok02:05:18.0694 3196 [ B26782C3D6045B4464017D7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe02:05:18.0805 3196 mfefire - ok02:05:18.0846 3196 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys02:05:18.0956 3196 mfefirek - ok02:05:19.0006 3196 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys02:05:19.0126 3196 mfehidk - ok02:05:19.0166 3196 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys02:05:19.0246 3196 mfenlfk - ok02:05:19.0316 3196 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys02:05:19.0411 3196 mferkdet - ok02:05:19.0430 3196 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\Windows\system32\mfevtps.exe02:05:19.0520 3196 mfevtp - ok02:05:19.0570 3196 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys02:05:19.0670 3196 mfewfpk - ok02:05:19.0711 3196 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll02:05:19.0717 3196 MMCSS - ok02:05:19.0738 3196 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys02:05:19.0742 3196 Modem - ok02:05:19.0772 3196 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys02:05:19.0772 3196 monitor - ok02:05:19.0802 3196 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys02:05:19.0812 3196 mouclass - ok02:05:19.0842 3196 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys02:05:19.0852 3196 mouhid - ok02:05:19.0892 3196 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys02:05:19.0992 3196 mountmgr - ok02:05:20.0032 3196 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys02:05:20.0142 3196 mpio - ok02:05:20.0172 3196 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys02:05:20.0182 3196 mpsdrv - ok02:05:20.0222 3196 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll02:05:20.0312 3196 MpsSvc - ok02:05:20.0342 3196 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys02:05:20.0442 3196 MRxDAV - ok02:05:20.0472 3196 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys02:05:20.0582 3196 mrxsmb - ok02:05:20.0622 3196 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys02:05:20.0712 3196 mrxsmb10 - ok02:05:20.0732 3196 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys02:05:20.0822 3196 mrxsmb20 - ok02:05:20.0852 3196 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys02:05:20.0949 3196 msahci - ok02:05:20.0967 3196 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys02:05:21.0066 3196 msdsm - ok02:05:21.0096 3196 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe02:05:21.0106 3196 MSDTC - ok02:05:21.0156 3196 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys02:05:21.0156 3196 Msfs - ok02:05:21.0196 3196 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys02:05:21.0196 3196 mshidkmdf - ok02:05:21.0216 3196 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys02:05:21.0226 3196 msisadrv - ok02:05:21.0256 3196 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll02:05:21.0276 3196 MSiSCSI - ok02:05:21.0286 3196 msiserver - ok02:05:21.0316 3196 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys02:05:21.0316 3196 MSKSSRV - ok02:05:21.0336 3196 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys02:05:21.0346 3196 MSPCLOCK - ok02:05:21.0366 3196 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys02:05:21.0366 3196 MSPQM - ok02:05:21.0396 3196 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys02:05:21.0466 3196 MsRPC - ok02:05:21.0486 3196 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys02:05:21.0496 3196 mssmbios - ok02:05:21.0516 3196 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys02:05:21.0526 3196 MSTEE - ok02:05:21.0536 3196 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys02:05:21.0536 3196 MTConfig - ok02:05:21.0556 3196 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys02:05:21.0566 3196 Mup - ok02:05:21.0606 3196 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll02:05:21.0686 3196 napagent - ok02:05:21.0726 3196 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys02:05:21.0746 3196 NativeWifiP - ok02:05:21.0796 3196 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys02:05:21.0916 3196 NDIS - ok02:05:21.0946 3196 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys02:05:21.0956 3196 NdisCap - ok02:05:21.0986 3196 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys02:05:21.0996 3196 NdisTapi - ok02:05:22.0026 3196 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys02:05:22.0116 3196 Ndisuio - ok02:05:22.0166 3196 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys02:05:22.0276 3196 NdisWan - ok02:05:22.0306 3196 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys02:05:22.0426 3196 NDProxy - ok02:05:22.0446 3196 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys02:05:22.0456 3196 NetBIOS - ok02:05:22.0476 3196 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys02:05:22.0566 3196 NetBT - ok02:05:22.0596 3196 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe02:05:22.0686 3196 Netlogon - ok02:05:22.0716 3196 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll02:05:22.0736 3196 Netman - ok02:05:22.0756 3196 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll02:05:22.0766 3196 netprofm - ok02:05:22.0826 3196 [ 064AB63C9A588D2611306AE16D017E7E ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys02:05:22.0926 3196 netr28x - ok02:05:22.0966 3196 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe02:05:22.0976 3196 NetTcpPortSharing - ok02:05:22.0986 3196 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys02:05:22.0996 3196 nfrd960 - ok02:05:23.0026 3196 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll02:05:23.0026 3196 NlaSvc - ok02:05:23.0066 3196 [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys02:05:23.0166 3196 nmwcd - ok02:05:23.0196 3196 [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys02:05:23.0286 3196 nmwcdc - ok02:05:23.0316 3196 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys02:05:23.0326 3196 Npfs - ok02:05:23.0346 3196 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll02:05:23.0356 3196 nsi - ok02:05:23.0366 3196 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys02:05:23.0376 3196 nsiproxy - ok02:05:23.0446 3196 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys02:05:23.0566 3196 Ntfs - ok02:05:23.0596 3196 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys02:05:23.0606 3196 Null - ok02:05:23.0646 3196 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys02:05:23.0746 3196 nvraid - ok02:05:23.0776 3196 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys02:05:23.0866 3196 nvstor - ok02:05:23.0896 3196 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys02:05:23.0906 3196 nv_agp - ok02:05:23.0976 3196 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE02:05:24.0096 3196 odserv - ok02:05:24.0136 3196 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys02:05:24.0146 3196 ohci1394 - ok02:05:24.0166 3196 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE02:05:24.0276 3196 ose - ok02:05:24.0296 3196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll02:05:24.0306 3196 p2pimsvc - ok02:05:24.0326 3196 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll02:05:24.0346 3196 p2psvc - ok02:05:24.0376 3196 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys02:05:24.0386 3196 Parport - ok02:05:24.0406 3196 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys02:05:24.0496 3196 partmgr - ok02:05:24.0526 3196 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll02:05:24.0536 3196 PcaSvc - ok02:05:24.0556 3196 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys02:05:24.0656 3196 pccsmcfd - ok02:05:24.0686 3196 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys02:05:24.0836 3196 pci - ok02:05:24.0876 3196 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys02:05:24.0886 3196 pciide - ok02:05:24.0916 3196 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys02:05:24.0926 3196 pcmcia - ok02:05:24.0956 3196 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys02:05:24.0966 3196 pcw - ok02:05:24.0986 3196 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys02:05:25.0006 3196 PEAUTH - ok02:05:25.0086 3196 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe02:05:25.0086 3196 PerfHost - ok02:05:25.0156 3196 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll02:05:25.0286 3196 pla - ok02:05:25.0336 3196 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll02:05:25.0416 3196 PlugPlay - ok02:05:25.0436 3196 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll02:05:25.0446 3196 PNRPAutoReg - ok02:05:25.0466 3196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll02:05:25.0476 3196 PNRPsvc - ok02:05:25.0496 3196 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll02:05:25.0576 3196 PolicyAgent - ok02:05:25.0621 3196 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll02:05:25.0631 3196 Power - ok02:05:25.0658 3196 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys02:05:25.0748 3196 PptpMiniport - ok02:05:25.0778 3196 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys02:05:25.0788 3196 Processor - ok02:05:25.0828 3196 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll02:05:25.0838 3196 ProfSvc - ok02:05:25.0858 3196 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe02:05:25.0958 3196 ProtectedStorage - ok02:05:26.0018 3196 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys02:05:26.0118 3196 Psched - ok02:05:26.0178 3196 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys02:05:26.0228 3196 ql2300 - ok02:05:26.0248 3196 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys02:05:26.0258 3196 ql40xx - ok02:05:26.0278 3196 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll02:05:26.0288 3196 QWAVE - ok02:05:26.0318 3196 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys02:05:26.0328 3196 QWAVEdrv - ok02:05:26.0338 3196 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys02:05:26.0348 3196 RasAcd - ok02:05:26.0388 3196 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys02:05:26.0388 3196 RasAgileVpn - ok02:05:26.0408 3196 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll02:05:26.0418 3196 RasAuto - ok02:05:26.0468 3196 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys02:05:26.0578 3196 Rasl2tp - ok02:05:26.0608 3196 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll02:05:26.0684 3196 RasMan - ok02:05:26.0700 3196 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys02:05:26.0710 3196 RasPppoe - ok02:05:26.0738 3196 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys02:05:26.0743 3196 RasSstp - ok02:05:26.0763 3196 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys02:05:26.0850 3196 rdbss - ok02:05:26.0870 3196 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys02:05:26.0880 3196 rdpbus - ok02:05:26.0900 3196 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys02:05:26.0900 3196 RDPCDD - ok02:05:26.0930 3196 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys02:05:26.0930 3196 RDPENCDD - ok02:05:26.0950 3196 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys02:05:26.0960 3196 RDPREFMP - ok02:05:26.0990 3196 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys02:05:27.0081 3196 RDPWD - ok02:05:27.0112 3196 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys02:05:27.0204 3196 rdyboost - ok02:05:27.0234 3196 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll02:05:27.0244 3196 RemoteAccess - ok02:05:27.0274 