Jump to content

ARCD13

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Gringo, Thanks for the help. I followed the last steps. The uninstall combofix didn't work. Said it couldn't find it. Not sure if that's an issue or not? Also I'm not tracking that I ever used defogger so I can skip that step? OTCleanit worked fine. ARCD13
  2. Gringo, Found threats - here is the log: C:\Users\Chuckster\AppData\Local\Temp\ICReinstall_DownloadManagerSetup(1).exe a variant of Win32/InstallCore.BF application C:\Users\Chuckster\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe a variant of Win32/InstallCore.BF application C:\Users\Chuckster\AppData\Local\Temp\is1590112554\DeltaTB.exe a variant of Win32/Toolbar.Babylon.C application C:\Users\Chuckster\AppData\Local\Temp\is1590112554\yontoo-C4.exe multiple threats C:\Users\Chuckster\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe Win32/InstallCore.BD application C:\Users\Chuckster\Downloads\hijackthis setup.exe a variant of Win32/Soft32Downloader.C application Thanks again.
  3. I ran the programs per instructions and deleted the files listed. The only issue was with hijackthis. There was a downloader program called "mipony" that wanted to put a lot of extra stuff on my computer. I didn't like the look of it so I went to CNET and downloaded a version of hijackthis from there. I ran as the administrator and go the log. All the logs are below: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.30.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16521 Chuckster :: CHUCKSTER-PC [administrator] 3/29/2013 8:40:13 PM mbam-log-2013-03-29 (20-40-13).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 238870 Time elapsed: 6 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:18:09 PM, on 3/29/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16521) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Users\Chuckster\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll O2 - BHO: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120809074608.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn O4 - HKLM\..\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe O4 - HKLM\..\RunOnce: [Del2958480] cmd.exe /Q /D /c del "C:\Users\CHUCKS~1\AppData\Local\Temp\0.del" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [Del2958480] cmd.exe /Q /D /c del "C:\Users\CHUCKS~1\AppData\Local\Temp\0.del" O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe O4 - Global Startup: ApproveIt StartUp.lnk = ? O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.3dicc.com O15 - Trusted Zone: *.army.mil O15 - Trusted Zone: http://*.mcafee.com O15 - Trusted Zone: http://*.vct.vaforvets.va.gov O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: lxcf_device - - C:\windows\system32\lxcfcoms.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - C:\WINDOWS\SysWOW64\o2flash.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: Bluetooth Feature Support (VFPRadioSupportService) - CSR, plc - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15558 bytes
  4. The browswers seem to be running normal again. No popups. The computer itself seems to be booting and running a little slower though. Not real sure if it's because I installed malware/spyware programs or not. Here's the latest report: ComboFix 13-03-28.01 - Chuckster 03/29/2013 16:45:48.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3956.2661 [GMT -7:00] Running from: c:\users\Chuckster\Desktop\ComboFix.exe Command switches used :: c:\users\Chuckster\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-29 ))))))))))))))))))))))))))))))) . . 2013-03-29 23:54 . 2013-03-29 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-29 15:37 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{70225246-85C2-42BB-9A27-6AAEB2A1391D}\mpengine.dll 2013-03-28 19:18 . 2012-12-14 23:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-28 19:18 . 2013-03-28 19:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-28 19:18 . 2013-03-28 19:18 -------- d-----w- c:\users\Chuckster\AppData\Local\Programs 2013-03-28 15:15 . 2013-03-28 15:15 -------- d--h--w- c:\programdata\CanonIJScan 2013-03-28 15:14 . 2013-03-28 15:15 -------- d-----w- c:\users\Chuckster\AppData\Roaming\Canon 2013-03-28 04:34 . 2013-03-28 04:34 -------- d-----w- c:\users\Chuckster\AppData\Roaming\SUPERAntiSpyware.com 2013-03-28 04:33 . 2013-03-28 04:36 -------- d-----w- c:\program files (x86)\Google 2013-03-28 02:41 . 2013-03-28 02:41 -------- d-----w- c:\programdata\Canon IJ Network Tool 2013-03-28 02:41 . 2013-03-28 15:13 -------- d-----w- c:\program files (x86)\Canon 2013-03-28 02:41 . 2011-01-06 20:07 102400 ----a-w- c:\windows\SysWow64\CNC870U.dll 2013-03-28 02:41 . 2009-10-19 23:29 307200 ----a-w- c:\windows\SysWow64\CNC870L.dll 2013-03-28 02:41 . 2008-08-26 01:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll 2013-03-28 02:40 . 2013-03-28 02:40 -------- d-----w- c:\windows\system32\STRING 2013-03-28 02:40 . 2012-06-15 00:18 39424 ----a-w- c:\windows\system32\CNMN6UI.DLL 2013-03-28 02:40 . 2012-06-15 00:18 359936 ----a-w- c:\windows\system32\CNMN6PPM.DLL 2013-03-28 02:40 . 2012-06-15 00:18 366592 ----a-w- c:\windows\SysWow64\CNMNPPM.DLL 2013-03-28 02:39 . 2013-03-28 02:39 -------- d--h--w- c:\program files\CanonBJ 2013-03-24 14:27 . 2013-03-24 14:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-03-24 14:27 . 2013-03-24 14:41 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2013-03-23 16:36 . 2013-03-23 16:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-03-21 05:05 . 2013-03-21 05:05 -------- d-----w- c:\users\UpdatusUser 2013-03-21 05:05 . 2013-03-21 05:05 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2013-03-21 05:04 . 2013-03-19 00:32 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-03-21 05:04 . 2013-03-19 00:32 61216 ----a-w- c:\windows\system32\OpenCL.dll 2013-03-21 05:03 . 2013-03-21 05:03 -------- d-----w- c:\programdata\NVIDIA Corporation 2013-03-13 10:53 . 2012-03-14 09:00 385024 ----a-w- c:\windows\system32\CNMLMA7.DLL 2013-03-13 10:49 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui 2013-03-13 10:43 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-03-13 10:37 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll 2013-03-13 10:37 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-03-13 10:37 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2013-03-13 10:37 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2013-03-13 10:37 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2013-03-13 10:37 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2013-03-13 10:37 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2013-03-13 10:37 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-12 23:46 . 2013-03-12 23:46 -------- d-----w- c:\users\Chuckster\AppData\Local\Garmin 2013-03-12 23:44 . 2013-03-12 23:44 -------- d-----w- c:\programdata\Package Cache 2013-03-08 20:36 . 2013-02-27 02:52 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll 2013-03-08 20:36 . 2013-02-27 02:52 263064 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\components\browsercomps.dll 2013-03-08 20:36 . 2013-02-27 02:52 19352 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll 2013-03-08 20:23 . 2013-03-08 20:23 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-28 04:05 . 2013-02-28 04:05 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-02-28 04:05 . 2013-03-08 20:23 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-19 00:32 . 2009-12-10 01:05 18054672 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-03-19 00:32 . 2009-12-10 01:05 2824504 ----a-w- c:\windows\system32\nvapi64.dll 2013-03-19 00:32 . 2009-12-10 01:05 15052728 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-03-13 09:19 . 2010-07-17 07:29 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-13 00:21 . 2012-04-12 13:27 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 00:21 . 2011-10-21 23:26 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-08 20:23 . 