Jump to content


Photo
- - - - -

Running slow, malware is my guess..


  • This topic is locked This topic is locked
20 replies to this topic

#1 BerttheGreat

BerttheGreat

    New Member

  • Members
  • Pip
  • 12 posts

Posted 27 January 2012 - 09:58 PM

I recently was infected with a nasty windows 7 anti-virus thingy and it was bad. I followed steps to clean it up and it worked for the most part, but my computer is running a bit more slow now so I'm pretty sure I did not get all of it. I have the logs from DDS here:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Marty at 19:49:54 on 2012-01-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7931.6576 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atibtmon.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111221143854.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [ISUSPM] -scheduler
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Converter 7\RegistryController.exe
mRun: [Nuance PDF Converter 7-reminder] "C:\Program Files (x86)\Nuance\PDF Converter 7\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter 7\Ereg\Ereg.ini"
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Open with Nuance PDF Converter 7.0 - C:\Program Files (x86)\Nuance\PDF Converter 7\cnvres_eng.dll /100
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B3A6F8DB-C254-447C-AF58-73515BEF0A3C} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B3A6F8DB-C254-447C-AF58-73515BEF0A3C}\2456C6B696E6E253645473 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B3A6F8DB-C254-447C-AF58-73515BEF0A3C}\96E6475627E65647A5F4D4249454 : DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111221143854.dll
BHO-X64: scriptproxy - No File
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [(Default)]
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Converter 7\RegistryController.exe
mRun-x64: [Nuance PDF Converter 7-reminder] "C:\Program Files (x86)\Nuance\PDF Converter 7\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter 7\Ereg\Ereg.ini"
mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-18 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-25 365568]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-4-28 514232]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-7-5 227384]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-6-30 2375168]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-7-24 722616]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-30 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-30 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-30 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-7-25 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-7-25 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/06/30 15:38:42;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-30 249936]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-7-25 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-30 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-16 05:20:26 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-11 05:49:32 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 05:49:31 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 05:49:30 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 05:49:30 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 05:49:26 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 05:49:26 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 05:49:24 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 05:49:23 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-08 22:47:37 388096 ----a-r- C:\Users\Marty\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-08 22:47:35 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-07 07:18:12 -------- d-----w- C:\Users\Marty\AppData\Roaming\Malwarebytes
2012-01-07 07:18:03 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-07 07:17:58 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-07 07:17:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 19:51:09.70 ===============

and also this:

.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/23/2011 9:36:25 PM
System Uptime: 1/27/2012 6:15:36 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 164C
Processor: AMD Phenom™ II P960 Quad-Core Processor | Socket S1G4 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 501.807 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.582 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP40: 12/13/2011 6:58:11 PM - Scheduled Checkpoint
RP41: 12/15/2011 7:42:32 AM - Windows Update
RP43: 12/27/2011 2:03:27 PM - HPSF Applying updates
RP44: 1/5/2012 1:25:04 PM - Scheduled Checkpoint
RP45: 1/8/2012 3:46:30 PM - Installed HiJackThis
RP46: 1/11/2012 12:13:46 PM - Windows Update
RP47: 1/15/2012 10:19:01 PM - Installed Java™ 6 Update 30
RP48: 1/19/2012 10:00:31 PM - Windows Update
.
==== Installed Programs ======================
.
AbiWord 2.8.6
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Adobe Reader X MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Apple Application Support
Apple Software Update
Ask Toolbar
Bejeweled 2 Deluxe
Bejeweled 3
Bing Bar
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CyberLink PowerDVD 10
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Elements 9 Organizer
Elements STI Installer
Energy Star Digital Logo
ESU for Microsoft Windows 7
Evernote v. 4.2.2
Farm Frenzy
FATE - The Traitor Soul
Hewlett-Packard ACLM.NET v1.1.1.0
HiJackThis
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
IDT Audio
iolo technologies' System Mechanic
Java Auto Updater
Java™ 6 Update 30
Junk Mail filter update
Magic Desktop
Mah Jong Medley
Malwarebytes Anti-Malware version 1.60.0.1800
MAME32k (remove only)
MapleStory
McAfee AntiVirus Plus
Mesh Runtime
Microsoft Office 2010
Microsoft Office Communicator 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Nexon Game Manager
Nuance PDF Converter 7
Pando Media Booster
PCmover Professional
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
QuickTime
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
RoxioNow Player
Scansoft PDF Converter
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Slingo Supreme
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-bit)
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
1/27/2012 7:46:52 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
1/27/2012 6:15:58 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/27/2012 6:15:57 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/27/2012 6:15:56 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/21/2012 9:15:35 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
.
==== End Of File ===========================

I think that's it for now... If I didn't do something right just let me know... Hope you can help.

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,146 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 30 January 2012 - 08:52 AM

Welcome to the forum.

Please remove any usb or external drives from the computer before you run these scan!

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
-------------
Next..........

Please download and run RogueKiller.
Choose 1 to scan the system
Post back the report.

-------------------------

Last.......
Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.
Double click on the icon on your desktop.
Click the Scan All Users checkbox.
Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 BerttheGreat

BerttheGreat

    New Member

  • Members
  • Pip
  • 12 posts

Posted 31 January 2012 - 12:54 AM

Thanks for helping. Here are the logs:

Farbar Service Scanner Version: 18-01-2012 01
Ran by Marty (administrator) on 30-01-2012 at 22:36:12
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
===========
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Here's the RogueKiller:

RogueKiller V7.0.2 [01/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Marty [Admin rights]
Mode: Scan -- Date : 01/30/2012 22:39:54
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6476GSX ATA Device +++++
--- User ---
[MBR] b4d9070620242845e6ab61e5b2b4170c
[BSP] 8cf892ae4bead2ef24e2536e5326c410 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 595628 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1220255744 | Size: 14548 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

Next ones:

