Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer slow


  • Please log in to reply
15 replies to this topic

#1 akc2699

akc2699

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 23 January 2012 - 05:44 PM

Last week my computer shut down and I had to restore it from another point, when I can obtain some documents and such when doing a search but not sure why I cannot search on google and why machine running so slow....

Help.

Thank you.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:58 AM

Posted 23 January 2012 - 06:02 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 akc2699

akc2699
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 24 January 2012 - 03:46 PM

Thank you for getting back to me, I have performed all of the tasks, they are in order as they were given. Please see below:

Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Webroot Security current plugins\antimalware\AEI.exe
Webroot Security current plugins\antimalware\SSU.EXE
QuickBooks Online Backup OnlineBackup.exe
``````````End of Log````````````





Farbar Service Scanner Version: 18-01-2012 01
Ran by Amy Christie (administrator) on 24-01-2012 at 13:12:23
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline
IE proxy is enabled.



Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




MiniToolBox by Farbar Version: 18-01-2012
Ran by Amy Christie (administrator) on 24-01-2012 at 13:14:29
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : AmyChristie-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ph.cox.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : ph.cox.net
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 00-21-97-42-75-DB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8d6b:b899:88af:33c7%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, January 24, 2012 12:00:03 PM
Lease Expires . . . . . . . . . . : Wednesday, January 25, 2012 12:00:02 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 251939712
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-B8-03-35-00-21-97-42-75-DB
DNS Servers . . . . . . . . . . . : 68.105.28.16
68.105.29.16
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3c51:34a8:3f57:fefc(Preferred)
Link-local IPv6 Address . . . . . : fe80::3c51:34a8:3f57:fefc%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.ph.cox.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : ph.cox.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 68.105.28.16

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

Pinging google.com [87.125.87.99] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 87.125.87.99:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Server: ip68-105-28-16.at.at.cox.net
Address: 68.105.28.16

Name: yahoo.com
Addresses: 209.191.122.70
72.30.2.43
98.137.149.56
98.139.180.149


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Server: ip68-105-28-16.at.at.cox.net
Address: 68.105.28.16

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
9...00 21 97 42 75 db ......NVIDIA nForce 10/100 Mbps Ethernet
1...........................Software Loopback Interface 1
10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 276
192.168.1.3 255.255.255.255 On-link 192.168.1.3 276
192.168.1.255 255.255.255.255 On-link 192.168.1.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 58 ::/0 On-link
1 306 ::1/128 On-link
10 58 2001::/32 On-link
10 306 2001:0:4137:9e76:3c51:34a8:3f57:fefc/128
On-link
9 276 fe80::/64 On-link
10 306 fe80::/64 On-link
10 306 fe80::3c51:34a8:3f57:fefc/128
On-link
9 276 fe80::8d6b:b899:88af:33c7/128
On-link
1 306 ff00::/8 On-link
10 306 ff00::/8 On-link
9 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/24/2012 00:11:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: WRConsumerService.exe, version: 7.0.12.22, time stamp: 0x4eab86b2
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0003bc21
Faulting process id: 0x2fc
Faulting application start time: 0xWRConsumerService.exe0
Faulting application path: WRConsumerService.exe1
Faulting module path: WRConsumerService.exe2
Report Id: WRConsumerService.exe3

Error: (01/24/2012 00:01:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2012 03:18:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5335

Error: (01/24/2012 03:18:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5335

Error: (01/24/2012 03:18:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/24/2012 03:18:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1185

Error: (01/24/2012 03:18:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1185

Error: (01/24/2012 03:18:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/24/2012 02:34:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8658

Error: (01/24/2012 02:34:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8658


System errors:
=============
Error: (01/24/2012 00:00:00 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:46:35 AM on ?1/?24/?2012 was unexpected.

Error: (01/23/2012 04:50:44 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WebrootSpySweeperService service.

Error: (01/23/2012 03:29:36 PM) (Source: Service Control Manager) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/23/2012 03:25:43 PM) (Source: Service Control Manager) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/23/2012 00:28:13 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MAC0022413B62DD
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3789212C-4E37-4DC7-8B34-88.
The master browser is stopping or an election is being forced.

Error: (01/23/2012 10:43:08 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MAC0022413B62DD
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3789212C-4E37-4DC7-8B34-88.
The master browser is stopping or an election is being forced.

Error: (01/23/2012 09:36:59 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (01/22/2012 04:51:54 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MAC0022413B62DD
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3789212C-4E37-4DC7-8B34-88.
The master browser is stopping or an election is being forced.

Error: (01/22/2012 02:42:08 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WebrootSpySweeperService service.

Error: (01/20/2012 03:44:44 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MAC0022413B62DD
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3789212C-4E37-4DC7-8B34-88.
The master browser is stopping or an election is being forced.


Microsoft Office Sessions:
=========================
Error: (11/02/2011 01:14:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 185678 seconds with 4080 seconds of active time. This session ended with a crash.

Error: (12/02/2010 07:10:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33831 seconds with 5460 seconds of active time. This session ended with a crash.

Error: (03/26/2010 00:31:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 93569 seconds with 5040 seconds of active time. This session ended with a crash.

