Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: tsfc on September 29, 2012, 12:05:41 PM
-
I was infected with zeroaccess rootkit and attempted to remove it and it appears that it is gone however now my computer is running extremely slow while on the internet. Please HELP!!!
tsfc
Logs posted below:
# AdwCleaner v2.003 - Logfile created 09/29/2012 at 13:04:18
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Joshua - JOSHUA-PC
# Boot Mode : Normal
# Running from : C:\Users\Joshua\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\searchplugins\Askcom.xml
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\Joshua\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Joshua\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\extensions\[email protected]
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v12.0 (en-US)
Profile name : default
File : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\prefs.js
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [4411 octets] - [29/09/2012 13:04:18]
########## EOF - C:\AdwCleaner[R1].txt - [4471 octets] ##########
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.29.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Joshua :: JOSHUA-PC [administrator]
9/29/2012 12:37:01 PM
mbam-log-2012-09-29 (12-37-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203507
Time elapsed: 3 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Joshua at 12:43:29 on 2012-09-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2250 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\lxddcoms.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\SysWOW64\REGEDIT.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page =
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120724204840.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "C:\Users\Joshua\Pictures\uTorrent.exe" /MINIMIZED
uRun: [DelayShred] "c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{131BAE52-B0DC-4D5B-AEDB-DC73B4963255} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{131BAE52-B0DC-4D5B-AEDB-DC73B4963255}\2375942554330323 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{131BAE52-B0DC-4D5B-AEDB-DC73B4963255}\2375942554339333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{131BAE52-B0DC-4D5B-AEDB-DC73B4963255}\2375942554931373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{131BAE52-B0DC-4D5B-AEDB-DC73B4963255}\84F6C6964616970294E6E60224561657D6F6E647 : DhcpNameServer = 4.2.2.2 4.2.2.3 8.8.8.8
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120724204840.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - att.net
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Joshua\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-14 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-14 13336]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe -service --> C:\Windows\system32\lxddcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-1-14 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-1-14 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2011-1-14 162192]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-14 1692480]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-1-14 2320920]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-22 136176]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxddserv.exe [2007-5-25 34224]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-22 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 129976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-29 17:35:43 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-29 17:35:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-29 17:15:13 -------- d-----w- C:\Program Files\CCleaner
2012-09-29 11:18:18 -------- d-----w- C:\ProgramData\SUPERSetup
2012-09-29 11:10:59 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-29 08:54:01 -------- d-----w- C:\Users\Joshua\AppData\Roaming\USTechSupport
2012-09-29 08:52:19 -------- d-----w- C:\ProgramData\USTechSupport
2012-09-28 19:53:21 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DB98C2F-38F0-4604-8868-78303CEDC956}\offreg.dll
2012-09-28 19:35:45 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DB98C2F-38F0-4604-8868-78303CEDC956}\mpengine.dll
2012-09-26 21:39:22 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-24 22:45:04 -------- d-----w- C:\Users\Joshua\AppData\Roaming\Softland
2012-09-24 22:45:03 24968 ----a-w- C:\Windows\System32\dopdfmn7.dll
2012-09-24 22:45:03 21384 ----a-w- C:\Windows\System32\dopdfmi7.dll
2012-09-24 22:45:02 1700352 ----a-w- C:\Windows\System32\GdiPlus.dll
2012-09-24 22:44:59 -------- d-----w- C:\Program Files\Softland
2012-09-21 22:59:43 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-09-21 22:59:42 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-09-17 01:10:06 -------- d-----w- C:\Users\Joshua\AppData\Local\CutePDF Writer
2012-09-17 01:09:08 -------- d-----w- C:\Program Files (x86)\GPLGS
2012-09-16 01:58:11 87152 ----a-w- C:\Windows\System32\cpwmon64.dll
2012-09-16 01:58:09 -------- d-----w- C:\Program Files (x86)\Acro Software
2012-09-16 01:57:35 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-09-16 01:43:35 -------- d-----w- C:\Users\Joshua\AppData\Local\PrimoPDFContent
2012-09-16 00:39:37 -------- d-----w- C:\Users\Joshua\AppData\Roaming\PrimoPDF
2012-09-16 00:37:13 95008 ----a-w- C:\Windows\System32\Primomonnt.dll
2012-09-16 00:37:10 -------- d-----w- C:\Program Files (x86)\Nitro PDF
2012-09-15 21:56:36 -------- d-----w- C:\Users\Joshua\AppData\Local\Amazon
2012-09-15 21:56:15 101680 ----a-w- C:\Windows\System32\stkMonitor.dll
2012-09-15 21:56:12 -------- d-----w- C:\Program Files (x86)\Amazon
2012-09-14 23:29:07 -------- d--h--w- C:\ProgramData\CanonIJSolutionMenuEX
2012-09-14 23:29:06 -------- d--h--w- C:\ProgramData\CanonIJEPPEX2
2012-09-14 23:29:06 -------- d--h--w- C:\ProgramData\CanonEPP
2012-09-14 23:28:53 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter
2012-09-14 23:25:16 -------- d-----w- C:\ProgramData\Canon IJ Network Tool
2012-09-14 23:14:46 -------- d--h--w- C:\ProgramData\CanonIJFAX
2012-09-14 23:14:29 -------- d--h--w- C:\ProgramData\CanonIJEGV
2012-09-14 23:10:18 -------- d-----w- C:\Program Files\Common Files\CANON
2012-09-14 23:09:59 -------- d-----w- C:\ProgramData\CanonIJWSpt
2012-09-14 23:06:35 -------- d-----w- C:\Program Files\Canon
2012-09-14 23:03:17 -------- d-----w- C:\ProgramData\CanonIJPLM
2012-09-14 23:02:54 -------- d--h--w- C:\ProgramData\CanonIJETV
2012-09-14 23:02:19 -------- d-----w- C:\Program Files (x86)\Canon
2012-09-12 16:59:34 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 16:59:34 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 16:59:33 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 16:59:29 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 16:59:27 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 16:59:27 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 16:59:27 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-07-24 00:37:36 0 ----a-w- C:\Windows\SysWow64\sho8B2F.tmp
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
.
============= FINISH: 12:44:03.70 ===============
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Remove the Adware:
- Please close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with OK
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
**************************************************************
I am required to give you this warning.
It appears your system is infected with a rootkit. A rootkit is a powerful piece of malware, that allows hackers full control over your computer for means of sending attacks over the Internet, or using your computer to generate revenue.
Malware experts have recommended that we make it clear that with the system under control of a hacker, your computer might become impossible to clean 100%.
Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your antivirus and security tools to prevent detection and removal. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is sent back to the hacker. To learn more about these types of infections, you can refer to:
What danger is presented by rootkits? (http://www.pandasecurity.com/homeusers/security-info/types-malware/rootkit/#e2)
Rootkits and how to combat them (http://www.viruslist.com/en/analysis?pubid=168740859)
r00tkit Analysis: What Is A Rootkit (http://www.omninerd.com/articles/r00tkit_Analysis_What_Is_A_Rootkit)
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
What Should I Do If I've Become A Victim Of Identity Theft? (http://www.usdoj.gov/criminal/fraud/websites/idtheft.html#whatifvictim)
Identity Theft Victims Guide - What to do (http://www.privacyrights.org/fs/fs17a.htm)
It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot
be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:
When should I re-format? How should I reinstall? (http://www.dslreports.com/faq/10063)
Help: I Got Hacked. Now What Do I Do? (http://technet.microsoft.com/en-us/library/cc512587.aspx)
Help: I Got Hacked. Now What Do I Do? Part II (http://technet.microsoft.com/en-us/library/cc512595.aspx)
Where to draw the line? When to recommend a format and reinstall? (http://miekiemoes.blogspot.com/2008/06/malware-removal-where-to-draw-line.html)
Guides for format and reinstall: (http://www.GeekPolice.net/tutorials-guides-f13/how-to-reformat-and-reinstall-your-operating-system-t15119.htm#95115)
how-to-reformat-and-reinstall-your-operating-system-the-easy-way (http://www.helpmyos.com/tutorials-software-alternatives-to-proprietary-f19/how-to-reformat-and-reinstall-your-operating-system-the-easy-way-t1307.htm#3143)
However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.
Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.
-
I would like to try everything before I have to do a re-format :) hopefully you will be able to help me.
adw log posted below.
# AdwCleaner v2.003 - Logfile created 09/29/2012 at 13:36:31
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Joshua - JOSHUA-PC
# Boot Mode : Normal
# Running from : C:\Users\Joshua\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Joshua\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Joshua\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\extensions\[email protected]
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v12.0 (en-US)
Profile name : default
File : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\prefs.js
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [4532 octets] - [29/09/2012 13:04:18]
AdwCleaner[S1].txt - [5172 octets] - [29/09/2012 13:36:31]
########## EOF - C:\AdwCleaner[S1].txt - [5232 octets] ##########
-
Download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to a flash drive.
Please make sure to download the 64-bit version.
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Choose your language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
- Insert the installation disc.
- Restart your computer.
- If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
- Click Repair your computer.
- Choose your language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[/list]
- Select Command Prompt
- In the command window type in notepad and press Enter.
- The notepad opens. Under File menu select Open.
- Select "Computer" and find your flash drive letter and close the notepad.
- In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
- The tool will start to run.
- When the tool opens click Yes to the disclaimer.
- Place a check next to List Drivers MD5 as well as the default check marks that are already there
- Press Scan button.