2010-07-16 19:20 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-19 17:59 . 2010-12-24 19:06 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys 2013-02-19 17:56 . 2010-12-24 19:06 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2013-02-19 17:56 . 2010-12-24 19:06 182752 ----a-w- c:\windows\system32\mfevtps.exe 2013-02-19 17:55 . 2010-12-24 19:07 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2013-02-19 17:55 . 2010-12-24 19:06 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2013-02-19 17:54 . 2010-07-18 23:34 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2013-02-19 17:53 . 2010-12-24 19:06 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2013-02-19 17:53 . 2010-07-18 23:34 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-02-19 17:52 . 2010-12-24 19:06 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2013-02-18 13:22 . 2013-02-18 13:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll 2013-02-18 13:22 . 2013-02-18 13:22 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2013-02-18 13:22 . 2013-02-18 13:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2013-02-12 05:45 . 2013-03-13 03:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 03:33 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 03:33 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 03:33 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 03:33 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 03:33 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-01-21 15:12 . 2013-01-21 15:12 2177664 ----a-w- c:\windows\system32\coin93.dll 2013-01-17 06:28 . 2010-07-15 20:19 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-10 21:37 . 2009-12-02 19:37 3460896 ----a-w- c:\windows\system32\nvsvc64.dll 2013-01-10 21:37 . 2009-12-02 19:37 6382880 ----a-w- c:\windows\system32\nvcpl.dll 2013-01-10 21:36 . 2009-12-02 19:37 884512 ----a-w- c:\windows\system32\nvvsvc.exe 2013-01-10 21:36 . 2009-12-02 19:37 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-01-10 21:36 . 2009-12-02 19:37 2558240 ----a-w- c:\windows\system32\nvsvcr.dll 2013-01-10 21:36 . 2009-12-02 19:37 118560 ----a-w- c:\windows\system32\nvmctray.dll 2013-01-10 20:35 . 2013-01-10 20:35 550176 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-01-05 05:53 . 2013-02-14 00:32 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-14 00:32 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-14 00:32 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-14 00:32 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-14 00:32 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-14 00:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-14 00:32 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-14 00:32 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-14 00:32 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-14 00:32 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-14 00:32 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-14 00:32 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-14 00:32 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AprvRemoveLegacyExcelKeys"="c:\program files (x86)\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn" [X] "AprvRemoveLegacyWordKeys"="c:\program files (x86)\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn" [X] "LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-06-17 36712] "IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-10 47976] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904] ApproveIt StartUp.lnk - c:\windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico [2012-9-5 9216] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 EMVSCARD;EMVSCARD;c:\windows\system32\Drivers\EMVSCARD.sys [2006-12-13 28544] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-03 22528] R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 SzCCID;USB SmartCard Reader Driver;c:\windows\system32\DRIVERS\SzCCID.sys [2010-05-14 37888] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-16 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys [2009-06-24 21104] S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2009-11-17 14696] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032] S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-03-07 185176] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-10 383264] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240] S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [2009-09-30 14336] S2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-08-20 145792] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-26 75904] S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys [2006-11-01 7296] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-12 151040] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-15 321064] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968] S3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2mdx64.sys [2009-05-13 58400] S3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sdx64.sys [2009-07-03 56096] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-10-12 50856] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-28 04:35 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 00:21] . 2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28 04:33] . 2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28 04:33] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-05 8060960] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-16 323072] "FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-10-19 164200] "SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-07-22 282984] "LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-16 157544] "LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-16 35176] "ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-08-20 535392] "FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2009-10-01 155136] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "CSRFTP"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe" [2009-08-20 463216] "LXCFCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCFtime.dll" [2005-09-14 29184] "acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880] "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984] "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = about:blank Trusted Zone: 3dicc.com Trusted Zone: army.mil Trusted Zone: mcafee.com Trusted Zone: va.gov Trusted Zone: vct.vaforvets.va.gov TCP: DhcpNameServer = 192.168.0.1 205.171.2.25 FF - ProfilePath - c:\users\Chuckster\AppData\Roaming\Mozilla\Firefox\Profiles\os7zd2fa.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-Coupon Companion - c:\program files (x86)\Coupon Companion\Uninstall.exe AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}\bm_installer.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2004494653-1408763365-35262164-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:2f,c0,06,3e,9c,30,ea,e1,c0,6d,6f,d0,db,20,74,23,76,5b,21,40,d5,98,ae, 96,a8,45,1c,48,26,3f,28,6a,61,53,b1,1f,e8,3a,77,b0,bd,8d,63,ac,96,11,5b,ed,\ "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-29 16:58:07 ComboFix-quarantined-files.txt 2013-03-29 23:58 ComboFix2.txt 2013-03-29 05:19 . Pre-Run: 116,809,527,296 bytes free Post-Run: 116,736,462,848 bytes free . - - End Of File - - B1C874341EEAA4DE7145D6D0AF3CAC36