3196 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll02:05:27.0274 3196 RemoteRegistry - ok02:05:27.0314 3196 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys02:05:27.0408 3196 RimUsb - ok02:05:27.0428 3196 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll02:05:27.0431 3196 RpcEptMapper - ok02:05:27.0458 3196 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe02:05:27.0468 3196 RpcLocator - ok02:05:27.0495 3196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll02:05:27.0502 3196 RpcSs - ok02:05:27.0536 3196 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys02:05:27.0546 3196 rspndr - ok02:05:27.0586 3196 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys02:05:27.0686 3196 RTL8167 - ok02:05:27.0696 3196 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe02:05:27.0796 3196 SamSs - ok02:05:27.0828 3196 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys02:05:27.0931 3196 sbp2port - ok02:05:27.0957 3196 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll02:05:27.0960 3196 SCardSvr - ok02:05:27.0990 3196 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys02:05:28.0088 3196 scfilter - ok02:05:28.0132 3196 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll02:05:28.0232 3196 Schedule - ok02:05:28.0262 3196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll02:05:28.0262 3196 SCPolicySvc - ok02:05:28.0282 3196 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll02:05:28.0372 3196 SDRSVC - ok02:05:28.0402 3196 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys02:05:28.0412 3196 secdrv - ok02:05:28.0422 3196 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll02:05:28.0492 3196 seclogon - ok02:05:28.0522 3196 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll02:05:28.0522 3196 SENS - ok02:05:28.0532 3196 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll02:05:28.0542 3196 SensrSvc - ok02:05:28.0562 3196 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys02:05:28.0562 3196 Serenum - ok02:05:28.0582 3196 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys02:05:28.0582 3196 Serial - ok02:05:28.0602 3196 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys02:05:28.0602 3196 sermouse - ok02:05:28.0682 3196 [ 668043F192AB9659761A349A4703600D ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe02:05:28.0822 3196 ServiceLayer - ok02:05:28.0872 3196 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll02:05:28.0952 3196 SessionEnv - ok02:05:28.0978 3196 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys02:05:28.0984 3196 sffdisk - ok02:05:28.0994 3196 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys02:05:29.0004 3196 sffp_mmc - ok02:05:29.0004 3196 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys02:05:29.0094 3196 sffp_sd - ok02:05:29.0114 3196 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys02:05:29.0124 3196 sfloppy - ok02:05:29.0164 3196 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll02:05:29.0184 3196 SharedAccess - ok02:05:29.0204 3196 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll02:05:29.0294 3196 ShellHWDetection - ok02:05:29.0304 3196 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys02:05:29.0304 3196 SiSRaid2 - ok02:05:29.0334 3196 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys02:05:29.0334 3196 SiSRaid4 - ok02:05:29.0374 3196 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys02:05:29.0384 3196 Smb - ok02:05:29.0434 3196 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe02:05:29.0454 3196 SNMPTRAP - ok02:05:29.0464 3196 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys02:05:29.0474 3196 spldr - ok02:05:29.0524 3196 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe02:05:29.0534 3196 Spooler - ok02:05:29.0624 3196 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe02:05:29.0768 3196 sppsvc - ok02:05:29.0795 3196 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll02:05:29.0796 3196 sppuinotify - ok02:05:29.0836 3196 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys02:05:29.0934 3196 srv - ok02:05:29.0968 3196 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys02:05:30.0060 3196 srv2 - ok02:05:30.0070 3196 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys02:05:30.0170 3196 srvnet - ok02:05:30.0220 3196 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys02:05:30.0330 3196 ssadbus - ok02:05:30.0390 3196 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys02:05:30.0480 3196 ssadmdfl - ok02:05:30.0500 3196 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys02:05:30.0600 3196 ssadmdm - ok02:05:30.0640 3196 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll02:05:30.0650 3196 SSDPSRV - ok02:05:30.0680 3196 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll02:05:30.0690 3196 SstpSvc - ok02:05:30.0720 3196 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys02:05:30.0720 3196 stexstor - ok02:05:30.0770 3196 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll02:05:30.0850 3196 stisvc - ok02:05:30.0880 3196 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys02:05:30.0880 3196 swenum - ok02:05:30.0910 3196 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll02:05:30.0940 3196 swprv - ok02:05:30.0990 3196 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll02:05:31.0090 3196 SysMain - ok02:05:31.0130 3196 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll02:05:31.0200 3196 TabletInputService - ok02:05:31.0220 3196 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll02:05:31.0300 3196 TapiSrv - ok02:05:31.0320 3196 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll02:05:31.0330 3196 TBS - ok02:05:31.0410 3196 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys02:05:31.0530 