Jump to content

The specified service does not exist as an installed service - Windows Vista problem


Recommended Posts

I have a Dell Inspiron 530 Desktop PC with Intel Core 2 Quad Q6600 2.4GHz processor, with 4GB Ram and 32 bit operating system (Windows Vista). All of a sudden it will not connect to my home network, and even something as simple as the audio features are not working. Whenever I try to start any program I get the nasty message that reads "The specified service does not exist as an installed service".

daledoc1 on this forum, asked that I start this post and place the attach.txt and dds.txt log files here to allow the Malwarebytes removal forum to assist me in removing this from my PC.

I have also downloaded the free version on Malwarebytes onto my broken PC and ran a scan and have attached the log file from this scan. It found 41 malicious items and I chose to remove all of those. I hope that was the right thing to do, but after reading other posts on the forum I now realize that this may not have been the right procedure, but its too late now.

I hope these logs provide some insight into what is causing this issue with my PC and I look forward to some advise on how to remedy this situation.

Here is 1st log is the log from the scan by Malwarebytes:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.09.29.05

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Brian :: HOWELL-PC [administrator]

12/1/2012 9:20:56 PM

mbam-log-2012-12-02 (06-46-09).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 626351

Time elapsed: 1 hour(s), 50 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 32

HKCR\CLSID\{02F0243C-2E71-4a1a-A790-6C30888119D0} (PUP.Magoo) -> No action taken.

HKCR\PlayPickleText.Linker.1 (PUP.Magoo) -> No action taken.

HKCR\PlayPickleText.Linker (PUP.Magoo) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> No action taken.

HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.

HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> No action taken.

HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.

HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> No action taken.

HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> No action taken.

HKCR\escort.escortIEPane (PUP.Funmoods) -> No action taken.

HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.

HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> No action taken.

HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> No action taken.

HKCR\funmoods.dskBnd (PUP.Funmoods) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.

HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> No action taken.

HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> No action taken.

HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> No action taken.

HKCR\funmoodsApp.appCore (PUP.Funmoods) -> No action taken.

HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> No action taken.

HKCR\f (PUP.Funmoods) -> No action taken.

HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> No action taken.

HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> No action taken.

HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken.

HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken.

Registry Values Detected: 2

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\Users\Michelle\AppData\Roaming\Smart Internet Protection 2011 (Rogue.SmartInternetProtection2011) -> No action taken.

Files Detected: 14

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$R2ZJVUS.exe (PUP.Bundle.Installer.OI) -> No action taken.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RG20RZP.exe (PUP.Bundle.Installer.OI) -> No action taken.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$ROVWTZD.exe (PUP.AdBundle) -> No action taken.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RULKNGC.exe (PUP.BundleOffers.IIQ) -> No action taken.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RXIW3ZL.exe (PUP.BundleOffers.IIQ) -> No action taken.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RP7OB5D\gimp_freely.exe (PUP.BundleOffers.IIQ) -> No action taken.

C:\Program Files\v-Grabber\Uninstall.exe (PUP.BundleInstaller.VG) -> No action taken.

C:\Users\Michelle\AppData\Local\Temp\msimg32.dll (Trojan.Agent.MRGGen) -> No action taken.

C:\Users\Michelle\AppData\Local\Temp\~!#8204.tmp (Trojan.Agent.MRGGen) -> No action taken.

C:\Users\Brian\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> No action taken.

C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> No action taken.

C:\Users\Brian\AppData\Local\funmoods.crx (PUP.Funmoods) -> No action taken.

C:\Users\Brian\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> No action taken.

C:\Users\Michelle\AppData\Roaming\Smart Internet Protection 2011\Instructions.ini (Rogue.SmartInternetProtection2011) -> No action taken.

(end)

Here is the second log file from Malwarebytes after threat removal:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.09.29.05

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Brian :: HOWELL-PC [administrator]

12/1/2012 9:20:56 PM

mbam-log-2012-12-01 (21-20-56).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 626351

Time elapsed: 1 hour(s), 50 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 32

HKCR\CLSID\{02F0243C-2E71-4a1a-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.

HKCR\PlayPickleText.Linker.1 (PUP.Magoo) -> Quarantined and deleted successfully.

HKCR\PlayPickleText.Linker (PUP.Magoo) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.

HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 2

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\Users\Michelle\AppData\Roaming\Smart Internet Protection 2011 (Rogue.SmartInternetProtection2011) -> Quarantined and deleted successfully.

Files Detected: 14

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$R2ZJVUS.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RG20RZP.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$ROVWTZD.exe (PUP.AdBundle) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RULKNGC.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RXIW3ZL.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RP7OB5D\gimp_freely.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

C:\Program Files\v-Grabber\Uninstall.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.

C:\Users\Michelle\AppData\Local\Temp\msimg32.dll (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.

C:\Users\Michelle\AppData\Local\Temp\~!#8204.tmp (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.

C:\Users\Brian\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Users\Brian\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Users\Brian\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Users\Michelle\AppData\Roaming\Smart Internet Protection 2011\Instructions.ini (Rogue.SmartInternetProtection2011) -> Quarantined and deleted successfully.

(end)

Here is the attach.txt log file:

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 9/3/2008 9:18:08 AM

System Uptime: 11/27/2012 10:13:09 PM (72 hours ago)

.

Motherboard: Dell Inc. | | 0FM586

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2394/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 456 GiB total, 185.544 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 3.883 GiB free.

E: is CDROM (UDF)

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is FIXED (NTFS) - 932 GiB total, 917.702 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

Ace of Spades

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 8.1.3

Adobe Shockwave Player 11.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft MediaImpression HD Edition

ATI Catalyst Control Center

AudibleManager

Banctec Service Agreement

Bing Rewards Client Installer

Bonjour

Brother HL-5370DW

Browser Address Error Redirector

BufferChm

Canon Utilities My Printer

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help English

CCC Help French

CCC Help German

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Polish

CCC Help Portuguese

CCC Help Spanish

CCC Help Thai

CCC Help Turkish

CDDRV_Installer

Cisco WebEx Meetings

Convert AVI to MP4 1.3

Creative MediaSource 5

Creative System Information

Creative ZEN

D110

Dell-eBay

Dell Best of Web

Dell DataSafe Online

Dell Dock

Dell Getting Started Guide

Dell Support Center (Support Software)

Destinations

DeviceDiscovery

doPDF 7.2 printer

Dropbox

EDocs

Google Desktop

GoToAssist Corporate

GPBaseService2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 14.0

HP Imaging Device Functions 14.0

HP Photo Creations

HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPAppStudio

HPPhotoGadget

HPProductAssistant

HPSSupply

iCloud

Infinisource Payroll Smart Client

Intel® PRO Network Connections 12.1.11.0

iTunes

Java 6 Update 5

Java 7 Update 5

KhalInstallWrapper

LEGO Digital Designer

Logitech Gaming Software 5.08

Logitech SetPoint

MarketResearch

McAfee Security Scan Plus

McAfee SecurityCenter

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Default Manager

Microsoft Flight Simulator X

Microsoft IntelliPoint 6.1

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access 2007

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MobileMe Control Panel

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Network

OGA Notifier 2.0.0048.0

PriorityPayW

PS_AIO_07_D110_SW_Min

QuickTime

QuickTransfer

Realtek High Definition Audio Driver

ROBLOX Player for Brian

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Safari

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Shared C Run-time for x86

Shop for HP Supplies

Skins

SmartWebPrinting

SolutionCenter

Sound Blaster Audigy ADVANCED MB

Spelling Dictionaries Support For Adobe Reader 8

Status

swMSM

TomTom HOME

TomTom HOME Visual Studio Merge Modules

Toolbox

TrayApp

Unity Web Player (All users)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Vgrabber Toolbar

WatchGuard Mobile VPN

WebReg

West Point Bridge Designer 2012 (2nd Edition) (remove only)

Windows Live ID Sign-in Assistant

ZENcast Organizer

.

==== End Of File ===========================

Here is the DDS.txt log file:

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.5.0

Run by Brian at 22:49:46 on 2012-11-30

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2544 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Windows\System32\Notepad.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://portal.wowway.net/

uWindow Title = Internet Explorer provided by Dell

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080903

mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtBtDtDyE0EyEtAyDtDyEzyyDtBzztAtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=894483779

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

uURLSearchHooks: <No Name>: - LocalServer32 - <no file>

uURLSearchHooks: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll

mURLSearchHooks: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll

mWinlogon: Userinit = userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Play Pickle Text: {02F0243C-2E71-4a1a-A790-6C30888119D0} -

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -

BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120625224653.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Shop to Win: {A0D2864A-05FA-91F4-A5CC-DEF70D52F5AF} -

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll

BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: Shop to Win: {EE146ACC-D881-1414-2148-B1D008B47ADB} -

BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Vgrabber Toolbar: {B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} - c:\program files\vgrabber\prxtbVgra.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

TB: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll

TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{8EBEBF83-F912-464C-9D2A-920FA57F7B44} : DHCPNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-9-3 554048]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-5 206784]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-5 168368]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-5 166320]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-5 60480]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-5 360792]

R3 ncplelhp;WatchGuard Secure Client NDIS6 Driver;c:\windows\system32\drivers\ncplelhp.sys [2009-3-13 72520]

S1 ncpfilt;WatchGuard Filter;c:\windows\system32\drivers\ncplelhp.sys [2009-3-13 72520]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-5 200816]

S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-10-1 146872]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-9-3 230224]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-9-3 61912]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-5 92192]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-9-3 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-9-3 40552]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]

S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-3 30192]

S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-5 95200]

S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.287\McCHSvc.exe [2012-9-11 234776]

S4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784]

S4 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784]

S4 ncpclcfg;ncpclcfg;c:\program files\watchguard\mobile vpn\ncpclcfg.exe [2009-3-13 81920]

S4 ncprwsnt;ncprwsnt;c:\program files\watchguard\mobile vpn\NCPRWSNT.EXE [2009-3-13 1036296]

S4 NcpSec;NcpSec;c:\program files\watchguard\mobile vpn\NCPSEC.EXE [2009-3-13 45056]

S4 rwsrsu;RwsRsu;c:\program files\watchguard\mobile vpn\rwsrsu.exe [2009-1-13 266240]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]

.

=============== Created Last 30 ================

.

2012-11-28 03:05:24 -------- d-----w- c:\windows\pss

2012-11-14 11:57:59 75776 ----a-w- c:\windows\system32\synceng.dll

2012-11-14 11:57:38 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2012-11-10 22:06:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

.

==================== Find3M ====================

.

2012-11-08 22:55:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-08 22:55:28 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll

.

============= FINISH: 22:50:16.24 ===============

I have a Dell Inspiron 530 Desktop PC with Intel Core 2 Quad Q6600 2.4GHz processor, with 4GB Ram and 32 bit operating system (Windows Vista). All of a sudden it will not connect to my home network, and even something as simple as the audio features are not working. Whenever I try to start any program I get the nasty message that reads "The specified service does not exist as an installed service".

daledoc1 on this forum, asked that I start this post and place the attach.txt and dds.txt log files here to allow the Malwarebytes removal forum to assist me in removing this from my PC.

I have also downloaded the free version on Malwarebytes onto my broken PC and ran a scan and have attached the log file from this scan. It found 41 malicious items and I chose to remove all of those. I hope that was the right thing to do, but after reading other posts on the forum I now realize that this may not have been the right procedure, but its too late now.

I hope these logs provide some insight into what is causing this issue with my PC and I look forward to some advise on how to remedy this situation.

Here is 1st log is the log from the scan by Malwarebytes:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.09.29.05

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Brian :: HOWELL-PC [administrator]

12/1/2012 9:20:56 PM

mbam-log-2012-12-02 (06-46-09).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 626351

Time elapsed: 1 hour(s), 50 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 32

HKCR\CLSID\{02F0243C-2E71-4a1a-A790-6C30888119D0} (PUP.Magoo) -> No action taken.

HKCR\PlayPickleText.Linker.1 (PUP.Magoo) -> No action taken.

HKCR\PlayPickleText.Linker (PUP.Magoo) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> No action taken.

HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.

HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> No action taken.

HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.

HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> No action taken.

HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> No action taken.

HKCR\escort.escortIEPane (PUP.Funmoods) -> No action taken.

HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.

HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> No action taken.

HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> No action taken.

HKCR\funmoods.dskBnd (PUP.Funmoods) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.

HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> No action taken.

HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> No action taken.

HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> No action taken.

HKCR\funmoodsApp.appCore (PUP.Funmoods) -> No action taken.

HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> No action taken.

HKCR\f (PUP.Funmoods) -> No action taken.

HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> No action taken.

HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> No action taken.

HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken.

HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken.

Registry Values Detected: 2

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\Users\Michelle\AppData\Roaming\Smart Internet Protection 2011 (Rogue.SmartInternetProtection2011) -> No action taken.

Files Detected: 14

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$R2ZJVUS.exe (PUP.Bundle.Installer.OI) -> No action taken.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RG20RZP.exe (PUP.Bundle.Installer.OI) -> No action taken.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$ROVWTZD.exe (PUP.AdBundle) -> No action taken.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RULKNGC.exe (PUP.BundleOffers.IIQ) -> No action taken.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RXIW3ZL.exe (PUP.BundleOffers.IIQ) -> No action taken.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RP7OB5D\gimp_freely.exe (PUP.BundleOffers.IIQ) -> No action taken.

C:\Program Files\v-Grabber\Uninstall.exe (PUP.BundleInstaller.VG) -> No action taken.

C:\Users\Michelle\AppData\Local\Temp\msimg32.dll (Trojan.Agent.MRGGen) -> No action taken.

C:\Users\Michelle\AppData\Local\Temp\~!#8204.tmp (Trojan.Agent.MRGGen) -> No action taken.

C:\Users\Brian\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> No action taken.

C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> No action taken.

C:\Users\Brian\AppData\Local\funmoods.crx (PUP.Funmoods) -> No action taken.

C:\Users\Brian\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> No action taken.

C:\Users\Michelle\AppData\Roaming\Smart Internet Protection 2011\Instructions.ini (Rogue.SmartInternetProtection2011) -> No action taken.

(end)

Here is the second log file from Malwarebytes:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.09.29.05

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Brian :: HOWELL-PC [administrator]

12/1/2012 9:20:56 PM

mbam-log-2012-12-01 (21-20-56).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 626351

Time elapsed: 1 hour(s), 50 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 32

HKCR\CLSID\{02F0243C-2E71-4a1a-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.

HKCR\PlayPickleText.Linker.1 (PUP.Magoo) -> Quarantined and deleted successfully.

HKCR\PlayPickleText.Linker (PUP.Magoo) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.

HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 2

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\Users\Michelle\AppData\Roaming\Smart Internet Protection 2011 (Rogue.SmartInternetProtection2011) -> Quarantined and deleted successfully.

Files Detected: 14

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$R2ZJVUS.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RG20RZP.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$ROVWTZD.exe (PUP.AdBundle) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RULKNGC.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RXIW3ZL.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RP7OB5D\gimp_freely.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

C:\Program Files\v-Grabber\Uninstall.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.

C:\Users\Michelle\AppData\Local\Temp\msimg32.dll (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.

C:\Users\Michelle\AppData\Local\Temp\~!#8204.tmp (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.

C:\Users\Brian\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Users\Brian\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Users\Brian\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Users\Michelle\AppData\Roaming\Smart Internet Protection 2011\Instructions.ini (Rogue.SmartInternetProtection2011) -> Quarantined and deleted successfully.

(end)

Here is the attach.txt log file:

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 9/3/2008 9:18:08 AM

System Uptime: 11/27/2012 10:13:09 PM (72 hours ago)

.

Motherboard: Dell Inc. | | 0FM586

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2394/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 456 GiB total, 185.544 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 3.883 GiB free.

E: is CDROM (UDF)

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is FIXED (NTFS) - 932 GiB total, 917.702 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

Ace of Spades

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 8.1.3

Adobe Shockwave Player 11.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft MediaImpression HD Edition

ATI Catalyst Control Center

AudibleManager

Banctec Service Agreement

Bing Rewards Client Installer

Bonjour

Brother HL-5370DW

Browser Address Error Redirector

BufferChm

Canon Utilities My Printer

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help English

CCC Help French

CCC Help German

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Polish

CCC Help Portuguese

CCC Help Spanish

CCC Help Thai

CCC Help Turkish

CDDRV_Installer

Cisco WebEx Meetings

Convert AVI to MP4 1.3

Creative MediaSource 5

Creative System Information

Creative ZEN

D110

Dell-eBay

Dell Best of Web

Dell DataSafe Online

Dell Dock

Dell Getting Started Guide

Dell Support Center (Support Software)

Destinations

DeviceDiscovery

doPDF 7.2 printer

Dropbox

EDocs

Google Desktop

GoToAssist Corporate

GPBaseService2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 14.0

HP Imaging Device Functions 14.0

HP Photo Creations

HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPAppStudio

HPPhotoGadget

HPProductAssistant

HPSSupply

iCloud

Infinisource Payroll Smart Client

Intel® PRO Network Connections 12.1.11.0

iTunes

Java 6 Update 5

Java 7 Update 5

KhalInstallWrapper

LEGO Digital Designer

Logitech Gaming Software 5.08

Logitech SetPoint

MarketResearch

McAfee Security Scan Plus

McAfee SecurityCenter

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Default Manager

Microsoft Flight Simulator X

Microsoft IntelliPoint 6.1

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access 2007

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MobileMe Control Panel

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Network

OGA Notifier 2.0.0048.0

PriorityPayW

PS_AIO_07_D110_SW_Min

QuickTime

QuickTransfer

Realtek High Definition Audio Driver

ROBLOX Player for Brian

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Safari

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Shared C Run-time for x86

Shop for HP Supplies

Skins

SmartWebPrinting

SolutionCenter

Sound Blaster Audigy ADVANCED MB

Spelling Dictionaries Support For Adobe Reader 8

Status

swMSM

TomTom HOME

TomTom HOME Visual Studio Merge Modules

Toolbox

TrayApp

Unity Web Player (All users)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Vgrabber Toolbar

WatchGuard Mobile VPN

WebReg

West Point Bridge Designer 2012 (2nd Edition) (remove only)

Windows Live ID Sign-in Assistant

ZENcast Organizer

.

==== End Of File ===========================

Here is the DDS.txt log file:

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.5.0

Run by Brian at 22:49:46 on 2012-11-30

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2544 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Windows\System32\Notepad.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://portal.wowway.net/

uWindow Title = Internet Explorer provided by Dell

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080903

mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtBtDtDyE0EyEtAyDtDyEzyyDtBzztAtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=894483779

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

uURLSearchHooks: <No Name>: - LocalServer32 - <no file>

uURLSearchHooks: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll

mURLSearchHooks: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll

mWinlogon: Userinit = userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Play Pickle Text: {02F0243C-2E71-4a1a-A790-6C30888119D0} -

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -

BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120625224653.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Shop to Win: {A0D2864A-05FA-91F4-A5CC-DEF70D52F5AF} -

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll

BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: Shop to Win: {EE146ACC-D881-1414-2148-B1D008B47ADB} -

BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Vgrabber Toolbar: {B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} - c:\program files\vgrabber\prxtbVgra.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

TB: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll

TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{8EBEBF83-F912-464C-9D2A-920FA57F7B44} : DHCPNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-9-3 554048]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-5 206784]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-5 168368]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-5 166320]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-5 60480]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-5 360792]

R3 ncplelhp;WatchGuard Secure Client NDIS6 Driver;c:\windows\system32\drivers\ncplelhp.sys [2009-3-13 72520]

S1 ncpfilt;WatchGuard Filter;c:\windows\system32\drivers\ncplelhp.sys [2009-3-13 72520]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-5 200816]

S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-10-1 146872]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-9-3 230224]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-9-3 61912]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-5 92192]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-9-3 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-9-3 40552]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]

S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-3 30192]

S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-5 95200]

S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.287\McCHSvc.exe [2012-9-11 234776]

S4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784]

S4 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784]

S4 ncpclcfg;ncpclcfg;c:\program files\watchguard\mobile vpn\ncpclcfg.exe [2009-3-13 81920]

S4 ncprwsnt;ncprwsnt;c:\program files\watchguard\mobile vpn\NCPRWSNT.EXE [2009-3-13 1036296]

S4 NcpSec;NcpSec;c:\program files\watchguard\mobile vpn\NCPSEC.EXE [2009-3-13 45056]

S4 rwsrsu;RwsRsu;c:\program files\watchguard\mobile vpn\rwsrsu.exe [2009-1-13 266240]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]

.

=============== Created Last 30 ================

.

2012-11-28 03:05:24 -------- d-----w- c:\windows\pss

2012-11-14 11:57:59 75776 ----a-w- c:\windows\system32\synceng.dll

2012-11-14 11:57:38 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2012-11-10 22:06:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

.

==================== Find3M ====================

.

2012-11-08 22:55:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-08 22:55:28 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll

.

============= FINISH: 22:50:16.24 ===============

Link to post
Share on other sites

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

Gringo, thanks for your assistance. I have followed your instructions and below you will find the reports you requested. I have run the three programs you suggested with my PC in Safe mode, and have not tried to start my PC in normal mode, and will wait to attempt that until you direct me to do so.

Here is the log file generated by SecurityCheck:

Results of screen317's Security Check version 0.99.56

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

McAfee Anti-Virus and Anti-Spyware

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java 7 Update 5

Java 6 Update 5

Java version out of Date!