  5. Hi Gringo, I ran Combofix with no issues. It took about 15 minutues for the whole process and did NOT restart at all. The good news is my browser(s) appear to be back to normal. The only difference is my computer boots up a little slower but I think it's due to adding new programs (malwarebytes/spybot). The Combofix log is below. Let me know your thoughts. Thanks: ComboFix 13-03-28.01 - Chuckster 03/28/2013 22:04:45.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3956.2668 [GMT -7:00] Running from: c:\users\Chuckster\Downloads\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\ApproveIt\Support\Tools\AprvClean.exe c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml c:\windows\wininit.ini D:\install.exe . . ((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-29 ))))))))))))))))))))))))))))))) . . 2013-03-29 05:14 . 2013-03-29 05:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-29 02:42 . 2013-03-29 05:12 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA41C572-17D6-4186-9413-BEBDCD805EA7}\offreg.dll 2013-03-28 19:37 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA41C572-17D6-4186-9413-BEBDCD805EA7}\mpengine.dll 2013-03-28 19:18 . 2012-12-14 23:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-28 19:18 . 2013-03-28 19:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-28 19:18 . 2013-03-28 19:18 -------- d-----w- c:\users\Chuckster\AppData\Local\Programs 2013-03-28 15:15 . 2013-03-28 15:15 -------- d--h--w- c:\programdata\CanonIJScan 2013-03-28 15:14 . 2013-03-28 15:15 -------- d-----w- c:\users\Chuckster\AppData\Roaming\Canon 2013-03-28 04:34 . 2013-03-28 04:34 -------- d-----w- c:\users\Chuckster\AppData\Roaming\SUPERAntiSpyware.com 2013-03-28 04:33 . 2013-03-28 04:36 -------- d-----w- c:\program files (x86)\Google 2013-03-28 02:41 . 2013-03-28 02:41 -------- d-----w- c:\programdata\Canon IJ Network Tool 2013-03-28 02:41 . 2013-03-28 15:13 -------- d-----w- c:\program files (x86)\Canon 2013-03-28 02:41 . 2011-01-06 20:07 102400 ----a-w- c:\windows\SysWow64\CNC870U.dll 2013-03-28 02:41 . 2009-10-19 23:29 307200 ----a-w- c:\windows\SysWow64\CNC870L.dll 2013-03-28 02:41 . 2008-08-26 01:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll 2013-03-28 02:40 . 2013-03-28 02:40 -------- d-----w- c:\windows\system32\STRING 2013-03-28 02:40 . 2012-06-15 00:18 39424 ----a-w- c:\windows\system32\CNMN6UI.DLL 2013-03-28 02:40 . 2012-06-15 00:18 359936 ----a-w- c:\windows\system32\CNMN6PPM.DLL 2013-03-28 02:40 . 2012-06-15 00:18 366592 ----a-w- c:\windows\SysWow64\CNMNPPM.DLL 2013-03-28 02:39 . 2013-03-28 02:39 -------- d--h--w- c:\program files\CanonBJ 2013-03-24 14:27 . 2013-03-24 14:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-03-24 14:27 . 2013-03-24 14:41 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2013-03-23 16:36 . 2013-03-23 16:36 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-03-21 05:05 . 2013-03-21 05:05 -------- d-----w- c:\users\UpdatusUser 2013-03-21 05:05 . 2013-03-21 05:05 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2013-03-21 05:04 . 2013-03-19 00:32 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-03-21 05:04 . 2013-03-19 00:32 61216 ----a-w- c:\windows\system32\OpenCL.dll 2013-03-21 05:03 . 2013-03-21 05:03 -------- d-----w- c:\programdata\NVIDIA Corporation 2013-03-13 10:53 . 2012-03-14 09:00 385024 ----a-w- c:\windows\system32\CNMLMA7.DLL 2013-03-13 10:49 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui 2013-03-13 10:43 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-03-13 10:37 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll 2013-03-13 10:37 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-03-13 10:37 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2013-03-13 10:37 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2013-03-13 10:37 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2013-03-13 10:37 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2013-03-13 10:37 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2013-03-13 10:37 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-12 23:46 . 2013-03-12 23:46 -------- d-----w- c:\users\Chuckster\AppData\Local\Garmin 2013-03-12 23:44 . 2013-03-12 23:44 -------- d-----w- c:\programdata\Package Cache 2013-03-08 20:36 . 2013-02-27 02:52 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll 2013-03-08 20:36 . 2013-02-27 02:52 263064 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\components\browsercomps.dll 2013-03-08 20:36 . 2013-02-27 02:52 19352 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll 2013-03-08 20:23 . 2013-03-08 20:23 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-28 04:05 . 2013-02-28 04:05 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-02-28 04:05 . 2013-03-08 20:23 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-19 00:32 . 2009-12-10 01:05 18054672 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-03-19 00:32 . 2009-12-10 01:05 2824504 ----a-w- c:\windows\system32\nvapi64.dll 2013-03-19 00:32 . 2009-12-10 01:05 15052728 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-03-13 09:19 . 2010-07-17 07:29 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-13 00:21 . 2012-04-12 13:27 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 00:21 . 2011-10-21 23:26 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-08 20:23 . 2010-07-16 19:20 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-19 17:59 . 2010-12-24 19:06 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys 2013-02-19 17:56 . 2010-12-24 19:06 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2013-02-19 17:56 . 2010-12-24 19:06 182752 ----a-w- c:\windows\system32\mfevtps.exe 2013-02-19 17:55 . 2010-12-24 19:07 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2013-02-19 17:55 . 2010-12-24 19:06 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2013-02-19 17:54 . 2010-07-18 23:34 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2013-02-19 17:53 . 2010-12-24 19:06 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2013-02-19 17:53 . 2010-07-18 23:34 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-02-19 17:52 . 2010-12-24 19:06 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2013-02-18 13:22 . 2013-02-18 13:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll 2013-02-18 13:22 . 2013-02-18 13:22 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2013-02-18 13:22 . 2013-02-18 13:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2013-02-12 05:45 . 2013-03-13 03:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 03:33 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 03:33 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 03:33 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 03:33 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 03:33 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-01-21 15:12 . 2013-01-21 15:12 2177664 ----a-w- c:\windows\system32\coin93.dll 2013-01-17 06:28 . 2010-07-15 20:19 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-10 21:37 . 2009-12-02 19:37 3460896 ----a-w- c:\windows\system32\nvsvc64.dll 2013-01-10 21:37 . 2009-12-02 19:37 6382880 ----a-w- c:\windows\system32\nvcpl.dll 2013-01-10 21:36 . 2009-12-02 19:37 884512 ----a-w- c:\windows\system32\nvvsvc.exe 2013-01-10 21:36 . 2009-12-02 19:37 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-01-10 21:36 . 2009-12-02 19:37 2558240 ----a-w- c:\windows\system32\nvsvcr.dll 2013-01-10 21:36 . 2009-12-02 19:37 118560 ----a-w- c:\windows\system32\nvmctray.dll 2013-01-10 20:35 . 2013-01-10 20:35 550176 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-01-05 05:53 . 