- type exit and reboot the computer normally
- FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
-
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2012 01
Ran by SYSTEM at 30-09-2012 01:49:16
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [lxddmon.exe] "C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe" [291760 2007-06-11] ()
HKLM\...\Run: [lxddamon] "C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe" [20480 2007-04-30] ()
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2780776 2011-07-19] (CANON INC.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [86184 2010-10-08] (Absolute Software)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-12-15] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE [439440 2011-09-27] (CANON INC.)
HKLM-x32\...\Run: []
HKU\Joshua\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-02-22] (Google Inc.)
HKU\Joshua\...\Run: [uTorrent] "C:\Users\Joshua\Pictures\uTorrent.exe" /MINIMIZED [880528 2012-06-08] (BitTorrent, Inc.)
HKU\Joshua\...\Run: [DelayShred] "c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5" [129184 2012-03-22] ()
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-12] (Dell)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-08-01] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Services (Whitelisted) ===================
2 AbsoluteNotifier; "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe" [10408 2010-10-08] (Microsoft)
2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
2 lxdd_device; C:\Windows\system32\lxddcoms.exe -service [567216 2007-05-25] ( )
2 lxdd_device; C:\Windows\SysWow64\lxddcoms.exe -service [537520 2007-05-25] ( )
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [502064 2012-08-23] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
==================== Drivers (Whitelisted) =====================
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys
3 mfeavfk01;
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2012-09-30 00:34 - 2012-09-30 00:34 - 00000089 ____A C:\data
2012-09-30 00:32 - 2012-09-30 00:45 - 00000000 ____D C:\Program Files (x86)\DownloadManager
2012-09-29 13:38 - 2012-09-30 00:29 - 00000224 ____A C:\Windows\setupact.log
2012-09-29 13:38 - 2012-09-29 13:38 - 00000456 ____A C:\Windows\PFRO.log
2012-09-29 13:38 - 2012-09-29 13:38 - 00000000 ____A C:\Windows\setuperr.log
2012-09-29 13:36 - 2012-09-29 13:36 - 00005289 ____A C:\AdwCleaner[S1].txt
2012-09-29 13:04 - 2012-09-29 13:04 - 00004532 ____A C:\AdwCleaner[R1].txt
2012-09-29 12:54 - 2012-09-29 12:55 - 00003456 ____A C:\Users\Joshua\My Documents\cc_20120929_125451.reg
2012-09-29 12:54 - 2012-09-29 12:55 - 00003456 ____A C:\Users\Joshua\Documents\cc_20120929_125451.reg
2012-09-29 12:42 - 2012-09-29 12:43 - 00607260 ____R (Swearware) C:\Users\Joshua\Desktop\dds.scr
2012-09-29 12:35 - 2012-09-29 12:35 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-29 12:35 - 2012-09-29 12:35 - 00001071 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-29 12:35 - 2012-09-29 12:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-29 12:35 - 2012-09-07 17:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-29 12:33 - 2012-09-29 12:34 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Joshua\Desktop\mbam-setup-1.65.0.1400.exe
2012-09-29 12:25 - 2012-09-29 12:25 - 00513501 ____A C:\Users\Joshua\Desktop\adwcleaner.exe
2012-09-29 12:15 - 2012-09-29 12:15 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-29 12:15 - 2012-09-29 12:15 - 00000824 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2012-09-29 12:15 - 2012-09-29 12:15 - 00000000 ____D C:\Program Files\CCleaner
2012-09-29 12:13 - 2012-09-29 12:14 - 03941312 ____A (Piriform Ltd) C:\Users\Joshua\Desktop\ccsetup323.exe
2012-09-29 11:37 - 2012-09-29 11:37 - 00302592 ____A C:\Users\Joshua\Downloads\c7bkzkj7.exe
2012-09-29 10:33 - 2012-09-29 10:33 - 00000000 ____A C:\Users\Joshua\Desktop\zk2f8py0.reg
2012-09-29 10:29 - 2012-09-29 10:29 - 00302592 ____A C:\Users\Joshua\Desktop\zk2f8py0.exe
2012-09-29 06:18 - 2012-09-29 06:18 - 00000000 ____D C:\Users\All Users\SUPERSetup
2012-09-29 06:18 - 2012-09-29 06:18 - 00000000 ____D C:\Users\All Users\Application Data\SUPERSetup
2012-09-29 05:13 - 2012-09-29 05:13 - 00019277 ____A C:\ComboFix.txt
2012-09-29 05:12 - 2012-09-29 06:00 - 00000000 ____D C:\Windows\erdnt
2012-09-29 03:54 - 2012-09-29 04:11 - 00000000 ____D C:\Users\Joshua\Application Data\USTechSupport
2012-09-29 03:54 - 2012-09-29 04:11 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\USTechSupport
2012-09-29 03:52 - 2012-09-29 04:15 - 00000000 ____D C:\Users\All Users\USTechSupport
2012-09-29 03:52 - 2012-09-29 04:15 - 00000000 ____D C:\Users\All Users\Application Data\USTechSupport
2012-09-29 03:52 - 2012-09-29 03:52 - 02163864 ____A (US Tech Support LLC) C:\Users\Joshua\Downloads\MaxMySpeed.exe
2012-09-26 16:39 - 2012-08-21 16:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-24 17:45 - 2012-09-24 17:45 - 00000000 ____D C:\Users\Joshua\Application Data\Softland
2012-09-24 17:45 - 2012-09-24 17:45 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\Softland
2012-09-24 17:45 - 2012-05-17 08:45 - 00024968 ____A (Softland) C:\Windows\System32\dopdfmn7.dll
2012-09-24 17:45 - 2012-05-17 08:45 - 00021384 ____A (Softland) C:\Windows\System32\dopdfmi7.dll
2012-09-24 17:45 - 2010-11-25 12:17 - 00007549 ____A C:\Windows\System32\dopdf7.ctm
2012-09-24 17:45 - 2010-02-05 15:00 - 01700352 ____A (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
2012-09-24 17:44 - 2012-09-24 17:44 - 04238448 ____A (Softland ) C:\Users\Joshua\Downloads\dopdf-7.exe
2012-09-24 17:44 - 2012-09-24 17:44 - 00000000 ____D C:\Program Files\Softland
2012-09-23 11:40 - 2012-09-23 11:40 - 00057560 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-09-21 18:01 - 2012-08-24 13:05 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-21 18:01 - 2012-08-24 13:03 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-21 18:01 - 2012-08-24 13:03 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-21 18:01 - 2012-08-24 13:02 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-21 18:01 - 2012-08-24 11:57 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-21 18:01 - 2012-08-24 11:57 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-21 18:01 - 2012-08-24 11:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-21 18:01 - 2012-08-24 11:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-21 18:00 - 2012-08-24 13:05 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-21 18:00 - 2012-08-24 13:03 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-21 18:00 - 2012-08-24 13:03 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-21 18:00 - 2012-08-24 13:02 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-21 18:00 - 2012-08-24 13:02 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-21 18:00 - 2012-08-24 11:57 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-21 18:00 - 2012-08-24 11:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-21 18:00 - 2012-08-24 11:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-21 18:00 - 2012-08-24 11:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-21 17:59 - 2012-08-24 13:05 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-21 17:59 - 2012-08-24 11:57 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-21 17:59 - 2012-08-24 11:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-21 17:59 - 2012-08-24 10:59 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-21 17:59 - 2012-08-24 10:20 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-16 20:10 - 2012-09-24 17:42 - 00000000 ____D C:\Users\Joshua\Local Settings\CutePDF Writer
2012-09-16 20:10 - 2012-09-24 17:42 - 00000000 ____D C:\Users\Joshua\Local Settings\Application Data\CutePDF Writer
2012-09-16 20:10 - 2012-09-24 17:42 - 00000000 ____D C:\Users\Joshua\AppData\Local\CutePDF Writer
2012-09-16 20:09 - 2012-09-16 20:09 - 00000000 ____D C:\Program Files (x86)\GPLGS
2012-09-16 20:08 - 2012-09-16 20:08 - 05254656 ____A C:\Users\Joshua\Downloads\converter.exe
2012-09-15 20:58 - 2012-09-15 20:58 - 00000000 ____D C:\Program Files (x86)\Acro Software
2012-09-15 20:58 - 2012-07-31 11:31 - 00087152 ____A C:\Windows\System32\cpwmon64.dll
2012-09-15 20:55 - 2012-09-15 20:55 - 04633584 ____A (Acro Software Inc. ) C:\Users\Joshua\Downloads\CuteWriter.exe
2012-09-15 20:54 - 2012-09-15 20:54 - 00587640 ____A C:\Users\Joshua\Downloads\cbsidlm-tr1_6-CutePDF_Writer-10206470.exe
2012-09-15 20:43 - 2012-09-15 20:43 - 00000000 ____D C:\Users\Joshua\Local Settings\PrimoPDFContent
2012-09-15 20:43 - 2012-09-15 20:43 - 00000000 ____D C:\Users\Joshua\Local Settings\Application Data\PrimoPDFContent
2012-09-15 20:43 - 2012-09-15 20:43 - 00000000 ____D C:\Users\Joshua\AppData\Local\PrimoPDFContent
2012-09-15 19:42 - 2012-09-15 19:45 - 700989440 ___AT C:\Users\Joshua\My Documents\ModPhys.ps