Adobe Reader 8 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0 %

````````````````````End of Log``````````````````````

Here is the report from adwcleaner:

# AdwCleaner v2.010 - Logfile created 12/02/2012 at 15:50:44

# Updated 29/11/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : Brian - HOWELL-PC

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Brian\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Brian\AppData\Local\funmoods-speeddial.crx

File Deleted : C:\Users\Michelle\AppData\Local\Temp\Uninstall.exe

File Deleted : C:\Users\Public\Desktop\eBay.lnk

File Deleted : C:\Windows\system32\conduitEngine.tmp

Folder Deleted : C:\Program Files\Common Files\FreeCause

Folder Deleted : C:\Program Files\Free Offers from Freeze.com

Folder Deleted : C:\Program Files\vGrabber

Folder Deleted : C:\Program Files\v-Grabber

Folder Deleted : C:\Users\Brian\AppData\Local\Conduit

Folder Deleted : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Folder Deleted : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Folder Deleted : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jimmegiofifickhcnpbllambfpmadfof

Folder Deleted : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Folder Deleted : C:\Users\Brian\AppData\Local\Wajam

Folder Deleted : C:\Users\Brian\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Brian\AppData\LocalLow\Funmoods

Folder Deleted : C:\Users\Brian\AppData\LocalLow\vGrabber

Folder Deleted : C:\Users\Michelle\AppData\Local\Conduit

Folder Deleted : C:\Users\Michelle\AppData\Local\Temp\AskSearch

Folder Deleted : C:\Users\Michelle\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Michelle\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\Michelle\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Compete

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\Freecause

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\Vgrabber

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\Default Tab

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vgrabber Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBAD2F6E-E013-4789-A7E4-9D24DB6701C8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.FCTB000100565Pos

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.FCTB000100565Pos.1

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.IEToolbar

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.IEToolbar.1

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl.1

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.FCTB000100567Pos

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.FCTB000100567Pos.1

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.IEToolbar

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.IEToolbar.1

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.JSOptionsImpl

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.JSOptionsImpl.1

Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook

Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3057722

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3059010

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Default Tab

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jimmegiofifickhcnpbllambfpmadfof

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70D252A9-B2CC-4490-AC61-5124680EF58F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDE3333-1C28-44D8-A421-135ED21FE5B5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FBAD2F6E-E013-4789-A7E4-9D24DB6701C8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vgrabber Toolbar

Key Deleted : HKLM\Software\Vgrabber

Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtBtDtDyE0EyEtAyDtDyEzyyDtBzztAtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=894483779 --> hxxp://www.google.com

-\\ Google Chrome v [unable to get version]

File : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.5] : search_url = "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&[...]

Deleted [l.388] : homepage = "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtBtDtDyE0Ey[...]

Deleted [l.615] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyE[...]

File : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [10463 octets] - [02/12/2012 15:50:44]

########## EOF - C:\AdwCleaner[s1].txt - [10524 octets] ##########

Here is the report from RogueKiller:

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Safe mode with network support

User : Brian [Admin rights]

Mode : Remove -- Date : 12/02/2012 15:58:35

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> D:\windows\system32\config\SOFTWARE

-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 9d1474bed684d6fd5959828bc9d9292b

[bSP] f447cd3dc644cd931fe7f4d39e641310 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 466644 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_12022012_02d1558.txt >>

RKreport[1]_S_12022012_02d1558.txt ; RKreport[2]_D_12022012_02d1558.txt

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Hi Gringo, I have done as you instructed, however I am curious of how long the Combofix scan should take? It has been running now for about 2.5 hours. Is this typical? The PC is in safe mode and the screen says that it is scanning for infected files, and occasionally you can hear the fan on my processor speeding up, and I can hear the hard drive grinding away, so I assume this is normal, but would like your advise if this is not the case.

Link to post
Share on other sites

  • Staff

Greetings

restart the computer and I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

Gringo, I am preparing to start these two processes, however please note that my PC is in safe mode and I do not have a connection to the internet (still says "The specified service does not exist as an installed service") If this is an issue let me know. Will post the logs soon.

Link to post
Share on other sites

Gringo, Here are the reports from the two scans you recommended:

TDSSKiller report:

20:27:26.0094 1544 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

20:27:26.0281 1544 ============================================================

20:27:26.0281 1544 Current date / time: 2012/12/02 20:27:26.0281

20:27:26.0281 1544 SystemInfo:

20:27:26.0281 1544

20:27:26.0281 1544 OS Version: 6.0.6002 ServicePack: 2.0

20:27:26.0281 1544 Product type: Workstation

20:27:26.0281 1544 ComputerName: HOWELL-PC

20:27:26.0281 1544 UserName: Brian

20:27:26.0281 1544 Windows directory: C:\Windows

20:27:26.0281 1544 System windows directory: C:\Windows

20:27:26.0281 1544 Processor architecture: Intel x86

20:27:26.0281 1544 Number of processors: 4

20:27:26.0281 1544 Page size: 0x1000

20:27:26.0281 1544 Boot type: Safe boot with network

20:27:26.0281 1544 ============================================================

20:27:27.0763 1544 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

20:27:27.0794 1544 ============================================================

20:27:27.0794 1544 \Device\Harddisk0\DR0:

20:27:27.0794 1544 MBR partitions:

20:27:27.0794 1544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000

20:27:27.0794 1544 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x38F6A000

20:27:27.0794 1544 ============================================================

20:27:27.0825 1544 C: <-> \Device\Harddisk0\DR0\Partition2

20:27:27.0841 1544 D: <-> \Device\Harddisk0\DR0\Partition1

20:27:27.0841 1544 ============================================================

20:27:27.0841 1544 Initialize success

20:27:27.0841 1544 ============================================================

20:27:30.0087 1540 ============================================================

20:27:30.0087 1540 Scan started

20:27:30.0087 1540 Mode: Manual;

20:27:30.0087 1540 ============================================================

20:27:31.0117 1540 ================ Scan system memory ========================

20:27:31.0117 1540 System memory - ok

20:27:31.0117 1540 ================ Scan services =============================

20:27:31.0273 1540 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

20:27:31.0273 1540 ACDaemon - ok

20:27:31.0398 1540 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys

20:27:31.0398 1540 ACPI - ok

20:27:31.0445 1540 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

20:27:31.0445 1540 adp94xx - ok

20:27:31.0476 1540 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys

20:27:31.0476 1540 adpahci - ok

20:27:31.0491 1540 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

20:27:31.0491 1540 adpu160m - ok

20:27:31.0507 1540 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

20:27:31.0507 1540 adpu320 - ok

20:27:31.0538 1540 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

20:27:31.0538 1540 AeLookupSvc - ok

20:27:31.0601 1540 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys

20:27:31.0601 1540 Afc - ok

20:27:31.0679 1540 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys

20:27:31.0679 1540 AFD - ok

20:27:31.0710 1540 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys

20:27:31.0710 1540 agp440 - ok

20:27:31.0725 1540 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

20:27:31.0725 1540 aic78xx - ok

20:27:31.0741 1540 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

20:27:31.0757 1540 ALG - ok

20:27:31.0757 1540 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys

20:27:31.0757 1540 aliide - ok

20:27:31.0772 1540 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys

20:27:31.0772 1540 amdagp - ok

20:27:31.0788 1540 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys

20:27:31.0788 1540 amdide - ok

20:27:31.0803 1540 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

20:27:31.0803 1540 AmdK7 - ok

20:27:31.0819 1540 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

20:27:31.0819 1540 AmdK8 - ok

20:27:31.0928 1540 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:27:31.0928 1540 Apple Mobile Device - ok

20:27:31.0975 1540 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys

20:27:31.0975 1540 arc - ok

20:27:32.0006 1540 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys

20:27:32.0006 1540 arcsas - ok

20:27:32.0100 1540 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

20:27:32.0100 1540 aspnet_state - ok

20:27:32.0115 1540 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

20:27:32.0115 1540 AsyncMac - ok

20:27:32.0162 1540 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys

20:27:32.0162 1540 atapi - ok

20:27:32.0209 1540 [ C797D9EE6AEB9DBC01FC00B14216E02F ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe

20:27:32.0225 1540 Ati External Event Utility - ok

20:27:32.0318 1540 [ E615E3C567FBD10121723EFF09D26B00 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

20:27:32.0365 1540 atikmdag - ok

20:27:32.0427 1540 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

20:27:32.0427 1540 AudioEndpointBuilder - ok

20:27:32.0427 1540 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll

20:27:32.0427 1540 Audiosrv - ok

20:27:32.0459 1540 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

20:27:32.0459 1540 Beep - ok

20:27:32.0521 1540 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll

20:27:32.0583 1540 BITS - ok

20:27:32.0599 1540 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

20:27:32.0615 1540 blbdrive - ok

20:27:32.0693 1540 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

20:27:32.0693 1540 Bonjour Service - ok

20:27:32.0724 1540 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys

20:27:32.0724 1540 bowser - ok

20:27:32.0755 1540 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

20:27:32.0755 1540 BrFiltLo - ok

20:27:32.0771 1540 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

20:27:32.0771 1540 BrFiltUp - ok

20:27:32.0771 1540 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

20:27:32.0771 1540 Browser - ok

20:27:32.0802 1540 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

20:27:32.0802 1540 Brserid - ok

20:27:32.0817 1540 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

20:27:32.0817 1540 BrSerWdm - ok

20:27:32.0833 1540 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

20:27:32.0833 1540 BrUsbMdm - ok

20:27:32.0849 1540 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

20:27:32.0849 1540 BrUsbSer - ok

20:27:32.0880 1540 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

20:27:32.0880 1540 BTHMODEM - ok

20:27:32.0927 1540 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS

20:27:32.0927 1540 BVRPMPR5 - ok

20:27:33.0098 1540 catchme - ok

20:27:33.0176 1540 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

20:27:33.0176 1540 cdfs - ok

20:27:33.0207 1540 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

20:27:33.0207 1540 cdrom - ok

20:27:33.0254 1540 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll

20:27:33.0254 1540 CertPropSvc - ok

20:27:33.0301 1540 [ B1055457196E7EC9A9B65D4FAE5A4A53 ] cfwids C:\Windows\system32\drivers\cfwids.sys

20:27:33.0301 1540 cfwids - ok

20:27:33.0317 1540 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys

20:27:33.0317 1540 circlass - ok

20:27:33.0348 1540 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys

20:27:33.0363 1540 CLFS - ok

20:27:33.0410 1540 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:27:33.0426 1540 clr_optimization_v2.0.50727_32 - ok

20:27:33.0519 1540 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:27:33.0613 1540 clr_optimization_v4.0.30319_32 - ok

20:27:33.0629 1540 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys

20:27:33.0629 1540 cmdide - ok

20:27:33.0644 1540 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys

20:27:33.0644 1540 Compbatt - ok

20:27:33.0644 1540 COMSysApp - ok

20:27:33.0660 1540 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

20:27:33.0660 1540 crcdisk - ok

20:27:33.0707 1540 [ 0C629820AAD9C90E456B221C94D640CA ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

20:27:33.0707 1540 Creative Labs Licensing Service - ok

20:27:33.0769 1540 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\Windows\system32\CTsvcCDA.exe

20:27:33.0769 1540 Creative Service for CDROM Access - ok

20:27:33.0785 1540 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys

20:27:33.0785 1540 Crusoe - ok

20:27:33.0847 1540 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll

20:27:33.0847 1540 CryptSvc - ok

20:27:33.0909 1540 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll

20:27:33.0909 1540 DcomLaunch - ok

20:27:33.0972 1540 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys

20:27:33.0972 1540 DfsC - ok

20:27:34.0065 1540 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe

20:27:34.0112 1540 DFSR - ok

20:27:34.0143 1540 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll

20:27:34.0143 1540 Dhcp - ok

20:27:34.0159 1540 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys

20:27:34.0159 1540 disk - ok

20:27:34.0253 1540 [ 13511564CAC5A005255765E322C16967 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe

20:27:34.0253 1540 DockLoginService - ok

20:27:34.0299 1540 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll

20:27:34.0299 1540 dot3svc - ok

20:27:34.0346 1540 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

20:27:34.0362 1540 Dot4 - ok

20:27:34.0377 1540 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

20:27:34.0377 1540 Dot4Print - ok

20:27:34.0409 1540 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

20:27:34.0409 1540 dot4usb - ok

20:27:34.0440 1540 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

20:27:34.0440 1540 DPS - ok

20:27:34.0455 1540 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

20:27:34.0455 1540 drmkaud - ok

20:27:34.0518 1540 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

20:27:34.0518 1540 DXGKrnl - ok