3196 Tcpip - ok02:05:31.0570 3196 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys02:05:31.0580 3196 TCPIP6 - ok02:05:31.0610 3196 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys02:05:31.0700 3196 tcpipreg - ok02:05:31.0730 3196 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys02:05:31.0740 3196 TDPIPE - ok02:05:31.0770 3196 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys02:05:31.0860 3196 TDTCP - ok02:05:31.0900 3196 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys02:05:31.0980 3196 tdx - ok02:05:32.0000 3196 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys02:05:32.0080 3196 TermDD - ok02:05:32.0100 3196 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll02:05:32.0190 3196 TermService - ok02:05:32.0220 3196 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll02:05:32.0230 3196 Themes - ok02:05:32.0240 3196 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll02:05:32.0250 3196 THREADORDER - ok02:05:32.0260 3196 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll02:05:32.0270 3196 TrkWks - ok02:05:32.0320 3196 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe02:05:32.0410 3196 TrustedInstaller - ok02:05:32.0450 3196 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys02:05:32.0540 3196 tssecsrv - ok02:05:32.0590 3196 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys02:05:32.0690 3196 TsUsbFlt - ok02:05:32.0720 3196 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys02:05:32.0810 3196 tunnel - ok02:05:32.0840 3196 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys02:05:32.0850 3196 uagp35 - ok02:05:32.0870 3196 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys02:05:32.0980 3196 udfs - ok02:05:33.0020 3196 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe02:05:33.0040 3196 UI0Detect - ok02:05:33.0070 3196 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys02:05:33.0090 3196 uliagpkx - ok02:05:33.0130 3196 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys02:05:33.0240 3196 umbus - ok02:05:33.0280 3196 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys02:05:33.0280 3196 UmPass - ok02:05:33.0310 3196 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll02:05:33.0320 3196 upnphost - ok02:05:33.0360 3196 [ 4E93C8496359E97830C75AC36393654D ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys02:05:33.0440 3196 upperdev - ok02:05:33.0480 3196 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys02:05:33.0580 3196 USBAAPL64 - ok02:05:33.0620 3196 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys02:05:33.0720 3196 usbccgp - ok02:05:33.0760 3196 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys02:05:33.0770 3196 usbcir - ok02:05:33.0790 3196 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys02:05:33.0890 3196 usbehci - ok02:05:33.0930 3196 [ 858BE9C0E498C8E505E198E17EECE0D9 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys02:05:34.0020 3196 usbfilter - ok02:05:34.0060 3196 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys02:05:34.0142 3196 usbhub - ok02:05:34.0162 3196 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys02:05:34.0252 3196 usbohci - ok02:05:34.0292 3196 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys02:05:34.0292 3196 usbprint - ok02:05:34.0322 3196 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys02:05:34.0332 3196 usbscan - ok02:05:34.0362 3196 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys02:05:34.0472 3196 usbser - ok02:05:34.0492 3196 [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys02:05:34.0582 3196 UsbserFilt - ok02:05:34.0602 3196 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS02:05:34.0682 3196 USBSTOR - ok02:05:34.0702 3196 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys02:05:34.0792 3196 usbuhci - ok02:05:34.0852 3196 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys02:05:34.0962 3196 usbvideo - ok02:05:35.0002 3196 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll02:05:35.0012 3196 UxSms - ok02:05:35.0032 3196 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe02:05:35.0132 3196 VaultSvc - ok02:05:35.0162 3196 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys02:05:35.0172 3196 vdrvroot - ok02:05:35.0212 3196 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe02:05:35.0322 3196 vds - ok02:05:35.0362 3196 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys02:05:35.0372 3196 vga - ok02:05:35.0372 3196 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys02:05:35.0382 3196 VgaSave - ok02:05:35.0402 3196 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys02:05:35.0492 3196 vhdmp - ok02:05:35.0532 3196 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys02:05:35.0532 3196 viaide - ok02:05:35.0552 3196 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys02:05:35.0662 3196 volmgr - ok02:05:35.0682 3196 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys02:05:35.0782 3196 volmgrx - ok02:05:35.0802 3196 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys02:05:35.0902 3196 volsnap - ok02:05:35.0942 3196 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys02:05:35.0952 3196 vsmraid - ok02:05:36.0002 3196 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe02:05:36.0152 3196 VSS - ok02:05:36.0182 3196 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys02:05:36.0182 3196 vwifibus - ok02:05:36.0202 3196 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys02:05:36.0202 3196 vwififlt - ok02:05:36.0232 3196 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll02:05:36.0252 3196 W32Time - ok02:05:36.0262 3196 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys02:05:36.0272 3196 WacomPen - ok02:05:36.0322 3196 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys02:05:36.0432 3196 WANARP - ok02:05:36.0432 3196 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys02:05:36.0442 3196 Wanarpv6 - ok02:05:36.0502 3196 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe02:05:36.0612 3196 WatAdminSvc - ok02:05:36.0652 3196 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe02:05:36.0762 3196 wbengine - ok02:05:36.0792 3196 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll02:05:36.0812 3196 WbioSrvc - ok02:05:36.0842 3196 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll02:05:36.0922 3196 wcncsvc - ok02:05:36.0942 3196 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll02:05:36.0952 3196 WcsPlugInService - ok02:05:36.0972 3196 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys02:05:36.0982 3196 Wd - ok02:05:37.0012 3196 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys02:05:37.0032 3196 Wdf01000 - ok02:05:37.0052 3196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll02:05:37.0052 3196 WdiServiceHost - ok02:05:37.0062 3196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll02:05:37.0062 3196 WdiSystemHost - ok02:05:37.0102 3196 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll02:05:37.0202 3196 WebClient - ok02:05:37.0242 3196 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll02:05:37.0262 3196 Wecsvc - ok02:05:37.0292 3196 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll02:05:37.0292 3196 wercplsupport - ok02:05:37.0332 3196 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll02:05:37.0342 3196 WerSvc - ok02:05:37.0372 3196 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys02:05:37.0382 3196 WfpLwf - ok02:05:37.0392 3196 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys02:05:37.0402 3196 WIMMount - ok02:05:37.0432 3196 WinDefend - ok02:05:37.0432 3196 WinHttpAutoProxySvc - ok02:05:37.0502 3196 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll02:05:37.0512 3196 Winmgmt - ok02:05:37.0582 3196 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll02:05:37.0682 3196 WinRM - ok02:05:37.0742 3196 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys02:05:37.0850 3196 WinUsb - ok02:05:37.0894 3196 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll02:05:37.0914 3196 Wlansvc - ok02:05:37.0994 3196 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe02:05:38.0084 3196 wlcrasvc - ok02:05:38.0214 3196 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE02:05:38.0344 3196 wlidsvc - ok02:05:38.0374 3196 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys02:05:38.0384 3196 WmiAcpi - ok02:05:38.0414 3196 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe02:05:38.0424 3196 wmiApSrv - ok02:05:38.0464 3196 WMPNetworkSvc - ok02:05:38.0504 3196 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll02:05:38.0514 3196 WPCSvc - ok02:05:38.0564 3196 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll02:05:38.0634 3196 WPDBusEnum - ok02:05:38.0674 3196 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys02:05:38.0684 3196 ws2ifsl - ok02:05:38.0714 3196 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll02:05:38.0724 3196 wscsvc - ok02:05:38.0724 3196 WSearch - ok02:05:38.0794 3196 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll02:05:38.0904 3196 wuauserv - ok02:05:38.0934 3196 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys02:05:39.0034 3196 WudfPf - ok02:05:39.0054 3196 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys02:05:39.0154 3196 WUDFRd - ok02:05:39.0194 3196 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll02:05:39.0264 3196 wudfsvc - ok02:05:39.0350 3196 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll02:05:39.0356 3196 WwanSvc - ok02:05:39.0396 3196 ================ Scan global ===============================02:05:39.0426 3196 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll02:05:39.0466 3196 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll02:05:39.0548 3196 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll02:05:39.0578 3196 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll02:05:39.0598 3196 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe02:05:39.0598 3196 [Global] - ok02:05:39.0598 3196 ================ Scan MBR ==================================02:05:39.0608 3196 [ 413C67F8F0B59E85B19BD3FE8DB93C9A ] \Device\Harddisk0\DR002:05:39.0758 3196 \Device\Harddisk0\DR0 - ok02:05:39.0768 3196 ================ Scan VBR ==================================02:05:39.0768 3196 [ AB3555CE06AB81C226DE2116CB4F4A86 ] \Device\Harddisk0\DR0\Partition102:05:39.0768 3196 \Device\Harddisk0\DR0\Partition1 - ok02:05:39.0778 3196 [ 8A0806BBFE040B88E194312C67BA9480 ] \Device\Harddisk0\DR0\Partition202:05:39.0778 3196 \Device\Harddisk0\DR0\Partition2 - ok02:05:39.0808 3196 [ 3620B12D2611A019E7CF734D023981A6 ] \Device\Harddisk0\DR0\Partition302:05:39.0818 3196 \Device\Harddisk0\DR0\Partition3 - ok02:05:39.0818 3196 ============================================================02:05:39.0818 3196 Scan finished02:05:39.0818 3196 ============================================================02:05:39.0828 2844 Detected object count: 002:05:39.0828 2844 Actual detected object count: 002:08:06.0046 5908 Deinitialize successaswMBR version 0.9.9.1707 Copyright© 2011 AVAST SoftwareRun date: 2012-11-11 02:14:39-----------------------------02:14:39.703 OS Version: Windows x64 6.1.7601 Service Pack 102:14:39.703 Number of processors: 2 586 0x60202:14:39.705 ComputerName: AARONS-HP UserName: aarons02:14:42.061 Initialize success02:55:02.016 AVAST engine defs: 1211100202:59:27.967 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005702:59:27.977 