Error: (02/17/2010 00:12:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
7500_7600_7700_Help1 (Version: 1.00.0000)
Adobe AIR (Version: 2.0.4.13090)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 8.2.6 (Version: 8.2.6)
Agere Systems PCI-SV92PP Soft Modem
Apple Application Support (Version: 1.5.0)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
BigFix (Version: 2.2.0.04)
Bing Bar (Version: 6.3.2291.0)
Bing Bar Platform (Version: 6.3.2291.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
BlackBerry Desktop Software 6.0 (Version: 6.0.0.43)
BlackBerry Device Software Updater (Version: 6.0.1.6)
Bonjour (Version: 2.0.4.0)
BPD_HPSU (Version: 1.00.0000)
bpd_scan_Carrier (Version: 3.00.0000)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware (Version: 82.0.173.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 140.0.213.000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Coupon Printer for Windows (Version: 4.0)
Coupon Printer for Windows (Version: 5.0.0.0)
CustomerResearchQFolder (Version: 1.00.0000)
CyberLink DVD Suite (Version: 6.0.2110)
CyberLink LabelPrint (Version: 2.0.3111)
CyberLink Power2Go (Version: 6.0.2115)
CyberLink PowerDVD (Version: 7.0.3409.a)
Destinations (Version: 82.0.173.000)
DeviceManagementQFolder (Version: 1.00.0000)
Digital Media Reader (Version: 2.01.03.01)
DocProc (Version: 8.1.0.0)
DocProcQFolder (Version: 1.00.0000)
eFax Messenger (Version: 4.4.1.528)
eMachines Games (Version: 1.0.0.52)
eMachines Recovery Management (Version: 3.1.3003)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 82.0.188.000)
GearDrvs (Version: 1.00.0000)
Google Chrome (Version: 16.0.912.75)
Google Update Helper (Version: 1.3.21.79)
HiJackThis (Version: 1.0.0)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP OCR Software 8.0 (Version: 8.0)
HP OfficeJet L7300/L7500/7600/7700 (Version: 14.0)
HP Officejet Pro 8600 Basic Device Software (Version: 25.0.619.0)
HP Officejet Pro 8600 Help (Version: 140.0.2.2)
HP Officejet Pro 8600 Product Improvement Study (Version: 25.0.619.0)
HP Officejet Pro All-In-One Series (Version: 1.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 5.003.000.004)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 82.0.173.000)
HPSSupply (Version: 2.1.3.0000)
I.R.I.S. OCR (Version: 12.3.4.0)
Internet TV for Windows Media Center (Version: 4.2.2.0)
iTunes (Version: 10.2.1.1)
Japanese Fonts Support For Adobe Reader 8 (Version: 8.0)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 30 (Version: 6.0.300)
L7000_Basic (Version: 140.0.000.000)
L7500 (Version: 50.0.165.000)
LSI PCI-SV92PP Soft Modem (Version: 2.2.98)
MarketResearch (Version: 82.0.174.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 3.0.131.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Works (Version: 9.7.0621)
Move Media Player
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MPM (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
My Web Search (IWON)
Network (Version: 140.0.215.000)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OverDrive Media Console (Version: 3.2.5)
Picaboo X (Version: 10.147)
Picaboo X (Version: 10.147P)
ProductContext (Version: 50.0.165.000)
PVSonyDll (Version: 1.00.0001)
QuickBooks (Version: 19.0.4011.705)
QuickBooks (Version: 20.0.4014.807)
QuickBooks Basic 2002
QuickBooks Basic Edition 2004
QuickBooks Online Backup (Version: 1.0.4)
QuickBooks Pro 2009 (Version: 19.0.4011.705)
QuickBooks Pro 2010 (Version: 20.0.4014.807)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1 (Version: 1.1.0)
Scan (Version: 140.0.167.000)
SolutionCenter (Version: 82.0.188.000)
Status (Version: 82.0.173.000)
SupportSoft Assisted Service (Version: 15)
The Weather Channel Desktop 6
Toolbox (Version: 140.0.428.000)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 82.0.188.000)
Type1027 TWAIN Driver Ver.3
UnloadSupport (Version: 1.00.0000)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Visual Studio 2005 Tools for Office Second Edition Runtime
WebReg (Version: 140.0.213.017)
Webroot Software (Version: 7.0.12.22)
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner (Version: 1.0.0.0)
Windows Media Center Add-in for Flash (Version: 4.1.2.0)
Wizard101 (Version: 1.0.0)
Xvid 1.2.1 final uninstall (Version: 1.2)

========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 1918.49 MB
Available physical RAM: 829.18 MB
Total Pagefile: 3836.98 MB
Available Pagefile: 2477.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.32 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:139.05 GB) (Free:7.25 GB) NTFS
4 Drive f: (Elements) (Fixed) (Total:465.64 GB) (Free:178.79 GB) FAT32
9 Drive k: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
10 Drive l: () (Removable) (Total:3.81 GB) (Free:0.02 GB) FAT32

========================= Users: ========================================

User accounts for \\AMYCHRISTIE-PC

Administrator Amy Christie Guest
New


**** End of log ****





Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.24.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Amy Christie :: AMYCHRISTIE-PC [administrator]

1/24/2012 1:18:52 PM
mbam-log-2012-01-24 (13-18-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215955
Time elapsed: 8 minute(s), 6 second(s)

Memory Processes Detected: 1
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> 3252 -> Delete on reboot.

Memory Modules Detected: 2
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Detected: 137
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin (Adware.MyWebSearch) -> Data: "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin (Adware.MyWebSearch) -> Data: "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Data: "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Data: #aI
G\ -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (Adware.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 18
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\ThirdPartyInstallers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\IE9Mesg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Amy Christie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Files Detected: 79
C:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFTBPR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Amy Christie\Downloads\SetupPlayPickle.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IEOVR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PATCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3UNPAT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\IE9Mesg\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Amy Christie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\OneNote Table Of Contents.onetoc2 (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Amy Christie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

(end)





aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-24 13:36:16
-----------------------------
13:36:16.264 OS Version: Windows 6.1.7601 Service Pack 1
13:36:16.264 Number of processors: 1 586 0x5F03
13:36:16.266 ComputerName: AMYCHRISTIE-PC UserName: Amy Christie
13:36:17.308 Initialize success
13:37:07.667 AVAST engine defs: 12012400
13:37:12.038 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
13:37:12.041 Disk 0 Vendor: ST316081 4.AA Size: 152627MB BusType: 3
13:37:12.052 Disk 0 MBR read successfully
13:37:12.056 Disk 0 MBR scan
13:37:12.076 Disk 0 Windows 7 default MBR code
13:37:12.089 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
13:37:12.108 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142385 MB offset 20973568
13:37:12.127 Disk 0 scanning sectors +312579760
13:37:12.204 Disk 0 scanning C:\Windows\system32\drivers
13:37:38.140 Service scanning
13:37:39.887 Service pwipf6 C:\Windows\system32\DRIVERS\pwipf6.sys **LOCKED** 32
13:37:40.002 Service Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys **LOCKED** 32
13:37:40.533 Modules scanning
13:37:49.812 Disk 0 trace - called modules:
13:37:49.851 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys >>UNKNOWN [0x8676a0d1]<<
13:37:49.860 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863855a8]
13:37:49.869 3 CLASSPNP.SYS[8940659e] -> nt!IofCallDriver -> [0x8607f0b8]
13:37:49.878 5 ACPI.sys[88c203d4] -> nt!IofCallDriver -> \Device\0000005d[0x86069800]
13:37:51.015 AVAST engine scan C:\Windows
13:37:56.355 AVAST engine scan C:\Windows\system32
13:41:48.767 AVAST engine scan C:\Windows\system32\drivers
13:42:07.425 AVAST engine scan C:\Users\Amy Christie
13:43:02.347 Disk 0 MBR has been saved successfully to "C:\Users\Amy Christie\Desktop\MBR.dat"
13:43:02.359 The log file has been saved successfully to "C:\Users\Amy Christie\Desktop\aswMBR.txt"


PLEASE LET ME KNOW WHAT I SHOULD DO.

THANK YOU FOR YOUR TIME!

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:58 AM

Posted 24 January 2012 - 03:51 PM

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • Super should automatically the program definitions. If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Click on "Preferences" button.
  • Click the "Scanning Control" tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
  • Click the "Home" button to leave the control center screen.
  • Back on the main screen checkmark "Complete scan" and click "Scan your computer".
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.