20:27:34.0565 1540 [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys

20:27:34.0565 1540 e1express - ok

20:27:34.0596 1540 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

20:27:34.0596 1540 E1G60 - ok

20:27:34.0627 1540 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

20:27:34.0627 1540 EapHost - ok

20:27:34.0689 1540 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys

20:27:34.0689 1540 Ecache - ok

20:27:34.0721 1540 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

20:27:34.0721 1540 ehRecvr - ok

20:27:34.0736 1540 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe

20:27:34.0736 1540 ehSched - ok

20:27:34.0752 1540 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll

20:27:34.0752 1540 ehstart - ok

20:27:34.0783 1540 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys

20:27:34.0799 1540 elxstor - ok

20:27:34.0845 1540 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

20:27:34.0861 1540 EMDMgmt - ok

20:27:34.0877 1540 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys

20:27:34.0877 1540 ErrDev - ok

20:27:34.0939 1540 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll

20:27:34.0939 1540 EventSystem - ok

20:27:34.0986 1540 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys

20:27:34.0986 1540 exfat - ok

20:27:35.0001 1540 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys

20:27:35.0001 1540 fastfat - ok

20:27:35.0017 1540 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

20:27:35.0017 1540 fdc - ok

20:27:35.0033 1540 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

20:27:35.0033 1540 fdPHost - ok

20:27:35.0048 1540 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

20:27:35.0048 1540 FDResPub - ok

20:27:35.0048 1540 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

20:27:35.0064 1540 FileInfo - ok

20:27:35.0079 1540 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

20:27:35.0079 1540 Filetrace - ok

20:27:35.0079 1540 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

20:27:35.0079 1540 flpydisk - ok

20:27:35.0126 1540 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

20:27:35.0126 1540 FltMgr - ok

20:27:35.0189 1540 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

20:27:35.0189 1540 FontCache3.0.0.0 - ok

20:27:35.0204 1540 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

20:27:35.0204 1540 Fs_Rec - ok

20:27:35.0235 1540 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

20:27:35.0235 1540 gagp30kx - ok

20:27:35.0282 1540 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:27:35.0282 1540 GEARAspiWDM - ok

20:27:35.0329 1540 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

20:27:35.0329 1540 GoogleDesktopManager-051210-111108 - ok

20:27:35.0391 1540 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll

20:27:35.0407 1540 gpsvc - ok

20:27:35.0469 1540 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

20:27:35.0469 1540 HDAudBus - ok

20:27:35.0485 1540 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

20:27:35.0485 1540 HidBth - ok

20:27:35.0501 1540 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

20:27:35.0516 1540 HidIr - ok

20:27:35.0516 1540 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll

20:27:35.0516 1540 hidserv - ok

20:27:35.0563 1540 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

20:27:35.0563 1540 HidUsb - ok

20:27:35.0625 1540 [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys

20:27:35.0641 1540 HipShieldK - ok

20:27:35.0672 1540 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

20:27:35.0672 1540 hkmsvc - ok

20:27:35.0703 1540 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

20:27:35.0703 1540 HpCISSs - ok

20:27:35.0750 1540 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys

20:27:35.0750 1540 HTTP - ok

20:27:35.0766 1540 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys

20:27:35.0766 1540 i2omp - ok

20:27:35.0797 1540 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

20:27:35.0797 1540 i8042prt - ok

20:27:35.0844 1540 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys

20:27:35.0844 1540 iaStor - ok

20:27:35.0875 1540 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

20:27:35.0875 1540 iaStorV - ok

20:27:35.0984 1540 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

20:27:35.0984 1540 IDriverT - ok

20:27:36.0062 1540 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:27:36.0062 1540 idsvc - ok

20:27:36.0078 1540 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

20:27:36.0078 1540 iirsp - ok

20:27:36.0140 1540 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll

20:27:36.0140 1540 IKEEXT - ok

20:27:36.0203 1540 [ 4EAE74C8BCBCA309A5D7CBAD7E231427 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

20:27:36.0234 1540 IntcAzAudAddService - ok

20:27:36.0265 1540 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys

20:27:36.0265 1540 intelide - ok

20:27:36.0296 1540 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

20:27:36.0296 1540 intelppm - ok

20:27:36.0312 1540 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:27:36.0312 1540 IpFilterDriver - ok

20:27:36.0312 1540 IpInIp - ok

20:27:36.0343 1540 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

20:27:36.0343 1540 IPMIDRV - ok

20:27:36.0359 1540 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

20:27:36.0359 1540 IPNAT - ok

20:27:36.0421 1540 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

20:27:36.0437 1540 iPod Service - ok

20:27:36.0452 1540 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

20:27:36.0452 1540 IRENUM - ok

20:27:36.0468 1540 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys

20:27:36.0468 1540 isapnp - ok

20:27:36.0530 1540 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

20:27:36.0530 1540 iScsiPrt - ok

20:27:36.0546 1540 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

20:27:36.0546 1540 iteatapi - ok

20:27:36.0561 1540 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

20:27:36.0561 1540 iteraid - ok

20:27:36.0593 1540 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

20:27:36.0593 1540 kbdclass - ok

20:27:36.0639 1540 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

20:27:36.0639 1540 kbdhid - ok

20:27:36.0671 1540 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe

20:27:36.0671 1540 KeyIso - ok

20:27:36.0733 1540 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

20:27:36.0733 1540 KSecDD - ok

20:27:36.0749 1540 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

20:27:36.0764 1540 KtmRm - ok

20:27:36.0811 1540 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll

20:27:36.0827 1540 LanmanServer - ok

20:27:36.0889 1540 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

20:27:36.0889 1540 LanmanWorkstation - ok

20:27:36.0983 1540 [ A0F7DC0080E4F97DC97DE08B699E231B ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

20:27:36.0983 1540 LBTServ - ok

20:27:37.0014 1540 [ 24E0DDB99AECCF86BB37702611761459 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

20:27:37.0014 1540 LHidFilt - ok

20:27:37.0045 1540 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

20:27:37.0045 1540 lltdio - ok

20:27:37.0061 1540 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

20:27:37.0076 1540 lltdsvc - ok

20:27:37.0092 1540 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

20:27:37.0092 1540 lmhosts - ok

20:27:37.0107 1540 [ D58B330D318361A66A9FE60D7C9B4951 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

20:27:37.0107 1540 LMouFilt - ok

20:27:37.0123 1540 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

20:27:37.0123 1540 LSI_FC - ok

20:27:37.0123 1540 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

20:27:37.0123 1540 LSI_SAS - ok

20:27:37.0139 1540 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

20:27:37.0139 1540 LSI_SCSI - ok

20:27:37.0170 1540 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

20:27:37.0170 1540 luafv - ok

20:27:37.0263 1540 [ 6C3D154FFF0A97A6C3D9F78D60C41655 ] McAfee SiteAdvisor Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

20:27:37.0263 1540 McAfee SiteAdvisor Service - ok

20:27:37.0373 1540 [ 8575512AE3D52A9E57E9E517C1DF09E8 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.287\McCHSvc.exe

20:27:37.0388 1540 McComponentHostService - ok

20:27:37.0466 1540 [ ECAB006AC6136F1307E140B633CDB8C2 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

20:27:37.0466 1540 McMPFSvc - ok

20:27:37.0482 1540 [ ECAB006AC6136F1307E140B633CDB8C2 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:27:37.0482 1540 mcmscsvc - ok

20:27:37.0482 1540 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:27:37.0482 1540 McNaiAnn - ok

20:27:37.0497 1540 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:27:37.0497 1540 McNASvc - ok

20:27:37.0560 1540 [ E63BF12007702D6AC5037AF1E0C6B1C9 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

20:27:37.0575 1540 McODS - ok

20:27:37.0575 1540 [ ECAB006AC6136F1307E140B633CDB8C2 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

20:27:37.0575 1540 McProxy - ok

20:27:37.0638 1540 [ 381D3CEA75F8BAA8DAAB39BE1487C339 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

20:27:37.0653 1540 McShield - ok

20:27:37.0669 1540 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

20:27:37.0669 1540 Mcx2Svc - ok

20:27:37.0700 1540 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys

20:27:37.0700 1540 megasas - ok

20:27:37.0731 1540 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys

20:27:37.0731 1540 MegaSR - ok

20:27:37.0794 1540 [ EBD0E304B8FA3B4CAE564DE4F3E2938C ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

20:27:37.0794 1540 mfeapfk - ok

20:27:37.0825 1540 [ 1C02357D120C86F6FCDE1310AEA0F859 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

20:27:37.0825 1540 mfeavfk - ok

20:27:37.0872 1540 [ FAAFF1D9A5624F2EEB7FA74919CCE947 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys

20:27:37.0872 1540 mfebopk - ok

20:27:37.0919 1540 [ 90E6BF80BA485BD3A4D66EE2EF9CCD87 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

20:27:37.0919 1540 mfefire - ok

20:27:37.0965 1540 [ 0D71E107B63FE8923D4694117882B2A3 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys

20:27:37.0965 1540 mfefirek - ok

20:27:37.0997 1540 [ 2BDEE93EA2DE3D643219B76153A6FAC3 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

20:27:37.0997 1540 mfehidk - ok

20:27:38.0043 1540 [ FC293834A4F45F90EC41DC843AEFA9F9 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys

20:27:38.0043 1540 mferkdet - ok

20:27:38.0059 1540 [ 41FE2F288E05A6C8AB85DD56770FFBAD ] mferkdk C:\Windows\system32\drivers\mferkdk.sys

20:27:38.0059 1540 mferkdk - ok

20:27:38.0106 1540 [ 096B52EA918AA909BA5903D79E129005 ] mfesmfk C:\Windows\system32\drivers\mfesmfk.sys

20:27:38.0106 1540 mfesmfk - ok

20:27:38.0168 1540 [ 00E9EFFF461D979BAF3A92F12C0820CE ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

20:27:38.0168 1540 mfevtp - ok

20:27:38.0199 1540 [ 54709BEEAB611909981EDD1A7A3EFA31 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys

20:27:38.0199 1540 mfewfpk - ok

20:27:38.0215 1540 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

20:27:38.0215 1540 MMCSS - ok

20:27:38.0246 1540 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

20:27:38.0246 1540 Modem - ok

20:27:38.0262 1540 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

20:27:38.0262 1540 monitor - ok

20:27:38.0262 1540 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

20:27:38.0262 1540 mouclass - ok

20:27:38.0293 1540 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

20:27:38.0293 1540 mouhid - ok

20:27:38.0293 1540 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

20:27:38.0293 1540 MountMgr - ok

20:27:38.0324 1540 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys

20:27:38.0324 1540 mpio - ok

20:27:38.0355 1540 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

20:27:38.0355 1540 mpsdrv - ok

20:27:38.0371 1540 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

20:27:38.0371 1540 Mraid35x - ok

20:27:38.0387 1540 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

20:27:38.0387 1540 MRxDAV - ok

20:27:38.0449 1540 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

20:27:38.0449 1540 mrxsmb - ok

20:27:38.0496 1540 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:27:38.0496 1540 mrxsmb10 - ok

20:27:38.0511 1540 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:27:38.0511 1540 mrxsmb20 - ok

20:27:38.0527 1540 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys

20:27:38.0527 1540 msahci - ok

20:27:38.0543 1540 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys

20:27:38.0543 1540 msdsm - ok

20:27:38.0558 1540 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

20:27:38.0558 1540 MSDTC - ok

20:27:38.0589 1540 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

20:27:38.0589 1540 Msfs - ok

20:27:38.0605 1540 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

20:27:38.0605 1540 msisadrv - ok

20:27:38.0636 1540 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

20:27:38.0636 1540 MSiSCSI - ok

20:27:38.0636 1540 msiserver - ok

20:27:38.0683 1540 [ ECAB006AC6136F1307E140B633CDB8C2 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

20:27:38.0683 1540 MSK80Service - ok

20:27:38.0699 1540 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

20:27:38.0699 1540 MSKSSRV - ok

20:27:38.0730 1540 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

20:27:38.0730 1540 MSPCLOCK - ok

20:27:38.0745 1540 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

20:27:38.0745 1540 MSPQM - ok

20:27:38.0792 1540 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

20:27:38.0792 1540 MsRPC - ok

20:27:38.0823 1540 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

20:27:38.0823 1540 mssmbios - ok

20:27:38.0823 1540 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

20:27:38.0823 1540 MSTEE - ok

20:27:38.0870 1540 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys

20:27:38.0870 1540 Mup - ok

20:27:38.0917 1540 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll

20:27:38.0933 1540 napagent - ok

20:27:38.0979 1540 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

20:27:38.0979 1540 NativeWifiP - ok

20:27:39.0057 1540 [ F2A143338C59FE9890DF883B5843CBA6 ] ncpclcfg C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe

20:27:39.0057 1540 ncpclcfg - ok

20:27:39.0104 1540 [ 4D974271DE42C9729400DD46B5791CC1 ] ncpfilt C:\Windows\system32\DRIVERS\ncplelhp.sys

20:27:39.0104 1540 ncpfilt - ok

20:27:39.0104 1540 [ 4D974271DE42C9729400DD46B5791CC1 ] ncplelhp C:\Windows\system32\DRIVERS\ncplelhp.sys

20:27:39.0104 1540 ncplelhp - ok

20:27:39.0167 1540 [ 8D119647A5B67E5E61F6C2274CD6AA3D ] ncprwsnt C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe

20:27:39.0182 1540 ncprwsnt - ok

20:27:39.0229 1540 [ AA221303E918469462FF3539483102F4 ] NcpSec C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe

20:27:39.0229 1540 NcpSec - ok

20:27:39.0276 1540 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys

20:27:39.0291 1540 NDIS - ok

20:27:39.0307 1540 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

20:27:39.0307 1540 NdisTapi - ok

20:27:39.0307 1540 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

20:27:39.0307 1540 Ndisuio - ok

20:27:39.0369 1540 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

20:27:39.0369 1540 NdisWan - ok

20:27:39.0385 1540 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

20:27:39.0385 1540 NDProxy - ok

20:27:39.0385 1540 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

20:27:39.0385 1540 NetBIOS - ok

20:27:39.0432 1540 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

20:27:39.0447 1540 netbt - ok

20:27:39.0447 1540 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe

20:27:39.0447 1540 Netlogon - ok

