Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Green Dot MoneyPak virus


  • This topic is locked This topic is locked
40 replies to this topic

#1 cazpez

cazpez

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 18 October 2012 - 09:29 AM

Hi - First timer here. Also infected with the FBI Green Dot Money Pak virus. Tried following the instructions at http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware and although I was successfully able to download the Emsisoft app, the computer gives me an error and will not unzip the app. I have used your forums in the past to recover from a virus and am grateful to you all for all that you do. Your help is truly appreciated.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 18 October 2012 - 01:26 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cazpez

cazpez
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 18 October 2012 - 03:05 PM

Results of screen317's Security Check version 0.99.51
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 25
Java version out of Date!
Adobe Flash Player 11.2.202.235 Flash Player out of Date!
Adobe Reader X 10.1.1 Adobe Reader out of Date!
Mozilla Firefox (15.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/29/2011 8:31:50 PM
System Uptime: 10/17/2012 2:54:28 PM (25 hours ago)
.
Motherboard: Dell Inc. | | 034W60
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz | CPU 1 | 2294/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 391.619 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&25B13969&1&03
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&25B13969&1&03
Service: vwifimp
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP165: 9/23/2012 7:53:33 PM - Windows Backup
RP166: 9/27/2012 7:23:39 AM - Installed Dell MusicStage
RP167: 9/30/2012 8:27:52 PM - Windows Backup
RP168: 10/4/2012 9:56:25 PM - Installed Dell MusicStage
RP169: 10/7/2012 8:04:07 PM - Windows Backup
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX 64-bit
Adobe Flash Player 11 Plugin 64-bit
Adobe Reader X (10.0.1)
Adobe Reader X (10.1.1) MUI
Advanced Audio FX Engine
Bing Bar
Bing Rewards Client Installer
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Tool
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
Consumer In-Home Service Agreement
Coupon Printer for Windows
Cozi
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell Perks Webslice IE8
Dell PhotoStage
Dell Stage
Dell Support Center
Dell Touchpad
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
eBay
Facebook Video Calling 1.2.0.159
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
IDT Audio
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Monitor 2.0
Intel® Wireless Display
Internet Explorer
Java Auto Updater
Java™ 6 Update 23 (64-bit)
Java™ 6 Update 25
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee SecurityCenter
MediaBar
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
mPlayer version 1.0
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PhotoShowExpress
Quickset64
RBVirtualFolder64Inst
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
RuneScape Launcher 1.2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Shared C Run-time for x64
Skype Toolbars
Skype™ 4.2
Sonic CinePlayer Decoder Pack
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
10/18/2012 3:53:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/18/2012 3:49:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
10/18/2012 2:56:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/18/2012 1:58:00 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
10/17/2012 6:45:58 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
10/17/2012 6:44:51 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8006d17060, 0xfffffa8006d17340, 0xfffff80002bc0df0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101712-92071-01.
10/17/2012 3:37:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
10/17/2012 3:00:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
10/17/2012 2:58:07 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/17/2012 2:56:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/17/2012 2:56:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/17/2012 2:56:25 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
10/17/2012 2:56:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
10/17/2012 2:56:06 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
10/17/2012 2:56:06 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
10/17/2012 2:56:06 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
10/17/2012 2:56:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/17/2012 12:58:34 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
10/17/2012 12:58:28 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
10/17/2012 10:48:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McAfee SiteAdvisor Service service.
10/17/2012 10:48:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Backup service to connect.
10/17/2012 10:48:05 AM, Error: Service Control Manager [7000] - The Windows Backup service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/17/2012 10:48:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service sdrsvc with arguments "" in order to run the server: {687E55CA-6621-4C41-B9F1-C0EDDC94BB05}
10/17/2012 1:34:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
10/17/2012 1:01:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
10/17/2012 1:01:27 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/17/2012 1:01:27 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/17/2012 1:01:27 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/17/2012 1:01:27 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/17/2012 1:01:27 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/17/2012 1:01:27 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/17/2012 1:01:27 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/17/2012 1:01:27 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
10/17/2012 1:01:27 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/17/2012 1:01:27 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/17/2012 1:01:27 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/17/2012 1:01:27 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/17/2012 1:01:27 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/17/2012 1:01:27 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/16/2012 7:47:24 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/16/2012 4:12:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8006e68510, 0xfffffa8006e687f0, 0xfffff80002b83df0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101612-18314-01.
10/16/2012 11:57:10 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/16/2012 11:57:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/16/2012 11:57:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/11/2012 7:29:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNASvc service.
.
==== End Of File ===========================