2012-09-15 19:42 - 2012-09-15 19:45 - 700989440 ___AT C:\Users\Joshua\Documents\ModPhys.ps
2012-09-15 19:39 - 2012-09-15 21:04 - 00000000 ____D C:\Users\Joshua\Application Data\PrimoPDF
2012-09-15 19:39 - 2012-09-15 21:04 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\PrimoPDF
2012-09-15 19:37 - 2012-09-16 21:04 - 00000000 ____D C:\Program Files (x86)\Nitro PDF
2012-09-15 19:37 - 2011-02-28 17:37 - 00095008 ____A C:\Windows\System32\Primomonnt.dll
2012-09-15 19:35 - 2012-09-16 19:44 - 07549704 ____A C:\Users\Joshua\Downloads\InternationalPrimoPDF.exe
2012-09-15 18:43 - 2012-09-15 18:43 - 00000000 ____A C:\Users\Joshua\My Documents\SolidPhys.txt
2012-09-15 18:43 - 2012-09-15 18:43 - 00000000 ____A C:\Users\Joshua\Documents\SolidPhys.txt
2012-09-15 16:56 - 2012-09-15 16:56 - 00101680 ____A (Amazon.com, Inc.) C:\Windows\System32\stkMonitor.dll
2012-09-15 16:56 - 2012-09-15 16:56 - 00000000 ____D C:\Users\Joshua\Local Settings\Application Data\Amazon
2012-09-15 16:56 - 2012-09-15 16:56 - 00000000 ____D C:\Users\Joshua\Local Settings\Amazon
2012-09-15 16:56 - 2012-09-15 16:56 - 00000000 ____D C:\Users\Joshua\AppData\Local\Amazon
2012-09-15 16:56 - 2012-09-15 16:56 - 00000000 ____D C:\Program Files (x86)\Amazon
2012-09-15 16:55 - 2012-09-15 16:55 - 05291440 ____A (Amazon.com, Inc.) C:\Users\Joshua\Downloads\SendToKindleForPC-installer.exe
2012-09-15 16:42 - 2012-09-24 18:15 - 00000000 ____D C:\Users\Joshua\Desktop\Fall 2012 Class PDF's
2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\CanonIJSolutionMenuEX
2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\CanonIJEPPEX2
2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\CanonEPP
2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJSolutionMenuEX
2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJEPPEX2
2012-09-14 18:29 - 2012-09-14 18:29 - 00000000 ___HD C:\Users\All Users\Application Data\CanonEPP
2012-09-14 18:28 - 2012-09-14 18:28 - 00000000 ___HD C:\Users\All Users\CanonIJMyPrinter
2012-09-14 18:28 - 2012-09-14 18:28 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJMyPrinter
2012-09-14 18:28 - 2012-09-14 18:28 - 00000000 ____D C:\Users\Joshua\Application Data\Canon
2012-09-14 18:28 - 2012-09-14 18:28 - 00000000 ____D C:\Users\Joshua\AppData\Roaming\Canon
2012-09-14 18:25 - 2012-09-14 18:25 - 00000000 ____D C:\Users\All Users\Canon IJ Network Tool
2012-09-14 18:25 - 2012-09-14 18:25 - 00000000 ____D C:\Users\All Users\Application Data\Canon IJ Network Tool
2012-09-14 18:14 - 2012-09-14 18:14 - 00000000 ___HD C:\Users\All Users\CanonIJFAX
2012-09-14 18:14 - 2012-09-14 18:14 - 00000000 ___HD C:\Users\All Users\CanonIJEGV
2012-09-14 18:14 - 2012-09-14 18:14 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJFAX
2012-09-14 18:14 - 2012-09-14 18:14 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJEGV
2012-09-14 18:10 - 2012-09-14 18:10 - 00002037 ____A C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2012-09-14 18:10 - 2012-09-14 18:10 - 00002037 ____A C:\Users\All Users\Desktop\Canon Solution Menu EX.lnk
2012-09-14 18:10 - 2012-09-14 18:10 - 00000000 ____D C:\Program Files\Common Files\CANON
2012-09-14 18:09 - 2012-09-14 18:09 - 00000000 ____D C:\Users\All Users\CanonIJWSpt
2012-09-14 18:09 - 2012-09-14 18:09 - 00000000 ____D C:\Users\All Users\Application Data\CanonIJWSpt
2012-09-14 18:06 - 2012-09-14 18:06 - 00002316 ____A C:\Users\Public\Desktop\Canon MX430 series On-screen Manual.lnk
2012-09-14 18:06 - 2012-09-14 18:06 - 00002316 ____A C:\Users\All Users\Desktop\Canon MX430 series On-screen Manual.lnk
2012-09-14 18:06 - 2012-09-14 18:06 - 00000000 ____D C:\Program Files\Canon
2012-09-14 18:04 - 2012-09-14 18:04 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2012-09-14 18:04 - 2012-09-14 18:04 - 00000000 ___HD C:\Users\All Users\CanonBJ
2012-09-14 18:04 - 2012-09-14 18:04 - 00000000 ___HD C:\Users\All Users\Application Data\CanonBJ
2012-09-14 18:04 - 2012-09-14 18:04 - 00000000 ___HD C:\Program Files\CanonBJ
2012-09-14 18:04 - 2012-09-14 18:04 - 00000000 ____D C:\Windows\System32\STRING
2012-09-14 18:04 - 2011-11-03 05:00 - 00385024 ____A (CANON INC.) C:\Windows\System32\CNMLMB1.DLL
2012-09-14 18:04 - 2011-10-14 11:57 - 00300544 ____A (CANON INC.) C:\Windows\System32\CNC_B1C.dll
2012-09-14 18:04 - 2011-10-14 11:57 - 00102912 ____A (CANON INC.) C:\Windows\SysWOW64\CNC_B1U.dll
2012-09-14 18:04 - 2011-10-14 11:56 - 00109568 ____A (CANON INC.) C:\Windows\System32\CNC_B1I.dll
2012-09-14 18:04 - 2011-09-29 04:23 - 00256000 ____A (CANON INC.) C:\Windows\System32\CNMIUB1.DLL
2012-09-14 18:04 - 2011-09-22 08:59 - 00358912 ____A (CANON INC.) C:\Windows\System32\CNC_B1L.dll
2012-09-14 18:04 - 2011-09-22 08:57 - 00316416 ____A (CANON INC.) C:\Windows\SysWOW64\CNC_B1L.dll
2012-09-14 18:04 - 2011-09-21 05:00 - 00302592 ____A (CANON INC.) C:\Windows\System32\CNCALB1.DLL
2012-09-14 18:04 - 2011-08-16 03:30 - 00356864 ____A (CANON INC.) C:\Windows\System32\CNMN6PPM.DLL
2012-09-14 18:04 - 2011-08-16 03:30 - 00039424 ____A (CANON INC.) C:\Windows\System32\CNMN6UI.DLL
2012-09-14 18:04 - 2011-06-30 13:52 - 00065280 ____A C:\Windows\SysWOW64\CNC175BD.TBL
2012-09-14 18:04 - 2011-06-30 13:52 - 00065280 ____A C:\Windows\System32\CNC175BD.TBL
2012-09-14 18:04 - 2011-05-27 11:19 - 00097792 ____A (Canon Inc.) C:\Windows\System32\CNC_B1O.dll
2012-09-14 18:04 - 2008-08-25 18:02 - 00017920 ____A (CANON INC.) C:\Windows\System32\CNHMCA6.dll
2012-09-14 18:04 - 2008-08-25 18:02 - 00015872 ____A (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2012-09-14 18:03 - 2012-09-22 03:17 - 00000000 ____D C:\Users\All Users\CanonIJPLM
2012-09-14 18:03 - 2012-09-22 03:17 - 00000000 ____D C:\Users\All Users\Application Data\CanonIJPLM
2012-09-14 18:02 - 2012-09-14 18:28 - 00000000 ____D C:\Program Files (x86)\Canon
2012-09-14 18:02 - 2012-09-14 18:02 - 00000000 ___HD C:\Users\All Users\CanonIJETV
2012-09-14 18:02 - 2012-09-14 18:02 - 00000000 ___HD C:\Users\All Users\Application Data\CanonIJETV
2012-09-12 11:59 - 2012-08-22 13:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-12 11:59 - 2012-08-22 13:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-12 11:59 - 2012-08-22 13:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-12 11:59 - 2012-08-22 13:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-12 11:59 - 2012-08-02 12:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-12 11:59 - 2012-08-02 11:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-12 11:59 - 2012-07-04 15:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-10 22:46 - 2012-09-10 22:47 - 00007562 ____A C:\Users\Joshua\My Documents\cc_20120910_224651.reg
2012-09-10 22:46 - 2012-09-10 22:47 - 00007562 ____A C:\Users\Joshua\Documents\cc_20120910_224651.reg
2012-09-10 22:44 - 2012-09-10 22:44 - 00160710 ____A C:\Users\Joshua\My Documents\cc_20120910_224400.reg
2012-09-10 22:44 - 2012-09-10 22:44 - 00160710 ____A C:\Users\Joshua\Documents\cc_20120910_224400.reg
2012-09-10 22:39 - 2012-09-10 22:40 - 03927560 ____A (Piriform Ltd) C:\Users\Joshua\Downloads\ccsetup322.exe
==================== 3 Months Modified Files ==================
2012-09-30 00:47 - 2011-01-14 10:07 - 01861103 ____A C:\Windows\WindowsUpdate.log
2012-09-30 00:36 - 2009-07-13 23:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-30 00:36 - 2009-07-13 23:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-30 00:34 - 2012-09-30 00:34 - 00000089 ____A C:\data
2012-09-30 00:34 - 2009-07-14 00:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-30 00:29 - 2012-09-29 13:38 - 00000224 ____A C:\Windows\setupact.log
2012-09-30 00:29 - 2011-02-22 21:09 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-30 00:29 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-29 22:52 - 2011-02-22 21:09 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-29 13:38 - 2012-09-29 13:38 - 00000456 ____A C:\Windows\PFRO.log
2012-09-29 13:38 - 2012-09-29 13:38 - 00000000 ____A C:\Windows\setuperr.log
2012-09-29 13:36 - 2012-09-29 13:36 - 00005289 ____A C:\AdwCleaner[S1].txt
2012-09-29 13:04 - 2012-09-29 13:04 - 00004532 ____A C:\AdwCleaner[R1].txt
2012-09-29 12:55 - 2012-09-29 12:54 - 00003456 ____A C:\Users\Joshua\My Documents\cc_20120929_125451.reg
2012-09-29 12:55 - 2012-09-29 12:54 - 00003456 ____A C:\Users\Joshua\Documents\cc_20120929_125451.reg
2012-09-29 12:43 - 2012-09-29 12:42 - 00607260 ____R (Swearware) C:\Users\Joshua\Desktop\dds.scr
2012-09-29 12:35 - 2012-09-29 12:35 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-29 12:35 - 2012-09-29 12:35 - 00001071 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-29 12:34 - 2012-09-29 12:33 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Joshua\Desktop\mbam-setup-1.65.0.1400.exe
2012-09-29 12:25 - 2012-09-29 12:25 - 00513501 ____A C:\Users\Joshua\Desktop\adwcleaner.exe