2013-02-14 00:32 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-14 00:32 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-14 00:32 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-14 00:32 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-14 00:32 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-14 00:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-14 00:32 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-14 00:32 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-14 00:32 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-14 00:32 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-14 00:32 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-14 00:32 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-14 00:32 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AprvRemoveLegacyExcelKeys"="c:\program files (x86)\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn" [X] "AprvRemoveLegacyWordKeys"="c:\program files (x86)\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn" [X] "LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-06-17 36712] "IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-10 47976] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904] ApproveIt StartUp.lnk - c:\windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico [2012-9-5 9216] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 EMVSCARD;EMVSCARD;c:\windows\system32\Drivers\EMVSCARD.sys [2006-12-13 28544] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-03 22528] R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 SzCCID;USB SmartCard Reader Driver;c:\windows\system32\DRIVERS\SzCCID.sys [2010-05-14 37888] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-16 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys [2009-06-24 21104] S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2009-11-17 14696] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032] S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-03-07 185176] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-10 383264] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240] S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [2009-09-30 14336] S2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-08-20 145792] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-26 75904] S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys [2006-11-01 7296] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-12 151040] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-15 321064] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968] S3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2mdx64.sys [2009-05-13 58400] S3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sdx64.sys [2009-07-03 56096] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-10-12 50856] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-28 04:35 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 00:21] . 2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28 04:33] . 2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28 04:33] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-05 8060960] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-16 323072] "FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-10-19 164200] "SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2009-07-22 282984] "LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-16 157544] "LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-16 35176] "ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-08-20 535392] "FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2009-10-01 155136] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "CSRFTP"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe" [2009-08-20 463216] "LXCFCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCFtime.dll" [2005-09-14 29184] "acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880] "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984] "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = about:blank Trusted Zone: 3dicc.com Trusted Zone: army.mil Trusted Zone: mcafee.com Trusted Zone: va.gov Trusted Zone: vct.vaforvets.va.gov TCP: DhcpNameServer = 192.168.0.1 205.171.2.25 FF - ProfilePath - c:\users\Chuckster\AppData\Roaming\Mozilla\Firefox\Profiles\os7zd2fa.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-ApproveItForOfficeSetup - c:\program files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) AddRemove-Coupon Companion - c:\program files (x86)\Coupon Companion\Uninstall.exe AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}\bm_installer.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2004494653-1408763365-35262164-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:2f,c0,06,3e,9c,30,ea,e1,c0,6d,6f,d0,db,20,74,23,76,5b,21,40,d5,98,ae, 96,a8,45,1c,48,26,3f,28,6a,61,53,b1,1f,e8,3a,77,b0,bd,8d,63,ac,96,11,5b,ed,\ "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-28 22:19:28 ComboFix-quarantined-files.txt 2013-03-29 05:19 . Pre-Run: 114,182,381,568 bytes free Post-Run: 114,181,169,152 bytes free . - - End Of File - - B23709626A0EAA4D9A812B67241ECDA8
  6. Follow the instructions. Here are my reports: Results of screen317's Security Check version 0.99.61 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 31 Java 7 Update 17 Adobe Flash Player 11.6.602.180 Adobe Reader XI Mozilla Firefox (19.0.2) Google Chrome 26.0.1410.43 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Chuckster [Admin rights] Mode : Scan -- Date : 03/28/2013 19:54:21 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 3 ¤¤¤ [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") [7] -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEVT-16ZAT0 +++++ --- User --- [MBR] 8617a210462fa9a472e7ac142dc79fef [bSP] 714f928a877dd24861807a49fca66eab : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 200 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33966080 | Size: 230177 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 505368576 | Size: 230177 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_03282013_02d1954.txt >> RKreport[1]_S_03282013_02d1954.txt # AdwCleaner v2.115 - Logfile created 03/28/2013 at 19:59:44 # Updated 17/03/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Chuckster - CHUCKSTER-PC # Boot Mode : Normal # Running from : C:\Users\Chuckster\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Chuckster\AppData\Roaming\Mozilla\Firefox\Profiles\os7zd2fa.default\searchplugins\Askcom.xml Folder Deleted : C:\Program Files (x86)\Coupon Companion Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\blekko toolbars Folder Deleted : C:\Users\Chuckster\AppData\Local\Coupon Companion Folder Deleted : C:\Users\Chuckster\AppData\Local\PackageAware Folder Deleted : C:\Users\Chuckster\AppData\Roaming\Mozilla\Firefox\Profiles\os7zd2fa.default\extensions\crossriderapp4493@crossrider.com Folder Deleted : C:\Users\Chuckster\AppData\Roaming\Mozilla\Firefox\Profiles\os7zd2fa.default\FCTB ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441193} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011441193} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022442293} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055445593} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066446693} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441193} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{154D339E-CCAA-49A5-9B38-6878AD4220BC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16521 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true --> hxxp://www.google.com -\\ Mozilla Firefox v19.0.2 (en-US) File : C:\Users\Chuckster\AppData\Roaming\Mozilla\Firefox\Profiles\os7zd2fa.default\prefs.js C:\Users\Chuckster\AppData\Roaming\Mozilla\Firefox\Profiles\os7zd2fa.default\user.js ... Deleted ! Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Deleted : user_pref("browser.search.order.1", "Ask.com"); Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true); Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1354320283); Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searchUserConifrmation", false[...] Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHomepage", false); Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNewTab", false); Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSearch", false); Deleted : user_pref("extensions.crossriderapp4493.4493.active", true); Deleted : user_pref("extensions.crossriderapp4493.4493.addressbar", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n//\n"); Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundver", 38); Deleted : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true); Deleted : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.changeprevious", false); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1354320283"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1354320283"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_arbitrary_code.expiration", "Thu Mar 28 201[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_arbitrary_code.value", "%22/**/%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.expiration", "Thu Mar 28 2013 20:[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.value", "1361254282"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Mon Apr 01 2013 [...