DDS (Ver_2012-10-19.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by cheryl at 16:01:30 on 2012-10-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6051.4621 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://moneygram.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll
BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: UrlHelper Class: {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\IEBHO.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120629125918.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Facebook Update] "C:\Users\cheryl\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Adobe] Rundll32.exe C:\Users\cheryl\AppData\Local\Adobe\acjeedsu.dll,ExchEntryPoint
uRun: [drtsc] "C:\Windows\System32\rundll32.exe" "C:\Users\cheryl\AppData\Roaming\drtsc.dll",File
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
uPolicies-System: DisableTaskMgr = 0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\2375942554036303 : NameServer = 8.8.8.8
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\2375942554036303 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\2375942554132333 : NameServer = 8.8.8.8
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\2375942554132333 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\2375942554433373 : NameServer = 8.8.8.8
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\2375942554433373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\2375942554534393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\2377962756132333 : NameServer = 8.8.8.8
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\2377962756132333 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\E4544574541425 : NameServer = 8.8.8.8
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\E4544574541425 : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: UrlHelper Class: {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\IEBHO.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120629125918.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\cheryl\AppData\Roaming\Mozilla\Firefox\Profiles\y7c1ac59.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://moneygram.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20121041,6902,0,54,0&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\cheryl\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxp://moneygram.com/
FF - user.js: browser.startup.page - 1
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-13 752672]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-31 335784]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-21 55856]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-3-31 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-3-31 177144]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-21 56344]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-31 513456]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2010-12-21 8505856]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 406632]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-21 89600]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-28 136176]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-21 13336]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-16 399432]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-9-27 200728]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-9-27 200728]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-9-27 200728]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-9-27 200728]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-3-31 237920]
S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-21 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-21 2655768]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-3 1298496]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-11-4 58128]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2010-10-19 274432]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-31 69672]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-3-21 175168]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-28 136176]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-9-27 196440]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2010-11-4 59904]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-21 317440]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-31 300392]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-31 106112]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-23 114144]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-30 25072]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-21 250984]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-31 1255736]
S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-16 04:24:51 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Roaming
2012-10-16 02:57:05 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Yvyw
2012-10-16 02:57:05 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Houha
2012-10-16 02:57:05 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Afedig
2012-10-16 00:56:34 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Leubsy
2012-10-16 00:56:34 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ipviu
2012-10-16 00:56:34 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Epfiyd
2012-10-15 22:55:43 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Pyyxs
2012-10-15 22:55:43 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ovku
2012-10-15 22:55:43 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Duux
2012-10-15 03:19:17 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Itqu
2012-10-15 03:19:17 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Foyxy
2012-10-15 03:19:17 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Efez
2012-10-15 00:33:21 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ybaqag
2012-10-15 00:33:21 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Toeton
2012-10-15 00:33:21 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Apfi
2012-10-14 13:58:49 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ypyw
2012-10-14 13:58:49 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Olyq
2012-10-14 13:58:49 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Idyl
2012-10-13 23:34:06 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Oxulmo
2012-10-13 23:34:06 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Omyf
2012-10-13 23:34:06 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Cykaty
2012-10-13 15:26:37 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Vuexig
2012-10-13 15:26:37 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Luba
2012-10-13 15:26:37 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Etkiy
2012-10-12 04:02:12 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ocwue
2012-10-12 04:02:12 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Hoawy
2012-10-12 04:02:12 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Amopcy
2012-10-12 02:01:20 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ugmay
2012-10-12 02:01:20 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Neimi
2012-10-12 02:01:20 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Firu
2012-10-11 23:33:13 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ubisal
2012-10-11 23:33:13 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Nocul
2012-10-11 23:33:13 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Egac
2012-10-11 20:08:11 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Urboe
2012-10-11 20:08:11 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Toow
2012-10-11 20:08:11 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Geeq
2012-10-11 20:07:07 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Olxyyb
2012-10-11 20:07:07 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Curi
2012-10-11 20:07:07 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Aqaw
2012-10-11 11:24:49 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Popa