2012-09-29 12:15 - 2012-09-29 12:15 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-29 12:15 - 2012-09-29 12:15 - 00000824 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2012-09-29 12:14 - 2012-09-29 12:13 - 03941312 ____A (Piriform Ltd) C:\Users\Joshua\Desktop\ccsetup323.exe
2012-09-29 11:37 - 2012-09-29 11:37 - 00302592 ____A C:\Users\Joshua\Downloads\c7bkzkj7.exe
2012-09-29 10:33 - 2012-09-29 10:33 - 00000000 ____A C:\Users\Joshua\Desktop\zk2f8py0.reg
2012-09-29 10:29 - 2012-09-29 10:29 - 00302592 ____A C:\Users\Joshua\Desktop\zk2f8py0.exe
2012-09-29 05:13 - 2012-09-29 05:13 - 00019277 ____A C:\ComboFix.txt
2012-09-29 05:12 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2012-09-29 03:52 - 2012-09-29 03:52 - 02163864 ____A (US Tech Support LLC) C:\Users\Joshua\Downloads\MaxMySpeed.exe
2012-09-24 17:44 - 2012-09-24 17:44 - 04238448 ____A (Softland ) C:\Users\Joshua\Downloads\dopdf-7.exe
2012-09-23 11:40 - 2012-09-23 11:40 - 00057560 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-09-16 20:08 - 2012-09-16 20:08 - 05254656 ____A C:\Users\Joshua\Downloads\converter.exe
2012-09-16 19:44 - 2012-09-15 19:35 - 07549704 ____A C:\Users\Joshua\Downloads\InternationalPrimoPDF.exe
2012-09-15 20:55 - 2012-09-15 20:55 - 04633584 ____A (Acro Software Inc. ) C:\Users\Joshua\Downloads\CuteWriter.exe
2012-09-15 20:54 - 2012-09-15 20:54 - 00587640 ____A C:\Users\Joshua\Downloads\cbsidlm-tr1_6-CutePDF_Writer-10206470.exe
2012-09-15 19:45 - 2012-09-15 19:42 - 700989440 ___AT C:\Users\Joshua\My Documents\ModPhys.ps
2012-09-15 19:45 - 2012-09-15 19:42 - 700989440 ___AT C:\Users\Joshua\Documents\ModPhys.ps
2012-09-15 18:43 - 2012-09-15 18:43 - 00000000 ____A C:\Users\Joshua\My Documents\SolidPhys.txt
2012-09-15 18:43 - 2012-09-15 18:43 - 00000000 ____A C:\Users\Joshua\Documents\SolidPhys.txt
2012-09-15 16:56 - 2012-09-15 16:56 - 00101680 ____A (Amazon.com, Inc.) C:\Windows\System32\stkMonitor.dll
2012-09-15 16:55 - 2012-09-15 16:55 - 05291440 ____A (Amazon.com, Inc.) C:\Users\Joshua\Downloads\SendToKindleForPC-installer.exe
2012-09-14 18:10 - 2012-09-14 18:10 - 00002037 ____A C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2012-09-14 18:10 - 2012-09-14 18:10 - 00002037 ____A C:\Users\All Users\Desktop\Canon Solution Menu EX.lnk
2012-09-14 18:06 - 2012-09-14 18:06 - 00002316 ____A C:\Users\Public\Desktop\Canon MX430 series On-screen Manual.lnk
2012-09-14 18:06 - 2012-09-14 18:06 - 00002316 ____A C:\Users\All Users\Desktop\Canon MX430 series On-screen Manual.lnk
2012-09-13 03:01 - 2011-03-01 12:42 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-10 22:47 - 2012-09-10 22:46 - 00007562 ____A C:\Users\Joshua\My Documents\cc_20120910_224651.reg
2012-09-10 22:47 - 2012-09-10 22:46 - 00007562 ____A C:\Users\Joshua\Documents\cc_20120910_224651.reg
2012-09-10 22:44 - 2012-09-10 22:44 - 00160710 ____A C:\Users\Joshua\My Documents\cc_20120910_224400.reg
2012-09-10 22:44 - 2012-09-10 22:44 - 00160710 ____A C:\Users\Joshua\Documents\cc_20120910_224400.reg
2012-09-10 22:40 - 2012-09-10 22:39 - 03927560 ____A (Piriform Ltd) C:\Users\Joshua\Downloads\ccsetup322.exe
2012-09-07 17:04 - 2012-09-29 12:35 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-29 16:35 - 2012-08-29 16:35 - 00929280 ____A C:\Users\Joshua\Downloads\LarColAlg8_01_04.ppt
2012-08-24 13:05 - 2012-09-21 18:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 13:05 - 2012-09-21 18:00 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 13:05 - 2012-09-21 17:59 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 13:03 - 2012-09-21 18:01 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 13:03 - 2012-09-21 18:01 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 13:03 - 2012-09-21 18:00 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 13:03 - 2012-09-21 18:00 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 13:02 - 2012-09-21 18:01 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 13:02 - 2012-09-21 18:00 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 13:02 - 2012-09-21 18:00 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 11:57 - 2012-09-21 18:01 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 11:57 - 2012-09-21 18:01 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 11:57 - 2012-09-21 18:01 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 11:57 - 2012-09-21 18:00 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 11:57 - 2012-09-21 18:00 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 11:57 - 2012-09-21 17:59 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 11:56 - 2012-09-21 18:01 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 11:56 - 2012-09-21 18:00 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 11:56 - 2012-09-21 18:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-24 11:56 - 2012-09-21 17:59 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 10:59 - 2012-09-21 17:59 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 10:20 - 2012-09-21 17:59 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-22 13:12 - 2012-09-12 11:59 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 13:12 - 2012-09-12 11:59 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 13:12 - 2012-09-12 11:59 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 13:12 - 2012-09-12 11:59 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 16:01 - 2012-09-26 16:39 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-17 08:44 - 2009-07-13 23:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-02 12:58 - 2012-09-12 11:59 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 11:57 - 2012-09-12 11:59 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-31 11:31 - 2012-09-15 20:58 - 00087152 ____A C:\Windows\System32\cpwmon64.dll
2012-07-25 13:57 - 2012-07-25 13:56 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Joshua\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-25 10:29 - 2012-07-25 10:29 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Joshua\Downloads\tdsskiller.exe
2012-07-23 19:37 - 2012-07-23 19:37 - 00000000 ____A C:\Windows\SysWOW64\sho8B2F.tmp
2012-07-23 18:05 - 2012-07-23 18:03 - 16580936 ____A (McAfee, Inc.) C:\Users\Joshua\Downloads\6781xdat.exe.part
2012-07-23 18:04 - 2012-07-23 18:04 - 02199393 ____A (McAfee, Inc.) C:\Users\Joshua\Downloads\5400eng.exe
2012-07-18 13:15 - 2012-08-16 08:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-16 15:32 - 2012-07-16 15:32 - 00008187 ____A C:\Users\Joshua\My Documents\2012-2013 FADX.txt
2012-07-16 15:32 - 2012-07-16 15:32 - 00008187 ____A C:\Users\Joshua\Documents\2012-2013 FADX.txt
2012-07-06 15:07 - 2012-08-17 03:09 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-04 17:16 - 2012-08-16 08:18 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 17:13 - 2012-08-16 08:18 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 17:13 - 2012-08-16 08:18 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 16:16 - 2012-08-16 08:18 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 16:14 - 2012-08-16 08:18 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 15:26 - 2012-09-12 11:59 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-09-29 06:01:43
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 3894.68 MB
Available physical RAM: 3249.96 MB
Total Pagefile: 3892.83 MB
Available Pagefile: 3241.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:370.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (JOKAZZ) (Removable) (Total:3.74 GB) (Free:2.27 GB) FAT32
5 Drive g: () (Removable) (Total:3.69 GB) (Free:0.02 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3835 MB 0 B
Disk 2 Online 3781 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 451 GB 14 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 DELLUTILITY FAT Partition 100 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D Recovery NTFS Partition 14 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 19 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F JOKAZZ FAT32 Removable 3827 MB Healthy
=========================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3777 MB 4096 KB
==================================================================================
Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3777 MB Healthy
=========================================================
Last Boot: 2012-09-26 18:45
==================== End Of Log =============================
-
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**************************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.65.0.1400
Java(TM) 6 Update 35
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````[/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]
ComboFix 12-09-30.01 - Joshua 09/30/2012 14:51:22.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2588 [GMT -5:00]
Running from: c:\users\Joshua\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-30 )))))))))))))))))))))))))))))))
.