20:27:39.0494 1540 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:27:39.0494 1540 NetTcpPortSharing - ok

20:27:39.0525 1540 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

20:27:39.0525 1540 nfrd960 - ok

20:27:39.0541 1540 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

20:27:39.0557 1540 NlaSvc - ok

20:27:39.0588 1540 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys

20:27:39.0588 1540 Npfs - ok

20:27:39.0588 1540 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

20:27:39.0588 1540 nsiproxy - ok

20:27:39.0650 1540 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

20:27:39.0681 1540 Ntfs - ok

20:27:39.0697 1540 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

20:27:39.0697 1540 ntrigdigi - ok

20:27:39.0697 1540 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

20:27:39.0697 1540 Null - ok

20:27:39.0713 1540 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys

20:27:39.0728 1540 nvraid - ok

20:27:39.0744 1540 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys

20:27:39.0744 1540 nvstor - ok

20:27:39.0759 1540 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

20:27:39.0759 1540 nv_agp - ok

20:27:39.0759 1540 NwlnkFlt - ok

20:27:39.0759 1540 NwlnkFwd - ok

20:27:39.0853 1540 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

20:27:39.0869 1540 odserv - ok

20:27:39.0900 1540 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

20:27:39.0900 1540 ohci1394 - ok

20:27:39.0947 1540 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:27:39.0947 1540 ose - ok

20:27:40.0025 1540 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll

20:27:40.0025 1540 p2pimsvc - ok

20:27:40.0040 1540 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll

20:27:40.0040 1540 p2psvc - ok

20:27:40.0056 1540 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

20:27:40.0056 1540 Parport - ok

20:27:40.0103 1540 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys

20:27:40.0103 1540 partmgr - ok

20:27:40.0134 1540 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

20:27:40.0134 1540 Parvdm - ok

20:27:40.0149 1540 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

20:27:40.0149 1540 PcaSvc - ok

20:27:40.0196 1540 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys

20:27:40.0196 1540 pci - ok

20:27:40.0243 1540 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys

20:27:40.0243 1540 pciide - ok

20:27:40.0259 1540 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

20:27:40.0259 1540 pcmcia - ok

20:27:40.0305 1540 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys

20:27:40.0305 1540 pcouffin - ok

20:27:40.0352 1540 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

20:27:40.0383 1540 PEAUTH - ok

20:27:40.0446 1540 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

20:27:40.0493 1540 pla - ok

20:27:40.0508 1540 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

20:27:40.0508 1540 PNRPAutoReg - ok

20:27:40.0539 1540 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll

20:27:40.0555 1540 PNRPsvc - ok

20:27:40.0586 1540 [ D82AC5B7DA8FDCCDA1323836516405EC ] Point32 C:\Windows\system32\DRIVERS\point32k.sys

20:27:40.0586 1540 Point32 - ok

20:27:40.0633 1540 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

20:27:40.0633 1540 PolicyAgent - ok

20:27:40.0664 1540 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

20:27:40.0664 1540 PptpMiniport - ok

20:27:40.0680 1540 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys

20:27:40.0680 1540 Processor - ok

20:27:40.0727 1540 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll

20:27:40.0727 1540 ProfSvc - ok

20:27:40.0742 1540 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

20:27:40.0742 1540 ProtectedStorage - ok

20:27:40.0773 1540 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys

20:27:40.0773 1540 PSched - ok

20:27:40.0820 1540 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys

20:27:40.0820 1540 PxHelp20 - ok

20:27:40.0867 1540 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

20:27:40.0883 1540 ql2300 - ok

20:27:40.0898 1540 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

20:27:40.0898 1540 ql40xx - ok

20:27:40.0914 1540 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

20:27:40.0914 1540 QWAVEdrv - ok

20:27:41.0007 1540 [ E615E3C567FBD10121723EFF09D26B00 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys

20:27:41.0023 1540 R300 - ok

20:27:41.0039 1540 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

20:27:41.0039 1540 RasAcd - ok

20:27:41.0054 1540 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

20:27:41.0054 1540 RasAuto - ok

20:27:41.0054 1540 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

20:27:41.0070 1540 Rasl2tp - ok

20:27:41.0101 1540 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll

20:27:41.0117 1540 RasMan - ok

20:27:41.0148 1540 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

20:27:41.0148 1540 RasPppoe - ok

20:27:41.0179 1540 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

20:27:41.0179 1540 RasSstp - ok

20:27:41.0226 1540 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

20:27:41.0226 1540 rdbss - ok

20:27:41.0226 1540 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

20:27:41.0226 1540 RDPCDD - ok

20:27:41.0257 1540 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

20:27:41.0257 1540 rdpdr - ok

20:27:41.0257 1540 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

20:27:41.0257 1540 RDPENCDD - ok

20:27:41.0319 1540 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

20:27:41.0319 1540 RDPWD - ok

20:27:41.0351 1540 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

20:27:41.0351 1540 RemoteAccess - ok

20:27:41.0397 1540 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll

20:27:41.0397 1540 RemoteRegistry - ok

20:27:41.0413 1540 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

20:27:41.0413 1540 RpcLocator - ok

20:27:41.0429 1540 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll

20:27:41.0429 1540 RpcSs - ok

20:27:41.0444 1540 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

20:27:41.0444 1540 rspndr - ok

20:27:41.0475 1540 [ 8D0BF5FBBFDB25F7F506DF54C2C593C6 ] rwsrsu C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe

20:27:41.0491 1540 rwsrsu - ok

20:27:41.0491 1540 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe

20:27:41.0491 1540 SamSs - ok

20:27:41.0522 1540 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

20:27:41.0522 1540 sbp2port - ok

20:27:41.0569 1540 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll

20:27:41.0569 1540 SCardSvr - ok

20:27:41.0600 1540 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll

20:27:41.0616 1540 Schedule - ok

20:27:41.0616 1540 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll

20:27:41.0616 1540 SCPolicySvc - ok

20:27:41.0647 1540 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

20:27:41.0647 1540 SDRSVC - ok

20:27:41.0663 1540 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

20:27:41.0663 1540 secdrv - ok

20:27:41.0694 1540 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

20:27:41.0694 1540 seclogon - ok

20:27:41.0709 1540 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys

20:27:41.0709 1540 Serenum - ok

20:27:41.0725 1540 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys

20:27:41.0725 1540 Serial - ok

20:27:41.0725 1540 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

20:27:41.0725 1540 sermouse - ok

20:27:41.0741 1540 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

20:27:41.0741 1540 sffdisk - ok

20:27:41.0772 1540 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

20:27:41.0772 1540 sffp_mmc - ok

20:27:41.0787 1540 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

20:27:41.0787 1540 sffp_sd - ok

20:27:41.0803 1540 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

20:27:41.0803 1540 sfloppy - ok

20:27:41.0834 1540 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll

20:27:41.0834 1540 SharedAccess - ok

20:27:41.0881 1540 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

20:27:41.0881 1540 ShellHWDetection - ok

20:27:41.0897 1540 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys

20:27:41.0897 1540 sisagp - ok

20:27:41.0912 1540 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

20:27:41.0912 1540 SiSRaid2 - ok

20:27:41.0943 1540 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

20:27:41.0943 1540 SiSRaid4 - ok

20:27:42.0037 1540 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe

20:27:42.0099 1540 slsvc - ok

20:27:42.0146 1540 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys

20:27:42.0146 1540 Smb - ok

20:27:42.0162 1540 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

20:27:42.0162 1540 SNMPTRAP - ok

20:27:42.0177 1540 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

20:27:42.0177 1540 spldr - ok

20:27:42.0224 1540 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe

20:27:42.0240 1540 Spooler - ok

20:27:42.0271 1540 sprtsvc_dellsupportcenter - ok

20:27:42.0302 1540 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys

20:27:42.0318 1540 srv - ok

20:27:42.0365 1540 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

20:27:42.0365 1540 srv2 - ok

20:27:42.0365 1540 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

20:27:42.0380 1540 srvnet - ok

20:27:42.0396 1540 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

20:27:42.0396 1540 SSDPSRV - ok

20:27:42.0427 1540 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

20:27:42.0427 1540 SstpSvc - ok

20:27:42.0474 1540 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll

20:27:42.0489 1540 stisvc - ok

20:27:42.0552 1540 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

20:27:42.0552 1540 stllssvr - ok

20:27:42.0583 1540 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

20:27:42.0583 1540 swenum - ok

20:27:42.0614 1540 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll

20:27:42.0630 1540 swprv - ok

20:27:42.0645 1540 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

20:27:42.0645 1540 Symc8xx - ok

20:27:42.0661 1540 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

20:27:42.0661 1540 Sym_hi - ok

20:27:42.0692 1540 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

20:27:42.0692 1540 Sym_u3 - ok

20:27:42.0723 1540 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

20:27:42.0723 1540 TabletInputService - ok

20:27:42.0755 1540 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll

20:27:42.0770 1540 TapiSrv - ok

20:27:42.0801 1540 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

20:27:42.0801 1540 TBS - ok

20:27:42.0864 1540 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

20:27:42.0864 1540 Tcpip - ok

20:27:42.0895 1540 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

20:27:42.0911 1540 Tcpip6 - ok

20:27:42.0942 1540 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

20:27:42.0957 1540 tcpipreg - ok

20:27:42.0973 1540 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

20:27:42.0973 1540 TDPIPE - ok

20:27:42.0989 1540 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

20:27:42.0989 1540 TDTCP - ok

20:27:43.0020 1540 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

20:27:43.0020 1540 tdx - ok

20:27:43.0067 1540 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

20:27:43.0067 1540 TermDD - ok

20:27:43.0098 1540 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll

20:27:43.0113 1540 TermService - ok

20:27:43.0129 1540 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll

20:27:43.0129 1540 Themes - ok

20:27:43.0145 1540 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

20:27:43.0145 1540 THREADORDER - ok

20:27:43.0223 1540 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

20:27:43.0223 1540 TomTomHOMEService - ok

20:27:43.0254 1540 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

20:27:43.0254 1540 TrkWks - ok

20:27:43.0316 1540 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

20:27:43.0316 1540 TrustedInstaller - ok

20:27:43.0332 1540 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

20:27:43.0332 1540 tssecsrv - ok

20:27:43.0363 1540 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

20:27:43.0363 1540 tunmp - ok

20:27:43.0394 1540 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

20:27:43.0410 1540 tunnel - ok

20:27:43.0410 1540 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys

20:27:43.0410 1540 uagp35 - ok

20:27:43.0457 1540 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

20:27:43.0457 1540 udfs - ok

20:27:43.0488 1540 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

20:27:43.0488 1540 UI0Detect - ok

20:27:43.0503 1540 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

20:27:43.0503 1540 uliagpkx - ok

20:27:43.0535 1540 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys

20:27:43.0535 1540 uliahci - ok

20:27:43.0566 1540 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

20:27:43.0566 1540 UlSata - ok

20:27:43.0581 1540 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

20:27:43.0581 1540 ulsata2 - ok

20:27:43.0613 1540 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

20:27:43.0613 1540 umbus - ok

20:27:43.0659 1540 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys

20:27:43.0659 1540 USBAAPL - ok

20:27:43.0706 1540 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

20:27:43.0706 1540 usbccgp - ok

20:27:43.0722 1540 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

20:27:43.0722 1540 usbcir - ok

20:27:43.0753 1540 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

20:27:43.0753 1540 usbehci - ok

20:27:43.0753 1540 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

20:27:43.0753 1540 usbhub - ok

20:27:43.0784 1540 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys

20:27:43.0784 1540 usbohci - ok

20:27:43.0815 1540 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

20:27:43.0815 1540 usbprint - ok

20:27:43.0847 1540 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

20:27:43.0847 1540 usbscan - ok

20:27:43.0893 1540 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:27:43.0893 1540 USBSTOR - ok

20:27:43.0893 1540 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

20:27:43.0893 1540 usbuhci - ok

20:27:43.0940 1540 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll

20:27:43.0940 1540 UxSms - ok

20:27:43.0987 1540 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe

20:27:43.0987 1540 vds - ok

20:27:44.0018 1540 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

20:27:44.0018 1540 vga - ok

20:27:44.0049 1540 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

20:27:44.0049 1540 VgaSave - ok

20:27:44.0065 1540 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys

20:27:44.0065 1540 viaagp - ok

20:27:44.0081 1540 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys

20:27:44.0081 1540 ViaC7 - ok

20:27:44.0096 1540 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys

20:27:44.0096 1540 viaide - ok

20:27:44.0112 1540 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

20:27:44.0112 1540 volmgr - ok

20:27:44.0174 1540 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

20:27:44.0174 1540 volmgrx - ok

20:27:44.0221 1540 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys

20:27:44.0221 1540 volsnap - ok

20:27:44.0237 1540 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

20:27:44.0237 1540 vsmraid - ok

20:27:44.0268 1540 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe

20:27:44.0315 1540 VSS - ok

20:27:44.0361 1540 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll

20:27:44.0361 1540 W32Time - ok

20:27:44.0377 1540 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

20:27:44.0377 1540 WacomPen - ok

20:27:44.0408 1540 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