=========================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 akc2699

akc2699
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 26 January 2012 - 09:32 AM

I am attaching the scans as instructed to do below. The GMER would only run in safe mode.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/25/2012 at 02:42 PM

Application Version : 5.0.1142

Core Rules Database Version : 8164
Trace Rules Database Version: 5976

Scan type : Complete Scan
Total Scan Time : 06:40:59

Operating System Information
Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 386
Memory threats detected : 0
Registry items scanned : 24083
Registry threats detected : 117
File items scanned : 508099
File threats detected : 63

Adware.MyWebSearch/FunWebProducts
HKU\.DEFAULT\SOFTWARE\MyWebSearch
HKU\S-1-5-18\SOFTWARE\MyWebSearch
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
ZIP ARCHIVE( F:\AMYCHRISTIE-PC\BACKUP SET 2011-01-04 154939\BACKUP FILES 2011-01-04 154939\BACKUP FILES 31.ZIP )/C\USERS\AMY CHRISTIE\DOWNLOADS\IWON(2).EXE
F:\AMYCHRISTIE-PC\BACKUP SET 2011-01-04 154939\BACKUP FILES 2011-01-04 154939\BACKUP FILES 31.ZIP
ZIP ARCHIVE( F:\AMYCHRISTIE-PC\BACKUP SET 2011-01-04 154939\BACKUP FILES 2011-01-04 154939\BACKUP FILES 31.ZIP )/C\USERS\AMY CHRISTIE\DOWNLOADS\IWON(3).EXE
ZIP ARCHIVE( F:\AMYCHRISTIE-PC\BACKUP SET 2011-01-04 154939\BACKUP FILES 2011-01-04 154939\BACKUP FILES 31.ZIP )/C\USERS\AMY CHRISTIE\DOWNLOADS\IWON(4).EXE
ZIP ARCHIVE( F:\AMYCHRISTIE-PC\BACKUP SET 2011-01-04 154939\BACKUP FILES 2011-01-04 154939\BACKUP FILES 31.ZIP )/C\USERS\AMY CHRISTIE\DOWNLOADS\IWON.EXE

Adware.SelectRebates
C:\Program Files\SELECTREBATES\FFToolbar\chrome\sahtoolbar.jar
C:\Program Files\SELECTREBATES\FFToolbar\chrome
C:\Program Files\SELECTREBATES\FFToolbar\chrome.manifest
C:\Program Files\SELECTREBATES\FFToolbar\defaults\preferences\sahtoolbar.js
C:\Program Files\SELECTREBATES\FFToolbar\defaults\preferences
C:\Program Files\SELECTREBATES\FFToolbar\defaults
C:\Program Files\SELECTREBATES\FFToolbar\install.rdf
C:\Program Files\SELECTREBATES\FFToolbar
C:\Program Files\SELECTREBATES\SahImages\SAHS_popuplogo2.gif
C:\Program Files\SELECTREBATES\SahImages
C:\Program Files\SELECTREBATES\SelectAlerts.dat
C:\Program Files\SELECTREBATES\SelectRebates.ini
C:\Program Files\SELECTREBATES\SelectRebatesA.dat
C:\Program Files\SELECTREBATES\SelectRebatesB.dat
C:\Program Files\SELECTREBATES\SelectRebatesBT.dat
C:\Program Files\SELECTREBATES\SelectRebatesDownload.exe
C:\Program Files\SELECTREBATES\SelectRebatesH.dat
C:\Program Files\SELECTREBATES\Toolbar\AddtoList.bmp
C:\Program Files\SELECTREBATES\Toolbar\basis.xml
C:\Program Files\SELECTREBATES\Toolbar\Basis.xml.dym
C:\Program Files\SELECTREBATES\Toolbar\Blank.bmp
C:\Program Files\SELECTREBATES\Toolbar\Cache
C:\Program Files\SELECTREBATES\Toolbar\CashBack.bmp
C:\Program Files\SELECTREBATES\Toolbar\Coupons.bmp
C:\Program Files\SELECTREBATES\Toolbar\GroceryCoupon.bmp
C:\Program Files\SELECTREBATES\Toolbar\icons.bmp
C:\Program Files\SELECTREBATES\Toolbar\ImageCache
C:\Program Files\SELECTREBATES\Toolbar\i_magnifying.bmp
C:\Program Files\SELECTREBATES\Toolbar\logo.bmp
C:\Program Files\SELECTREBATES\Toolbar\logo_24.bmp
C:\Program Files\SELECTREBATES\Toolbar\logo_HotSpots.bmp
C:\Program Files\SELECTREBATES\Toolbar\ReviewSite.bmp
C:\Program Files\SELECTREBATES\Toolbar\RightControls.dym
C:\Program Files\SELECTREBATES\Toolbar\Scissors.bmp
C:\Program Files\SELECTREBATES\Toolbar\ShopAtHomeToolbar.dll
C:\Program Files\SELECTREBATES\Toolbar
C:\Program Files\SELECTREBATES

Trace.Known Threat Sources
C:\USERS\NEW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIXOX45N\cookie[1].js [ cache:mywebsearch.com ]
C:\USERS\NEW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VNQTJSJQ\SSA-trayp[1].jhtml [ cache:mywebsearch.com ]
C:\USERS\NEW\Local Settings\Temporary Internet Files\Content.IE5\HIXOX45N\cookie[1].js [ cache:mywebsearch.com ]
C:\USERS\NEW\Local Settings\Temporary Internet Files\Content.IE5\VNQTJSJQ\SSA-trayp[1].jhtml [ cache:mywebsearch.com ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\L8JHK1YJ\cookie[1].js [ cache:mywebsearch.com ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8QPTTT3N\SSA-trayp[1].jhtml [ cache:mywebsearch.com ]

Adware.ShopAtHome/SelectRebates
ZIP ARCHIVE( F:\AMYCHRISTIE-PC\BACKUP SET 2011-01-04 154939\BACKUP FILES 2011-01-04 154939\BACKUP FILES 12.ZIP )/C\PROGRAM FILES\SELECTREBATES\SELECTREBATES.EXE
F:\AMYCHRISTIE-PC\BACKUP SET 2011-01-04 154939\BACKUP FILES 2011-01-04 154939\BACKUP FILES 12.ZIP

Adware.MyWebSearch
ZIP ARCHIVE( F:\AMYCHRISTIE-PC\BACKUP SET 2011-01-04 154939\BACKUP FILES 2011-01-04 154939\BACKUP FILES 30.ZIP )/C\USERS\AMY CHRISTIE\DOWNLOADS\CURSORMANIASETUP2.3.50.57.SA.HP.ZCFOX000.EXE
F:\AMYCHRISTIE-PC\BACKUP SET 2011-01-04 154939\BACKUP FILES 2011-01-04 154939\BACKUP FILES 30.ZIP
ZIP ARCHIVE( F:\AMYCHRISTIE-PC\BACKUP SET 2011-01-04 154939\BACKUP FILES 2011-01-04 154939\BACKUP FILES 31.ZIP )/C\USERS\AMY CHRISTIE\DOWNLOADS\RETROGAMERSETUP2.3.67.1.SA.HP.RGFOX000.EXE
ZIP ARCHIVE( F:\AMYCHRISTIE-PC\BACKUP SET 2012-01-22 213755\BACKUP FILES 2012-01-22 213755\BACKUP FILES 29.ZIP )/C\USERS\AMY CHRISTIE\APPDATA\LOCALLOW\FUNWEBPRODUCTS\INSTALLR\CACHE\1FC25EE8.EXE
F:\AMYCHRISTIE-PC\BACKUP SET 2012-01-22 213755\BACKUP FILES 2012-01-22 213755\BACKUP FILES 29.ZIP
ZIP ARCHIVE( F:\AMYCHRISTIE-PC\BACKUP SET 2012-01-22 213755\BACKUP FILES 2012-01-22 213755\BACKUP FILES 30.ZIP )/C\USERS\AMY CHRISTIE\APPDATA\LOCALLOW\MYWEBSEARCH\BAR\CACHE\880705D4.EXE
F:\AMYCHRISTIE-PC\BACKUP SET 2012-01-22 213755\BACKUP FILES 2012-01-22 213755\BACKUP FILES 30.ZIP
F:\AMY'S WORK, 2010\DOWNLOADS\CURSORMANIASETUP2.3.50.57.SA.HP.ZCFOX000.EXE
F:\AMY'S WORK, 2010\DOWNLOADS\RETROGAMERSETUP2.3.67.1.SA.HP.RGFOX000.EXE
C:\USERS\AMY CHRISTIE\APPDATA\LOCALLOW\FUNWEBPRODUCTS\INSTALLR\CACHE\1FC25EE8.EXE
C:\USERS\AMY CHRISTIE\APPDATA\LOCALLOW\MYWEBSEARCH\BAR\CACHE\880705D4.EXE

Adware.CouponBar
C:\USERS\AMY CHRISTIE\APPDATA\LOCAL\TEMP\CPNPRT2.CID
C:\USERS\AMY CHRISTIE\APPDATA\LOCAL\TEMP\LOW\CPNPRT2.CID



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-25 20:02:00
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000005f ST316081 rev.4.AA
Running: 6x4kw5i8.exe; Driver: C:\Users\AMYCHR~1\AppData\Local\Temp\axldqpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 8224E369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82287D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text storport.sys!DllInitialize + 61C9 87D13547 1 Byte [CC] {INT 3 }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [737D2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [737B5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [737B56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [737D24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [737C8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [737C4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [737C506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [737C5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [737C6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [737C826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [737C87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [737C901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [737CE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1280] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [737C4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:300] 852A8161
Thread System [4:552] 854CFC30

---- EOF - GMER 1.0.15 ----


Again, thank you for your time