2012-10-11 11:24:49 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Lavey
2012-10-11 11:24:49 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Duataf
2012-10-11 11:24:12 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Niuq
2012-10-11 11:24:12 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Lafaz
2012-10-11 11:24:12 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ivap
2012-10-11 04:02:29 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Wepy
2012-10-11 04:02:29 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Opym
2012-10-11 04:02:29 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Loizmu
2012-10-11 02:02:21 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Simeqo
2012-10-11 02:02:21 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Etmiby
2012-10-11 02:02:21 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Agon
2012-10-10 22:03:10 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ziagi
2012-10-10 22:03:10 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Yfbuqi
2012-10-10 22:03:10 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Idybu
2012-10-10 20:02:31 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ymsaq
2012-10-10 20:02:31 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Toge
2012-10-10 20:02:31 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Atise
2012-10-10 03:38:11 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Lemye
2012-10-10 03:38:11 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Azamq
2012-10-10 03:38:11 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Argoap
2012-10-09 23:11:14 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ygok
2012-10-09 23:11:14 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Agwy
2012-10-09 23:11:14 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Afny
2012-10-09 20:22:18 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Uvozy
2012-10-09 20:22:18 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Utat
2012-10-09 20:22:18 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Abugq
2012-10-09 18:22:11 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Zeezb
2012-10-09 18:22:11 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ulils
2012-10-09 18:22:11 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Toonik
2012-10-09 16:22:04 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Okevik
2012-10-09 16:22:04 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Cuyqu
2012-10-09 16:22:04 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Alyhox
2012-10-09 14:21:57 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Xodit
2012-10-09 14:21:57 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Niame
2012-10-09 14:21:57 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Awet
2012-10-09 14:20:44 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Zowie
2012-10-09 14:20:44 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Uzboo
2012-10-09 14:20:44 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Cusi
2012-10-09 03:07:07 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Tahe
2012-10-09 03:07:07 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Atifeg
2012-10-09 03:07:07 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Atar
2012-10-09 01:06:07 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Yheq
2012-10-09 01:06:07 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Tury
2012-10-09 01:06:07 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Sigy
2012-10-08 23:05:08 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Pizic
2012-10-08 23:05:08 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ofid
2012-10-08 23:05:08 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Laefy
2012-10-08 21:33:35 -------- d-----w- C:\Program Files (x86)\mPlayer
2012-10-08 21:04:35 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Fuuh
2012-10-08 21:04:35 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Cydyuv
2012-10-08 21:04:35 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Awelma
2012-10-08 17:15:48 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Zuusoz
2012-10-08 17:15:48 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Luefki
2012-10-08 17:15:48 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Byafl
2012-10-08 13:19:58 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Yzywt
2012-10-08 13:19:58 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Uvez
2012-10-08 13:19:58 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Obvout
2012-10-08 13:19:19 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ohim
2012-10-08 13:19:19 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Kevu
2012-10-08 13:19:19 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Irfi
2012-10-08 02:37:33 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Uqilac
2012-10-08 02:37:33 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ohnas
2012-10-08 02:37:33 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Gyofse
2012-10-08 00:37:25 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ylawne
2012-10-08 00:37:25 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Qoiqz
2012-10-08 00:37:25 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Olho
2012-10-07 22:36:38 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Vekoop
2012-10-07 22:36:38 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ganubo
2012-10-07 22:36:38 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Aqfu
2012-10-07 20:35:31 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ukcux
2012-10-07 20:35:31 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Uhcooq
2012-10-07 20:35:31 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Etusov
2012-10-07 14:16:50 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Kynoq
2012-10-07 14:16:50 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Deuma
2012-10-07 14:16:50 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Biemko
2012-10-07 14:16:06 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Zozoyw
2012-10-07 14:16:06 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Syof
2012-10-07 14:16:06 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Hyuvam
2012-10-07 03:25:30 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Zuikd
2012-10-07 03:25:30 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Yhyhip
2012-10-07 03:25:30 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ipyzwa
2012-10-01 21:58:08 -------- d-----w- C:\Users\cheryl\AppData\Roaming\MicroST
2012-10-01 21:58:08 -------- d-----w- C:\4xTtG0TdfbgQERJ
2012-09-28 04:22:14 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Uttuz
2012-09-28 04:22:14 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Onfym
2012-09-28 04:22:14 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ahbie
2012-09-28 04:22:08 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Waumar
2012-09-28 04:22:08 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Udhuoq
2012-09-28 04:22:08 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Raapfa
2012-09-28 04:22:02 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ufcy
2012-09-28 04:22:02 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Otys
2012-09-28 04:22:02 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Fahy
2012-09-28 04:21:56 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Patyp
2012-09-28 04:21:56 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Omedda
2012-09-28 04:21:56 -------- d-----w- C:\Users\cheryl\AppData\Roaming\Ohigl
2012-09-27 20:24:05 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2012-09-20 19:22:34 -------- d-----w- C:\Program Files (x86)\GUM9860.tmp
.
==================== Find3M ====================
.
2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-16 02:22:41 402432 ----a-w- C:\Users\cheryl\AppData\Roaming\drtsc.dll
2012-09-11 03:14:06 119258 ----a-w- C:\Users\cheryl\AppData\Roaming\hethpl.dll
.
============= FINISH: 16:01:36.95 ===============