20:27:44.0408 1540 Wanarp - ok

20:27:44.0408 1540 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

20:27:44.0408 1540 Wanarpv6 - ok

20:27:44.0424 1540 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys

20:27:44.0424 1540 Wd - ok

20:27:44.0439 1540 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

20:27:44.0455 1540 Wdf01000 - ok

20:27:44.0471 1540 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

20:27:44.0471 1540 WdiServiceHost - ok

20:27:44.0471 1540 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

20:27:44.0486 1540 WdiSystemHost - ok

20:27:44.0533 1540 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll

20:27:44.0533 1540 Wecsvc - ok

20:27:44.0533 1540 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

20:27:44.0533 1540 wercplsupport - ok

20:27:44.0580 1540 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll

20:27:44.0580 1540 WerSvc - ok

20:27:44.0627 1540 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

20:27:44.0642 1540 WinDefend - ok

20:27:44.0658 1540 WinHttpAutoProxySvc - ok

20:27:44.0705 1540 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

20:27:44.0720 1540 Winmgmt - ok

20:27:44.0783 1540 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll

20:27:44.0814 1540 WinRM - ok

20:27:44.0861 1540 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll

20:27:44.0861 1540 Wlansvc - ok

20:27:44.0923 1540 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:27:44.0954 1540 wlidsvc - ok

20:27:45.0001 1540 [ 84A90F13EEBF4380345EF9474D30F10E ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys

20:27:45.0001 1540 WmBEnum - ok

20:27:45.0063 1540 [ EB0034AC02A44DC784A3174D2B81E764 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys

20:27:45.0063 1540 WmFilter - ok

20:27:45.0079 1540 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

20:27:45.0079 1540 WmiAcpi - ok

20:27:45.0126 1540 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

20:27:45.0126 1540 wmiApSrv - ok

20:27:45.0188 1540 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

20:27:45.0204 1540 WMPNetworkSvc - ok

20:27:45.0251 1540 [ 72C4F5A748C74D8D4016CCFA7367210F ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys

20:27:45.0251 1540 WmVirHid - ok

20:27:45.0297 1540 [ EACDCCED934A185E61CE0684F71C2DEC ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys

20:27:45.0297 1540 WmXlCore - ok

20:27:45.0344 1540 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll

20:27:45.0344 1540 WPCSvc - ok

20:27:45.0391 1540 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

20:27:45.0391 1540 WpdUsb - ok

20:27:45.0531 1540 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

20:27:45.0547 1540 WPFFontCache_v0400 - ok

20:27:45.0563 1540 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

20:27:45.0563 1540 ws2ifsl - ok

20:27:45.0594 1540 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll

20:27:45.0594 1540 wscsvc - ok

20:27:45.0656 1540 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

20:27:45.0656 1540 WSDPrintDevice - ok

20:27:45.0656 1540 WSearch - ok

20:27:45.0734 1540 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

20:27:45.0781 1540 wuauserv - ok

20:27:45.0797 1540 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

20:27:45.0797 1540 WUDFRd - ok

20:27:45.0812 1540 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll

20:27:45.0828 1540 wudfsvc - ok

20:27:45.0843 1540 ================ Scan global ===============================

20:27:45.0859 1540 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

20:27:45.0921 1540 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

20:27:45.0953 1540 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

20:27:45.0999 1540 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

20:27:45.0999 1540 [Global] - ok

20:27:45.0999 1540 ================ Scan MBR ==================================

20:27:46.0031 1540 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

20:27:46.0171 1540 \Device\Harddisk0\DR0 - ok

20:27:46.0171 1540 ================ Scan VBR ==================================

20:27:46.0187 1540 [ E9B3CEC60B665EC7C67F9F7E5C1488EC ] \Device\Harddisk0\DR0\Partition1

20:27:46.0187 1540 \Device\Harddisk0\DR0\Partition1 - ok

20:27:46.0187 1540 [ 2A6BC79E88D66692B15671CABCFECD78 ] \Device\Harddisk0\DR0\Partition2

20:27:46.0187 1540 \Device\Harddisk0\DR0\Partition2 - ok

20:27:46.0187 1540 ============================================================

20:27:46.0187 1540 Scan finished

20:27:46.0187 1540 ============================================================

20:27:46.0202 1424 Detected object count: 0

20:27:46.0202 1424 Actual detected object count: 0

20:29:55.0838 1380 Deinitialize success

Here is the report from aswMBR:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-12-02 20:30:02

-----------------------------

20:30:02.016 OS Version: Windows 6.0.6002 Service Pack 2

20:30:02.016 Number of processors: 4 586 0xF0B

20:30:02.016 ComputerName: HOWELL-PC UserName: Brian

20:30:17.132 Initialize success

20:31:50.841 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

20:31:50.857 Disk 0 Vendor: ST3500630AS 3.ADJ Size: 476940MB BusType: 3

20:31:50.873 Disk 0 MBR read successfully

20:31:50.873 Disk 0 MBR scan

20:31:50.873 Disk 0 Windows VISTA default MBR code

20:31:50.888 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63

20:31:50.888 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640

20:31:50.904 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 466644 MB offset 21084160

20:31:50.904 Disk 0 scanning sectors +976771072

20:31:50.966 Disk 0 scanning C:\Windows\system32\drivers

20:31:57.893 Service scanning

20:32:11.511 Modules scanning

20:32:15.271 Disk 0 trace - called modules:

20:32:15.287 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys

20:32:15.287 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863339d8]

20:32:15.302 3 CLASSPNP.SYS[8b9a08b3] -> nt!IofCallDriver -> [0x86167898]

20:32:15.318 5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86175b98]

20:32:15.318 Scan finished successfully

20:32:39.685 Disk 0 MBR has been saved successfully to "C:\Users\Brian\Desktop\MBR.dat"

20:32:39.701 The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBR.txt"

Link to post
Share on other sites

Gringo, by the way I forgot to mention that I am running in safe mode with networking, but still no network access, because of the message mentioned before. I have re-started my PC (from on of the scans you had me run),but I always force it to start in safe mode with networking. I will await your direction on next steps.

Link to post
Share on other sites

Gringo, The last time I tried to run ComboFix, It warned me that my Antivirus was still running. I tried to disable McAfee Security Center version 11.6, but I am now wondering if I am able to completely disable this in Safe mode. Many of the options in Security Center don't allow me to change anything. I am able to disable the firewall in Security Center, but that's about it. Any suggestions on how to proceed?

Link to post
Share on other sites

Gringo, just tried to uninstall and it will not allow me to do this. The message I get is "An error occurred while trying to uninstall McAfee Security Center. It may have already been uninstalled." I know this it was not uninstalled because I can still open it from my desktop and enable/disable the firewall. Any suggestions?

Link to post
Share on other sites

  • Staff

:remove Macafee:

Note : You should first attempt to remove your McAfee consumer products using Add/Remove Programs in the Windows Control Panel (Programs and Features, in Windows Vista). This is the best method. After uninstalling using Windows Add/Remove Programs, run the McAfee Consumer Removal Tool (MCPR.EXE) to ensure successful removal of all McAfee references.

Download the removal tool from:

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

  • Click Save and save the file to any folder on your computer.
  • Navigate to the folder where the file is saved.
  • Make sure all McAfee windows are closed.
  • Double-click MCPR.EXE to run the removal tool.
    • Note: Windows Vista users must right-click MCPR.EXE and select Run as Administrator.

    [*]Restart your computer after receiving the message CleanUp Successful.

Link to post
Share on other sites

Gringo, just to clarify the instructions above, I did try to remove McAfee using Add/Remove programs without success, while my PC is in safe mode. Shall I re-boot my PC and try to remove McAfee with PC in Normal mode? Please clarify. Also once I run the MCPR.exe, and re-boot my PC, should I start in Normal mode or safe mode with networking?

Link to post
Share on other sites

This is a continuance of a forum post where user “Gringo” was helping me with a malware issue on my Dell desktop PC running Windows Vista 32 bit.

Hi Gringo, I tried to Uninstall McAfee through Add/Remove program with Windows running in normal mode and I got the same message as I did in safe mode. I tried to copy over the MCPR.exe program you recommeded, but I in Normal mode Windows would not allow me to copy over the file, so I re-booted the PC in safe mode and wasa then able to copy MCPR.exe to my desktop. I ran MCPR as administrator, but at the end of the run it gave me an error message stating “Incomplete Uninstallation”. Below I have attached a few pages from the report from that run. The total report is several hundred pages in length, and too large to post, unless I do it as an attachment.

MCAFEE CLEANUP

December 03, 2012 18:22:01

INFO Silent mode activated.

INFO Cleanup will be scheduled and run.

INFO Product MFP to be removed from system.

INFO Product APPSTATS to be removed from system.

INFO Product Auth to be removed from system.

INFO Product EMproxy to be removed from system.

INFO Product FWdiver to be removed from system.

INFO Product McSvcHost to be removed from system.

INFO Product HW to be removed from system.

INFO Product MAS to be removed from system.

INFO Product MAT to be removed from system.

INFO Product MBK to be removed from system.

INFO Product MCPR to be removed from system.

INFO Product McProxy to be removed from system.

INFO Product VUL to be removed from system.

INFO Product MHN to be removed from system.

INFO Product MNA to be removed from system.

INFO Product MOBK to be removed from system.

INFO Product MPFP to be removed from system.

INFO Product MPFPCU to be removed from system.

INFO Product MPS to be removed from system.

INFO Product SHRED to be removed from system.

INFO Product MPSCU to be removed from system.

INFO Product MQC to be removed from system.

INFO Product MQCCU to be removed from system.

INFO Product MSAD to be removed from system.

INFO Product MSHR to be removed from system.

INFO Product MSK to be removed from system.

INFO Product MSKCU to be removed from system.

INFO Product MWL to be removed from system.

INFO Product NMC to be removed from system.

INFO Product RedirSvc to be removed from system.

INFO Product VS to be removed from system.

INFO Product MSC to be removed from system.

ERROR Internal Error. Failed to establish trust.

INFO Task Scheduler service started.

MCAFEE CLEANUP

December 03, 2012 18:22:03

INFO Silent mode activated.

INFO Cleanup operations will run.

INFO Product MFP to be removed from system.

INFO Product APPSTATS to be removed from system.

INFO Product Auth to be removed from system.

INFO Product EMproxy to be removed from system.

INFO Product FWdiver to be removed from system.

INFO Product McSvcHost to be removed from system.

INFO Product HW to be removed from system.

INFO Product MAS to be removed from system.

INFO Product MAT to be removed from system.

INFO Product MBK to be removed from system.

INFO Product MCPR to be removed from system.

INFO Product McProxy to be removed from system.

INFO Product VUL to be removed from system.

INFO Product MHN to be removed from system.

INFO Product MNA to be removed from system.

INFO Product MOBK to be removed from system.

INFO Product MPFP to be removed from system.

INFO Product MPFPCU to be removed from system.

INFO Product MPS to be removed from system.

INFO Product SHRED to be removed from system.

INFO Product MPSCU to be removed from system.

INFO Product MQC to be removed from system.

INFO Product MQCCU to be removed from system.

INFO Product MSAD to be removed from system.

INFO Product MSHR to be removed from system.

INFO Product MSK to be removed from system.

INFO Product MSKCU to be removed from system.

INFO Product MWL to be removed from system.

INFO Product NMC to be removed from system.

INFO Product RedirSvc to be removed from system.

INFO Product VS to be removed from system.

INFO Product MSC to be removed from system.

ERROR Internal Error. Failed to establish trust.

PASS EnablePrivilege(TRUE) returns: 1

PASS Register(C:\Windows\system32\jscript.dll) returns: 1

PASS Register(C:\Windows\system32\vbscript.dll) returns: 1

PASS Register(C:\Windows\system32\jscript9.dll) returns: 1

PASS UnRegisterBHO() returns: 1

INFO Removing product MFP...

INFO Running command...

PASS Command line command successful

INFO Running command...

PASS Command line command successful

INFO Removing registry keys...

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Internet Content Filter removed successfully

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Internet Content Filter does not exist

PASS HKEY_USERS\.DEFAULT\SOFTWARE\Internet Content Filter does not exist

PASS HKEY_USERS\S-1-5-19\SOFTWARE\Internet Content Filter does not exist

PASS HKEY_USERS\S-1-5-20\SOFTWARE\Internet Content Filter does not exist

PASS HKEY_USERS\S-1-5-21-3893912771-293447690-4005701847-1000\SOFTWARE\Internet Content Filter does not exist

PASS HKEY_USERS\S-1-5-21-3893912771-293447690-4005701847-1000_Classes\SOFTWARE\Internet Content Filter does not exist

PASS HKEY_USERS\S-1-5-18\SOFTWARE\Internet Content Filter does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ICF does not exist

PASS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fpUpdateSvc does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A96FA488-2856-437F-8EAC-1FD67F0EE32C} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A96FA488-2856-437F-8EAC-1FD67F0EE32C} does not exist

PASS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfeicfcore does not exist

PASS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfeicfupdate does not exist

INFO Removing files...

PASS C:\Users\Public\Desktop\Set up Family Protection.lnk does not exist

PASS %USERPROFILE%\Desktop\Set up Family Protection.lnk does not exist

PASS C:\Users\Public\Desktop\Configure McAfee Family Protection.lnk does not exist

PASS %USERPROFILE%\Desktop\Configure McAfee Family Protection.lnk does not exist

PASS C:\Users\Public\Desktop\Configure Family Protection.lnk does not exist

PASS %USERPROFILE%\Desktop\Configure Family Protection.lnk does not exist

PASS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Family Protection\Remove Family Protection.lnk does not exist

PASS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Family Protection\Set up Family Protection.lnk does not exist

PASS C:\Windows\System32\ICF.dll does not exist

PASS C:\Windows\System32\seinst.dll does not exist

PASS C:\Windows\sysnative\ICF.dll does not exist

PASS C:\Windows\sysnative\seinst.dll does not exist

PASS C:\Windows\sediag.exe does not exist

PASS C:\Windows\serecat.exe does not exist

PASS C:\Windows\serecat.exe does not exist

INFO Removing directory...

PASS C:\Program Files\Internet Content Filter does not exist

INFO Removing directory...

PASS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Family Protection does not exist

INFO Removing directory...