Disk 0 Vendor: ST350041 HP35 Size: 476940MB BusType: 1102:59:27.987 Disk 0 MBR read successfully02:59:27.987 Disk 0 MBR scan02:59:28.007 Disk 0 unknown MBR code02:59:28.007 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 204802:59:28.017 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464913 MB offset 20684802:59:28.057 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11925 MB offset 95234867202:59:28.107 Disk 0 scanning C:\Windows\system32\drivers02:59:44.321 Service scanning03:00:09.057 Modules scanning03:00:09.067 Disk 0 trace - called modules:03:00:09.107 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys03:00:09.117 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003a3a060]03:00:09.137 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8003a27040]03:00:09.147 5 amdxata.sys[fffff880011207a8] -> nt!IofCallDriver -> [0xfffffa8003a22480]03:00:09.147 7 ACPI.sys[fffff88000f7e7a1] -> nt!IofCallDriver -> \Device\00000057[0xfffffa8003a23060]03:00:14.619 AVAST engine scan C:\Windows03:00:25.041 AVAST engine scan C:\Windows\system3203:07:25.028 AVAST engine scan C:\Windows\system32\drivers03:07:42.668 AVAST engine scan C:\Users\aarons03:14:41.984 AVAST engine scan C:\ProgramData03:30:47.004 Scan finished successfully18:21:54.114 Disk 0 MBR has been saved successfully to "C:\Users\aarons\Documents\MBR.dat"18:21:54.129 The log file has been saved successfully to "C:\Users\aarons\Documents\aswMBR.txt" Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 11, 2012 Staff ID:612185 Share Posted November 11, 2012 Hellosee if this will unhide the things that are hidden - http://download.bleepingcomputer.com/grinler/unhide.exe:Run CFScript:Open Notepad and copy/paste the text in the box into the window: ClearJavaCache:: Save it to your desktop as CFScript.txtRefering to the picture above, drag CFScript.txt into ComboFix.exeThis will let ComboFix run again.Restart if you have to.Save the produced logfile to your desktop.Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the followingreport from Combofixlet me know of any problems you may have hadHow is the computer doing now after running the script?Gringo Link to post Share on other sites More sharing options...
Riccio Posted November 12, 2012 Author ID:612235 Share Posted November 12, 2012 It ran combo fix after dragging CFScript, I left my computer until it finished the scan. I returned to my computer to find it had restarted itself, when I logged back on to my computer, Combo fix repeatedly popped up and closed itself over and over. I had to run the computer in safe mode to get on the forum. Link to post Share on other sites More sharing options...
Riccio Posted November 12, 2012 Author ID:612250 Share Posted November 12, 2012 Also, all of the logs that were saved to my desktop throughout this process have been hidden, and so have my start menu options again. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 12, 2012 Staff ID:612258 Share Posted November 12, 2012 HelloLets get a deeper look into the system and see if something shows up.Download and run OTLDownload OTL by Old Timer and save it to your Desktop.Double click on OTL.exe to run it.Under Output, ensure that Minimal Output is selected.Under Extra Registry section, select Use SafeList.Click the Scan All Users checkbox.Click on Run Scan at the top left hand corner.When done, two Notepad files will open.OTL.txt <-- Will be opened and the that I need posted back hereExtra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later[*]Please post the contents of OTL.txt in your next reply.Gringo Link to post Share on other sites More sharing options...
Riccio Posted November 12, 2012 Author ID:612266 Share Posted November 12, 2012 OTL logfile created on: 11/11/2012 8:42:53 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael Riccio\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.75 Gb Total Physical Memory | 3.03 Gb Available Physical Memory | 80.91% Memory free7.50 Gb Paging File | 6.79 Gb Available in Paging File | 90.62% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 454.02 Gb Total Space | 399.71 Gb Free Space | 88.04% Space Free | Partition Type: NTFSDrive D: | 11.65 Gb Total Space | 1.42 Gb Free Space | 12.20% Space Free | Partition Type: NTFSComputer Name: AARONS-HP | User Name: aarons | Logged in as Administrator.Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - C:\Users\Michael Riccio\Downloads\OTL.exe (OldTimer Tools)PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)========== Modules (No Company Name) ==================== Services (SafeList) ==========SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)========== Driver Services (SafeList) ==========DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1IE:64bit: - HKLM\..\SearchScopes,DefaultScope =IE:64bit: - HKLM\..\SearchScopes\{05BB2EBC-A7FF-405E-9EFA-37785789643A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxIE:64bit: - HKLM\..\SearchScopes\{19A796F4-A878-4EB2-A04E-155D080A5063}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdIE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{05BB2EBC-A7FF-405E-9EFA-37785789643A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{19A796F4-A878-4EB2-A04E-155D080A5063}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z128&install_date=20111203IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS433IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.localIE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value foundIE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..\SearchScopes,DefaultScope = {19A796F4-A878-4EB2-A04E-155D080A5063}IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enIE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..