OTL logfile created on: 1/30/2012 10:41:51 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marty\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 79.65% Memory free
15.49 Gb Paging File | 13.28 Gb Available in Paging File | 85.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.67 Gb Total Space | 501.78 Gb Free Space | 86.27% Space Free | Partition Type: NTFS
Drive D: | 14.21 Gb Total Space | 1.58 Gb Free Space | 11.14% Space Free | Partition Type: NTFS
Drive E: | 933.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ROBNBOBBLASTER | User Name: Marty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/30 22:41:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Marty\Desktop\OTL.exe
PRC - [2011/07/24 19:59:46 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/07/19 14:40:10 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/07/05 16:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/04/28 17:19:18 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe
PRC - [2011/03/22 11:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/17 22:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/17 22:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/17 22:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/02/15 15:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/01/27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/01/25 13:56:34 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/02/03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/24 19:59:46 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011/05/26 12:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/18 17:01:08 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/10/18 12:46:49 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/10/18 12:46:45 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/03/25 23:02:02 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/02/28 12:52:00 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2011/01/26 16:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/30 13:42:00 | 000,220,528 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV - [2011/07/19 14:40:10 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/07/05 16:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/03/07 17:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/17 22:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/02/15 15:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/01/25 13:56:32 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/18 12:46:52 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/07/19 09:19:16 | 001,492,992 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/24 17:20:36 | 000,337,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/28 13:23:06 | 009,079,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/02/28 12:17:20 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/02/16 18:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/26 16:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/01/26 16:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/12/16 19:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/29 04:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/17 06:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/05/06 05:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/09 09:59:28 | 000,023,464 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2731733586-1763407279-4155527976-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-2731733586-1763407279-4155527976-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-2731733586-1763407279-4155527976-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2731733586-1763407279-4155527976-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2731733586-1763407279-4155527976-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/10 07:32:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/12/21 16:45:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111221143854.dll (McAfee, Inc.)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111221143854.dll (McAfee, Inc.)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-2731733586-1763407279-4155527976-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iolo Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Nuance PDF Converter 7-reminder] C:\Program Files (x86)\Nuance\PDF Converter 7\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Converter 7\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2731733586-1763407279-4155527976-1001..\Run: [ISUSPM] -scheduler File not found
O4 - HKU\S-1-5-21-2731733586-1763407279-4155527976-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 7.0 - C:\Program Files (x86)\Nuance\PDF Converter 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Open with Nuance PDF Converter 7.0 - C:\Program Files (x86)\Nuance\PDF Converter 7\cnvres_eng.dll (Nuance Communications, Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3A6F8DB-C254-447C-AF58-73515BEF0A3C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/05 08:27:51 | 000,000,041 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{599abc52-b57c-11e0-87be-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{599abc52-b57c-11e0-87be-806e6f6e6963}\Shell\AutoRun\command - "" = E:\GEOM_43.exe -- [2009/08/05 08:24:51 | 006,691,384 | R--- | M] (Adobe Systems, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 22:41:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Marty\Desktop\OTL.exe
[2012/01/30 22:39:00 | 000,000,000 | ---D | C] -- C:\Users\Marty\Desktop\RK_Quarantine
[2012/01/30 22:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/01/15 22:21:39 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/15 22:20:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/01/08 15:47:38 | 000,000,000 | ---D | C] -- C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/08 15:47:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/01/08 15:41:33 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Marty\Desktop\tdsskiller.exe
[2012/01/07 00:18:12 | 000,000,000 | ---D | C] -- C:\Users\Marty\AppData\Roaming\Malwarebytes
[2012/01/07 00:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/07 00:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/07 00:17:58 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/07 00:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/02 15:50:36 | 001,222,671 | ---- | C] (Solgryn.org ) -- C:\Users\Marty\Desktop\IWBTUpdater.exe
[2012/01/02 15:50:32 | 132,138,450 | ---- | C] (Solgryn.org ) -- C:\Users\Marty\Desktop\I Wanna Be The Boshy 1.5.1.exe
[2012/01/02 14:47:00 | 011,233,541 | ---- | C] ( ) -- C:\Users\Marty\Desktop\IWBTVB.exe

========== Files - Modified Within 30 Days ==========

[2012/01/30 22:41:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Marty\Desktop\OTL.exe
[2012/01/30 22:41:06 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/30 22:41:06 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/30 22:38:43 | 001,201,664 | ---- | M] () -- C:\Users\Marty\Desktop\RogueKiller.exe
[2012/01/30 22:37:49 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2012/01/30 22:35:28 | 000,334,429 | ---- | M] () -- C:\Users\Marty\Desktop\FSS.exe
[2012/01/30 22:33:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/30 22:32:58 | 1942,147,071 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/30 16:57:45 | 000,005,186 | ---- | M] () -- C:\Users\Marty\Documents\Article 1.abw
[2012/01/27 19:47:56 | 000,001,100 | ---- | M] () -- C:\Users\Marty\Desktop\SaveFile2.ini
[2012/01/27 19:47:48 | 000,000,260 | ---- | M] () -- C:\Users\Marty\Desktop\options.ini
[2012/01/27 19:47:48 | 000,000,151 | ---- | M] () -- C:\Users\Marty\Desktop\onlineLicense.ini
[2012/01/27 19:47:48 | 000,000,000 | ---- | M] () -- C:\Users\Marty\Desktop\saveFile.ini
[2012/01/27 19:47:35 | 000,000,728 | ---- | M] () -- C:\Users\Marty\Desktop\SaveFile1.ini
[2012/01/27 19:45:45 | 000,007,605 | ---- | M] () -- C:\Users\Marty\AppData\Local\Resmon.ResmonCfg
[2012/01/24 20:11:58 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMarty.job
[2012/01/13 14:42:33 | 000,169,141 | ---- | M] () -- C:\Users\Marty\Desktop\2012-01-13_14.42.33.png
[2012/01/13 14:42:25 | 000,089,422 | ---- | M] () -- C:\Users\Marty\Desktop\2012-01-13_14.42.25.png
[2012/01/13 14:42:15 | 000,079,422 | ---- | M] () -- C:\Users\Marty\Desktop\2012-01-13_14.42.15.png
[2012/01/13 14:42:10 | 000,065,926 | ---- | M] () -- C:\Users\Marty\Desktop\2012-01-13_14.42.10.png
[2012/01/13 14:41:59 | 000,143,999 | ---- | M] () -- C:\Users\Marty\Desktop\2012-01-13_14.41.58.png
[2012/01/13 14:41:38 | 000,127,218 | ---- | M] () -- C:\Users\Marty\Desktop\2012-01-13_14.41.37.png
[2012/01/11 12:16:55 | 000,740,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/11 12:16:55 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/11 12:16:55 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/08 15:47:39 | 000,002,975 | ---- | M] () -- C:\Users\Marty\Desktop\HiJackThis.lnk
[2012/01/08 15:41:40 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Marty\Desktop\tdsskiller.exe
[2012/01/07 00:26:17 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 00:05:12 | 000,010,934 | -HS- | M] () -- C:\Users\Marty\AppData\Local\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh
[2012/01/07 00:05:12 | 000,010,934 | -HS- | M] () -- C:\ProgramData\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh
[2012/01/02 15:43:18 | 000,000,094 | ---- | M] () -- C:\Users\Marty\Desktop\IWBTsave.ini

========== Files Created - No Company Name ==========

[2012/01/30 22:38:30 | 001,201,664 | ---- | C] () -- C:\Users\Marty\Desktop\RogueKiller.exe
[2012/01/30 22:35:19 | 000,334,429 | ---- | C] () -- C:\Users\Marty\Desktop\FSS.exe
[2012/01/30 16:57:45 | 000,005,186 | ---- | C] () -- C:\Users\Marty\Documents\Article 1.abw
[2012/01/27 19:45:45 | 000,007,605 | ---- | C] () -- C:\Users\Marty\AppData\Local\Resmon.ResmonCfg
[2012/01/21 09:58:45 | 000,169,141 | ---- | C] () -- C:\Users\Marty\Desktop\2012-01-13_14.42.33.png
[2012/01/21 09:58:45 | 000,143,999 | ---- | C] () -- C:\Users\Marty\Desktop\2012-01-13_14.41.58.png
[2012/01/21 09:58:45 | 000,127,218 | ---- | C] () -- C:\Users\Marty\Desktop\2012-01-13_14.41.37.png
[2012/01/21 09:58:45 | 000,089,422 | ---- | C] () -- C:\Users\Marty\Desktop\2012-01-13_14.42.25.png
[2012/01/21 09:58:45 | 000,079,422 | ---- | C] () -- C:\Users\Marty\Desktop\2012-01-13_14.42.15.png
[2012/01/21 09:58:45 | 000,065,926 | ---- | C] () -- C:\Users\Marty\Desktop\2012-01-13_14.42.10.png
[2012/01/08 15:47:38 | 000,002,975 | ---- | C] () -- C:\Users\Marty\Desktop\HiJackThis.lnk
[2012/01/07 00:26:17 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 23:54:53 | 000,010,934 | -HS- | C] () -- C:\Users\Marty\AppData\Local\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh
[2012/01/06 23:54:53 | 000,010,934 | -HS- | C] () -- C:\ProgramData\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh
[2012/01/03 21:19:03 | 000,001,100 | ---- | C] () -- C:\Users\Marty\Desktop\SaveFile2.ini
[2012/01/02 15:58:45 | 000,000,000 | ---- | C] () -- C:\Users\Marty\Desktop\saveFile.ini
[2012/01/02 15:51:17 | 000,000,728 | ---- | C] () -- C:\Users\Marty\Desktop\SaveFile1.ini
[2012/01/02 15:51:17 | 000,000,151 | ---- | C] () -- C:\Users\Marty\Desktop\onlineLicense.ini
[2012/01/02 15:50:52 | 000,000,260 | ---- | C] () -- C:\Users\Marty\Desktop\options.ini
[2012/01/02 14:48:29 | 000,000,094 | ---- | C] () -- C:\Users\Marty\Desktop\IWBTsave.ini
[2011/10/18 12:44:53 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/07/24 20:34:36 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2011/06/30 15:28:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/30 15:17:46 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/28 17:37:23 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/03/03 21:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/16 17:57:18 | 000,003,883 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/16 19:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/12/19 16:24:19 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\.minecraft
[2011/08/30 17:49:06 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/08 19:21:01 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\enchant
[2011/07/24 20:38:23 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\iolo
[2011/08/17 13:03:11 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Namco
[2011/07/24 20:33:48 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Nuance
[2011/10/14 20:27:55 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\StepMania 5
[2011/07/23 20:45:23 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Synaptics
[2012/01/18 21:22:26 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