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22US%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1363991150"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.value", "%221363715049%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%2[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1354321147600"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221175%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%22113502%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1354321138917"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.lastrequest.value", "%7B%22path%22%3A%22/showLBE[...] Deleted : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion"); Deleted : user_pref("extensions.crossriderapp4493.4493.domain", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.enablesearch", false); Deleted : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.group", 0); Deleted : user_pref("extensions.crossriderapp4493.4493.homepage", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.iframe", false); Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.value", "%7B%22installe[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "85"); Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0"); Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D"); Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Fri Mar 29[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true"); Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D"); Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Fri[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22re[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...] Deleted : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...] Deleted : user_pref("extensions.crossriderapp4493.4493.manifesturl", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion"); Deleted : user_pref("extensions.crossriderapp4493.4493.newtab", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.opensearch", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 4); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 15); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 35); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 5); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 3); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 2); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 2); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "(function(a){if(typeof a===\"[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 2); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_98.code", "(function(){var b=\"cr_\"+app[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_98.name", "omniCommands"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_98.ver", 1); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,10000[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...] Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 61); Deleted : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps"); Deleted : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0); Deleted : user_pref("extensions.crossriderapp4493.4493.setnewtab", false); Deleted : user_pref("extensions.crossriderapp4493.4493.settingsurl", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.thankyou", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360); Deleted : user_pref("extensions.crossriderapp4493.4493.ver", 85); Deleted : user_pref("extensions.crossriderapp4493.apps", "4493"); Deleted : user_pref("extensions.crossriderapp4493.bic", "13647d994b6906219d8211932d3c4655"); Deleted : user_pref("extensions.crossriderapp4493.cid", 4493); Deleted : user_pref("extensions.crossriderapp4493.firstrun", false); Deleted : user_pref("extensions.crossriderapp4493.hadappinstalled", true); Deleted : user_pref("extensions.crossriderapp4493.installationdate", 1354320370); Deleted : user_pref("extensions.crossriderapp4493.lastcheck", 22742098); Deleted : user_pref("extensions.crossriderapp4493.lastcheckitem", 22742098); Deleted : user_pref("extensions.crossriderapp4493.modetype", "production"); Deleted : user_pref("extensions.crossriderapp4493.reportInstall", true); Deleted : user_pref("extensions.crossriderapp4493.statsDailyCounter", 23); Deleted : user_pref("extensions.enabledAddons", "videosurf_enhanced%40videosurf.com:0.79,%7B195A3098-0BD5-4e90[...] Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.AutoSearchEventData", "auto%20search"); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.ClearCacheDate", 28); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.DNSCatch", true); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.DisplayEULA", true); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.DnsCatchEventData", "dns%20catch"); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.EBOMode", true); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.FirstLaunchShown", true); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.InstallDomain", "freecause.com"); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.InstallType", "standard"); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.LoadLayoutDate.100770", 28); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.NewTabSearchEventData", "tab%20search"); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.ShowRecommendedOptions", true); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.StateReportDate", "1364437270621"); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.TopRightSearchEventData", "top%20right%20search[...] Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.beforeInstallSaved", true); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.beforeinstall.homepage", "hxxp%3A//www.google.c[...] Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.beforeinstall.search", "Blekko"); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.customNewTab", true); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.helpUsImprove", true); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.hideOthers", true); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.partnerauth", false); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.processAddrBar", true); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.restoreSearch", false); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.runcmd.", "bb_acct_status_1364524896"); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.searchHistory", true); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.session", "BB8CD7DC4248E0D9CF4E0C197BC67A4E41FE[...] Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.showFirstLaunchOptions", false); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.tb_lang", "en"); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.tool_id", "100770"); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.user_id", "108161800"); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.user_key", "5e0689ae1f35db073e40cc932405ba07243[...] Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.user_layouts", "100770"); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.user_lnames", "fcreward.100770.b"); Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.xml_service_url", "6bb94bbf55fe2f255901a560824a[...] Deleted : user_pref("freecause003e1c8febd6f07475514b31c0f547ec.yahooSearch", true); -\\ Google Chrome v26.0.1410.43 File : C:\Users\Chuckster\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [22718 octets] - [28/03/2013 19:59:44] ########## EOF - C:\AdwCleaner[s1].txt - [22779 octets] ########## Please let me know anything further I need to pursue. Thanks for the help!