\SearchScopes\{6F39D552-2EB3-4668-9687-03CCB46D63F6}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=HKCIE&o=102807&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=4K&apn_dtid=YYYYYYYYUS&apn_uid=37335c0f-52cf-466f-844b-9a5b0a674ea6&apn_sauid=2A05CF1B-51DD-466E-B078-270E75025146IE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..\SearchScopes\{82397087-0570-4A8D-B105-F1E1DA70AFBA}: "URL" = http://www.bing.com/search?FORM=HPDTDF&PC=HPDTDF&q={searchTerms}&src=IE-SearchBoxIE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll ()FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011/12/29 19:10:55 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/11/07 04:32:36 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/26 08:25:18 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/12/29 19:10:56 | 000,000,000 | ---D | M]O1 HOSTS File: ([2012/11/11 19:38:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120623055355.dll (McAfee, Inc.)O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (Dallas Cowboys BHO) - {69CE821F-3668-475A-B66F-94719B322DE3} - C:\Program Files (x86)\Dallas Cowboys\Toolbar.dll ()O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623055355.dll (McAfee, Inc.)O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (Dallas Cowboys) - {27E7F580-724E-46EB-846F-96C2396D23ED} - C:\Program Files (x86)\Dallas Cowboys\Toolbar.dll ()O3:64bit: - HKU\S-1-5-21-4091956286-139085011-1590961876-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3:64bit: - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O4:64bit: - HKLM..\Run: [combofix] C:\ComboFix\CF25026.3XE (Microsoft Corporation)O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)O4 - HKLM..\Run: [PCPowerSpeed] C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe (Crawler.com)O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKU\S-1-5-21-4091956286-139085011-1590961876-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()O4 - HKU\S-1-5-21-4091956286-139085011-1590961876-1000..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)O4 - HKU\S-1-5-21-4091956286-139085011-1590961876-1004..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()O4:64bit: - HKLM..\RunOnce: [combofix] C:\ComboFix\CF25026.3XE (Microsoft Corporation)O4:64bit: - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not foundO4 - Startup: C:\Users\Michael Riccio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-4091956286-139085011-1590961876-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-4091956286-139085011-1590961876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO13 - gopher Prefix: missingO15 - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..Trusted Domains: soe.com ([]* in Trusted sites)O15 - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..Trusted Domains: sony.com ([]* in Trusted sites)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B85BAF0-EF2C-4A61-BAEA-C45EC4CDE511}: DhcpNameServer = 192.168.1.254O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2012/11/11 19:24:05 | 000,000,000 | --SD | C] -- C:\ComboFix[2012/11/11 19:22:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/11/10 10:49:54 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/11/10 10:24:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/11/10 10:24:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/11/10 10:24:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/11/10 10:24:18 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/11/10 10:23:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2012/11/09 18:23:57 | 000,000,000 | ---D | C] -- C:\Users\aarons\Desktop\RK_Quarantine[2012/11/08 23:38:08 | 000,000,000 | ---D | C] -- C:\Users\aarons\AppData\Roaming\Malwarebytes[2012/11/08 23:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2012/11/08 23:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2012/11/08 23:37:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2012/11/08 23:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2012/11/01 23:46:08 | 000,000,000 | ---D | C] -- C:\Users\aarons\AppData\Local\ElevatedDiagnostics[2012/11/01 23:45:26 | 000,000,000 | ---D | C] -- C:\Windows\pss[2012/11/01 21:49:53 | 000,000,000 | ---D | C] -- C:\Config.Msi[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/11/11 20:19:00 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk[2012/11/11 20:16:25 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/11/11 20:16:25 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/11/11 20:16:25 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/11/11 20:12:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/11/11 20:11:55 | 3018,661,888 | -HS- | M] () -- C:\hiberfil.sys[2012/11/11 20:09:21 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/11/11 19:48:32 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/11/11 19:48:32 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/11/11 19:40:42 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForaarons.job[2012/11/11 19:38:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2012/11/11 19:03:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/11/11 18:48:19 | 000,012,973 | ---- | M] () -- C:\Users\aarons\Desktop\ComboFix NSIS Installer.lnk[2012/11/11 18:21:54 | 000,000,512 | ---- | M] () -- C:\Users\aarons\Documents\MBR.dat[2012/11/11 03:08:44 | 000,013,917 | ---- | M] () -- C:\Users\aarons\Desktop\iexplore - Shortcut.lnk[2012/11/09 18:13:47 | 000,000,102 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat[2012/11/09 14:18:39 | 000,000,000 | ---- | M] () -- C:\Users\aarons\defogger_reenable[2012/11/08 23:38:01 