OTL Extras logfile created on: 1/30/2012 10:41:51 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marty\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 79.65% Memory free
15.49 Gb Paging File | 13.28 Gb Available in Paging File | 85.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.67 Gb Total Space | 501.78 Gb Free Space | 86.27% Space Free | Partition Type: NTFS
Drive D: | 14.21 Gb Total Space | 1.58 Gb Free Space | 11.14% Space Free | Partition Type: NTFS
Drive E: | 933.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ROBNBOBBLASTER | User Name: Marty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0128D231-B23B-409C-A531-39D8D8774BA1}" = HP 3D DriveGuard
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26588EB8-85EF-09E9-F1D9-52E3EFA94A81}" = AMD Fuel
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7B060824-0C1E-90E4-2906-B1F547669EFF}" = ccc-utility64
"{7C54D017-21BB-43AE-9746-33E78AF4A425}" = Validity WBF DDK
"{7FBA6627-88F8-0AE0-9326-FB8488DD26E0}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Converter
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{108953E4-1670-011C-093E-698B6DC3168D}" = CCC Help French
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{132EAFB3-2B2A-A694-0D67-099066554F60}" = CCC Help Polish
"{18FC153D-D962-E9E5-47A4-330E829D49B5}" = CCC Help Japanese
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20F13E5A-6E78-9807-4628-57974A1AB862}" = Catalyst Control Center Localization All
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 30
"{28B8CCF7-7CE3-0F37-6BED-8E9446000141}" = CCC Help Thai
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30E411BE-C174-405F-9361-27F4CEDE0C19}" = PCmover Professional
"{31EEA563-3544-4EA1-8773-BCBF83F9627A}" = HP Software Framework
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{378C743F-06B8-430F-91A0-0EDD06EDD253}" = Nuance PDF Converter 7
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{442A4B2B-1A30-5C0F-753D-13529EBCB22C}" = CCC Help Dutch
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F08C533-EB80-88C5-DA91-CC5EEC7435BA}" = Catalyst Control Center Graphics Previews Common
"{546984D4-170B-2C56-1AB8-10F9552935ED}" = CCC Help Czech
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{571D119C-CF96-46C2-BD68-B6FE1439F181}" = Catalyst Control Center - Branding
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5F136FB9-B653-185A-F203-288C43811D58}" = CCC Help Norwegian
"{63EE0664-A05E-5F64-0411-FB2011C3E348}" = CCC Help Portuguese
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{70AFA3C0-558B-9099-A573-9703AB3FD67D}" = Catalyst Control Center InstallProxy
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{7E76ABF7-A6AD-115D-3B59-59AE0467987B}" = CCC Help Spanish
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80C03F1B-0E02-16E7-59C5-84FC57602C55}" = CCC Help Finnish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84F41469-E24B-7B5A-F949-AD8AD770B438}" = CCC Help Danish
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{879AF6B3-7253-B9A9-1538-BDC9C6B2421B}" = CCC Help Swedish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF58048-CE5D-01C7-0134-5F991FDC17EE}" = CCC Help Russian
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{93B41F22-14EC-A8D8-B55D-B569E6D415AA}" = CCC Help Chinese Traditional
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4338C8A-6E6F-5908-69C7-9C768E440EDF}" = CCC Help German
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4D5167D-D18E-F3F8-26AC-13BC439A849E}" = CCC Help Greek
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A755E802-F7F0-F079-69B6-6CA814F66DAE}" = Catalyst Control Center
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6946BAC-2169-42CC-8E6D-F6FE2EEDB20F}" = HP Documentation
"{B97E3520-C726-475E-BC0C-7561952633AB}" = HP Power Manager
"{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1F77753-F64B-BD33-3BC5-4C2A22DCBA67}" = CCC Help Italian
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D867522F-4E43-A5AA-0D24-ADC0C7969555}" = CCC Help Hungarian
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E0612C03-2885-66DC-495C-2D944B448F98}" = CCC Help English
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EC343B2E-C4CE-0298-B3AD-7C22BAE966A0}" = CCC Help Korean
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F68DFE6C-43D8-EAD2-D90C-0105A72FA37B}" = CCC Help Chinese Standard
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{FC2FCC30-642D-93BF-B3E9-A82BA300DEF4}" = CCC Help Turkish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AbiWord2" = AbiWord 2.8.6
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"EasyBits Magic Desktop" = Magic Desktop
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MAME32k" = MAME32k (remove only)
"MapleStory" = MapleStory
"MSC" = McAfee AntiVirus Plus
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087415" = Wheel of Fortune 2
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2012 8:24:50 PM | Computer Name = RobnBobBlaster | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1/10/2012 10:39:35 PM | Computer Name = RobnBobBlaster | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1/11/2012 3:10:30 PM | Computer Name = RobnBobBlaster | Source = WinMgmt | ID = 10
Description =

Error - 1/11/2012 4:48:46 PM | Computer Name = RobnBobBlaster | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1/11/2012 7:49:41 PM | Computer Name = RobnBobBlaster | Source = WinMgmt | ID = 10
Description =

Error - 1/11/2012 11:02:30 PM | Computer Name = RobnBobBlaster | Source = WinMgmt | ID = 10
Description =

Error - 1/12/2012 12:02:49 PM | Computer Name = RobnBobBlaster | Source = WinMgmt | ID = 10
Description =

Error - 1/12/2012 12:28:52 PM | Computer Name = RobnBobBlaster | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 1/12/2012 4:16:19 PM | Computer Name = RobnBobBlaster | Source = WinMgmt | ID = 10
Description =

Error - 1/12/2012 11:11:06 PM | Computer Name = RobnBobBlaster | Source = WinMgmt | ID = 10
Description =

[ HP Connection Manager Events ]
Error - 1/9/2012 1:51:47 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5
Description = 2012/01/09 10:51:47.963|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/9/2012 1:52:05 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5
Description = 2012/01/09 10:52:05.963|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/9/2012 1:52:07 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5
Description = 2012/01/09 10:52:07.963|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/9/2012 1:52:15 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5
Description = 2012/01/09 10:52:15.963|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/9/2012 1:52:19 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5
Description = 2012/01/09 10:52:19.963|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/9/2012 1:52:25 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5
Description = 2012/01/09 10:52:25.963|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/9/2012 1:52:27 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5
Description = 2012/01/09 10:52:27.963|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/9/2012 1:52:29 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5
Description = 2012/01/09 10:52:29.962|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/9/2012 1:52:31 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5
Description = 2012/01/09 10:52:31.962|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 1/9/2012 1:52:33 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5
Description = 2012/01/09 10:52:33.963|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

[ System Events ]
Error - 1/30/2012 11:43:46 PM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 1/30/2012 11:43:46 PM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 1/31/2012 12:21:21 AM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 1/31/2012 12:21:21 AM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 1/31/2012 1:33:11 AM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 1/31/2012 1:33:12 AM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 1/31/2012 1:33:12 AM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 1/31/2012 1:33:12 AM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 1/31/2012 1:36:05 AM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 1/31/2012 1:36:05 AM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.