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:58 AM

Posted 26 January 2012 - 11:55 AM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 akc2699

akc2699
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 26 January 2012 - 12:29 PM

I have done the above, here is the log:

10:19:13.0485 3104 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
10:19:13.0840 3104 ============================================================
10:19:13.0840 3104 Current date / time: 2012/01/26 10:19:13.0840
10:19:13.0840 3104 SystemInfo:
10:19:13.0840 3104
10:19:13.0840 3104 OS Version: 6.1.7601 ServicePack: 1.0
10:19:13.0840 3104 Product type: Workstation
10:19:13.0840 3104 ComputerName: AMYCHRISTIE-PC
10:19:13.0841 3104 UserName: Amy Christie
10:19:13.0841 3104 Windows directory: C:\Windows
10:19:13.0841 3104 System windows directory: C:\Windows
10:19:13.0841 3104 Processor architecture: Intel x86
10:19:13.0841 3104 Number of processors: 1
10:19:13.0841 3104 Page size: 0x1000
10:19:13.0841 3104 Boot type: Normal boot
10:19:13.0841 3104 ============================================================
10:19:15.0316 3104 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:19:15.0320 3104 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:19:15.0351 3104 Drive \Device\Harddisk7\DR7 - Size: 0xF48D1C00 (3.82 Gb), SectorSize: 0x200, Cylinders: 0x1F2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:19:15.0382 3104 Initialize success
10:19:34.0623 2980 ============================================================
10:19:34.0623 2980 Scan started
10:19:34.0623 2980 Mode: Manual;
10:19:34.0623 2980 ============================================================
10:19:35.0324 2980 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:19:35.0327 2980 1394ohci - ok
10:19:35.0435 2980 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:19:35.0438 2980 ACPI - ok
10:19:35.0572 2980 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:19:35.0573 2980 AcpiPmi - ok
10:19:35.0755 2980 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:19:35.0780 2980 adp94xx - ok
10:19:35.0921 2980 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:19:35.0938 2980 adpahci - ok
10:19:36.0024 2980 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:19:36.0052 2980 adpu320 - ok
10:19:36.0293 2980 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:19:36.0343 2980 AFD - ok
10:19:36.0554 2980 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\Windows\system32\DRIVERS\AGRSM.sys
10:19:36.0580 2980 AgereSoftModem - ok
10:19:36.0640 2980 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:19:36.0642 2980 agp440 - ok
10:19:36.0771 2980 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:19:36.0773 2980 aic78xx - ok
10:19:36.0926 2980 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:19:36.0927 2980 aliide - ok
10:19:36.0988 2980 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:19:36.0990 2980 amdagp - ok
10:19:37.0102 2980 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:19:37.0103 2980 amdide - ok
10:19:37.0218 2980 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:19:37.0219 2980 AmdK8 - ok
10:19:37.0382 2980 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:19:37.0384 2980 AmdPPM - ok
10:19:37.0592 2980 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:19:37.0594 2980 amdsata - ok
10:19:37.0739 2980 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:19:37.0743 2980 amdsbs - ok
10:19:37.0831 2980 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:19:37.0832 2980 amdxata - ok
10:19:37.0939 2980 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:19:37.0952 2980 AppID - ok
10:19:38.0471 2980 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:19:38.0481 2980 arc - ok
10:19:38.0803 2980 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:19:38.0813 2980 arcsas - ok
10:19:39.0039 2980 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:19:39.0040 2980 AsyncMac - ok
10:19:39.0243 2980 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:19:39.0245 2980 atapi - ok
10:19:39.0423 2980 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:19:39.0429 2980 b06bdrv - ok
10:19:39.0491 2980 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:19:39.0505 2980 b57nd60x - ok
10:19:39.0572 2980 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:19:39.0573 2980 Beep - ok
10:19:39.0616 2980 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:19:39.0618 2980 blbdrive - ok
10:19:39.0675 2980 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:19:39.0677 2980 bowser - ok
10:19:39.0739 2980 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:19:39.0740 2980 BrFiltLo - ok
10:19:39.0783 2980 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:19:39.0784 2980 BrFiltUp - ok
10:19:39.0846 2980 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:19:39.0864 2980 Brserid - ok
10:19:39.0924 2980 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:19:39.0937 2980 BrSerWdm - ok
10:19:39.0987 2980 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:19:39.0988 2980 BrUsbMdm - ok
10:19:40.0041 2980 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:19:40.0053 2980 BrUsbSer - ok
10:19:40.0109 2980 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:19:40.0111 2980 BTHMODEM - ok
10:19:40.0192 2980 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:19:40.0194 2980 cdfs - ok
10:19:40.0265 2980 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
10:19:40.0284 2980 cdrom - ok
10:19:40.0385 2980 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:19:40.0387 2980 circlass - ok
10:19:40.0456 2980 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:19:40.0463 2980 CLFS - ok
10:19:40.0565 2980 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:19:40.0567 2980 CmBatt - ok
10:19:40.0624 2980 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:19:40.0626 2980 cmdide - ok
10:19:40.0669 2980 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
10:19:40.0675 2980 CNG - ok
10:19:40.0718 2980 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:19:40.0720 2980 Compbatt - ok
10:19:40.0783 2980 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
10:19:40.0784 2980 CompositeBus - ok
10:19:40.0852 2980 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:19:40.0853 2980 crcdisk - ok
10:19:40.0957 2980 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
10:19:40.0983 2980 CSC - ok
10:19:41.0061 2980 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:19:41.0063 2980 DfsC - ok
10:19:41.0170 2980 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:19:41.0171 2980 discache - ok
10:19:41.0224 2980 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:19:41.0227 2980 Disk - ok
10:19:41.0290 2980 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
10:19:41.0292 2980 Dot4 - ok
10:19:41.0336 2980 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:19:41.0338 2980 Dot4Print - ok
10:19:41.0392 2980 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
10:19:41.0393 2980 dot4usb - ok
10:19:41.0424 2980 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:19:41.0425 2980 drmkaud - ok
10:19:41.0468 2980 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:19:41.0485 2980 DXGKrnl - ok
10:19:41.0609 2980 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:19:41.0704 2980 ebdrv - ok
10:19:41.0766 2980 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:19:41.0774 2980 elxstor - ok
10:19:41.0815 2980 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:19:41.0816 2980 ErrDev - ok