PASS \Application Data\McAfee\MCLOGS\CoreTech\mfp does not exist

INFO Removing directory...

PASS C:\Program Files\InstallShield Installation Information\{A96FA488-2856-437F-8EAC-1FD67F0EE32C} does not exist

INFO Removing directory...

PASS C:\ProgramData\Internet Content Filter does not exist

PASS Product MFP successfully removed.

INFO Removing product APPSTATS...

INFO Running command...

PASS Command line command successful

INFO Running command...

PASS Command line command successful

INFO Removing registry keys...

PASS HKLM\SYSTEM\CurrentControlSet\services\MfeASKM does not exist

PASS HKLM\SYSTEM\CurrentControlSet\services\MfeASUM does not exist

PASS HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEASKM does not exist

INFO Removing directory...

PASS %ProgramW6432%\McAfee\AppStats does not exist

INFO Removing directory...

PASS C:\Program Files\McAfee\AppStats does not exist

INFO Removing user profile directories...

PASS C:\Users\Brian\Application Data\McAfee\AppStats does not exist

PASS C:\Users\Default\Application Data\McAfee\AppStats does not exist

PASS C:\Users\Michelle\Application Data\McAfee\AppStats does not exist

PASS C:\Users\Public\Application Data\McAfee\AppStats does not exist

PASS Product APPSTATS successfully removed.

INFO Removing product Auth...

INFO Removing files...

PASS C:\Program Files\Common Files\McAfee\Auth\authIE32.inf does not exist

PASS C:\Program Files\Common Files\McAfee\Auth\authIE64.inf does not exist

PASS C:\Program Files\Common Files\McAfee\Auth\AuthIE32.dll does not exist

PASS C:\Program Files\Common Files\McAfee\Auth\AuthIE64.dll does not exist

INFO Removing files...

PASS C:\Program Files\Common Files\McAfee\Auth\authFF.inf does not exist

PASS C:\Program Files\Common Files\McAfee\Auth\npAuthFF.dll does not exist

INFO Removing files...

PASS C:\Program Files\Common Files\McAfee\Auth\authmain.inf does not exist

PASS C:\Program Files\Common Files\McAfee\Auth\authcore.inf does not exist

PASS C:\Program Files\Common Files\McAfee\Auth\AuthCore.exe does not exist

INFO Removing directory...

PASS C:\Program Files\Common Files\McAfee\Auth does not exist

INFO Removing directory...

PASS C:\ProgramData\McAfee\Auth does not exist

INFO Removing directory...

PASS C:\ProgramData\McAfee\WinCore\persist.mtk removed successfully

PASS C:\ProgramData\McAfee\WinCore removed successfully

INFO Removing registry keys...

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\iemcdata.DLL does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2603D10A-A956-4EA4-882B-9D015723EE02} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58BAF6D6-6F7F-4601-A1B0-A137ECB95548} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58BAF6D6-6F7F-4601-A1B0-A137ECB95548}\InprocServer32 does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58BAF6D6-6F7F-4601-A1B0-A137ECB95548}\ProgID does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58BAF6D6-6F7F-4601-A1B0-A137ECB95548}\Programmable does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58BAF6D6-6F7F-4601-A1B0-A137ECB95548}\TypeLib does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58BAF6D6-6F7F-4601-A1B0-A137ECB95548}\VersionIndependentProgID does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{837703DD-F645-4D7D-8F9A-E98418A5F9C9} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{837703DD-F645-4D7D-8F9A-E98418A5F9C9}\ProxyStubClsid does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{837703DD-F645-4D7D-8F9A-E98418A5F9C9}\ProxyStubClsid32 does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{837703DD-F645-4D7D-8F9A-E98418A5F9C9}\TypeLib does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\McData.McAfeeInfo does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\McData.McAfeeInfo\CLSID does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\McData.McAfeeInfo\CurVer does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\McData.McAfeeInfo.1 does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\McData.McAfeeInfo.1\CLSID does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D328159B-0C40-47D0-876A-1F8DC4F6854B} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D328159B-0C40-47D0-876A-1F8DC4F6854B}\1.0 does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D328159B-0C40-47D0-876A-1F8DC4F6854B}\1.0\0 does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D328159B-0C40-47D0-876A-1F8DC4F6854B}\1.0\0\win32 does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D328159B-0C40-47D0-876A-1F8DC4F6854B}\1.0\0\win64 does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D328159B-0C40-47D0-876A-1F8DC4F6854B}\1.0\FLAGS does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D328159B-0C40-47D0-876A-1F8DC4F6854B}\1.0\HELPDIR does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedPackages\AUTHCORE does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedPackages\AUTHFF does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedPackages\AUTHIE32 does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedPackages\AUTHIE64 does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/info does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/info\MimeTypes does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/info\MimeTypes\application/mcafeeinfo does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/info\Suffixes does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8289682C-1A2C-4039-B9DC-F2A6C006F0EF} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{58BAF6D6-6F7F-4601-A1B0-A137ECB95548} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Auth does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Auth does not exist

PASS Product Auth successfully removed.

INFO Removing product EMproxy...

INFO Removing files...

PASS C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe does not exist

PASS C:\Program Files\Common Files\McAfee\EmProxy\emproxy.inf does not exist

PASS C:\Program Files\Common Files\McAfee\EmProxy\emprxres.dll does not exist

PASS C:\Program Files\Common Files\McAfee\EmProxy\emprxres.inf does not exist

PASS C:\Program Files\Common Files\McAfee\EmProxy\emprxyps.dll does not exist

PASS C:\Program Files\Common Files\McAfee\EmProxy\emtray.exe does not exist

PASS C:\Program Files\Common Files\McAfee\EmProxy\emtray.inf does not exist

PASS C:\Program Files\Common Files\McAfee\EmProxy\emtray.inf does not exist

INFO Removing registry keys...

PASS HKCR\AppID\{046a85cb-74fd-4569-b65c-42f698d27951} does not exist

PASS HKCR\AppID\emproxy.exe does not exist

PASS HKCR\AppID\emtray.exe does not exist

PASS HKCR\CLSID\{291E562F-0605-4797-95A2-1AEC25893F1E} does not exist

PASS HKCR\CLSID\{396EA20D-1AAB-4f12-9675-BC6218B404FD} does not exist

PASS HKCR\CLSID\{b3326110-966a-4609-b3ca-c98a2a8016d9} does not exist

PASS HKCR\Interface\{08BB9069-FD2E-476F-A525-3A75EA28D7D0} does not exist

PASS HKCR\Interface\{291E562F-0605-4797-95A2-1AEC25893F1E} does not exist

PASS HKCR\Interface\{70E1E130-4524-4C15-881F-CE7CFF5DB6CA} does not exist

PASS HKCR\Interface\{BDCF65C8-ABF3-4693-B7FC-B3D3EF27A419} does not exist

PASS HKCR\Interface\{D5975961-7AB0-4038-AF7F-8831AB84D8A0} does not exist

PASS HKCR\TypeLib\{58911211-8773-4A30-B532-88A446900BA6} does not exist

PASS HKLM\SOFTWARE\McAfee\EmProxy does not exist

PASS HKLM\SOFTWARE\McAfee\SharedPackages\EmProxy does not exist

PASS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EMPROXY does not exist

PASS HKLM\SYSTEM\CurrentControlSet\Services\Emproxy does not exist

PASS HKLM\SYSTEM\CurrentControlSet\Services\Emproxy does not exist

PASS Product EMproxy successfully removed.

INFO Removing product FWdiver...

PASS Product FWdiver successfully removed.

INFO Removing product McSvcHost...

PASS Product McSvcHost successfully removed.

INFO Removing product HW...

INFO Removing registry keys...

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\HWAPI.EXE does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{02FCCD7B-1F18-458D-B1C3-B6AEB20124FD} removed successfully

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07AA2658-7A1A-47e5-B01A-701DC9EECD6F} removed successfully

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CE809D3-1D8B-4321-9F89-3F49CEA8B15C} removed successfully

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231727DB-4A5A-4c85-B844-64E3A30BE7A3} removed successfully

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36C29AB6-FF73-4f74-A2D1-C5C09B54E5C9} removed successfully

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6021CE48-B556-4f11-BC68-A647F056F8CC} removed successfully

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85DADE1D-E53C-4E3A-8514-19FFB6B00423} removed successfully

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0EBB878-FDC0-4514-AEE9-F68E4337E7D2} removed successfully

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB49CFE3-C775-48f1-B0C6-BEBABF84EFF9} removed successfully

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatch removed successfully

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatch.1 removed successfully

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchAppDetails removed successfully

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchAppDetails.1 removed successfully

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchAppEntry removed successfully

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchAppEntry.1 removed successfully

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchFirewallSettings removed successfully

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchFirewallSettings.1 removed successfully

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchServerQuery removed successfully

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchServerQuery.1 removed successfully

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchSettings removed successfully

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchSettings.1 removed successfully

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchSharedPerms removed successfully

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchSharedPerms.1 removed successfully

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchVersion removed successfully

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchVersion.1 removed successfully

PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\HackerWatch removed successfully

PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedPackages\HWAPI removed successfully

PASS HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\McAfee Hackerwatch Service does not exist

PASS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfee HackerWatch Service does not exist

PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McAfee HackerWatch Service does not exist

PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\McAfee HackerWatch Service does not exist

PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\McAfee HackerWatch Service does not exist

PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_HACKERWATCH_SERVICE does not exist

PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCAFEE_HACKERWATCH_SERVICE does not exist

PASS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCAFEE_HACKERWATCH_SERVICE does not exist

INFO Removing directory...

PASS C:\Program Files\Common Files\McAfee\Hackerwatch\HWAPI.dll removed successfully

PASS C:\Program Files\Common Files\McAfee\Hackerwatch\hwapi.inf removed successfully

PASS C:\Program Files\Common Files\McAfee\Hackerwatch\hwupdchk.exe removed successfully

PASS C:\Program Files\Common Files\McAfee\Hackerwatch removed successfully

INFO Removing directory...

PASS %USERPROFILE%\AppData\Roaming\McAfee\Hackerwatch does not exist

INFO Removing directory if empty...

PASS Attempt to remove directory C:\Program Files\Common Files\McAfee (if empty) on next reboot

INFO Removing registry keys...

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\HWAPI.EXE does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{02FCCD7B-1F18-458D-B1C3-B6AEB20124FD} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07AA2658-7A1A-47e5-B01A-701DC9EECD6F} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CE809D3-1D8B-4321-9F89-3F49CEA8B15C} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231727DB-4A5A-4c85-B844-64E3A30BE7A3} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36C29AB6-FF73-4f74-A2D1-C5C09B54E5C9} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6021CE48-B556-4f11-BC68-A647F056F8CC} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85DADE1D-E53C-4E3A-8514-19FFB6B00423} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0EBB878-FDC0-4514-AEE9-F68E4337E7D2} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB49CFE3-C775-48f1-B0C6-BEBABF84EFF9} does not exist

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatch does not exist

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatch.1 does not exist

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchAppDetails does not exist

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchAppDetails.1 does not exist

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchAppEntry does not exist

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchAppEntry.1 does not exist

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchFirewallSettings does not exist

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchFirewallSettings.1 does not exist

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchServerQuery does not exist

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchServerQuery.1 does not exist

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchSettings does not exist

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchSettings.1 does not exist

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchSharedPerms does not exist

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchSharedPerms.1 does not exist

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchVersion does not exist

PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchVersion.1 does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\HackerWatch does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedPackages\HWAPI does not exist

PASS HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\McAfee Hackerwatch Service does not exist

PASS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfee HackerWatch Service does not exist

PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McAfee HackerWatch Service does not exist

PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\McAfee HackerWatch Service does not exist

PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\McAfee HackerWatch Service does not exist

PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_HACKERWATCH_SERVICE does not exist

PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCAFEE_HACKERWATCH_SERVICE does not exist

PASS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCAFEE_HACKERWATCH_SERVICE does not exist

INFO Removing directory...

PASS C:\Program Files\Common Files\McAfee\Hackerwatch does not exist

INFO Removing directory...

PASS %USERPROFILE%\AppData\Roaming\McAfee\Hackerwatch does not exist

PASS Product HW successfully removed.

INFO Removing product MAS...

INFO Removing file...

PASS C:\ProgramData\McAfee\AntiSpyware\Data\SpyData.dat does not exist

INFO Removing file...

PASS C:\ProgramData\McAfee\AntiSpyware\Data\Mss.dat does not exist

INFO Removing file...

PASS C:\ProgramData\McAfee\AntiSpyware\Data does not exist

INFO Removing file...

PASS C:\ProgramData\McAfee\AntiSpyware does not exist

INFO Removing directory...

PASS C:\ProgramData\McAfee\AntiSpyware does not exist

INFO Removing directory...

PASS C:\Program Files\Common Files\McAfee\AntiSpyware does not exist

INFO Removing directory...