< End of report >

That's it for now.

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,146 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 31 January 2012 - 09:07 AM

I would suggest you uninstall the Ask Toolbar

Read below:

http://www.benedelma...e/ask-toolbars/

Please go to your add/remove programs and uninstall:

Ask Toolbar

-----------------------------------------------------------------------------

Please do this:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2012/01/07 00:05:12 | 000,010,934 | -HS- | M] () -- C:\Users\Marty\AppData\Local\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh
    [2012/01/07 00:05:12 | 000,010,934 | -HS- | M] () -- C:\ProgramData\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 BerttheGreat

BerttheGreat

    New Member

  • Members
  • Pip
  • 12 posts

Posted 31 January 2012 - 10:13 AM

I got rid of the toolbar and got the log:

All processes killed
Error: Unable to interpret <:OTLO4 - HKLM..\Run: [] File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebC> in the current context!
Error: Unable to interpret <heck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.[2012/01/07 00:05:12 | 000,010,934 | -HS- | M] () -- C:\Users\Marty\AppData\Local\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh[2012/01/07 00:05:12 | 000,010,934 | -HS- | M] () -- C:\ProgramData\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh:Commands[emptytemp]> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 01312012_080148
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

Hope I did that right..

#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,146 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 31 January 2012 - 10:35 AM

No, you didn't copy the code in correctly:

Error: Unable to interpret <:OTLO4 - HKLM..\Run: [] File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin]

Try it again, copy and paste the text in blue into OTL > it has to look like this after you paste it into OTL:

:OTL
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2012/01/07 00:05:12 | 000,010,934 | -HS- | M] () -- C:\Users\Marty\AppData\Local\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh
[2012/01/07 00:05:12 | 000,010,934 | -HS- | M] () -- C:\ProgramData\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh
:Commands
[emptytemp]


Let me know, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 BerttheGreat

BerttheGreat

    New Member

  • Members
  • Pip
  • 12 posts

Posted 31 January 2012 - 12:42 PM

Ok, I think I got it this time:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Marty\AppData\Local\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh moved successfully.
C:\ProgramData\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh moved successfully.
File ptytemp] not found.

OTL by OldTimer - Version 3.2.31.0 log created on 01312012_103953
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

Lemme know what's next.

#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,146 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 31 January 2012 - 01:03 PM

Looks like you missed this command to empty temp files, lets try it again

:Commands
[emptytemp]



Please do this: (the computer will reboot)
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 BerttheGreat

BerttheGreat

    New Member

  • Members
  • Pip
  • 12 posts

Posted 31 January 2012 - 10:40 PM

Alright sorry about that. This should be the last one:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Marty
->Temp folder emptied: 295138840 bytes
->Temporary Internet Files folder emptied: 609321175 bytes
->Java cache emptied: 152640 bytes
->Flash cache emptied: 102607 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 92625639 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 3785907928 bytes

Total Files Cleaned = 4,562.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01312012_203406
Files\Folders moved on Reboot...
C:\Users\Marty\AppData\Local\Temp\Low\~DFEDEB0B50F7392885.TMP moved successfully.
C:\Users\Marty\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Marty\AppData\Local\Temp\~DF19F69F405C28F807.TMP not found!
File\Folder C:\Users\Marty\AppData\Local\Temp\~DF2A10D9FEBF2E809D.TMP not found!
File\Folder C:\Users\Marty\AppData\Local\Temp\~DF6662A94DE5DC6FF7.TMP not found!
File\Folder C:\Users\Marty\AppData\Local\Temp\~DF6A9806B5C7DFFAB0.TMP not found!
File\Folder C:\Users\Marty\AppData\Local\Temp\~DF729D9FB6588A53B4.TMP not found!
File\Folder C:\Users\Marty\AppData\Local\Temp\~DF7843D5C67107A3F0.TMP not found!
File\Folder C:\Users\Marty\AppData\Local\Temp\~DFA50E04C1D4B1553C.TMP not found!
File\Folder C:\Users\Marty\AppData\Local\Temp\~DFB7A8B25EA3024489.TMP not found!
File\Folder C:\Users\Marty\AppData\Local\Temp\~DFBC12CA1F185B2ABC.TMP not found!
File\Folder C:\Users\Marty\AppData\Local\Temp\~DFC31BF70312FC730E.TMP not found!
File\Folder C:\Users\Marty\AppData\Local\Temp\~DFDA63BD1452821B8A.TMP not found!
File\Folder C:\Users\Marty\AppData\Local\Temp\~DFE0364E6DC3C5D972.TMP not found!
C:\Users\Marty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N655PQ67\index[2].htm moved successfully.
C:\Users\Marty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2F2XP0HF\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.
C:\Users\Marty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2F2XP0HF\fastbutton[2].htm moved successfully.
C:\Users\Marty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2F2XP0HF\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
C:\Users\Marty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Marty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\fb_2304.lck not found!
Registry entries deleted on Reboot...

#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,146 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 01 February 2012 - 08:35 AM

Looks good this time, is there any difference in the computer?

I'm not seeing much, but there's a couple of other programs we could run.

Let me know, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 BerttheGreat

BerttheGreat

    New Member

  • Members
  • Pip
  • 12 posts

Posted 01 February 2012 - 08:49 PM

Yeah, there's a bit of a difference that I noticed. My McAfee firewall still wont turn on though.. I don't mind if we run those other programs, I wanna get rid of as much as I can.

Thanks for the help so far!

#12 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,146 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 02 February 2012 - 08:29 AM

Please download and run TDSSKiller as outlined in the post below:

http://forums.malwar...howtopic=104821

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Post back the log, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#13 BerttheGreat

BerttheGreat

    New Member

  • Members
  • Pip
  • 12 posts

Posted 02 February 2012 - 10:52 AM

Alright, here it is:

08:45:47.0007 3944 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
08:45:49.0019 3944 ============================================================
08:45:49.0019 3944 Current date / time: 2012/02/02 08:45:49.0019
08:45:49.0019 3944 SystemInfo:
08:45:49.0019 3944
08:45:49.0019 3944 OS Version: 6.1.7601 ServicePack: 1.0
08:45:49.0019 3944 Product type: Workstation
08:45:49.0019 3944 ComputerName: ROBNBOBBLASTER
08:45:49.0019 3944 UserName: Marty
08:45:49.0019 3944 Windows directory: C:\Windows
08:45:49.0019 3944 System windows directory: C:\Windows
08:45:49.0019 3944 Running under WOW64
08:45:49.0019 3944 Processor architecture: Intel x64
08:45:49.0019 3944 Number of processors: 4
08:45:49.0019 3944 Page size: 0x1000
08:45:49.0019 3944 Boot type: Normal boot
08:45:49.0019 3944 ============================================================
08:45:51.0687 3944 Initialize success
08:46:18.0706 5888 ============================================================
08:46:18.0706 5888 Scan started
08:46:18.0706 5888 Mode: Manual; SigCheck; TDLFS;
08:46:18.0706 5888 ============================================================
08:46:20.0547 5888 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:46:20.0812 5888 1394ohci - ok
08:46:21.0202 5888 Accelerometer (7a330a42870eb1fa81f88be514d2d566) C:\Windows\system32\DRIVERS\Accelerometer.sys
08:46:21.0436 5888 Accelerometer - ok
08:46:21.0857 5888 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:46:21.0904 5888 ACPI - ok
08:46:22.0310 5888 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:46:22.0450 5888 AcpiPmi - ok
08:46:22.0871 5888 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:46:22.0903 5888 adp94xx - ok
08:46:23.0339 5888 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:46:23.0386 5888 adpahci - ok
08:46:23.0776 5888 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:46:23.0807 5888 adpu320 - ok
08:46:24.0229 5888 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
08:46:24.0400 5888 AFD - ok
08:46:24.0775 5888 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:46:24.0821 5888 agp440 - ok
08:46:25.0227 5888 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:46:25.0243 5888 aliide - ok
08:46:25.0757 5888 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:46:25.0773 5888 amdide - ok
08:46:26.0319 5888 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
08:46:26.0459 5888 amdiox64 - ok
08:46:26.0974 5888 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:46:27.0021 5888 AmdK8 - ok
08:46:27.0583 5888 amdkmdag (cf5fc8d37f10c9c374ae6d990c9d2cd7) C:\Windows\system32\DRIVERS\atikmdag.sys
08:46:28.0051 5888 amdkmdag - ok
08:46:28.0472 5888 amdkmdap (2bd89cb34b67edc64e741aa3864d8c1a) C:\Windows\system32\DRIVERS\atikmpag.sys
08:46:28.0597 5888 amdkmdap - ok
08:46:28.0987 5888 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:46:29.0018 5888 AmdPPM - ok
08:46:29.0392 5888 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:46:29.0486 5888 amdsata - ok
08:46:29.0923 5888 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:46:29.0954 5888 amdsbs - ok
08:46:30.0453 5888 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:46:30.0547 5888 amdxata - ok
08:46:31.0077 5888 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:46:31.0280 5888 AppID - ok
08:46:31.0701 5888 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:46:31.0717 5888 arc - ok
08:46:32.0122 5888 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:46:32.0138 5888 arcsas - ok
08:46:32.0543 5888 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:46:32.0653 5888 AsyncMac - ok
08:46:33.0074 5888 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:46:33.0089 5888 atapi - ok
08:46:33.0542 5888 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
08:46:33.0620 5888 AtiHdmiService - ok
08:46:34.0072 5888 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
08:46:34.0150 5888 AtiPcie - ok
08:46:34.0556 5888 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:46:34.0618 5888 b06bdrv - ok
08:46:35.0289 5888 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:46:35.0445 5888 b57nd60a - ok
08:46:36.0178 5888 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
08:46:36.0241 5888 BCM43XX - ok
08:46:36.0662 5888 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:46:36.0724 5888 Beep - ok
08:46:37.0192 5888 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
08:46:37.0223 5888 blbdrive - ok
08:46:37.0754 5888 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:46:37.0894 5888 bowser - ok
08:46:38.0331 5888 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:46:38.0378 5888 BrFiltLo - ok
08:46:38.0721 5888 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:46:38.0752 5888 BrFiltUp - ok
08:46:39.0142 5888 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:46:39.0220 5888 Brserid - ok
08:46:39.0610 5888 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:46:39.0641 5888 BrSerWdm - ok
08:46:40.0031 5888 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:46:40.0063 5888 BrUsbMdm - ok
08:46:40.0437 5888 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:46:40.0468 5888 BrUsbSer - ok
08:46:40.0874 5888 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:46:40.0905 5888 BTHMODEM - ok
08:46:41.0295 5888 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:46:41.0357 5888 cdfs - ok
08:46:41.0747 5888 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:46:41.0857 5888 cdrom - ok
08:46:42.0293 5888 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
08:46:42.0403 5888 cfwids - ok
08:46:42.0808 5888 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:46:42.0855 5888 circlass - ok
08:46:43.0167 5888 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:46:43.0229 5888 CLFS - ok
08:46:43.0697 5888 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
08:46:43.0791 5888 clwvd - ok
08:46:44.0165 5888 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
08:46:44.0197 5888 CmBatt - ok
08:46:44.0587 5888 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:46:44.0618 5888 cmdide - ok
08:46:44.0992 5888 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:46:45.0086 5888 CNG - ok
08:46:45.0491 5888 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
08:46:45.0507 5888 Compbatt - ok
08:46:45.0991 5888 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:46:46.0162 5888 CompositeBus - ok
08:46:46.0693 5888 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:46:46.0708 5888 crcdisk - ok
08:46:47.0176 5888 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:46:47.0317 5888 DfsC - ok
08:46:47.0691 5888 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:46:47.0753 5888 discache - ok
08:46:48.0159 5888 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:46:48.0175 5888 Disk - ok
08:46:48.0580 5888 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:46:48.0658 5888 drmkaud - ok
08:46:49.0064 5888 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:46:49.0235 5888 DXGKrnl - ok
08:46:49.0641 5888 EagleX64 - ok
08:46:50.0093 5888 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:46:50.0187 5888 ebdrv - ok
08:46:50.0655 5888 ElRawDisk (d38a883309e04b9fbffe1aca60ea3bbf) C:\Windows\system32\drivers\ElRawDsk.sys
08:46:50.0764 5888 ElRawDisk - ok
08:46:51.0201 5888 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:46:51.0232 5888 elxstor - ok
08:46:51.0638 5888 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:46:51.0685 5888 ErrDev - ok
08:46:52.0106 5888 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:46:52.0168 5888 exfat - ok
08:46:52.0574 5888 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:46:52.0699 5888 fastfat - ok
08:46:53.0089 5888 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:46:53.0151 5888 fdc - ok
08:46:53.0557 5888 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:46:53.0572 5888 FileInfo - ok
08:46:53.0931 5888 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:46:53.0993 5888 Filetrace - ok
08:46:54.0446 5888 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:46:54.0493 5888 flpydisk - ok
08:46:54.0867 5888 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:46:54.0945 5888 FltMgr - ok
08:46:55.0366 5888 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:46:55.0382 5888 FsDepends - ok
08:46:55.0756 5888 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:46:55.0787 5888 Fs_Rec - ok
08:46:56.0193 5888 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:46:56.0318 5888 fvevol - ok
08:46:56.0739 5888 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:46:56.0755 5888 gagp30kx - ok
08:46:57.0160 5888 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:46:57.0238 5888 GEARAspiWDM - ok
08:46:57.0628 5888 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:46:57.0691 5888 hcw85cir - ok
08:46:58.0096 5888 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:46:58.0205 5888 HdAudAddService - ok
08:46:58.0611 5888 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:46:58.0642 5888 HDAudBus - ok
08:46:59.0001 5888 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:46:59.0048 5888 HidBatt - ok
08:46:59.0422 5888 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:46:59.0453 5888 HidBth - ok
08:46:59.0890 5888 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:46:59.0921 5888 HidIr - ok
08:47:00.0311 5888 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
08:47:00.0421 5888 HidUsb - ok
08:47:00.0842 5888 hpdskflt (a4be23c451adeb252cd17a0532cae220) C:\Windows\system32\DRIVERS\hpdskflt.sys
08:47:00.0920 5888 hpdskflt - ok
08:47:01.0372 5888 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:47:01.0450 5888 HpSAMD - ok
08:47:01.0871 5888 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:47:02.0012 5888 HTTP - ok
08:47:02.0402 5888 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:47:02.0480 5888 hwpolicy - ok
08:47:02.0917 5888 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:47:02.0948 5888 i8042prt - ok
08:47:03.0369 5888 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:47:03.0509 5888 iaStorV - ok
08:47:03.0915 5888 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:47:03.0946 5888 iirsp - ok