10:19:41.0919 2980 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:19:41.0922 2980 exfat - ok
10:19:41.0953 2980 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:19:41.0956 2980 fastfat - ok
10:19:41.0993 2980 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:19:41.0994 2980 fdc - ok
10:19:42.0053 2980 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:19:42.0055 2980 FileInfo - ok
10:19:42.0097 2980 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:19:42.0098 2980 Filetrace - ok
10:19:42.0135 2980 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:19:42.0136 2980 flpydisk - ok
10:19:42.0188 2980 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:19:42.0192 2980 FltMgr - ok
10:19:42.0248 2980 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:19:42.0250 2980 FsDepends - ok
10:19:42.0294 2980 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
10:19:42.0295 2980 Fs_Rec - ok
10:19:42.0344 2980 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:19:42.0348 2980 fvevol - ok
10:19:42.0411 2980 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:19:42.0413 2980 gagp30kx - ok
10:19:42.0495 2980 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
10:19:42.0496 2980 GEARAspiWDM - ok
10:19:42.0576 2980 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:19:42.0577 2980 hcw85cir - ok
10:19:42.0623 2980 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
10:19:42.0625 2980 HDAudBus - ok
10:19:42.0642 2980 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:19:42.0643 2980 HidBatt - ok
10:19:42.0683 2980 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:19:42.0686 2980 HidBth - ok
10:19:42.0715 2980 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:19:42.0719 2980 HidIr - ok
10:19:42.0771 2980 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
10:19:42.0773 2980 HidUsb - ok
10:19:42.0883 2980 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:19:42.0893 2980 HpSAMD - ok
10:19:42.0962 2980 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:19:42.0978 2980 HTTP - ok
10:19:43.0028 2980 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:19:43.0029 2980 hwpolicy - ok
10:19:43.0081 2980 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
10:19:43.0083 2980 i8042prt - ok
10:19:43.0132 2980 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:19:43.0138 2980 iaStorV - ok
10:19:43.0208 2980 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:19:43.0210 2980 iirsp - ok
10:19:43.0268 2980 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
10:19:43.0269 2980 int15 - ok
10:19:43.0369 2980 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys
10:19:43.0451 2980 IntcAzAudAddService - ok
10:19:43.0488 2980 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:19:43.0489 2980 intelide - ok
10:19:43.0545 2980 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:19:43.0547 2980 intelppm - ok
10:19:43.0568 2980 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:19:43.0570 2980 IpFilterDriver - ok
10:19:43.0630 2980 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:19:43.0632 2980 IPMIDRV - ok
10:19:43.0665 2980 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:19:43.0668 2980 IPNAT - ok
10:19:43.0738 2980 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:19:43.0759 2980 IRENUM - ok
10:19:43.0802 2980 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:19:43.0803 2980 isapnp - ok
10:19:43.0849 2980 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:19:43.0853 2980 iScsiPrt - ok
10:19:43.0897 2980 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:19:43.0898 2980 kbdclass - ok
10:19:43.0946 2980 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
10:19:43.0948 2980 kbdhid - ok
10:19:43.0992 2980 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
10:19:43.0994 2980 KSecDD - ok
10:19:44.0037 2980 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
10:19:44.0040 2980 KSecPkg - ok
10:19:44.0149 2980 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:19:44.0151 2980 lltdio - ok
10:19:44.0210 2980 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:19:44.0223 2980 LSI_FC - ok
10:19:44.0295 2980 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:19:44.0297 2980 LSI_SAS - ok
10:19:44.0375 2980 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:19:44.0377 2980 LSI_SAS2 - ok
10:19:44.0396 2980 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:19:44.0398 2980 LSI_SCSI - ok
10:19:44.0460 2980 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:19:44.0463 2980 luafv - ok
10:19:44.0512 2980 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:19:44.0518 2980 megasas - ok
10:19:44.0566 2980 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:19:44.0570 2980 MegaSR - ok
10:19:44.0610 2980 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:19:44.0611 2980 Modem - ok
10:19:44.0671 2980 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:19:44.0672 2980 monitor - ok
10:19:44.0718 2980 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
10:19:44.0720 2980 mouclass - ok
10:19:44.0774 2980 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:19:44.0776 2980 mouhid - ok
10:19:44.0814 2980 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:19:44.0816 2980 mountmgr - ok
10:19:44.0853 2980 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:19:44.0858 2980 mpio - ok
10:19:44.0947 2980 MpKslfaa33001 - ok
10:19:45.0093 2980 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:19:45.0095 2980 mpsdrv - ok
10:19:45.0149 2980 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:19:45.0151 2980 MRxDAV - ok
10:19:45.0197 2980 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:19:45.0205 2980 mrxsmb - ok
10:19:45.0255 2980 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:19:45.0259 2980 mrxsmb10 - ok
10:19:45.0319 2980 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:19:45.0321 2980 mrxsmb20 - ok
10:19:45.0408 2980 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:19:45.0410 2980 msahci - ok
10:19:45.0447 2980 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:19:45.0450 2980 msdsm - ok
10:19:45.0506 2980 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:19:45.0507 2980 Msfs - ok
10:19:45.0552 2980 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:19:45.0562 2980 mshidkmdf - ok
10:19:45.0608 2980 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:19:45.0609 2980 msisadrv - ok
10:19:45.0681 2980 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:19:45.0695 2980 MSKSSRV - ok
10:19:45.0742 2980 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:19:45.0743 2980 MSPCLOCK - ok
10:19:45.0777 2980 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:19:45.0787 2980 MSPQM - ok
10:19:45.0839 2980 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:19:45.0843 2980 MsRPC - ok
10:19:45.0881 2980 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
10:19:45.0882 2980 mssmbios - ok
10:19:45.0932 2980 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:19:45.0933 2980 MSTEE - ok
10:19:45.0972 2980 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:19:45.0987 2980 MTConfig - ok
10:19:46.0037 2980 MTDVC2 (cd3c06f56104bac9268587bf1c25a84c) C:\Windows\system32\DRIVERS\mtdv2ku2.sys
10:19:46.0038 2980 MTDVC2 - ok
10:19:46.0072 2980 MTDVC2_ENUM (a25b4cec85388f2e88567b4d629aa6e4) C:\Windows\system32\DRIVERS\mtdv2ks2.sys
10:19:46.0073 2980 MTDVC2_ENUM - ok
10:19:46.0114 2980 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:19:46.0116 2980 Mup - ok
10:19:46.0174 2980 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:19:46.0191 2980 NativeWifiP - ok