  7. Everytime I open Facebook in a window (and a couple different other pages - but not all) I get a couple popup windows that appear with adds. My homepage was changed but I changed it back. I've ran malwarebytes (free version) and my mcafee AV but the detect nothing (now). Initially MWB detected crossfire.ca and I removed it according to the program specificiations. I ran my logs they are pasted below: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 7/14/2010 6:46:37 PM System Uptime: 3/28/2013 11:06:07 AM (2 hours ago) . Motherboard: FUJITSU | | FJNB20E Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | Onboard | 2267/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 225 GiB total, 106.841 GiB free. D: is FIXED (NTFS) - 225 GiB total, 166.057 GiB free. E: is CDROM () F: is FIXED (NTFS) - 466 GiB total, 464.885 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP316: 3/23/2013 1:05:19 PM - Removed Steam RP317: 3/23/2013 1:17:26 PM - Windows Backup RP318: 3/26/2013 6:06:55 AM - Windows Update . ==== Installed Programs ====================== . 3dicc Immersive Terf Acrobat.com ActivClient CAC x64 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.02) Alcor Micro Smart Card Reader Driver ALPS Touch Pad Driver Amazon Unbox Video Anti-phishing Domain Advisor Any Video Converter 3.5.5 Apple Application Support Apple Mobile Device Support Apple Software Update ApproveIt Desktop Battery Utility Bluetooth Feature Pack 5.0 Bonjour Canon IJ Network Scan Utility Canon IJ Network Tool Canon MP Navigator EX 3.1 Canon MX870 series MP Drivers CCleaner Compatibility Pack for the 2007 Office system Coupon Companion CyberLink MakeDisc CyberLink PowerDirector CyberLink PowerDVD 8 CyberLink YouCam D3DX10 DBsign Web Signer Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Elevated Installer FJ Camera Fujitsu Display Manager Fujitsu Driver Update Fujitsu Hotkey Utility Fujitsu MobilityCenter Extension Utility Fujitsu System Extension Utility Garmin Express Garmin Express Tray Garmin Update Service Google Chrome Google Update Helper IBM Lotus Forms Viewer 3.5.1 iCloud Intel® Management Engine Components Intel® Turbo Boost Technology Driver iTunes Java 7 Update 17 Java Auto Updater Java 6 Update 31 Junk Mail filter update Lexmark 730 Series LifeBook Application Panel Logitech Gaming Software 5.10 Magic DVD Ripper V3.1 Malwarebytes Anti-Malware version 1.70.0.1100 MapMage Demo McAfee AntiVirus Plus McAfee Security Scan Plus McAfee Virtual Technician Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Mouse and Keyboard Center Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2010 Microsoft Outlook Social Connector Provider for Facebook 32-bit Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MobileMe Control Panel Mozilla Firefox 19.0.2 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA 3D Vision Driver 311.00 NVIDIA Control Panel 311.00 NVIDIA Graphics Driver 311.00 NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components O2Micro Flash Memory Card Windows Driver QuickTime Realtek High Definition Audio Driver Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Creator LJ Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Shared C Run-time for x64 Shock Sensor Utility Skype Click to Call Skype™ 6.0 Sptnavi Spybot - Search & Destroy Starcraft StarCraft II TagEditor Tournament Director Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VD64Inst Viewer_armyifx Warcraft III Warcraft III: All Products Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin Windows Mobile Device Center . ==== Event Viewer Messages From Past Week ======== . 3/28/2013 11:07:56 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 3/26/2013 8:39:33 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer STEVE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{503A9F16-0F54-4573-87B6-D90170FF86EC}. The master browser is stopping or an election is being forced. 3/25/2013 9:59:29 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 172.16.252.195. The computer with the IP address 172.16.252.1 did not allow the name to be claimed by this computer. 3/25/2013 9:46:13 AM, Error: Schannel [36870] - A fatal error occurred when attempting to access the SSL client credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10003. 3/25/2013 9:16:39 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 3/25/2013 9:14:09 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 3/25/2013 7:07:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect. 3/25/2013 7:07:46 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/24/2013 8:58:47 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer TERRY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{503A9F16-0F54-4573-87B6-D90170FF86EC}. The master browser is stopping or an election is being forced. 3/23/2013 9:52:03 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004 3/23/2013 7:24:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 3/22/2013 5:16:25 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Generic Usb Smart Card Reader 0' rejected IOCTL POWER: The system cannot find the file specified. If this error persists, your smart card or reader may not be functioning correctly. Command Header: 00 00 00 00 3/22/2013 5:16:25 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Generic Usb Smart Card Reader 0' rejected IOCTL GET_STATE: The device has been removed. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX 3/21/2013 6:41:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ActivIdentity Shared Store Service service to connect. 3/21/2013 6:41:36 AM, Error: Service Control Manager [7000] - The ActivIdentity Shared Store Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.17.2 Run by Chuckster at 13:04:37 on 2013-03-28 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3956.1894 [GMT -7:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\windows\system32\lxcfcoms.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\windows\system32\mfevtps.exe C:\windows\system32\rundll32.exe C:\windows\system32\rundll32.exe C:\windows\SysWOW64\rundll32.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe C:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ActivIdentity\ActivClient\acsagent.exe C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe C:\WINDOWS\SysWOW64\o2flash.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k WindowsMobile C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\System32\svchost.exe -k secsvcs C:\windows\system32\svchost.exe -k SDRSVC C:\windows\system32\SearchProtocolHost.exe C:\Program Files\Common Files\McAfee\Core\mchost.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\windows\hh.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe C:\windows\system32\taskeng.exe C:\windows\System32\svchost.exe -k WerSvcGroup C:\windows\system32\SearchFilterHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Bar = about:blank uSearch Page = about:blank uSearchAssistant = about:blank mWinlogon: Userinit = userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll BHO: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - <orphaned> BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120809074608.