08:47:04.0336 5888 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:47:04.0352 5888 intelide - ok
08:47:04.0757 5888 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
08:47:04.0804 5888 intelppm - ok
08:47:05.0288 5888 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:47:05.0428 5888 IpFilterDriver - ok
08:47:05.0818 5888 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:47:05.0912 5888 IPMIDRV - ok
08:47:06.0302 5888 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:47:06.0380 5888 IPNAT - ok
08:47:06.0785 5888 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:47:06.0926 5888 IRENUM - ok
08:47:07.0316 5888 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:47:07.0331 5888 isapnp - ok
08:47:07.0737 5888 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:47:07.0831 5888 iScsiPrt - ok
08:47:08.0221 5888 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:47:08.0252 5888 kbdclass - ok
08:47:08.0642 5888 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:47:08.0751 5888 kbdhid - ok
08:47:09.0141 5888 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:47:09.0219 5888 KSecDD - ok
08:47:09.0593 5888 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:47:09.0687 5888 KSecPkg - ok
08:47:10.0124 5888 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:47:10.0186 5888 ksthunk - ok
08:47:10.0639 5888 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:47:10.0701 5888 lltdio - ok
08:47:11.0200 5888 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:47:11.0247 5888 LSI_FC - ok
08:47:11.0871 5888 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:47:11.0887 5888 LSI_SAS - ok
08:47:12.0526 5888 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:47:12.0542 5888 LSI_SAS2 - ok
08:47:13.0228 5888 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:47:13.0259 5888 LSI_SCSI - ok
08:47:13.0790 5888 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:47:13.0899 5888 luafv - ok
08:47:14.0585 5888 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:47:14.0617 5888 megasas - ok
08:47:15.0147 5888 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:47:15.0163 5888 MegaSR - ok
08:47:16.0192 5888 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
08:47:16.0270 5888 mfeapfk - ok
08:47:16.0863 5888 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
08:47:16.0957 5888 mfeavfk - ok
08:47:17.0549 5888 mfeavfk01 - ok
08:47:18.0080 5888 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
08:47:18.0189 5888 mfefirek - ok
08:47:18.0766 5888 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
08:47:18.0907 5888 mfehidk - ok
08:47:19.0702 5888 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
08:47:19.0780 5888 mfenlfk - ok
08:47:20.0357 5888 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
08:47:20.0451 5888 mferkdet - ok
08:47:21.0637 5888 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
08:47:21.0730 5888 mfewfpk - ok
08:47:22.0791 5888 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:47:22.0853 5888 Modem - ok
08:47:23.0680 5888 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:47:23.0727 5888 monitor - ok
08:47:24.0538 5888 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:47:24.0554 5888 mouclass - ok
08:47:25.0209 5888 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
08:47:25.0240 5888 mouhid - ok
08:47:25.0755 5888 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:47:25.0833 5888 mountmgr - ok
08:47:26.0644 5888 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:47:26.0816 5888 mpio - ok
08:47:27.0627 5888 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:47:27.0736 5888 mpsdrv - ok
08:47:28.0204 5888 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:47:28.0329 5888 MRxDAV - ok
08:47:28.0891 5888 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:47:29.0031 5888 mrxsmb - ok
08:47:29.0624 5888 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:47:29.0749 5888 mrxsmb10 - ok
08:47:30.0404 5888 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:47:30.0497 5888 mrxsmb20 - ok
08:47:31.0309 5888 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:47:31.0433 5888 msahci - ok
08:47:32.0447 5888 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:47:32.0588 5888 msdsm - ok
08:47:33.0508 5888 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:47:33.0586 5888 Msfs - ok
08:47:34.0273 5888 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:47:34.0335 5888 mshidkmdf - ok
08:47:35.0115 5888 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:47:35.0146 5888 msisadrv - ok
08:47:36.0035 5888 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:47:36.0191 5888 MSKSSRV - ok
08:47:37.0003 5888 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:47:37.0096 5888 MSPCLOCK - ok
08:47:37.0845 5888 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:47:37.0970 5888 MSPQM - ok
08:47:39.0093 5888 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:47:39.0187 5888 MsRPC - ok
08:47:40.0076 5888 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:47:40.0107 5888 mssmbios - ok
08:47:40.0871 5888 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:47:40.0996 5888 MSTEE - ok
08:47:41.0823 5888 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:47:41.0932 5888 MTConfig - ok
08:47:43.0024 5888 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:47:43.0040 5888 Mup - ok
08:47:43.0945 5888 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:47:44.0038 5888 NativeWifiP - ok
08:47:45.0083 5888 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:47:45.0130 5888 NDIS - ok
08:47:46.0425 5888 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:47:46.0519 5888 NdisCap - ok
08:47:47.0689 5888 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:47:47.0782 5888 NdisTapi - ok
08:47:48.0469 5888 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:47:48.0593 5888 Ndisuio - ok
08:47:49.0139 5888 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:47:49.0295 5888 NdisWan - ok
08:47:49.0810 5888 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:47:49.0935 5888 NDProxy - ok
08:47:50.0746 5888 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:47:50.0809 5888 NetBIOS - ok
08:47:51.0448 5888 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:47:51.0573 5888 NetBT - ok
08:47:52.0275 5888 netr28x (a98071e3e1e5e503462cc9e0ded91a36) C:\Windows\system32\DRIVERS\netr28x.sys
08:47:52.0415 5888 netr28x - ok
08:47:53.0071 5888 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:47:53.0086 5888 nfrd960 - ok
08:47:53.0726 5888 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:47:53.0788 5888 Npfs - ok
08:47:54.0334 5888 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:47:54.0397 5888 nsiproxy - ok
08:47:55.0223 5888 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:47:55.0317 5888 Ntfs - ok
08:47:56.0191 5888 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:47:56.0269 5888 Null - ok
08:47:56.0861 5888 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
08:47:56.0939 5888 NVENETFD - ok
08:47:57.0501 5888 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:47:57.0626 5888 nvraid - ok
08:47:58.0281 5888 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:47:58.0390 5888 nvstor - ok
08:47:59.0108 5888 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:47:59.0123 5888 nv_agp - ok
08:47:59.0779 5888 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:47:59.0825 5888 ohci1394 - ok
08:48:00.0574 5888 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
08:48:00.0621 5888 Parport - ok
08:48:01.0292 5888 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:48:01.0401 5888 partmgr - ok
08:48:02.0165 5888 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:48:02.0259 5888 pci - ok
08:48:03.0117 5888 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:48:03.0148 5888 pciide - ok
08:48:04.0037 5888 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:48:04.0100 5888 pcmcia - ok
08:48:04.0786 5888 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:48:04.0833 5888 pcw - ok
08:48:05.0707 5888 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:48:05.0847 5888 PEAUTH - ok
08:48:06.0721 5888 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:48:06.0892 5888 PptpMiniport - ok
08:48:07.0594 5888 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:48:07.0625 5888 Processor - ok
08:48:08.0281 5888 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:48:08.0421 5888 Psched - ok
08:48:08.0967 5888 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
08:48:09.0076 5888 PxHlpa64 - ok
08:48:09.0778 5888 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:48:09.0919 5888 ql2300 - ok
08:48:10.0511 5888 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:48:10.0527 5888 ql40xx - ok
08:48:11.0229 5888 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:48:11.0338 5888 QWAVEdrv - ok
08:48:11.0931 5888 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:48:12.0025 5888 RasAcd - ok
08:48:12.0774 5888 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:48:12.0852 5888 RasAgileVpn - ok
08:48:13.0741 5888 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:48:13.0912 5888 Rasl2tp - ok
08:48:14.0536 5888 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:48:14.0614 5888 RasPppoe - ok
08:48:15.0316 5888 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:48:15.0441 5888 RasSstp - ok
08:48:16.0237 5888 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:48:16.0377 5888 rdbss - ok
08:48:16.0923 5888 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
08:48:16.0986 5888 rdpbus - ok
08:48:17.0922 5888 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:48:18.0000 5888 RDPCDD - ok
08:48:18.0655 5888 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:48:18.0717 5888 RDPENCDD - ok
08:48:19.0388 5888 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:48:19.0466 5888 RDPREFMP - ok
08:48:20.0137 5888 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
08:48:20.0293 5888 RDPWD - ok
08:48:20.0901 5888 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:48:20.0995 5888 rdyboost - ok
08:48:21.0744 5888 RSPCIESTOR (9d21618e7a3b2c75cf1a2ecbbe723730) C:\Windows\system32\DRIVERS\RtsPStor.sys