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/11/08 22:05:23 | 000,000,160 | ---- | M] () -- C:\ProgramData\-hA8UYwv7FPqnAwr[2012/11/08 22:05:23 | 000,000,152 | ---- | M] () -- C:\ProgramData\-hA8UYwv7FPqnAw[2012/10/31 09:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files Created - No Company Name ==========[2012/11/11 18:48:19 | 000,012,973 | ---- | C] () -- C:\Users\aarons\Desktop\ComboFix NSIS Installer.lnk[2012/11/11 18:21:54 | 000,000,512 | ---- | C] () -- C:\Users\aarons\Documents\MBR.dat[2012/11/11 03:08:44 | 000,013,917 | ---- | C] () -- C:\Users\aarons\Desktop\iexplore - Shortcut.lnk[2012/11/10 10:24:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/11/10 10:24:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/11/10 10:24:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/11/10 10:24:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/11/10 10:24:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/11/09 18:13:34 | 000,000,102 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat[2012/11/09 14:18:39 | 000,000,000 | ---- | C] () -- C:\Users\aarons\defogger_reenable[2012/11/08 23:38:01 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/11/08 22:09:03 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk[2012/11/08 22:05:23 | 000,000,160 | ---- | C] () -- C:\ProgramData\-hA8UYwv7FPqnAwr[2012/11/08 22:05:22 | 000,000,152 | ---- | C] () -- C:\ProgramData\-hA8UYwv7FPqnAw[2011/12/04 13:12:45 | 000,000,102 | ---- | C] () -- C:\Users\aarons\AppData\Roaming\wklnhst.dat========== ZeroAccess Check ==========[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]< End of report > Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 12, 2012 Staff ID:612269 Share Posted November 12, 2012 HelloRun this custom script and when it is complete I need to know how the computer is doingRun OTL ScriptDouble-click OTL.exe to start the program.Copy and Paste the following code into the textbox. Do not include the word Code:OTLIE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundO4:64bit: - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not foundO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.IE:64bit: - HKLM\..\SearchScopes\{19A796F4-A878-4EB2-A04E-155D080A5063}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpdIE - HKLM\..\SearchScopes\{19A796F4-A878-4EB2-A04E-155D080A5063}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd[2012/11/08 22:05:23 | 000,000,160 | ---- | M] () -- C:\ProgramData\-hA8UYwv7FPqnAwr[2012/11/08 22:05:23 | 000,000,152 | ---- | M] () -- C:\ProgramData\-hA8UYwv7FPqnAw:Filesipconfig /flushdns /c:Commands[PURITY][emptyjava][EMPTYFLASH]Then click the Run Fix button at the top.Click .OTL may ask to reboot the machine. Please do so if asked. The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.Let me know How things are doingGringo Link to post Share on other sites More sharing options...
Riccio Posted November 12, 2012 Author ID:612286 Share Posted November 12, 2012 Error: Unable to interpret <:OTLIE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundO4:64bit: - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not foundO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLS> in the current context!Error: Unable to interpret <ID value found.IE:64bit: - HKLM\..\SearchScopes\{19A796F4-A878-4EB2-A04E-155D080A5063}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpdIE - HKLM\..\SearchScopes\{19A796F4-A878-4EB2-A04E-155D080A5063}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd[2012/11/08 22:05:23 | 000,000,160 | ---- | M] () -- C:\ProgramData\-hA8UYwv7FPqnAwr[2012/11/08 22:05:23 | 000,000,152 | ---- | M] () -- C:\ProgramData\-hA8UYwv7FPqnAw:Filesipconfig /flushdns /c:Commands[PURITY][emptyjava][EMPTYFLASH]> in the current context!OTL by OldTimer - Version 3.2.69.0 log created on 11112012_214656 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 12, 2012 Staff ID:612289 Share Posted November 12, 2012 I need you to redo the script and this time I need you to make sure to include the :OTL Link to post Share on other sites More sharing options...
Riccio Posted November 12, 2012 Author ID:612291 Share Posted November 12, 2012 The ":OTL" at the top of the custom scan? I'm a little confused. I made sure I copied and pasted everything that was there. I retried it multiple times and recieved the same message. Link to post Share on other sites More sharing options...
Riccio Posted November 12, 2012 Author ID:612294 Share Posted November 12, 2012 Are there any specifications on the OTL program that I have to change? Like in "Extra Registry", "Output", "Modules" or anything like that? Everything is in "UseSafeList" except for "Extra Registry" Link to post Share on other sites More sharing options...
Staff gringo_pr Posted November 12, 2012 Staff ID:612295 Share Posted November 12, 2012 this should be in the fix window:OTLIE - HKU\S-1-5-21-4091956286-139085011-1590961876-1004\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundO4:64bit: - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not foundO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.IE:64bit: - HKLM\..\SearchScopes\{19A796F4-A878-4EB2-A04E-155D080A5063}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpdIE - HKLM\..\SearchScopes\{19A796F4-A878-4EB2-A04E-155D080A5063}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd[2012/11/08 22:05:23 | 000,000,160 | ---- | M] () -- C:\ProgramData\-hA8UYwv7FPqnAwr[2012/11/08 22:05:23 | 000,000,152 | ---- | M] () -- C:\ProgramData\-hA8UYwv7FPqnAw:Filesipconfig /flushdns /c:Commands[PURITY][emptyjava][EMPTYFLASH] Link to post Share on other sites More sharing options...
Recommended Posts