Hi Gringo,

Thanks for your prompt reply. When I ran all of the suggested apps I was able to save them to my "downloads" folder but could not save anything to the desktop. Don't know if that is due to the fact that I running in Safe Mode. Otherwise, no problems. I look forward to your reply.

Cheryl

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 18 October 2012 - 06:15 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cazpez

cazpez
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 19 October 2012 - 08:36 AM

In running combofix the first error I got was "Error opening file c:\32788R22FWJFW\NirCmd.3XE. Then it gave me an error that McAfee was still active (I went to your suggested link to shut it down, but none of the screen shots on the walkthrough looked anything like my version? It is showing an "M" in my system tray but when I right click it, there is no "exit, shut down" or similar option). I proceeded with the combofix anyway. Here is the log:

ComboFix 12-10-18.03 - cheryl 10/19/2012 9:21.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6051.3580 [GMT -4:00]
Running from: c:\users\cheryl\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Ia3kDJ1d.exe.b
c:\users\cheryl\AppData\Roaming\Abugq
c:\users\cheryl\AppData\Roaming\Abugq\qimo.exe
c:\users\cheryl\AppData\Roaming\Afedig
c:\users\cheryl\AppData\Roaming\Afedig\ziem.uco
c:\users\cheryl\AppData\Roaming\Afny
c:\users\cheryl\AppData\Roaming\Afny\pyvi.uge
c:\users\cheryl\AppData\Roaming\Agon
c:\users\cheryl\AppData\Roaming\Agon\peuta.dyu
c:\users\cheryl\AppData\Roaming\Agwy
c:\users\cheryl\AppData\Roaming\Agwy\itbi.afg
c:\users\cheryl\AppData\Roaming\Alyhox
c:\users\cheryl\AppData\Roaming\Alyhox\ykizi.ebe
c:\users\cheryl\AppData\Roaming\Amopcy
c:\users\cheryl\AppData\Roaming\Amopcy\vuif.cak
c:\users\cheryl\AppData\Roaming\Apfi
c:\users\cheryl\AppData\Roaming\Apfi\zeyw.exe
c:\users\cheryl\AppData\Roaming\Aqaw
c:\users\cheryl\AppData\Roaming\Aqaw\liaz.uda
c:\users\cheryl\AppData\Roaming\Aqfu
c:\users\cheryl\AppData\Roaming\Aqfu\feaqt.yvc
c:\users\cheryl\AppData\Roaming\Argoap
c:\users\cheryl\AppData\Roaming\Argoap\dayfu.exe
c:\users\cheryl\AppData\Roaming\Atar
c:\users\cheryl\AppData\Roaming\Atar\obinx.izu
c:\users\cheryl\AppData\Roaming\Atifeg
c:\users\cheryl\AppData\Roaming\Atifeg\ecgo.exe
c:\users\cheryl\AppData\Roaming\Atise
c:\users\cheryl\AppData\Roaming\Atise\xaebp.orf
c:\users\cheryl\AppData\Roaming\Awelma
c:\users\cheryl\AppData\Roaming\Awelma\ucnol.las
c:\users\cheryl\AppData\Roaming\Awet