08:48:21.0775 5888 RSPCIESTOR - ok
08:48:22.0321 5888 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:48:22.0414 5888 rspndr - ok
08:48:22.0820 5888 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:48:22.0945 5888 RTL8167 - ok
08:48:23.0335 5888 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:48:23.0444 5888 sbp2port - ok
08:48:23.0834 5888 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:48:23.0974 5888 scfilter - ok
08:48:24.0505 5888 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
08:48:24.0645 5888 sdbus - ok
08:48:25.0269 5888 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:48:25.0378 5888 secdrv - ok
08:48:26.0158 5888 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
08:48:26.0205 5888 Serenum - ok
08:48:26.0736 5888 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
08:48:26.0829 5888 Serial - ok
08:48:27.0609 5888 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:48:27.0656 5888 sermouse - ok
08:48:28.0405 5888 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:48:28.0452 5888 sffdisk - ok
08:48:29.0029 5888 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:48:29.0091 5888 sffp_mmc - ok
08:48:29.0762 5888 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:48:29.0887 5888 sffp_sd - ok
08:48:30.0495 5888 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:48:30.0542 5888 sfloppy - ok
08:48:31.0088 5888 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:48:31.0104 5888 SiSRaid2 - ok
08:48:31.0806 5888 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:48:31.0821 5888 SiSRaid4 - ok
08:48:32.0492 5888 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:48:32.0554 5888 Smb - ok
08:48:33.0210 5888 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:48:33.0225 5888 spldr - ok
08:48:33.0912 5888 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:48:34.0068 5888 srv - ok
08:48:34.0629 5888 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:48:34.0785 5888 srv2 - ok
08:48:35.0487 5888 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
08:48:35.0534 5888 SrvHsfHDA - ok
08:48:36.0330 5888 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
08:48:36.0470 5888 SrvHsfV92 - ok
08:48:37.0172 5888 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
08:48:37.0250 5888 SrvHsfWinac - ok
08:48:37.0796 5888 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:48:37.0890 5888 srvnet - ok
08:48:38.0467 5888 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:48:38.0498 5888 stexstor - ok
08:48:39.0184 5888 STHDA (3ad0ed8b19cd76d2254de5fb298e3c26) C:\Windows\system32\DRIVERS\stwrt64.sys
08:48:39.0621 5888 STHDA - ok
08:48:40.0276 5888 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:48:40.0292 5888 swenum - ok
08:48:41.0025 5888 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
08:48:41.0166 5888 SynTP - ok
08:48:42.0164 5888 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:48:42.0304 5888 Tcpip - ok
08:48:43.0100 5888 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:48:43.0147 5888 TCPIP6 - ok
08:48:43.0927 5888 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:48:44.0161 5888 tcpipreg - ok
08:48:44.0925 5888 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:48:45.0019 5888 TDPIPE - ok
08:48:46.0158 5888 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:48:46.0251 5888 TDTCP - ok
08:48:47.0094 5888 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:48:47.0203 5888 tdx - ok
08:48:47.0811 5888 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:48:47.0889 5888 TermDD - ok
08:48:48.0560 5888 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:48:48.0732 5888 tssecsrv - ok
08:48:49.0371 5888 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:48:49.0512 5888 TsUsbFlt - ok
08:48:50.0214 5888 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:48:50.0323 5888 TsUsbGD - ok
08:48:51.0274 5888 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:48:51.0415 5888 tunnel - ok
08:48:52.0117 5888 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:48:52.0148 5888 uagp35 - ok
08:48:52.0772 5888 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:48:52.0912 5888 udfs - ok
08:48:53.0552 5888 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:48:53.0583 5888 uliagpkx - ok
08:48:54.0160 5888 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:48:54.0301 5888 umbus - ok
08:48:55.0018 5888 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:48:55.0096 5888 UmPass - ok
08:48:55.0736 5888 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
08:48:55.0908 5888 USBAAPL64 - ok
08:48:56.0438 5888 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:48:56.0578 5888 usbccgp - ok
08:48:57.0374 5888 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:48:57.0436 5888 usbcir - ok
08:48:58.0076 5888 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:48:58.0185 5888 usbehci - ok
08:48:58.0887 5888 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\Windows\system32\DRIVERS\usbfilter.sys
08:48:58.0981 5888 usbfilter - ok
08:48:59.0620 5888 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:48:59.0745 5888 usbhub - ok
08:49:00.0525 5888 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
08:49:00.0650 5888 usbohci - ok
08:49:01.0227 5888 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
08:49:01.0290 5888 usbprint - ok
08:49:01.0804 5888 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:49:01.0976 5888 USBSTOR - ok
08:49:02.0694 5888 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:49:02.0865 5888 usbuhci - ok
08:49:03.0583 5888 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
[size="1"]08:49:03.0692 5888 usbvideo - ok[/size]
[size="1"]08:49:04.0472 5888 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys[/size]
[size="1"]08:49:04.0519 5888 vdrvroot - ok[/size]
[size="1"]08:49:05.0299 5888 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys[/size]
[size="1"]08:49:05.0346 5888 vga - ok[/size]
[size="1"]08:49:06.0094 5888 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys[/size]
[size="1"]08:49:06.0172 5888 VgaSave - ok[/size]
[size="1"]08:49:06.0640 5888 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys[/size]
[size="1"]08:49:06.0750 5888 vhdmp - ok[/size]
[size="1"]08:49:07.0452 5888 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys[/size]
[size="1"]08:49:07.0498 5888 viaide - ok[/size]
[size="1"]08:49:08.0138 5888 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys[/size]
[size="1"]08:49:08.0232 5888 volmgr - ok[/size]
[size="1"]08:49:08.0824 5888 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys[/size]
[size="1"]08:49:08.0918 5888 volmgrx - ok[/size]
[size="1"]08:49:09.0604 5888 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys[/size]
[size="1"]08:49:09.0760 5888 volsnap - ok[/size]
[size="1"]08:49:10.0416 5888 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys[/size]
[size="1"]08:49:10.0462 5888 vsmraid - ok[/size]
[size="1"]08:49:11.0242 5888 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys[/size]
[size="1"]08:49:11.0289 5888 vwifibus - ok[/size]
[size="1"]08:49:11.0788 5888 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys[/size]
[size="1"]08:49:11.0851 5888 vwififlt - ok[/size]
[size="1"]08:49:12.0334 5888 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys[/size]
[size="1"]08:49:12.0428 5888 WacomPen - ok[/size]
[size="1"]08:49:13.0224 5888 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys[/size]
[size="1"]08:49:13.0364 5888 WANARP - ok[/size]
[size="1"]08:49:13.0380 5888 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys[/size]
[size="1"]08:49:13.0426 5888 Wanarpv6 - ok[/size]
[size="1"]08:49:14.0082 5888 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys[/size]
[size="1"]08:49:14.0113 5888 Wd - ok[/size]
[size="1"]08:49:14.0721 5888 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys[/size]
[size="1"]08:49:14.0799 5888 Wdf01000 - ok[/size]
[size="1"]08:49:15.0501 5888 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys[/size]
[size="1"]08:49:15.0595 5888 WfpLwf - ok[/size]
[size="1"]08:49:16.0141 5888 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys[/size]
[size="1"]08:49:16.0172 5888 WIMMount - ok[/size]
[size="1"]08:49:16.0827 5888 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys[/size]
[size="1"]08:49:16.0968 5888 WinUsb - ok[/size]
[size="1"]08:49:17.0592 5888 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys[/size]
[size="1"]08:49:17.0638 5888 WmiAcpi - ok[/size]
[size="1"]08:49:18.0216 5888 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys[/size]
[size="1"]08:49:18.0309 5888 ws2ifsl - ok[/size]
[size="1"]08:49:18.0996 5888 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys[/size]
[size="1"]08:49:19.0152 5888 WudfPf - ok[/size]
[size="1"]08:49:20.0088 5888 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys[/size]
[size="1"]08:49:21.0679 5888 WUDFRd - ok[/size]
[size="1"]08:49:21.0757 5888 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0[/size]
[size="1"]08:49:22.0006 5888 \Device\Harddisk0\DR0 - ok[/size]
[size="1"]08:49:22.0022 5888 Boot (0x1200) (63591d1b811d22ca8e035f323e9e8ee0) \Device\Harddisk0\DR0\Partition0[/size]
[size="1"]08:49:22.0022 5888 \Device\Harddisk0\DR0\Partition0 - ok[/size]
[size="1"]08:49:22.0038 5888 Boot (0x1200) (93790f67c18445b878aebd9535ae686e) \Device\Harddisk0\DR0\Partition1[/size]
[size="1"]08:49:22.0038 5888 \Device\Harddisk0\DR0\Partition1 - ok[/size]
[size="1"]08:49:22.0069 5888 Boot (0x1200) (bd8ab1b2d77b22ae4e9397682d4288c4) \Device\Harddisk0\DR0\Partition2[/size]
[size="1"]08:49:22.0069 5888 \Device\Harddisk0\DR0\Partition2 - ok[/size]
[size="1"]08:49:22.0162 5888 Boot (0x1200) (e8c6dad1e7e385e74d8e6770b1dbe802) \Device\Harddisk0\DR0\Partition3[/size]
[size="1"]08:49:22.0162 5888 \Device\Harddisk0\DR0\Partition3 - ok[/size]
[size="1"]08:49:22.0162 5888 ============================================================[/size]
[size="1"]08:49:22.0162 5888 Scan finished[/size]
[size="1"]08:49:22.0162 5888 ============================================================[/size]
[size="1"]08:49:22.0194 5816 Detected object count: 0[/size]
[size="1"]08:49:22.0194 5816 Actual detected object count: 0[/size]