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe mRun: [indicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AprvRemoveLegacyExcelKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn mRun: [AprvRemoveLegacyWordKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn mRun: [ApproveItForOfficeSetup] "C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files (x86)\ApproveIt\" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APPROV~1.LNK - C:\windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab TCP: NameServer = 192.168.0.1 205.171.2.25 TCP: Interfaces\{503A9F16-0F54-4573-87B6-D90170FF86EC} : DHCPNameServer = 192.168.0.1 205.171.2.25 TCP: Interfaces\{503A9F16-0F54-4573-87B6-D90170FF86EC}\2456C6B696E6E233738373 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{503A9F16-0F54-4573-87B6-D90170FF86EC}\34865736B6374756272E08993702960586F6E656 : DHCPNameServer = 66.174.95.44 66.174.92.14 TCP: Interfaces\{503A9F16-0F54-4573-87B6-D90170FF86EC}\74C6F62616C6355796475675962756C6563737 : DHCPNameServer = 4.2.2.1 TCP: Interfaces\{503A9F16-0F54-4573-87B6-D90170FF86EC}\76F602561676C65637 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{503A9F16-0F54-4573-87B6-D90170FF86EC}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{666022AA-9EFB-4520-8BA1-70500DAB56C4} : DHCPNameServer = 66.174.95.44 66.174.92.14 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned> x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120809074608.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned> x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe x64-Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe x64-Run: [sSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe x64-Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe x64-Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe x64-Run: [ConMgr] "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" x64-Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe x64-Run: [Windows Mobile Device Center] C:\windows\WindowsMobile\wmdc.exe x64-Run: [CSRFTP] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe x64-Run: [LXCFCATS] rundll32 C:\windows\System32\spool\DRIVERS\x64\3\LXCFtime.dll,RunDLLEntry x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" x64-Run: [intelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" x64-Run: [intelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Chuckster\AppData\Roaming\Mozilla\Firefox\Profiles\os7zd2fa.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - plugin: C:\PROGRA~2\GRADKE~1\DBSIGN~1\lib\npDBsignWeb.dll FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npDBsignWeb.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Chuckster\AppData\Roaming\Mozilla\Firefox\Profiles\os7zd2fa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: C:\Users\Chuckster\AppData\Roaming\Mozilla\plugins\NPOpenQwaq.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0 ============= SERVICES / DRIVERS =============== . R0 FBIOSDRV;Fujitsu BIOS Driver;C:\windows\System32\drivers\FBIOSDRV.sys [2009-8-13 21104] R0 FJGSDisk;G-Sensor Application Filter Driver;C:\windows\System32\drivers\FJGSDisk.sys [2009-11-16 14696] R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2010-7-18 771536] R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2010-12-24 340216] R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2010-7-14 55280] R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032] R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-7 185176] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-20 201304] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-20 201304] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-20 201304] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-20 201304] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-12-24 241456] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-12-24 218760] R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2010-12-24 182752] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-3-24 1153368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-10 383264] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-16 2314240] R2 UpdateNaviInstallService;UpdateNaviInstallService;C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe [2009-9-29 14336] R2 VFPRadioSupportService;Bluetooth Feature Support;C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-8-20 145792] R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2010-12-24 70112] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\windows\System32\drivers\fuj02e3.sys [2009-8-10 7296] R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2009-11-4 56344] R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2009-10-30 151040] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-10-30 321064] R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2010-7-18 309840] R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2010-12-24 515968] R3 O2MDRDR;O2MDRDR;C:\windows\System32\drivers\o2mdx64.sys [2009-5-13 58400] R3 O2SDRDR;O2SDRDR;C:\windows\System32\drivers\o2sdx64.sys [2009-7-3 56096] R3 SzCCID;USB SmartCard Reader Driver;C:\windows\System32\drivers\SzCCID.sys [2010-5-14 37888] R3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] R3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088] RUnknown SASKUTIL;SASKUTIL; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 EMVSCARD;EMVSCARD;C:\windows\System32\drivers\EMVSCARD.sys [2006-12-13 28544] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-6-10 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2012-12-20 196440] S3 ivusb;Initio Driver for USB Default Controller;C:\windows\System32\drivers\ivusb.sys [2010-7-28 29720] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216] S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2010-12-24 106552] S3 mferkdk;McAfee Inc. mferkdk;C:\windows\System32\drivers\mferkdk.sys [2010-7-18 40904] S3 mfesmfk;McAfee Inc. mfesmfk;C:\windows\System32\drivers\mfesmfk.sys [2010-7-18 49480] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2011-8-2 22528] S3 pnetmdm;PdaNet Modem;C:\windows\System32\drivers\pnetmdm64.sys [2010-7-21 17920] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-3-13 19456] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-3-13 57856] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-7-16 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120] . =============== Created Last 30 ================ . 2013-03-28 19:37:06 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA41C572-17D6-4186-9413-BEBDCD805EA7}\mpengine.dll 2013-03-28 19:18:33 24176 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-03-28 19:18:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-03-28 19:18:20 -------- d-----w- C:\Users\Chuckster\AppData\Local\Programs 2013-03-28 15:15:53 -------- d--h--w- C:\ProgramData\CanonIJScan 2013-03-28 04:34:00 -------- d-----w- C:\Users\Chuckster\AppData\Roaming\SUPERAntiSpyware.com 2013-03-28 02:41:35 -------- d-----w- C:\ProgramData\Canon IJ Network Tool 2013-03-28 02:41:34 -------- d-----w- C:\Program Files (x86)\Canon 2013-03-28 02:41:31 307200 ----a-w- C:\windows\SysWow64\CNC870L.dll 2013-03-28 02:41:31 15872 ----a-w- C:\windows\SysWow64\CNHMCA.dll 2013-03-28 02:41:31 102400 ----a-w- C:\windows\SysWow64\CNC870U.dll 2013-03-28 02:40:43 39424 ----a-w- C:\windows\System32\CNMN6UI.DLL 2013-03-28 02:40:43 366592 ----a-w- C:\windows\SysWow64\CNMNPPM.DLL 2013-03-28 02:40:43 359936 ----a-w- C:\windows\System32\CNMN6PPM.DLL 2013-03-28 02:40:43 -------- d-----w- C:\windows\System32\STRING 2013-03-24 14:27:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2013-03-24 14:27:23 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2013-03-21 05:05:17 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation 2013-03-21 05:04:24 61216 ----a-w- C:\windows\System32\OpenCL.dll 2013-03-21 05:04:24 53024 ----a-w- C:\windows\SysWow64\OpenCL.dll 2013-03-21 05:03:48 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2013-03-13 10:53:12 