c:\users\cheryl\AppData\Roaming\Awet\keage.vey
c:\users\cheryl\AppData\Roaming\Azamq
c:\users\cheryl\AppData\Roaming\Azamq\nupii.naz
c:\users\cheryl\AppData\Roaming\Byafl
c:\users\cheryl\AppData\Roaming\Byafl\ufpiu.pas
c:\users\cheryl\AppData\Roaming\Curi
c:\users\cheryl\AppData\Roaming\Curi\unufa.exe
c:\users\cheryl\AppData\Roaming\Cusi
c:\users\cheryl\AppData\Roaming\Cusi\ubgu.zyr
c:\users\cheryl\AppData\Roaming\Cuyqu
c:\users\cheryl\AppData\Roaming\Cuyqu\sykoh.ale
c:\users\cheryl\AppData\Roaming\Cydyuv
c:\users\cheryl\AppData\Roaming\Cydyuv\ymbe.exe
c:\users\cheryl\AppData\Roaming\Cykaty
c:\users\cheryl\AppData\Roaming\Cykaty\ohgiu.yms
c:\users\cheryl\AppData\Roaming\Deuma
c:\users\cheryl\AppData\Roaming\Deuma\oqzyu.wua
c:\users\cheryl\AppData\Roaming\drtsc.dll
c:\users\cheryl\AppData\Roaming\Duataf
c:\users\cheryl\AppData\Roaming\Duataf\siri.exe
c:\users\cheryl\AppData\Roaming\Duux
c:\users\cheryl\AppData\Roaming\Duux\ymiwc.wol
c:\users\cheryl\AppData\Roaming\Efez
c:\users\cheryl\AppData\Roaming\Efez\yplu.exe
c:\users\cheryl\AppData\Roaming\Egac
c:\users\cheryl\AppData\Roaming\Egac\akfi.ybo
c:\users\cheryl\AppData\Roaming\Epfiyd
c:\users\cheryl\AppData\Roaming\Epfiyd\seamy.yxy
c:\users\cheryl\AppData\Roaming\Etkiy
c:\users\cheryl\AppData\Roaming\Etkiy\yqyf.loo
c:\users\cheryl\AppData\Roaming\Etmiby
c:\users\cheryl\AppData\Roaming\Etmiby\boyc.exe
c:\users\cheryl\AppData\Roaming\Etusov
c:\users\cheryl\AppData\Roaming\Etusov\iteni.ock
c:\users\cheryl\AppData\Roaming\Firu
c:\users\cheryl\AppData\Roaming\Firu\amax.ibi
c:\users\cheryl\AppData\Roaming\Foyxy
c:\users\cheryl\AppData\Roaming\Foyxy\liytd.ant
c:\users\cheryl\AppData\Roaming\Fuuh
c:\users\cheryl\AppData\Roaming\Fuuh\izas.wie
c:\users\cheryl\AppData\Roaming\Ganubo
c:\users\cheryl\AppData\Roaming\Ganubo\upcu.ywh
c:\users\cheryl\AppData\Roaming\Geeq
c:\users\cheryl\AppData\Roaming\Geeq\mawyg.ocn
c:\users\cheryl\AppData\Roaming\Gyofse
c:\users\cheryl\AppData\Roaming\Gyofse\tuih.exe
c:\users\cheryl\AppData\Roaming\hethpl.dll
c:\users\cheryl\AppData\Roaming\Hoawy
c:\users\cheryl\AppData\Roaming\Hoawy\ubor.exe
c:\users\cheryl\AppData\Roaming\Houha
c:\users\cheryl\AppData\Roaming\Houha\uhugz.exe
c:\users\cheryl\AppData\Roaming\Hyuvam
c:\users\cheryl\AppData\Roaming\Hyuvam\omyqa.wou
c:\users\cheryl\AppData\Roaming\Idybu
c:\users\cheryl\AppData\Roaming\Idybu\imbe.rao
c:\users\cheryl\AppData\Roaming\Idyl
c:\users\cheryl\AppData\Roaming\Idyl\edeg.exe
c:\users\cheryl\AppData\Roaming\Ipviu
c:\users\cheryl\AppData\Roaming\Ipviu\cyasv.oqr