10:19:46.0258 2980 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:19:46.0282 2980 NDIS - ok
10:19:46.0345 2980 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:19:46.0347 2980 NdisCap - ok
10:19:46.0373 2980 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:19:46.0374 2980 NdisTapi - ok
10:19:46.0418 2980 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:19:46.0420 2980 Ndisuio - ok
10:19:46.0464 2980 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:19:46.0467 2980 NdisWan - ok
10:19:46.0511 2980 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:19:46.0513 2980 NDProxy - ok
10:19:46.0599 2980 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:19:46.0601 2980 NetBIOS - ok
10:19:46.0644 2980 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:19:46.0647 2980 NetBT - ok
10:19:46.0773 2980 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:19:46.0775 2980 nfrd960 - ok
10:19:46.0828 2980 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:19:46.0830 2980 Npfs - ok
10:19:46.0863 2980 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:19:46.0864 2980 nsiproxy - ok
10:19:46.0936 2980 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:19:46.0963 2980 Ntfs - ok
10:19:47.0043 2980 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:19:47.0044 2980 Null - ok
10:19:47.0139 2980 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
10:19:47.0146 2980 NVENETFD - ok
10:19:47.0429 2980 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:19:47.0659 2980 nvlddmkm - ok
10:19:47.0771 2980 NVNET (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
10:19:47.0778 2980 NVNET - ok
10:19:47.0829 2980 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:19:47.0831 2980 nvraid - ok
10:19:47.0868 2980 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:19:47.0869 2980 nvstor - ok
10:19:47.0913 2980 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys
10:19:47.0916 2980 nvstor32 - ok
10:19:47.0977 2980 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:19:47.0979 2980 nv_agp - ok
10:19:48.0043 2980 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:19:48.0045 2980 ohci1394 - ok
10:19:48.0108 2980 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:19:48.0110 2980 Parport - ok
10:19:48.0148 2980 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
10:19:48.0149 2980 partmgr - ok
10:19:48.0182 2980 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:19:48.0195 2980 Parvdm - ok
10:19:48.0238 2980 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:19:48.0243 2980 pci - ok
10:19:48.0270 2980 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:19:48.0273 2980 pciide - ok
10:19:48.0309 2980 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:19:48.0314 2980 pcmcia - ok
10:19:48.0350 2980 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:19:48.0352 2980 pcw - ok
10:19:48.0391 2980 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:19:48.0417 2980 PEAUTH - ok
10:19:48.0586 2980 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:19:48.0588 2980 PptpMiniport - ok
10:19:48.0629 2980 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:19:48.0631 2980 Processor - ok
10:19:48.0702 2980 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:19:48.0704 2980 Psched - ok
10:19:48.0764 2980 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
10:19:48.0766 2980 PxHelp20 - ok
10:19:49.0048 2980 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:19:49.0109 2980 ql2300 - ok
10:19:49.0130 2980 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:19:49.0133 2980 ql40xx - ok
10:19:49.0171 2980 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:19:49.0173 2980 QWAVEdrv - ok
10:19:49.0255 2980 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:19:49.0256 2980 RasAcd - ok
10:19:49.0317 2980 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:19:49.0319 2980 RasAgileVpn - ok
10:19:49.0360 2980 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:19:49.0362 2980 Rasl2tp - ok
10:19:49.0424 2980 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:19:49.0427 2980 RasPppoe - ok
10:19:49.0464 2980 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:19:49.0466 2980 RasSstp - ok
10:19:49.0527 2980 rcmirror (a7bad9853a70e2e7808be027efe0522a) C:\Windows\system32\DRIVERS\rcmirror.sys
10:19:49.0528 2980 rcmirror - ok
10:19:49.0620 2980 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:19:49.0627 2980 rdbss - ok
10:19:49.0694 2980 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:19:49.0695 2980 rdpbus - ok
10:19:49.0734 2980 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:19:49.0735 2980 RDPCDD - ok
10:19:49.0782 2980 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
10:19:49.0785 2980 RDPDR - ok
10:19:49.0842 2980 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:19:49.0843 2980 RDPENCDD - ok
10:19:49.0892 2980 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:19:49.0893 2980 RDPREFMP - ok
10:19:49.0982 2980 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
10:19:49.0994 2980 RdpVideoMiniport - ok
10:19:50.0055 2980 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
10:19:50.0067 2980 RDPWD - ok
10:19:50.0122 2980 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:19:50.0126 2980 rdyboost - ok
10:19:50.0190 2980 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
10:19:50.0191 2980 RimUsb - ok
10:19:50.0281 2980 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:19:50.0283 2980 rspndr - ok
10:19:50.0325 2980 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
10:19:50.0327 2980 s3cap - ok
10:19:50.0434 2980 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:19:50.0435 2980 SASDIFSV - ok
10:19:50.0498 2980 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:19:50.0500 2980 SASKUTIL - ok
10:19:50.0618 2980 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:19:50.0620 2980 sbp2port - ok
10:19:50.0670 2980 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:19:50.0672 2980 scfilter - ok
10:19:50.0772 2980 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:19:50.0774 2980 secdrv - ok
10:19:50.0879 2980 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:19:50.0880 2980 Serenum - ok
10:19:50.0913 2980 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:19:50.0916 2980 Serial - ok
10:19:50.0961 2980 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:19:50.0962 2980 sermouse - ok
10:19:51.0030 2980 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:19:51.0031 2980 sffdisk - ok
10:19:51.0085 2980 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:19:51.0096 2980 sffp_mmc - ok
10:19:51.0138 2980 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:19:51.0139 2980 sffp_sd - ok
10:19:51.0201 2980 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:19:51.0202 2980 sfloppy - ok
10:19:51.0269 2980 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:19:51.0271 2980 sisagp - ok
10:19:51.0327 2980 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:19:51.0329 2980 SiSRaid2 - ok
10:19:51.0361 2980 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:19:51.0363 2980 SiSRaid4 - ok
10:19:51.0421 2980 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:19:51.0423 2980 Smb - ok
10:19:51.0517 2980 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:19:51.0518 2980 spldr - ok
10:19:51.0579 2980 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:19:51.0584 2980 srv - ok
10:19:51.0645 2980 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:19:51.0650 2980 srv2 - ok
10:19:51.0689 2980 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:19:51.0692 2980 srvnet - ok