.
2012-09-30 19:59 . 2012-09-30 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-30 14:45 . 2012-09-30 14:45 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-30 06:48 . 2012-09-30 06:48 -------- d-----w- C:\FRST
2012-09-30 05:32 . 2012-09-30 06:52 -------- d-----w- c:\program files (x86)\DownloadManager
2012-09-29 17:35 . 2012-09-29 17:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-29 17:35 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-29 17:15 . 2012-09-29 17:15 -------- d-----w- c:\program files\CCleaner
2012-09-29 11:18 . 2012-09-29 11:18 -------- d-----w- c:\programdata\SUPERSetup
2012-09-29 08:54 . 2012-09-29 09:11 -------- d-----w- c:\users\Joshua\AppData\Roaming\USTechSupport
2012-09-29 08:52 . 2012-09-29 09:15 -------- d-----w- c:\programdata\USTechSupport
2012-09-28 19:35 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DB98C2F-38F0-4604-8868-78303CEDC956}\mpengine.dll
2012-09-26 21:39 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 22:45 . 2012-09-24 22:45 -------- d-----w- c:\users\Joshua\AppData\Roaming\Softland
2012-09-24 22:45 . 2012-05-17 13:45 24968 ----a-w- c:\windows\system32\dopdfmn7.dll
2012-09-24 22:45 . 2012-05-17 13:45 21384 ----a-w- c:\windows\system32\dopdfmi7.dll
2012-09-24 22:45 . 2010-02-05 20:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-09-24 22:44 . 2012-09-24 22:44 -------- d-----w- c:\program files\Softland
2012-09-21 23:01 . 2012-08-24 18:03 9056256 ----a-w- c:\windows\system32\mshtml.dll
2012-09-21 23:01 . 2012-08-24 18:02 12295680 ----a-w- c:\windows\system32\ieframe.dll
2012-09-21 23:01 . 2012-08-24 18:03 735744 ----a-w- c:\windows\system32\msfeeds.dll
2012-09-21 23:01 . 2012-08-24 18:05 1494528 ----a-w- c:\windows\system32\urlmon.dll
2012-09-21 22:59 . 2012-08-24 18:05 134144 ----a-w- c:\windows\system32\url.dll
2012-09-21 22:59 . 2012-08-24 15:20 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-21 22:59 . 2012-08-24 15:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-17 01:10 . 2012-09-24 22:42 -------- d-----w- c:\users\Joshua\AppData\Local\CutePDF Writer
2012-09-17 01:09 . 2012-09-17 01:09 -------- d-----w- c:\program files (x86)\GPLGS
2012-09-16 01:58 . 2012-07-31 16:31 87152 ----a-w- c:\windows\system32\cpwmon64.dll
2012-09-16 01:58 . 2012-09-16 01:58 -------- d-----w- c:\program files (x86)\Acro Software
2012-09-16 01:43 . 2012-09-16 01:43 -------- d-----w- c:\users\Joshua\AppData\Local\PrimoPDFContent
2012-09-16 00:39 . 2012-09-16 02:04 -------- d-----w- c:\users\Joshua\AppData\Roaming\PrimoPDF
2012-09-16 00:37 . 2011-02-28 22:37 95008 ----a-w- c:\windows\system32\Primomonnt.dll
2012-09-16 00:37 . 2012-09-17 02:04 -------- d-----w- c:\program files (x86)\Nitro PDF
2012-09-15 21:56 . 2012-09-15 21:56 -------- d-----w- c:\users\Joshua\AppData\Local\Amazon
2012-09-15 21:56 . 2012-09-15 21:56 101680 ----a-w- c:\windows\system32\stkMonitor.dll
2012-09-15 21:56 . 2012-09-15 21:56 -------- d-----w- c:\program files (x86)\Amazon
2012-09-14 23:29 . 2012-09-14 23:29 -------- d--h--w- c:\programdata\CanonIJSolutionMenuEX
2012-09-14 23:29 . 2012-09-14 23:29 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2012-09-14 23:29 . 2012-09-14 23:29 -------- d--h--w- c:\programdata\CanonEPP
2012-09-14 23:28 . 2012-09-14 23:28 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2012-09-14 23:28 . 2012-09-14 23:28 -------- d-----w- c:\users\Joshua\AppData\Roaming\Canon
2012-09-14 23:25 . 2012-09-14 23:25 -------- d-----w- c:\programdata\Canon IJ Network Tool
2012-09-14 23:14 . 2012-09-14 23:14 -------- d--h--w- c:\programdata\CanonIJFAX
2012-09-14 23:14 . 2012-09-14 23:14 -------- d--h--w- c:\programdata\CanonIJEGV
2012-09-14 23:10 . 2012-09-14 23:10 -------- d-----w- c:\program files\Common Files\CANON
2012-09-14 23:09 . 2012-09-14 23:09 -------- d-----w- c:\programdata\CanonIJWSpt
2012-09-14 23:06 . 2012-09-14 23:06 -------- d-----w- c:\program files\Canon
2012-09-14 23:03 . 2012-09-22 08:17 -------- d-----w- c:\programdata\CanonIJPLM
2012-09-14 23:02 . 2012-09-14 23:02 -------- d--h--w- c:\programdata\CanonIJETV
2012-09-14 23:02 . 2012-09-14 23:28 -------- d-----w- c:\program files (x86)\Canon
2012-09-12 16:59 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 16:59 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 16:59 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 16:59 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 16:59 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 16:59 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 16:59 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-30 14:45 . 2011-03-07 02:09 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-13 08:01 . 2011-03-01 17:42 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-07-24 00:37 . 2012-07-24 00:37 0 ----a-w- c:\windows\SysWow64\sho8B2F.tmp
2012-07-18 18:15 . 2012-08-16 13:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-17 08:09 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-16 13:18 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-16 13:18 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-16 13:18 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-16 13:18 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-23 39408]
"uTorrent"="c:\users\Joshua\Pictures\uTorrent.exe" [2012-06-09 880528]
"DelayShred"="c:\progra~1\mcafee\mqs\ShrCL.EXE" [2012-03-23 129184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-09-27 439440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-12 559616]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-08-01 165184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 136176]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe [2007-05-25 34224]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-30 53800]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-30 35104]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-07 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-17 325152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-24 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 567216]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-03 20984]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-30 289280]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 02:09]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 02:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
"lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\erpnoq27.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - att.net
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-19306437.sys
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3310118324-520105195-1961103251-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3310118324-520105195-1961103251-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-30 15:01:42
ComboFix-quarantined-files.txt 2012-09-30 20:01
ComboFix2.txt 2012-09-29 10:13
.
Pre-Run: 396,813,836,288 bytes free
Post-Run: 396,684,918,784 bytes free
.
- - End Of File - - 63C9E8662D372AD2AB44006831CF39DE
-
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**********************************************************
Update your Adobe Reader. get.adobe.com/reader (http://get.adobe.com/reader/).
Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
**************************************************************
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
-
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-01 21:08:16
-----------------------------
21:08:16.834 OS Version: Windows x64 6.1.7601 Service Pack 1
21:08:16.834 Number of processors: 4 586 0x2505
21:08:16.835 ComputerName: JOSHUA-PC UserName: Joshua
21:08:18.674 Initialize success
21:09:32.682 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:09:32.685 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
21:09:32.697 Disk 0 MBR read successfully
21:09:32.699 Disk 0 MBR scan
21:09:32.701 Disk 0 Windows 7 default MBR code
21:09:32.707 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
21:09:32.724 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
21:09:32.737 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
21:09:32.762 Disk 0 scanning C:\Windows\system32\drivers
21:09:49.139 Service scanning
21:10:52.462 Modules scanning
21:10:52.476 Disk 0 trace - called modules:
21:10:52.495 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:10:52.502 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bbc060]
21:10:52.511 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004979050]
21:10:52.518 Scan finished successfully
21:11:28.805 Disk 0 MBR has been saved successfully to "C:\Users\Joshua\Desktop\MBR.dat"
21:11:28.997 The log file has been saved successfully to "C:\Users\Joshua\Desktop\aswMBR.txt"
-
Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.
- Double click it to start the tool.Vista and Windows7 run as administrator.
- Click Scan.
- Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
-
I have tried to run the Rooter scan but it keeps telling me it has stopped working and the program closes. What to do next?
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
C:\Documents and Settings\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\56d3a47a-70b66261 a variant of Java/Exploit.CVE-2012-1723.R trojan deleted - quarantined
-
How's your computer running now? Any other issues?
-
Its the exact same still slow no difference.
-
I was infected with zeroaccess rootkit and attempted to remove it and it appears that it is gone however now my computer is running extremely slow while on the internet.
Is is just running slowly while on the internet?
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber1.png)
- If an infected file is detected, the default action will be Cure, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber2.png)
- If a suspicious file is detected, the default action will be Skip, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber3.png)
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillerlastone3.png)
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
**********************************************************************
- Download RogueKiller (http://tigzy.geekstogo.com/Tools/RogueKiller.exe) on the desktop
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
-
Yes, only when I'm on the internet.