#14 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,146 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 02 February 2012 - 10:57 AM

What kind of font are you using?? It's hard to read, just use the default font....OK

----------------------------

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#15 BerttheGreat

BerttheGreat

    New Member

  • Members
  • Pip
  • 12 posts

Posted 02 February 2012 - 06:31 PM

Ack... I couldn't get my McAfee antivirus to disable, I turned off the scans and the firewall and in the instructions there was no icon on the bottom right corner... I looked around other sites and tried other ways but combofix still says it's running. Not sure what to do, sorry..

#16 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,146 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 02 February 2012 - 06:55 PM

See if will run any way, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#17 BerttheGreat

BerttheGreat

    New Member

  • Members
  • Pip
  • 12 posts

Posted 02 February 2012 - 07:48 PM

Here it is. Internet Explorer wouldn't open so it gave me quite a scare for a minute...

ComboFix 12-02-02.02 - Marty 02/02/2012 17:21:13.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7931.6449 [GMT -7:00]
Running from: c:\users\Marty\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-02-03 00:28 . 2012-02-03 00:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 15:01 . 2012-01-31 15:01 -------- d-----w- C:\_OTL
2012-01-16 05:21 . 2012-01-16 05:21 -------- d-----w- c:\windows\Sun
2012-01-16 05:20 . 2012-01-16 05:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-16 05:20 . 2011-11-10 12:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-11 05:49 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 05:49 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 05:49 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 05:49 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 05:49 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 05:49 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 05:49 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 05:49 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-08 22:47 . 2012-01-08 22:47 388096 ----a-r- c:\users\Marty\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-08 22:47 . 2012-01-08 22:47 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-07 07:18 . 2012-01-07 07:18 -------- d-----w- c:\users\Marty\AppData\Roaming\Malwarebytes
2012-01-07 07:18 . 2012-01-07 07:18 -------- d-----w- c:\programdata\Malwarebytes
2012-01-07 07:17 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-07 07:17 . 2012-01-07 07:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-07 16:13 . 2011-12-07 16:13 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 04:52 . 2011-12-14 19:34 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:32 . 2011-12-14 19:34 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 19:34 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="-scheduler" [X]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-25 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-26 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-25 75048]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-23 1675160]
"PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Converter 7\RegistryController.exe" [2010-08-18 121120]
"Nuance PDF Converter 7-reminder"="c:\program files (x86)\Nuance\PDF Converter 7\Ereg\Ereg.exe" [2010-07-05 333088]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-07-19 606392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/06/30 15:38;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-01-25 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-10-18 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-26 365568]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-07-19 722616]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-01 c:\windows\Tasks\HPCeeScheduleForMarty.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-10-18 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Open with Nuance PDF Converter 7.0 - c:\program files (x86)\Nuance\PDF Converter 7\cnvres_eng.dll /100
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atibtmon.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-02-02 17:35:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-03 00:35
.
Pre-Run: 542,343,049,216 bytes free
Post-Run: 541,816,537,088 bytes free
.
- - End Of File - - E756AF53ED4C1A1B9386C3B1D04484D9

#18 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,146 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 02 February 2012 - 07:59 PM

OK, ComboFix found a couple of things, but you're clean now.

How's it running?? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#19 BerttheGreat

BerttheGreat

    New Member

  • Members
  • Pip
  • 12 posts

Posted 03 February 2012 - 06:23 PM

It's running pretty good so far, about normal now. Is there anything else we need to do or do you think that's good for now? Either way I don't mind.

Thanks!

#20 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,146 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 03 February 2012 - 06:45 PM

That's Good News :)

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Posted Image

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

------------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

-----------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users