10:19:51.0816 2980 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:19:51.0818 2980 stexstor - ok
10:19:51.0872 2980 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
10:19:51.0873 2980 StillCam - ok
10:19:51.0950 2980 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
10:19:51.0952 2980 storflt - ok
10:19:51.0987 2980 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
10:19:51.0998 2980 storvsc - ok
10:19:52.0028 2980 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
10:19:52.0029 2980 swenum - ok
10:19:52.0074 2980 Synth3dVsc - ok
10:19:52.0185 2980 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
10:19:52.0211 2980 Tcpip - ok
10:19:52.0326 2980 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
10:19:52.0335 2980 TCPIP6 - ok
10:19:52.0389 2980 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:19:52.0391 2980 tcpipreg - ok
10:19:52.0444 2980 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:19:52.0446 2980 TDPIPE - ok
10:19:52.0500 2980 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
10:19:52.0510 2980 TDTCP - ok
10:19:52.0555 2980 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:19:52.0559 2980 tdx - ok
10:19:52.0601 2980 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
10:19:52.0603 2980 TermDD - ok
10:19:52.0734 2980 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:19:52.0735 2980 tssecsrv - ok
10:19:52.0792 2980 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:19:52.0794 2980 TsUsbFlt - ok
10:19:52.0812 2980 tsusbhub - ok
10:19:52.0881 2980 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:19:52.0883 2980 tunnel - ok
10:19:52.0929 2980 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:19:52.0931 2980 uagp35 - ok
10:19:52.0979 2980 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:19:52.0983 2980 udfs - ok
10:19:53.0050 2980 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:19:53.0052 2980 uliagpkx - ok
10:19:53.0137 2980 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
10:19:53.0138 2980 umbus - ok
10:19:53.0202 2980 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:19:53.0216 2980 UmPass - ok
10:19:53.0317 2980 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:19:53.0319 2980 usbccgp - ok
10:19:53.0369 2980 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:19:53.0378 2980 usbcir - ok
10:19:53.0428 2980 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
10:19:53.0440 2980 usbehci - ok
10:19:53.0498 2980 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:19:53.0503 2980 usbhub - ok
10:19:53.0542 2980 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
10:19:53.0544 2980 usbohci - ok
10:19:53.0601 2980 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:19:53.0603 2980 usbprint - ok
10:19:53.0654 2980 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
10:19:53.0655 2980 usbscan - ok
10:19:53.0705 2980 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:19:53.0707 2980 USBSTOR - ok
10:19:53.0748 2980 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
10:19:53.0751 2980 usbuhci - ok
10:19:53.0808 2980 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:19:53.0810 2980 vdrvroot - ok
10:19:53.0865 2980 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:19:53.0866 2980 vga - ok
10:19:53.0886 2980 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:19:53.0888 2980 VgaSave - ok
10:19:53.0945 2980 VGPU - ok
10:19:53.0989 2980 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:19:53.0993 2980 vhdmp - ok
10:19:54.0036 2980 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:19:54.0038 2980 viaagp - ok
10:19:54.0081 2980 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:19:54.0099 2980 ViaC7 - ok
10:19:54.0150 2980 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:19:54.0151 2980 viaide - ok
10:19:54.0201 2980 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
10:19:54.0205 2980 vmbus - ok
10:19:54.0253 2980 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
10:19:54.0254 2980 VMBusHID - ok
10:19:54.0292 2980 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:19:54.0293 2980 volmgr - ok
10:19:54.0349 2980 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:19:54.0353 2980 volmgrx - ok
10:19:54.0396 2980 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:19:54.0400 2980 volsnap - ok
10:19:54.0484 2980 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:19:54.0487 2980 vsmraid - ok
10:19:54.0536 2980 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
10:19:54.0537 2980 vwifibus - ok
10:19:54.0590 2980 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:19:54.0591 2980 WacomPen - ok
10:19:54.0652 2980 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:19:54.0654 2980 WANARP - ok
10:19:54.0664 2980 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:19:54.0667 2980 Wanarpv6 - ok
10:19:54.0810 2980 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:19:54.0811 2980 Wd - ok
10:19:54.0872 2980 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\Windows\system32\drivers\Wdf01000.sys
10:19:54.0888 2980 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 73c5809c82828e34232f9811cb51490e, Fake md5: 9950e3d0f08141c7e89e64456ae7dc73
10:19:54.0890 2980 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
10:19:54.0890 2980 Wdf01000 - detected Virus.Win32.Rloader.a (0)
10:19:55.0054 2980 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:19:55.0055 2980 WfpLwf - ok
10:19:55.0111 2980 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:19:55.0113 2980 WIMMount - ok
10:19:55.0258 2980 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
10:19:55.0259 2980 WinUsb - ok
10:19:55.0294 2980 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:19:55.0295 2980 WmiAcpi - ok
10:19:55.0451 2980 WRkrn (85186d540e12130ae3f697e353960192) C:\Windows\system32\drivers\WRkrn.sys
10:19:55.0453 2980 WRkrn - ok
10:19:55.0500 2980 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:19:55.0502 2980 ws2ifsl - ok
10:19:55.0605 2980 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:19:55.0607 2980 WudfPf - ok
10:19:55.0657 2980 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:19:55.0660 2980 WUDFRd - ok
10:19:55.0708 2980 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:19:55.0755 2980 \Device\Harddisk0\DR0 - ok
10:19:55.0765 2980 MBR (0x1B8) (988d3c46cbd13ec7f482b833c55264c8) \Device\Harddisk2\DR2
10:19:55.0769 2980 \Device\Harddisk2\DR2 - ok
10:19:55.0780 2980 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk7\DR7
10:19:55.0784 2980 \Device\Harddisk7\DR7 - ok
10:19:55.0796 2980 Boot (0x1200) (5c1107f2e043b9de9d77d8e5a68a1afd) \Device\Harddisk0\DR0\Partition0
10:19:55.0797 2980 \Device\Harddisk0\DR0\Partition0 - ok
10:19:55.0805 2980 Boot (0x1200) (1580d667b4f407f581512fe16571dd79) \Device\Harddisk2\DR2\Partition0
10:19:55.0806 2980 \Device\Harddisk2\DR2\Partition0 - ok
10:19:55.0816 2980 Boot (0x1200) (4f7f7d5c7ed0ae75c9ae6ac6994d8ea0) \Device\Harddisk7\DR7\Partition0
10:19:55.0817 2980 \Device\Harddisk7\DR7\Partition0 - ok
10:19:55.0821 2980 ============================================================
10:19:55.0821 2980 Scan finished
10:19:55.0821 2980 ============================================================
10:19:55.0839 3840 Detected object count: 1
10:19:55.0839 3840 Actual detected object count: 1
10:20:40.0589 3840 Backup copy found, using it..
10:20:40.0601 3840 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
10:20:40.0601 3840 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
10:21:18.0462 4396 Deinitialize success


Thank you!