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joshua [Admin rights]
Mode : Remove -- Date : 10/07/2012 17:12:26
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
[TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
[TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
--- User ---
[MBR] 50048008bcc35aaa2dd6c553ee8fcf83
[BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] 83b42057fb3fd1d945874c9bf1406a5b
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joshua [Admin rights]
Mode : Remove -- Date : 10/07/2012 17:12:26
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
[TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
[TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
--- User ---
[MBR] 50048008bcc35aaa2dd6c553ee8fcf83
[BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] 83b42057fb3fd1d945874c9bf1406a5b
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joshua [Admin rights]
Mode : Remove -- Date : 10/07/2012 17:12:26
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
[TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
[TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
--- User ---
[MBR] 50048008bcc35aaa2dd6c553ee8fcf83
[BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] 83b42057fb3fd1d945874c9bf1406a5b
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joshua [Admin rights]
Mode : Remove -- Date : 10/07/2012 17:12:26
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
[TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
[TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
--- User ---
[MBR] 50048008bcc35aaa2dd6c553ee8fcf83
[BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] 83b42057fb3fd1d945874c9bf1406a5b
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joshua [Admin rights]
Mode : Remove -- Date : 10/07/2012 17:12:26
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
[TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
[TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
--- User ---
[MBR] 50048008bcc35aaa2dd6c553ee8fcf83
[BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] 83b42057fb3fd1d945874c9bf1406a5b
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joshua [Admin rights]
Mode : Remove -- Date : 10/07/2012 17:12:26
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DelayShred ("c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P5 /q "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\FXSAPI~1.TXT" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\ETILQS~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\Cookies" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5\index.dat" "C:\Users\Joshua\LOCALS~1\APPLIC~1\Temp\TEMPOR~1\Content.IE5") -> DELETED
[TASK][SUSP PATH] {4212613E-348A-418D-8F0A-C92E3EBE61C9} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20070419083726031_driver_20070322.zip\Install.exe -> DELETED
[TASK][SUSP PATH] {479D5D0E-11FF-4DD1-BF7A-F5855814D1D3} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {5FCA52B1-D9B2-4517-BBFC-217237B7ACBD} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {694F481D-DCB3-4F5E-A46D-CFCDD967C649} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {92D5CB8F-F8CB-4D5C-B76A-137FFD0D8F02} : C:\Users\Joshua\Desktop\Rooter.exe -> DELETED
[TASK][SUSP PATH] {F6B8DF11-F137-4A68-803A-A70AB69C4D66} : C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Local\Temp\Temp1_20071015125552984_driver.zip\Install.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
--- User ---
[MBR] 50048008bcc35aaa2dd6c553ee8fcf83
[BSP] b448955cbca8f9bc1c6ee9029be01294 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] 83b42057fb3fd1d945874c9bf1406a5b
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
17:46:09.0625 7552 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:46:11.0627 7552 ============================================================
17:46:11.0627 7552 Current date / time: 2012/10/07 17:46:11.0627
17:46:11.0627 7552 SystemInfo:
17:46:11.0627 7552
17:46:11.0628 7552 OS Version: 6.1.7601 ServicePack: 1.0
17:46:11.0628 7552 Product type: Workstation
17:46:11.0628 7552 ComputerName: JOSHUA-PC
17:46:11.0628 7552 UserName: Joshua
17:46:11.0628 7552 Windows directory: C:\Windows
17:46:11.0628 7552 System windows directory: C:\Windows
17:46:11.0628 7552 Running under WOW64
17:46:11.0628 7552 Processor architecture: Intel x64
17:46:11.0628 7552 Number of processors: 4
17:46:11.0628 7552 Page size: 0x1000
17:46:11.0628 7552 Boot type: Normal boot
17:46:11.0628 7552 ============================================================
17:46:12.0249 7552 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:46:12.0297 7552 Drive \Device\Harddisk1\DR1 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:46:12.0303 7552 ============================================================
17:46:12.0303 7552 \Device\Harddisk0\DR0:
17:46:12.0304 7552 MBR partitions:
17:46:12.0304 7552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
17:46:12.0304 7552 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
17:46:12.0304 7552 \Device\Harddisk1\DR1:
17:46:12.0305 7552 MBR partitions:
17:46:12.0305 7552 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
17:46:12.0305 7552 ============================================================
17:46:12.0337 7552 C: <-> \Device\Harddisk0\DR0\Partition2
17:46:12.0337 7552 ============================================================
17:46:12.0338 7552 Initialize success
17:46:12.0338 7552 ============================================================
17:46:52.0104 7660 ============================================================
17:46:52.0104 7660 Scan started
17:46:52.0104 7660 Mode: Manual;
17:46:52.0104 7660 ============================================================
17:46:52.0392 7660 ================ Scan system memory ========================
17:46:52.0392 7660 System memory - ok
17:46:52.0393 7660 ================ Scan services =============================
17:46:52.0601 7660 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:46:52.0664 7660 1394ohci - ok
17:46:52.0745 7660 [ 426E0E8127BAC7D5DDEE8251F104E053 ] AbsoluteNotifier C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
17:46:52.0813 7660 AbsoluteNotifier - ok
17:46:52.0986 7660 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:46:53.0041 7660 ACPI - ok
17:46:53.0100 7660 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:46:53.0170 7660 AcpiPmi - ok
17:46:53.0330 7660 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:46:53.0407 7660 AdobeFlashPlayerUpdateSvc - ok
17:46:53.0462 7660 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:46:53.0481 7660 adp94xx - ok
17:46:53.0530 7660 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:46:53.0541 7660 adpahci - ok
17:46:53.0562 7660 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:46:53.0571 7660 adpu320 - ok
17:46:53.0605 7660 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:46:53.0607 7660 AeLookupSvc - ok
17:46:53.0711 7660 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
17:46:53.0774 7660 AESTFilters - ok
17:46:53.0866 7660 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:46:53.0870 7660 AFD - ok
17:46:53.0901 7660 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:46:53.0905 7660 agp440 - ok
17:46:53.0932 7660 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:46:53.0933 7660 ALG - ok
17:46:53.0956 7660 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:46:53.0960 7660 aliide - ok
17:46:53.0983 7660 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:46:53.0985 7660 amdide - ok
17:46:54.0019 7660 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:46:54.0022 7660 AmdK8 - ok
17:46:54.0054 7660 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:46:54.0057 7660 AmdPPM - ok
17:46:54.0118 7660 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:46:54.0167 7660 amdsata - ok
17:46:54.0185 7660 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:46:54.0191 7660 amdsbs - ok
17:46:54.0220 7660 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:46:54.0267 7660 amdxata - ok
17:46:54.0299 7660 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:46:54.0343 7660 AppID - ok
17:46:54.0361 7660 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:46:54.0365 7660 AppIDSvc - ok
17:46:54.0407 7660 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:46:54.0467 7660 Appinfo - ok
17:46:54.0499 7660 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:46:54.0502 7660 arc - ok
17:46:54.0518 7660 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:46:54.0524 7660 arcsas - ok
17:46:54.0563 7660 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:46:54.0573 7660 AsyncMac - ok
17:46:54.0633 7660 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:46:54.0634 7660 atapi - ok
17:46:54.0696 7660 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:46:54.0766 7660 AudioEndpointBuilder - ok
17:46:54.0793 7660 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:46:54.0835 7660 AudioSrv - ok
17:46:54.0902 7660 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:46:54.0952 7660 AxInstSV - ok
17:46:54.0982 7660 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:46:54.0990 7660 b06bdrv - ok
17:46:55.0008 7660 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:46:55.0014 7660 b57nd60a - ok
17:46:55.0067 7660 [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
17:46:55.0115 7660 BCM42RLY - ok
17:46:55.0754 7660 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
17:46:55.0772 7660 BCM43XX - ok
17:46:55.0927 7660 [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys
17:46:55.0992 7660 BcmVWL - ok
17:46:56.0035 7660 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:46:56.0037 7660 BDESVC - ok
17:46:56.0334 7660 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:46:56.0340 7660 Beep - ok
17:46:56.0416 7660 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:46:56.0421 7660 BFE - ok
17:46:56.0517 7660 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
17:46:56.0524 7660 BITS - ok
17:46:56.0711 7660 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:46:56.0720 7660 blbdrive - ok
17:46:56.0916 7660 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:46:56.0918 7660 bowser - ok
17:46:56.0966 7660 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:46:56.0975 7660 BrFiltLo - ok
17:46:56.0999 7660 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:46:57.0005 7660 BrFiltUp - ok
17:46:57.0053 7660 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:46:57.0058 7660 BridgeMP - ok
17:46:57.0126 7660 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:46:57.0128 7660 Browser - ok
17:46:57.0249 7660 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:46:57.0264 7660 Brserid - ok
17:46:57.0305 7660 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:46:57.0310 7660 BrSerWdm - ok
17:46:57.0351 7660 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:46:57.0358 7660 BrUsbMdm - ok
17:46:57.0413 7660 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:46:57.0417 7660 BrUsbSer - ok
17:46:57.0596 7660 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:46:57.0600 7660 BthEnum - ok
17:46:57.0633 7660 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:46:57.0635 7660 BTHMODEM - ok
17:46:57.0802 7660 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:46:57.0806 7660 BthPan - ok
17:46:58.0137 7660 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:46:58.0185 7660 BTHPORT - ok
17:46:58.0216 7660 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:46:58.0217 7660 bthserv - ok
17:46:58.0275 7660 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:46:58.0319 7660 BTHUSB - ok
17:46:58.0366 7660 [ D3466F77C2C49C6E393BA5FBA963A33E ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
17:46:58.0415 7660 btusbflt - ok
17:46:58.0609 7660 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
17:46:58.0680 7660 btwaudio - ok
17:46:58.0729 7660 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
17:46:58.0779 7660 btwavdt - ok
17:46:58.0838 7660 [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:46:58.0909 7660 btwdins - ok