PASS C:\Program Files\McAfee\McAfee AntiSpyware does not exist

INFO Removing directory if empty...

PASS Attempt to remove directory C:\ProgramData\McAfee (if empty) on next reboot

INFO Removing directory if empty...

PASS Attempt to remove directory C:\Program Files\Common Files\McAfee (if empty) on next reboot

INFO Removing directory if empty...

PASS Attempt to remove directory C:\Program Files\McAfee (if empty) on next reboot

INFO Removing files...

PASS C:\Program Files\McAfee.com\Agent\app\mas.adf does not exist

PASS C:\Program Files\McAfee.com\Agent\Custom_Uninstall\masreg.inf does not exist

PASS C:\Program Files\McAfee.com\Agent\Uninst\masrem.ui does not exist

PASS C:\ProgramData\McAfee.com\Agent\RegWiz\RegApp\mas.ini does not exist

PASS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee AntiSpyware.lnk does not exist

PASS C:\$RECYCLE.BIN\Desktop\McAfee AntiSpyware.lnk does not exist

PASS C:\Windows\Tasks\McAfee AntiSpyware.job does not exist

PASS C:\Windows\Tasks\McAfee AntiSpyware.job does not exist

INFO Removing registry keys...

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{57AB088E-64D3-4fe5-951B-324F78F8053B} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{716B6046-3784-4bc0-94AB-EA18030F1116} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00D9A576-478A-4da3-8F4D-9D24550D7BFB} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{157D0CD0-F262-4480-9795-F30BC0CF7FED} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A5D0518-2D84-4c2e-9079-F3C126EFA309} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3FF95E5B-1F32-4e2a-973C-9859C404F76D} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761BAB59-3E81-4607-B277-E49DDF398A8D} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9869C047-651A-46c4-8262-331DE168FD50} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEC54580-F435-4858-8F61-6E2657482078} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F29EE164-DF52-4b69-A11C-635695BE0B45} does not exist

PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2A0229A-C4CA-4789-B606-973D24DCDD1C} does not exist -- Again this is only a few pages of the report the total report is several hundred pages in length. I have re-booted the PC in safe mode with networking again, and am ready to follow your next suggestion. Shall I try to run ComboFix at this time?

Link to post
Share on other sites

  • Staff

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

    [*]Please post the contents of OTL.txt in your next reply.

Gringo

Link to post
Share on other sites

Hi Gringo, I am now able to get back into this post, so someone at Malwarebytes must have fixed the link. OK so I have run the OTL.exe and below is the report.

OTL logfile created on: 12/4/2012 7:23:36 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brian\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 76.52% Memory free

6.74 Gb Paging File | 6.39 Gb Available in Paging File | 94.82% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455.71 Gb Total Space | 189.67 Gb Free Space | 41.62% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 3.88 Gb Free Space | 38.83% Space Free | Partition Type: NTFS

Drive E: | 698.81 Mb Total Space | 479.77 Mb Free Space | 68.65% Space Free | Partition Type: UDF

Computer Name: HOWELL-PC | User Name: Brian | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Brian\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()

========== Services (SafeList) ==========

SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)

SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)

SRV - (ncprwsnt) -- C:\Program Files\WatchGuard\Mobile VPN\NCPRWSNT.EXE (NCP Engineering GmbH)

SRV - (rwsrsu) -- C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe ()

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (ncpclcfg) -- C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe (NCP engineering GmbH)

SRV - (NcpSec) -- C:\Program Files\WatchGuard\Mobile VPN\NCPSEC.EXE ()

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (catchme) -- C:\Users\Brian\AppData\Local\Temp\catchme.sys File not found

DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.)

DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)

DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)

DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)

DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)

DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)

DRV - (ncplelhp) -- C:\Windows\System32\drivers\ncplelhp.sys (NCP Engineering GmbH)

DRV - (ncpfilt) -- C:\Windows\System32\drivers\ncplelhp.sys (NCP Engineering GmbH)

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6E5A0F38-B2C6-255B-77D0-4164A6763109}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://portal.wowway.net/

IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080903

IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/

IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..\URLSearchHook: - No CLSID value found

IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found

IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..\SearchScopes,Backup.Old.DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}

IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..\SearchScopes\{6E5A0F38-B2C6-255B-77D0-4164A6763109}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}

IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll File not found

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Michelle\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Brian\AppData\Local\Roblox\Versions\version-3ebe0cca16b6421c\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/28 18:09:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/17 03:05:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/28 18:09:05 | 000,000,000 | ---D | M]

[2010/07/16 20:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions

[2010/07/16 20:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

========== Chrome ==========

CHR - default_search_provider: Web Search ()

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Wajam (Enabled) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Brian\AppData\Local\Roblox\Versions\version-7abe764230c5492d\\NPRobloxProxy.dll

CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Michelle\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Shop to Win) - {A0D2864A-05FA-91F4-A5CC-DEF70D52F5AF} - C:\Program Files\Shop to Win 28\Shop to Win 28.dll File not found

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Shop to Win) - {EE146ACC-D881-1414-2148-B1D008B47ADB} - C:\Program Files\Shop to Win 27\Shop to Win 27.dll File not found

O3 - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.5.0)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.5.0)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab (GpcContainer Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EBEBF83-F912-464C-9D2A-920FA57F7B44}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\dssrequest - No CLSID value found

O18 - Protocol\Handler\sacore - No CLSID value found

O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{c87cdb82-0fd2-11de-9de2-02004e435049}\Shell - "" = AutoRun

O33 - MountPoints2\{c87cdb82-0fd2-11de-9de2-02004e435049}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O33 - MountPoints2\{fb11bee2-7792-11de-9fa1-02004e435049}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/04 07:21:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe

[2012/12/03 20:22:18 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012/12/03 18:21:06 | 003,177,840 | ---- | C] (McAfee, Inc.) -- C:\Users\Brian\Desktop\MCPR.exe

[2012/12/02 20:27:12 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Brian\Desktop\aswMBR.exe

[2012/12/02 20:27:12 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Brian\Desktop\tdsskiller.exe

[2012/12/02 17:17:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/12/02 17:17:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/12/02 17:17:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/12/02 17:10:06 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/12/02 17:09:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/12/02 17:09:15 | 005,009,299 | R--- | C] (Swearware) -- C:\Users\Brian\Desktop\ComboFix.exe

[2012/12/02 15:57:40 | 000,000,000 | ---D | C] -- C:\Users\Brian\Desktop\RK_Quarantine

[2012/12/01 21:20:31 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Malwarebytes

[2012/12/01 21:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/12/01 21:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/12/01 21:20:12 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/12/01 21:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/11/30 22:01:39 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Brian\Desktop\unhide.exe

[2012/11/30 22:01:38 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Brian\Desktop\iExplore.exe

[2012/11/30 22:01:37 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Brian\Desktop\dds.scr

[2012/11/30 22:01:12 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Brian\Desktop\rkill.com

[2012/11/27 22:05:24 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/11/14 21:57:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/11/14 21:49:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/11/14 21:49:20 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2012/11/14 21:49:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/11/14 21:49:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012/11/14 21:49:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/11/14 21:49:19 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/11/14 21:49:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/11/14 21:49:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/11/14 06:57:59 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll

[2012/11/14 06:57:38 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012/11/10 17:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/11/10 17:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2009/01/01 20:57:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Brian\AppData\Roaming\pcouffin.sys

[2008/11/17 20:37:27 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Brian\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/12/04 07:17:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe

[2012/12/03 20:11:01 | 000,642,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/12/03 20:11:01 | 000,119,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/12/03 20:06:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/12/03 17:56:32 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/03 17:56:32 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/03 09:44:58 | 003,177,840 | ---- | M] (McAfee, Inc.) -- C:\Users\Brian\Desktop\MCPR.exe

[2012/12/02 20:19:56 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Brian\Desktop\aswMBR.exe

[2012/12/02 20:19:07 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brian\Desktop\tdsskiller.exe

[2012/12/02 17:06:00 | 005,009,299 | R--- | M] (Swearware) -- C:\Users\Brian\Desktop\ComboFix.exe

[2012/12/02 15:37:46 | 000,752,128 | ---- | M] () -- C:\Users\Brian\Desktop\RogueKiller.exe

[2012/12/02 15:37:28 | 000,533,705 | ---- | M] () -- C:\Users\Brian\Desktop\adwcleaner.exe

[2012/12/02 15:37:12 | 000,856,731 | ---- | M] () -- C:\Users\Brian\Desktop\SecurityCheck.exe

[2012/12/02 06:52:58 | 000,270,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/12/01 21:20:13 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/01 21:16:15 | 000,045,056 | ---- | M] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/12/01 21:11:53 | 000,001,356 | ---- | M] () -- C:\Users\Brian\AppData\Local\d3d9caps.dat

[2012/11/29 13:10:22 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Brian\Desktop\dds.scr

[2012/11/29 13:05:04 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Brian\Desktop\unhide.exe

[2012/11/29 12:50:14 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Brian\Desktop\iExplore.exe

[2012/11/29 12:49:16 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Brian\Desktop\rkill.com

[2012/11/27 12:34:49 | 000,000,550 | ---- | M] () -- C:\Windows\Brownie.ini

[2012/11/25 08:50:12 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI

[2012/11/18 21:39:59 | 000,141,285 | ---- | M] () -- C:\Users\Brian\Documents\USaccountManager_2012.pdf

[2012/11/10 17:06:32 | 000,001,763 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/11/08 17:55:28 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/11/08 17:55:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/12/02 17:17:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/12/02 17:17:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/12/02 17:17:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/12/02 17:17:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/12/02 17:17:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/12/02 15:42:55 | 000,856,731 | ---- | C] () -- C:\Users\Brian\Desktop\SecurityCheck.exe

[2012/12/02 15:42:54 | 000,752,128 | ---- | C] () -- C:\Users\Brian\Desktop\RogueKiller.exe

[2012/12/02 15:42:52 | 000,533,705 | ---- | C] () -- C:\Users\Brian\Desktop\adwcleaner.exe

[2012/12/01 21:20:13 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/18 21:39:59 | 000,141,285 | ---- | C] () -- C:\Users\Brian\Documents\USaccountManager_2012.pdf

[2012/11/10 17:06:32 | 000,001,763 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/07/31 18:43:23 | 000,000,093 | ---- | C] () -- C:\Users\Brian\AppData\Local\fusioncache.dat

[2011/07/23 18:42:51 | 000,001,356 | ---- | C] () -- C:\Users\Brian\AppData\Local\d3d9caps.dat

[2011/06/24 20:24:31 | 000,031,261 | ---- | C] () -- C:\Windows\HL-5370DW.INI

[2010/04/24 10:11:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/11/27 21:29:55 | 000,027,503 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\UserTile.png

[2009/02/10 20:46:22 | 000,000,105 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\AVSMediaPlayer.m3u

[2009/01/01 20:57:02 | 000,087,608 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\inst.exe

[2009/01/01 20:57:02 | 000,007,887 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\pcouffin.cat

[2009/01/01 20:57:02 | 000,001,144 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\pcouffin.inf

[2008/09/12 20:32:53 | 000,045,056 | ---- | C] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\Windows\$NtUninstallKB35192$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:661DFA1C

< End of report > I also have the Extra.txt report available if you need it for review. PC is still in safe state, running in safe mode with networking and I am still getting the message "the installed service does not exist as an installed device". Look forward to your feedback and thanks for your assistance with this issue.

Link to post
Share on other sites

  • Staff

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.

[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe

[*]Click the Search button

[*]It will make a log (Search.txt)

I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo

Link to post
Share on other sites

Gringo, My USB drives on my PC do not work. Can I do put Farbar on a CD and run it from there? Also I don't fully understand the instruction you gave. Am I supposed to run FarBar and then put in the Windows Vista Installation disk and run it?? Please confirm.

Link to post
Share on other sites

Gringo, I just tried to re-boot with USB drive plugged with Farbar loaded on it, and when the BIOS screen came up I tapped F8 several times, but then a screen came up and says NTLDR is missing Press any key to restart. When I press a key nothing happens. On the BIOS screen there is an option to press F12 for the Boot menu. Should I try this instead?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.