385024 ----a-w- C:\windows\System32\CNMLMA7.DLL 2013-03-13 10:49:11 3072 ----a-w- C:\windows\System32\drivers\en-US\tsusbflt.sys.mui 2013-03-13 10:43:22 2776576 ----a-w- C:\windows\System32\msmpeg2vdec.dll 2013-03-13 10:37:57 340992 ----a-w- C:\windows\System32\schannel.dll 2013-03-13 10:37:56 458712 ----a-w- C:\windows\System32\drivers\cng.sys 2013-03-13 10:37:56 247808 ----a-w- C:\windows\SysWow64\schannel.dll 2013-03-13 10:37:56 154480 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2013-03-13 10:37:55 96768 ----a-w- C:\windows\SysWow64\sspicli.dll 2013-03-13 10:37:55 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2013-03-13 10:37:55 1448448 ----a-w- C:\windows\System32\lsasrv.dll 2013-03-13 10:37:11 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys 2013-03-12 23:46:27 -------- d-----w- C:\Users\Chuckster\AppData\Local\Garmin 2013-03-12 23:44:40 -------- d-----w- C:\ProgramData\Package Cache 2013-03-08 20:36:39 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll 2013-03-08 20:36:39 263064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\components\browsercomps.dll 2013-03-08 20:36:38 19352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll 2013-03-08 20:25:19 -------- d-----w- C:\ProgramData\Ask 2013-03-08 20:23:30 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-28 04:05:39 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll . ==================== Find3M ==================== . 2013-03-13 10:50:40 92160 ----a-w- C:\windows\System32\SetIEInstalledDate.exe 2013-03-13 00:21:08 73432 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 00:21:08 693976 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-03-08 20:23:23 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll 2013-02-19 17:59:06 70112 ----a-w- C:\windows\System32\drivers\cfwids.sys 2013-02-19 17:56:26 340216 ----a-w- C:\windows\System32\drivers\mfewfpk.sys 2013-02-19 17:56:14 182752 ----a-w- C:\windows\System32\mfevtps.exe 2013-02-19 17:55:26 10728 ----a-w- C:\windows\System32\drivers\mfeclnk.sys 2013-02-19 17:55:14 106552 ----a-w- C:\windows\System32\drivers\mferkdet.sys 2013-02-19 17:54:32 771536 ----a-w- C:\windows\System32\drivers\mfehidk.sys 2013-02-19 17:53:42 515968 ----a-w- C:\windows\System32\drivers\mfefirek.sys 2013-02-19 17:53:02 309840 ----a-w- C:\windows\System32\drivers\mfeavfk.sys 2013-02-19 17:52:44 179280 ----a-w- C:\windows\System32\drivers\mfeapfk.sys 2013-02-18 13:22:18 31080 ----a-w- C:\windows\System32\nvhdap64.dll 2013-02-18 13:22:18 1472360 ----a-w- C:\windows\System32\nvhdagenco6420103.dll 2013-02-18 13:22:16 189288 ----a-w- C:\windows\System32\drivers\nvhda64v.sys 2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll 2013-01-21 15:12:12 2177664 ----a-w- C:\windows\System32\coin93.dll 2013-01-17 06:28:58 273840 ------w- C:\windows\System32\MpSigStub.exe 2013-01-13 21:17:03 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17:02 2560 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16:42 10752 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12:46 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11:21 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11:08 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11:07 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35:31 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35:31 2560 ---ha-w- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35:18 10752 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32:07 3584 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31:48 4096 ---ha-w- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31:41 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31:40 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31:00 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll 2013-01-13 20:22:22 1988096 ----a-w- C:\windows\SysWow64\d3d10warp.dll 2013-01-13 20:20:31 293376 ----a-w- C:\windows\SysWow64\dxgi.dll 2013-01-13 20:09:00 249856 ----a-w- C:\windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08:43 220160 ----a-w- C:\windows\SysWow64\d3d10core.dll 2013-01-13 20:08:35 1504768 ----a-w- C:\windows\SysWow64\d3d11.dll 2013-01-13 19:59:04 1643520 ----a-w- C:\windows\System32\DWrite.dll 2013-01-13 19:58:28 1175552 ----a-w- C:\windows\System32\FntCache.dll 2013-01-13 19:54:01 604160 ----a-w- C:\windows\SysWow64\d3d10level9.dll 2013-01-13 19:53:58 207872 ----a-w- C:\windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:53:14 187392 ----a-w- C:\windows\SysWow64\UIAnimation.dll 2013-01-13 19:51:30 2565120 ----a-w- C:\windows\System32\d3d10warp.dll 2013-01-13 19:49:17 363008 ----a-w- C:\windows\System32\dxgi.dll 2013-01-13 19:48:47 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll 2013-01-13 19:46:25 1080832 ----a-w- C:\windows\SysWow64\d3d10.dll 2013-01-13 19:43:21 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38:39 333312 ----a-w- C:\windows\System32\d3d10_1core.dll 2013-01-13 19:38:32 1887232 ----a-w- C:\windows\System32\d3d11.dll 2013-01-13 19:38:21 296960 ----a-w- C:\windows\System32\d3d10core.dll 2013-01-13 19:37:57 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll 2013-01-13 19:25:04 245248 ----a-w- C:\windows\System32\WindowsCodecsExt.dll 2013-01-13 19:24:33 648192 ----a-w- C:\windows\System32\d3d10level9.dll 2013-01-13 19:24:30 221184 ----a-w- C:\windows\System32\UIAnimation.dll 2013-01-13 19:20:42 194560 ----a-w- C:\windows\System32\d3d10_1.dll 2013-01-13 19:20:04 1238528 ----a-w- C:\windows\System32\d3d10.dll 2013-01-13 19:15:40 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll 2013-01-13 19:10:36 3928064 ----a-w- C:\windows\System32\d2d1.dll 2013-01-13 19:02:06 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll 2013-01-13 18:34:58 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32:43 465920 ----a-w- C:\windows\System32\WMPhoto.dll 2013-01-13 18:09:52 522752 ----a-w- C:\windows\System32\XpsGdiConverter.dll 2013-01-13 17:26:42 1158144 ----a-w- C:\windows\SysWow64\XpsPrint.dll 2013-01-13 17:05:09 1682432 ----a-w- C:\windows\System32\XpsPrint.dll 2013-01-10 21:37:29 3460896 ----a-w- C:\windows\System32\nvsvc64.dll 2013-01-10 21:37:27 6382880 ----a-w- C:\windows\System32\nvcpl.dll 2013-01-10 21:36:44 884512 ----a-w- C:\windows\System32\nvvsvc.exe 2013-01-10 21:36:44 63776 ----a-w- C:\windows\System32\nvshext.dll 2013-01-10 21:36:44 2558240 ----a-w- C:\windows\System32\nvsvcr.dll 2013-01-10 21:36:44 118560 ----a-w- C:\windows\System32\nvmctray.dll 2013-01-10 20:35:52 550176 ----a-w- C:\windows\SysWow64\nvStreaming.exe 2013-01-05 05:53:43 5553512 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-01-05 05:00:15 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00:11 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-01-04 06:11:21 2284544 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll 2013-01-04 05:46:09 215040 ----a-w- C:\windows\System32\winsrv.dll 2013-01-04 04:51:16 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2013-01-04 04:43:21 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2013-01-04 03:26:48 3153408 ----a-w- C:\windows\System32\win32k.sys 2013-01-04 02:47:35 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2013-01-04 02:47:34 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2013-01-04 02:47:34 2048 ----a-w- C:\windows\SysWow64\user.exe 2013-01-04 02:47:33 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00:54 1913192 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-01-03 06:00:42 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS . ============= FINISH: 13:06:05.30 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.