17:46:58.0928 7660 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
17:46:58.0973 7660 btwl2cap - ok
17:46:59.0033 7660 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
17:46:59.0101 7660 btwrchid - ok
17:46:59.0116 7660 catchme - ok
17:46:59.0142 7660 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:46:59.0147 7660 cdfs - ok
17:46:59.0182 7660 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:46:59.0227 7660 cdrom - ok
17:46:59.0269 7660 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:46:59.0271 7660 CertPropSvc - ok
17:46:59.0314 7660 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys
17:46:59.0379 7660 cfwids - ok
17:46:59.0408 7660 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:46:59.0411 7660 circlass - ok
17:46:59.0481 7660 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:46:59.0484 7660 CLFS - ok
17:46:59.0696 7660 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:46:59.0701 7660 clr_optimization_v2.0.50727_32 - ok
17:46:59.0751 7660 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:46:59.0761 7660 clr_optimization_v2.0.50727_64 - ok
17:46:59.0834 7660 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:46:59.0894 7660 clr_optimization_v4.0.30319_32 - ok
17:46:59.0970 7660 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:47:00.0033 7660 clr_optimization_v4.0.30319_64 - ok
17:47:00.0073 7660 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:47:00.0077 7660 CmBatt - ok
17:47:00.0092 7660 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:47:00.0095 7660 cmdide - ok
17:47:00.0137 7660 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:47:00.0140 7660 CNG - ok
17:47:00.0177 7660 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:47:00.0181 7660 Compbatt - ok
17:47:00.0223 7660 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:47:00.0276 7660 CompositeBus - ok
17:47:00.0281 7660 COMSysApp - ok
17:47:00.0294 7660 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:47:00.0296 7660 crcdisk - ok
17:47:00.0323 7660 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:47:00.0324 7660 CryptSvc - ok
17:47:00.0387 7660 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
17:47:00.0432 7660 CtClsFlt - ok
17:47:00.0536 7660 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:47:00.0547 7660 cvhsvc - ok
17:47:00.0594 7660 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:47:00.0659 7660 DcomLaunch - ok
17:47:00.0728 7660 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:47:00.0730 7660 defragsvc - ok
17:47:00.0835 7660 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:47:00.0838 7660 DfsC - ok
17:47:00.0870 7660 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:47:00.0873 7660 Dhcp - ok
17:47:00.0921 7660 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:47:00.0922 7660 discache - ok
17:47:00.0935 7660 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:47:00.0941 7660 Disk - ok
17:47:00.0976 7660 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:47:00.0978 7660 Dnscache - ok
17:47:01.0016 7660 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:47:01.0018 7660 dot3svc - ok
17:47:01.0055 7660 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:47:01.0057 7660 DPS - ok
17:47:01.0073 7660 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:47:01.0078 7660 drmkaud - ok
17:47:01.0134 7660 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:47:01.0207 7660 DXGKrnl - ok
17:47:01.0248 7660 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:47:01.0252 7660 EapHost - ok
17:47:01.0356 7660 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:47:01.0395 7660 ebdrv - ok
17:47:01.0421 7660 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:47:01.0470 7660 EFS - ok
17:47:01.0576 7660 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:47:01.0638 7660 ehRecvr - ok
17:47:01.0666 7660 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:47:01.0667 7660 ehSched - ok
17:47:01.0699 7660 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:47:01.0706 7660 elxstor - ok
17:47:01.0738 7660 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:47:01.0741 7660 ErrDev - ok
17:47:01.0904 7660 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:47:01.0911 7660 EventSystem - ok
17:47:01.0950 7660 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:47:01.0960 7660 exfat - ok
17:47:02.0029 7660 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:47:02.0032 7660 fastfat - ok
17:47:02.0084 7660 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:47:02.0144 7660 Fax - ok
17:47:02.0172 7660 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:47:02.0176 7660 fdc - ok
17:47:02.0212 7660 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:47:02.0219 7660 fdPHost - ok
17:47:02.0232 7660 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:47:02.0234 7660 FDResPub - ok
17:47:02.0310 7660 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:47:02.0311 7660 FileInfo - ok
17:47:02.0322 7660 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:47:02.0323 7660 Filetrace - ok
17:47:02.0362 7660 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:47:02.0369 7660 flpydisk - ok
17:47:02.0414 7660 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:47:02.0418 7660 FltMgr - ok
17:47:02.0487 7660 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:47:02.0500 7660 FontCache - ok
17:47:02.0574 7660 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:47:02.0645 7660 FontCache3.0.0.0 - ok
17:47:02.0669 7660 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:47:02.0670 7660 FsDepends - ok
17:47:02.0725 7660 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:47:02.0794 7660 fssfltr - ok
17:47:02.0994 7660 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:47:03.0065 7660 fsssvc - ok
17:47:03.0124 7660 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:47:03.0192 7660 Fs_Rec - ok
17:47:03.0251 7660 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:47:03.0255 7660 fvevol - ok
17:47:03.0276 7660 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:47:03.0285 7660 gagp30kx - ok
17:47:03.0365 7660 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:47:03.0436 7660 GamesAppService - ok
17:47:03.0490 7660 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
17:47:03.0562 7660 GoToAssist - ok
17:47:03.0622 7660 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:47:03.0627 7660 gpsvc - ok
17:47:03.0700 7660 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:47:03.0771 7660 gupdate - ok
17:47:03.0789 7660 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:47:03.0854 7660 gupdatem - ok
17:47:03.0884 7660 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:47:03.0886 7660 gusvc - ok
17:47:03.0922 7660 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:47:03.0925 7660 hcw85cir - ok
17:47:04.0001 7660 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:47:04.0056 7660 HdAudAddService - ok
17:47:04.0081 7660 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:47:04.0125 7660 HDAudBus - ok
17:47:04.0243 7660 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:47:04.0288 7660 HECIx64 - ok
17:47:04.0334 7660 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:47:04.0337 7660 HidBatt - ok
17:47:04.0342 7660 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:47:04.0346 7660 HidBth - ok
17:47:04.0350 7660 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:47:04.0353 7660 HidIr - ok
17:47:04.0373 7660 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:47:04.0374 7660 hidserv - ok
17:47:04.0412 7660 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:47:04.0461 7660 HidUsb - ok
17:47:04.0485 7660 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:47:04.0487 7660 hkmsvc - ok
17:47:04.0527 7660 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:47:04.0587 7660 HomeGroupListener - ok
17:47:04.0622 7660 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:47:04.0625 7660 HomeGroupProvider - ok
17:47:04.0660 7660 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:47:04.0712 7660 HpSAMD - ok
17:47:04.0775 7660 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:47:04.0829 7660 HTTP - ok
17:47:04.0896 7660 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:47:04.0932 7660 hwpolicy - ok
17:47:04.0985 7660 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:47:04.0997 7660 i8042prt - ok
17:47:05.0043 7660 [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:47:05.0049 7660 iaStor - ok
17:47:05.0102 7660 [ A9BE186ABF28B3D3D698CB855EDF457E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:47:05.0103 7660 IAStorDataMgrSvc - ok
17:47:05.0167 7660 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:47:05.0232 7660 iaStorV - ok
17:47:05.0386 7660 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:47:05.0454 7660 idsvc - ok
17:47:05.0772 7660 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:47:05.0859 7660 igfx - ok
17:47:05.0939 7660 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:47:05.0948 7660 iirsp - ok
17:47:06.0042 7660 [ 54E0F4CCD6CE99A807459AF928DD64AC ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
17:47:06.0045 7660 IJPLMSVC - ok
17:47:06.0098 7660 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:47:06.0106 7660 IKEEXT - ok
17:47:06.0148 7660 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
17:47:06.0200 7660 Impcd - ok
17:47:06.0249 7660 [ C6C1F19205DA83C801BE7C25F4E2EE07 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
17:47:06.0297 7660 IntcDAud - ok
17:47:06.0318 7660 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:47:06.0320 7660 intelide - ok
17:47:06.0431 7660 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:47:06.0432 7660 intelppm - ok
17:47:06.0503 7660 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:47:06.0505 7660 IPBusEnum - ok
17:47:06.0558 7660 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:47:06.0625 7660 IpFilterDriver - ok
17:47:06.0668 7660 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:47:06.0712 7660 iphlpsvc - ok
17:47:06.0761 7660 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:47:06.0806 7660 IPMIDRV - ok
17:47:06.0841 7660 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:47:06.0846 7660 IPNAT - ok
17:47:06.0863 7660 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:47:06.0864 7660 IRENUM - ok
17:47:06.0906 7660 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:47:06.0909 7660 isapnp - ok
17:47:06.0951 7660 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:47:07.0004 7660 iScsiPrt - ok
17:47:07.0068 7660 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:47:07.0075 7660 kbdclass - ok
17:47:07.0121 7660 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:47:07.0180 7660 kbdhid - ok
17:47:07.0198 7660 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:47:07.0246 7660 KeyIso - ok
17:47:07.0289 7660 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:47:07.0292 7660 KSecDD - ok
17:47:07.0331 7660 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:47:07.0334 7660 KSecPkg - ok
17:47:07.0376 7660 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:47:07.0381 7660 ksthunk - ok
17:47:07.0408 7660 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:47:07.0420 7660 KtmRm - ok
17:47:07.0473 7660 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:47:07.0515 7660 LanmanServer - ok
17:47:07.0571 7660 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:47:07.0613 7660 LanmanWorkstation - ok
17:47:07.0694 7660 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:47:07.0703 7660 lltdio - ok
17:47:07.0741 7660 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:47:07.0750 7660 lltdsvc - ok
17:47:07.0762 7660 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:47:07.0769 7660 lmhosts - ok
17:47:07.0821 7660 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:47:07.0905 7660 LMS - ok
17:47:07.0928 7660 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:47:07.0932 7660 LSI_FC - ok
17:47:07.0946 7660 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:47:07.0949 7660 LSI_SAS - ok
17:47:07.0965 7660 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:47:07.0968 7660 LSI_SAS2 - ok