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:58 AM

Posted 26 January 2012 - 01:40 PM

Post new aswMBR and GMER logs.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 akc2699

akc2699
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 26 January 2012 - 02:37 PM

Please see attached new logs:


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-26 11:44:05
-----------------------------
11:44:05.279 OS Version: Windows 6.1.7601 Service Pack 1
11:44:05.279 Number of processors: 1 586 0x5F03
11:44:05.280 ComputerName: AMYCHRISTIE-PC UserName: Amy Christie
11:44:06.120 Initialize success
11:44:59.251 AVAST engine defs: 12012601
11:45:03.133 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
11:45:03.136 Disk 0 Vendor: ST316081 4.AA Size: 152627MB BusType: 3
11:45:03.152 Disk 0 MBR read successfully
11:45:03.155 Disk 0 MBR scan
11:45:03.162 Disk 0 Windows 7 default MBR code
11:45:03.172 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
11:45:03.191 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142385 MB offset 20973568
11:45:03.211 Disk 0 scanning sectors +312579760
11:45:03.285 Disk 0 scanning C:\Windows\system32\drivers
11:45:17.823 Service scanning
11:45:18.522 Service WRkrn C:\Windows\System32\drivers\WRkrn.sys **LOCKED** 32
11:45:19.036 Modules scanning
11:45:25.511 Disk 0 trace - called modules:
11:45:25.883 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
11:45:25.891 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86381030]
11:45:25.899 3 CLASSPNP.SYS[83c0459e] -> nt!IofCallDriver -> [0x853c8f08]
11:45:25.907 5 ACPI.sys[837b03d4] -> nt!IofCallDriver -> \Device\0000005d[0x85cd7030]
11:45:26.897 AVAST engine scan C:\Windows
11:45:30.262 AVAST engine scan C:\Windows\system32
11:48:11.203 AVAST engine scan C:\Windows\system32\drivers
11:48:23.900 AVAST engine scan C:\Users\Amy Christie
11:59:06.278 Disk 0 MBR has been saved successfully to "C:\Users\Amy Christie\Desktop\MBR.dat"
11:59:06.289 The log file has been saved successfully to "C:\Users\Amy Christie\Desktop\aswMBR1.txt"





GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-26 12:35:39
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000005d ST316081 rev.4.AA
Running: k0vrp6vh.exe; Driver: C:\Users\AMYCHR~1\AppData\Local\Temp\axldqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwAssignProcessToJobObject [0x83E8F7B0]
SSDT \SystemRoot\System32\drivers\WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwCreateThread [0x83E8F830]
SSDT \SystemRoot\System32\drivers\WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwOpenProcess [0x83E8FBF0]
SSDT \SystemRoot\System32\drivers\WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwOpenThread [0x83E8FAC0]
SSDT \SystemRoot\System32\drivers\WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwProtectVirtualMemory [0x83E8F8C0]
SSDT \SystemRoot\System32\drivers\WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwSetContextThread [0x83E8F730]
SSDT \SystemRoot\System32\drivers\WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwTerminateProcess [0x83E8FA40]
SSDT \SystemRoot\System32\drivers\WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwTerminateThread [0x83E8F940]
SSDT \SystemRoot\System32\drivers\WRkrn.sys (Webroot SecureAnywhere/Webroot) ZwWriteVirtualMemory [0x83E8F9C0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 83081369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830BAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 830C1E08 3 Bytes [B0, F7, E8]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 830C1EB8 3 Bytes [30, F8, E8]
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 830C2054 3 Bytes [F0, FB, E8]
.text ntkrnlpa.exe!KeRemoveQueueEx + 13BF 830C2074 3 Bytes [C0, FA, E8] {SAR DL, 0xe8}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1403 830C20B8 3 Bytes [C0, F8, E8] {SAR AL, 0xe8}
.text ...
? system32\drivers\52920017.sys The system cannot find the path specified. !
? system32\drivers\tskC080.tmp The system cannot find the path specified. !
? C:\Users\AMYCHR~1\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1880] kernel32.dll!SetUnhandledExceptionFilter 753CF4FB 5 Bytes JMP 5CF25465 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1880] ole32.dll!OleLoadFromStream 75526143 5 Bytes JMP 5D24B771 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Windows\Explorer.EXE[3140] SHLWAPI.dll!ShellMessageBoxW 7700DDD1 5 Bytes JMP 69FF2CD0 C:\Windows\system32\WRusr.dll (Webroot SecureAnywhere/Webroot)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1880] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74E8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1880] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74E8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74E8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1880] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74E8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1880] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74E8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1880] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74E8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1880] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [74E8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73912437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [738F5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [738F56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [739124B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73908514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73904CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7390506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73905144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73906671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7390826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [739087BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7390901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7390E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3140] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73904BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[4060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74E8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[4060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74E8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[4060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74E8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[4060] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74E8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[4060] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74E8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\RunDll32.exe[4060] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74E8FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 WRkrn.sys (Webroot SecureAnywhere/Webroot)

Device \Driver\Wdf01000 \Device\KMDF0 tskC080.tmp

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 WRkrn.sys (Webroot SecureAnywhere/Webroot)

Device \Driver\PEAUTH \Device\PEAuth tskC080.tmp

AttachedDevice \Driver\tdx \Device\Tcp WRkrn.sys (Webroot SecureAnywhere/Webroot)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 tskC080.tmp
Device \Driver\cdrom \Device\CdRom1 tskC080.tmp

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp WRkrn.sys (Webroot SecureAnywhere/Webroot)
AttachedDevice \Driver\tdx \Device\RawIp WRkrn.sys (Webroot SecureAnywhere/Webroot)

Device \Driver\umbus \Device\0000007b tskC080.tmp
Device \Driver\umbus \Device\0000007c tskC080.tmp

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


Thank you

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:58 AM

Posted 26 January 2012 - 02:39 PM

How is computer doing?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 akc2699

akc2699
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 26 January 2012 - 05:37 PM

The computer is running much faster, I have done the things as instructed. I still have the ESET scanner open, should I quarantine the files found???

Here is the log.

C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
C:\Users\Amy Christie\AppData\Local\Google\Chrome\User Data\Default\Default\pmnaengbilmllffmngbplbclgemjggng\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Amy Christie\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application deleted - quarantined
C:\Users\Amy Christie\Downloads\SoftonicDownloader_for_microsoft-powerpoint-viewer.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined

Thank you

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:58 AM

Posted 26 January 2012 - 05:46 PM

They're quarantined already.
You can delete those items if this is what you're asking.

Update Internet Explorer to version 9.

=================================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) weekly.

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

11. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 akc2699

akc2699
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 26 January 2012 - 08:09 PM

Thank you so much for all of your help.

I am trying to update internet explorer in my updates, and have tried three times now and each time it says download failed is there something else I should be doing?

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:58 AM

Posted 26 January 2012 - 08:17 PM

Are your Windows updates current?
If they are try to download standalone IE 9 installer: http://windows.microsoft.com/en-US/internet-explorer/products/ie/home

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 akc2699

akc2699
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 26 January 2012 - 10:41 PM

Your help has been completely invaluable to me! I appreciate all of your help and quick responses, I have learned a lot!!

Thank you so much.

I will be making a donation immediately!

Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users