c:\users\cheryl\AppData\Roaming\Ipyzwa
c:\users\cheryl\AppData\Roaming\Ipyzwa\esog.ocy
c:\users\cheryl\AppData\Roaming\Irfi
c:\users\cheryl\AppData\Roaming\Irfi\ceyk.cec
c:\users\cheryl\AppData\Roaming\Itqu
c:\users\cheryl\AppData\Roaming\Itqu\ryce.upf
c:\users\cheryl\AppData\Roaming\Ivap
c:\users\cheryl\AppData\Roaming\Ivap\gapu.sof
c:\users\cheryl\AppData\Roaming\Kevu
c:\users\cheryl\AppData\Roaming\Kevu\aqze.qau
c:\users\cheryl\AppData\Roaming\Kynoq
c:\users\cheryl\AppData\Roaming\Kynoq\bisiu.lux
c:\users\cheryl\AppData\Roaming\Laefy
c:\users\cheryl\AppData\Roaming\Laefy\ubfoi.exe
c:\users\cheryl\AppData\Roaming\Lafaz
c:\users\cheryl\AppData\Roaming\Lafaz\lacuu.yhe
c:\users\cheryl\AppData\Roaming\Lavey
c:\users\cheryl\AppData\Roaming\Lavey\huom.xia
c:\users\cheryl\AppData\Roaming\Lemye
c:\users\cheryl\AppData\Roaming\Lemye\ysedy.lev
c:\users\cheryl\AppData\Roaming\Leubsy
c:\users\cheryl\AppData\Roaming\Leubsy\kyku.exe
c:\users\cheryl\AppData\Roaming\Loizmu
c:\users\cheryl\AppData\Roaming\Loizmu\vuke.eho
c:\users\cheryl\AppData\Roaming\Luba
c:\users\cheryl\AppData\Roaming\Luba\masaa.exe
c:\users\cheryl\AppData\Roaming\Luefki
c:\users\cheryl\AppData\Roaming\Luefki\ulot.irz
c:\users\cheryl\AppData\Roaming\MicroST
c:\users\cheryl\AppData\Roaming\Neimi
c:\users\cheryl\AppData\Roaming\Neimi\ixipi.exe
c:\users\cheryl\AppData\Roaming\Niame
c:\users\cheryl\AppData\Roaming\Niame\delyf.ozh
c:\users\cheryl\AppData\Roaming\Niuq
c:\users\cheryl\AppData\Roaming\Niuq\sageq.exe
c:\users\cheryl\AppData\Roaming\Nocul
c:\users\cheryl\AppData\Roaming\Nocul\qouwe.exe
c:\users\cheryl\AppData\Roaming\Obvout
c:\users\cheryl\AppData\Roaming\Obvout\huza.pub
c:\users\cheryl\AppData\Roaming\Ocwue
c:\users\cheryl\AppData\Roaming\Ocwue\oswe.nut
c:\users\cheryl\AppData\Roaming\Ofid
c:\users\cheryl\AppData\Roaming\Ofid\abhac.ibu
c:\users\cheryl\AppData\Roaming\Ohigl
c:\users\cheryl\AppData\Roaming\Ohigl\etyqb.ely
c:\users\cheryl\AppData\Roaming\Ohim
c:\users\cheryl\AppData\Roaming\Ohim\uzacu.exe
c:\users\cheryl\AppData\Roaming\Ohnas
c:\users\cheryl\AppData\Roaming\Ohnas\fuone.icl
c:\users\cheryl\AppData\Roaming\Okevik
c:\users\cheryl\AppData\Roaming\Okevik\onra.exe
c:\users\cheryl\AppData\Roaming\Olho
c:\users\cheryl\AppData\Roaming\Olho\owmi.noo
c:\users\cheryl\AppData\Roaming\Olxyyb
c:\users\cheryl\AppData\Roaming\Olxyyb\hiow.oma
c:\users\cheryl\AppData\Roaming\Olyq
c:\users\cheryl\AppData\Roaming\Olyq\azocu.eqr
c:\users\cheryl\AppData\Roaming\Omyf
c:\users\cheryl\AppData\Roaming\Omyf\caedo.exe