17:47:07.0973 7660 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:47:07.0977 7660 LSI_SCSI - ok
17:47:08.0020 7660 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:47:08.0021 7660 luafv - ok
17:47:08.0060 7660 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:47:08.0106 7660 MBAMProtector - ok
17:47:08.0163 7660 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:47:08.0223 7660 MBAMScheduler - ok
17:47:08.0253 7660 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:47:08.0318 7660 MBAMService - ok
17:47:08.0461 7660 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:47:08.0465 7660 McAfee SiteAdvisor Service - ok
17:47:08.0477 7660 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:47:08.0480 7660 McMPFSvc - ok
17:47:08.0513 7660 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:47:08.0516 7660 mcmscsvc - ok
17:47:08.0549 7660 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:47:08.0552 7660 McNaiAnn - ok
17:47:08.0559 7660 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:47:08.0562 7660 McNASvc - ok
17:47:08.0637 7660 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
17:47:08.0706 7660 McODS - ok
17:47:08.0750 7660 [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:47:08.0752 7660 McOobeSv - ok
17:47:08.0790 7660 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:47:08.0792 7660 McProxy - ok
17:47:08.0885 7660 [ E998E3B12101288D716558466CBF6AE1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:47:08.0888 7660 McShield - ok
17:47:08.0923 7660 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:47:08.0969 7660 Mcx2Svc - ok
17:47:08.0998 7660 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:47:09.0002 7660 megasas - ok
17:47:09.0023 7660 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:47:09.0030 7660 MegaSR - ok
17:47:09.0064 7660 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
17:47:09.0113 7660 mfeapfk - ok
17:47:09.0150 7660 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
17:47:09.0203 7660 mfeavfk - ok
17:47:09.0229 7660 mfeavfk01 - ok
17:47:09.0299 7660 [ B26782C3D6045B4464017D7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:47:09.0301 7660 mfefire - ok
17:47:09.0362 7660 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
17:47:09.0432 7660 mfefirek - ok
17:47:09.0480 7660 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
17:47:09.0489 7660 mfehidk - ok
17:47:09.0527 7660 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
17:47:09.0529 7660 mfenlfk - ok
17:47:09.0576 7660 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
17:47:09.0625 7660 mferkdet - ok
17:47:09.0690 7660 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
17:47:09.0691 7660 mfevtp - ok
17:47:09.0715 7660 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
17:47:09.0717 7660 mfewfpk - ok
17:47:09.0747 7660 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:47:09.0749 7660 MMCSS - ok
17:47:09.0782 7660 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:47:09.0784 7660 Modem - ok
17:47:09.0931 7660 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:47:09.0936 7660 monitor - ok
17:47:09.0953 7660 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
17:47:09.0957 7660 mouclass - ok
17:47:09.0973 7660 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:47:09.0977 7660 mouhid - ok
17:47:10.0007 7660 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:47:10.0008 7660 mountmgr - ok
17:47:10.0110 7660 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:47:10.0174 7660 MozillaMaintenance - ok
17:47:10.0208 7660 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:47:10.0256 7660 mpio - ok
17:47:10.0280 7660 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:47:10.0286 7660 mpsdrv - ok
17:47:10.0330 7660 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:47:10.0336 7660 MpsSvc - ok
17:47:10.0373 7660 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:47:10.0441 7660 MRxDAV - ok
17:47:10.0491 7660 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:47:10.0493 7660 mrxsmb - ok
17:47:10.0524 7660 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:47:10.0526 7660 mrxsmb10 - ok
17:47:10.0568 7660 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:47:10.0569
-
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) to Desktop and run it.
(http://i424.photobucket.com/albums/pp322/digistar/MiniToolBox.png)
Checkmark the following boxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- List content of Hosts
- List IP Configuration
- Lst Last 10 Event Viewer Errors
- List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.
-
MiniToolBox by Farbar Version: 23-07-2012
Ran by Joshua (administrator) on 08-10-2012 at 11:24:14
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Broadcom Virtual Wireless Adapter = Local Area Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.72 metric=1 publish=Yes
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : Joshua-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : C0-CB-38-95-C5-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom Virtual Wireless Adapter
Physical Address. . . . . . . . . : C0-CB-38-95-C5-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : C0-CB-38-95-C5-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3d3d:c5a:25ec:b91f%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.72(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, October 06, 2012 12:41:46 PM
Lease Expires . . . . . . . . . . : Tuesday, October 09, 2012 11:17:03 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 247515960
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-C2-1D-F5-F0-4D-A2-C8-56-6C
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : F0-4D-A2-C8-56-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.gateway.2wire.net:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1856:282a:b973:6c43(Preferred)
Link-local IPv6 Address . . . . . : fe80::1856:282a:b973:6c43%19(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{78D026F0-6BF5-439A-BB4F-3D506194B4E6}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{92522764-F5CA-4CE5-A3A1-22D349C2C0C4}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{C39F09A7-04CC-403D-9070-C7E8AADE3F77}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: homeportal
Address: 192.168.1.254
Name: google.com
Addresses: 2607:f8b0:4000:801::1007
74.125.227.0
74.125.227.1
74.125.227.2
74.125.227.3
74.125.227.4
74.125.227.5
74.125.227.6
74.125.227.7
74.125.227.8
74.125.227.9
74.125.227.14
Pinging google.com [74.125.227.66] with 32 bytes of data:
Reply from 74.125.227.66: bytes=32 time=90ms TTL=52
Reply from 74.125.227.66: bytes=32 time=120ms TTL=52
Ping statistics for 74.125.227.66:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 90ms, Maximum = 120ms, Average = 105ms
Server: homeportal
Address: 192.168.1.254
Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24
Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=966ms TTL=48
Reply from 72.30.38.140: bytes=32 time=1146ms TTL=48
Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 966ms, Maximum = 1146ms, Average = 1056ms
Server: homeportal
Address: 192.168.1.254
Name: bleepingcomputer.com
Address: 208.43.87.2
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...c0 cb 38 95 c5 6c ......Microsoft Virtual WiFi Miniport Adapter
13...c0 cb 38 95 c5 6c ......Broadcom Virtual Wireless Adapter
12...c0 cb 38 95 c5 6c ......DW1501 Wireless-N WLAN Half-Mini Card
10...f0 4d a2 c8 56 6c ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.72 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 192.168.1.72 26
169.254.255.255 255.255.255.255 On-link 192.168.1.72 281
192.168.1.0 255.255.255.0 On-link 192.168.1.72 281
192.168.1.72 255.255.255.255 On-link 192.168.1.72 281
192.168.1.255 255.255.255.255 On-link 192.168.1.72 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.72 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.72 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.0.0 255.255.0.0 192.168.1.72 1
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
19 58 ::/0 On-link
1 306 ::1/128 On-link
19 58 2001::/32 On-link
19 306 2001:0:4137:9e76:1856:282a:b973:6c43/128
On-link
12 281 fe80::/64 On-link
19 306 fe80::/64 On-link
19 306 fe80::1856:282a:b973:6c43/128
On-link
12 281 fe80::3d3d:c5a:25ec:b91f/128
On-link
1 306 ff00::/8 On-link
19 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Event log errors: ===============================
Application errors:
==================
Error: (10/05/2012 10:04:41 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/05/2012 10:03:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/04/2012 10:06:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/04/2012 10:06:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/03/2012 10:47:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/03/2012 10:44:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/03/2012 10:42:51 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume (H:) was not defragmented because an error was encountered: The disk was disconnected from the system. (0x89000011)
Error: (10/03/2012 10:42:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/03/2012 07:35:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/03/2012 07:34:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (10/04/2012 10:46:03 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error: (10/04/2012 10:45:33 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error: (10/04/2012 08:09:13 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
Error: (10/02/2012 10:09:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error: (10/02/2012 10:08:56 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error: (10/02/2012 10:05:28 PM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
Error: (10/02/2012 10:02:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (10/02/2012 10:02:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (10/02/2012 10:02:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (10/02/2012 10:02:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Microsoft Office Sessions:
=========================
Error: (10/05/2012 10:04:41 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (10/05/2012 10:03:23 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
Error: (10/04/2012 10:06:30 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
Error: (10/04/2012 10:06:30 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
Error: (10/03/2012 10:47:19 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Joshua\Desktop\esetsmartinstaller_enu.exe
Error: (10/03/2012 10:44:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (10/03/2012 10:42:51 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: (H:)The disk was disconnected from the system. (0x89000011)
Error: (10/03/2012 10:42:38 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe
Error: (10/03/2012 07:35:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Joshua\Desktop\esetsmartinstaller_enu.exe
Error: (10/03/2012 07:34:58 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Joshua\Desktop\esetsmartinstaller_enu.exe
========================= Memory info: ===================================
Percentage of memory in use: 34%
Total physical RAM: 3894.68 MB
Available physical RAM: 2536.79 MB
Total Pagefile: 7787.56 MB
Available Pagefile: 5084.63 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.11 MB
========================= Partitions: =====================================
1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:364.94 GB) NTFS
4 Drive h: () (Removable) (Total:3.69 GB) (Free:0.02 GB) FAT32
========================= Users: ========================================
User accounts for \\JOSHUA-PC
Administrator Guest Joshua
**** End of log ****
-
The internet speed seems acceptable. I really can't see what would cause the slowness you speak of. Did you try another browser?
-
I tried another browser and it is working alittle better but I seem to be have a problem loading videos.
-
Please try disabling all your add-ons to see if that makes any difference.