c:\users\cheryl\AppData\Roaming\Onfym
c:\users\cheryl\AppData\Roaming\Onfym\pyoml.voi
c:\users\cheryl\AppData\Roaming\Opym
c:\users\cheryl\AppData\Roaming\Opym\mool.exe
c:\users\cheryl\AppData\Roaming\Otys
c:\users\cheryl\AppData\Roaming\Otys\onfi.tin
c:\users\cheryl\AppData\Roaming\Ovku
c:\users\cheryl\AppData\Roaming\Ovku\bibu.exe
c:\users\cheryl\AppData\Roaming\Oxulmo
c:\users\cheryl\AppData\Roaming\Oxulmo\apuh.cia
c:\users\cheryl\AppData\Roaming\Pizic
c:\users\cheryl\AppData\Roaming\Pizic\kefy.qub
c:\users\cheryl\AppData\Roaming\Popa
c:\users\cheryl\AppData\Roaming\Popa\iffyx.roo
c:\users\cheryl\AppData\Roaming\Pyyxs
c:\users\cheryl\AppData\Roaming\Pyyxs\ygruq.afi
c:\users\cheryl\AppData\Roaming\Qoiqz
c:\users\cheryl\AppData\Roaming\Qoiqz\emys.lyi
c:\users\cheryl\AppData\Roaming\Raapfa
c:\users\cheryl\AppData\Roaming\Raapfa\uqok.pai
c:\users\cheryl\AppData\Roaming\Roaming
c:\users\cheryl\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bexelor.com\settings.sol
c:\users\cheryl\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
c:\users\cheryl\AppData\Roaming\Sigy
c:\users\cheryl\AppData\Roaming\Sigy\obwo.bim
c:\users\cheryl\AppData\Roaming\Simeqo
c:\users\cheryl\AppData\Roaming\Simeqo\viami.vuw
c:\users\cheryl\AppData\Roaming\Tahe
c:\users\cheryl\AppData\Roaming\Tahe\ymefz.cad
c:\users\cheryl\AppData\Roaming\Toeton
c:\users\cheryl\AppData\Roaming\Toeton\zayn.egf
c:\users\cheryl\AppData\Roaming\Toge
c:\users\cheryl\AppData\Roaming\Toge\myof.exe
c:\users\cheryl\AppData\Roaming\Toonik
c:\users\cheryl\AppData\Roaming\Toonik\ogah.xye
c:\users\cheryl\AppData\Roaming\Toow
c:\users\cheryl\AppData\Roaming\Toow\gaqu.fei
c:\users\cheryl\AppData\Roaming\Tury
c:\users\cheryl\AppData\Roaming\Tury\vesud.vyq
c:\users\cheryl\AppData\Roaming\Ubisal
c:\users\cheryl\AppData\Roaming\Ubisal\epxya.anf
c:\users\cheryl\AppData\Roaming\Udhuoq
c:\users\cheryl\AppData\Roaming\Udhuoq\roaz.coe
c:\users\cheryl\AppData\Roaming\Ufcy
c:\users\cheryl\AppData\Roaming\Ufcy\ikpev.pug
c:\users\cheryl\AppData\Roaming\Ugmay
c:\users\cheryl\AppData\Roaming\Ugmay\qomyo.vym
c:\users\cheryl\AppData\Roaming\Uhcooq
c:\users\cheryl\AppData\Roaming\Uhcooq\ozpy.new
c:\users\cheryl\AppData\Roaming\Ukcux
c:\users\cheryl\AppData\Roaming\Ukcux\byfu.exe
c:\users\cheryl\AppData\Roaming\Ulils
c:\users\cheryl\AppData\Roaming\Ulils\yzam.exe
c:\users\cheryl\AppData\Roaming\Uqilac
c:\users\cheryl\AppData\Roaming\Uqilac\zasy.yfe
c:\users\cheryl\AppData\Roaming\Urboe
c:\users\cheryl\AppData\Roaming\Urboe\ogow.exe
c:\users\cheryl\AppData\Roaming\Utat
c:\users\cheryl\AppData\Roaming\Utat\igomy.ykf
c:\users\cheryl\AppData\Roaming\Uttuz
c:\users\cheryl\AppData\Roaming\Uttuz\acmuk.wao
c:\users\cheryl\AppData\Roaming\Uvez
c:\users\cheryl\AppData\Roaming\Uvez\ekacs.nam
c:\users\cheryl\AppData\Roaming\Uvozy
c:\users\cheryl\AppData\Roaming\Uvozy\uqty.oli
c:\users\cheryl\AppData\Roaming\Uzboo
c:\users\cheryl\AppData\Roaming\Uzboo\ween.ras
c:\users\cheryl\AppData\Roaming\Vekoop
c:\users\cheryl\AppData\Roaming\Vekoop\fyser.exe
c:\users\cheryl\AppData\Roaming\Vuexig
c:\users\cheryl\AppData\Roaming\Vuexig\feegg.ezy
c:\users\cheryl\AppData\Roaming\Wepy
c:\users\cheryl\AppData\Roaming\Wepy\ehozd.iwy
c:\users\cheryl\AppData\Roaming\Xodit
c:\users\cheryl\AppData\Roaming\Xodit\ceuv.exe
c:\users\cheryl\AppData\Roaming\Ybaqag
c:\users\cheryl\AppData\Roaming\Ybaqag\ewgey.hit
c:\users\cheryl\AppData\Roaming\Yfbuqi
c:\users\cheryl\AppData\Roaming\Yfbuqi\ikag.exe
c:\users\cheryl\AppData\Roaming\Ygok
c:\users\cheryl\AppData\Roaming\Ygok\fele.exe
c:\users\cheryl\AppData\Roaming\Yheq
c:\users\cheryl\AppData\Roaming\Yheq\acho.exe
c:\users\cheryl\AppData\Roaming\Ylawne
c:\users\cheryl\AppData\Roaming\Ylawne\fayc.exe
c:\users\cheryl\AppData\Roaming\Ymsaq
c:\users\cheryl\AppData\Roaming\Ymsaq\ymqe.ell
c:\users\cheryl\AppData\Roaming\Ypyw
c:\users\cheryl\AppData\Roaming\Ypyw\ydir.gyg
c:\users\cheryl\AppData\Roaming\Yvyw
c:\users\cheryl\AppData\Roaming\Yvyw\oralt.dow
c:\users\cheryl\AppData\Roaming\Yzywt
c:\users\cheryl\AppData\Roaming\Yzywt\qiog.exe
c:\users\cheryl\AppData\Roaming\Zeezb
c:\users\cheryl\AppData\Roaming\Zeezb\efbu.ofa
c:\users\cheryl\AppData\Roaming\Ziagi
c:\users\cheryl\AppData\Roaming\Ziagi\ervi.oci
c:\users\cheryl\AppData\Roaming\Zowie
c:\users\cheryl\AppData\Roaming\Zowie\azosn.exe
c:\users\cheryl\AppData\Roaming\Zozoyw
c:\users\cheryl\AppData\Roaming\Zozoyw\avag.opi
c:\users\cheryl\AppData\Roaming\Zuikd
c:\users\cheryl\AppData\Roaming\Zuikd\doub.ihr
c:\users\cheryl\AppData\Roaming\Zuusoz
c:\users\cheryl\AppData\Roaming\Zuusoz\ozmee.exe
c:\users\cheryl\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-19 13:27 . 2012-10-19 13:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-19 13:27 . 2012-10-19 13:27 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-10-08 21:33 . 2012-10-08 21:33 -------- d-----w- c:\program files (x86)\mPlayer
2012-10-07 14:16 . 2012-10-17 20:44 -------- d-----w- c:\users\cheryl\AppData\Roaming\Biemko
2012-10-07 14:16 . 2012-10-17 20:44 -------- d-----w- c:\users\cheryl\AppData\Roaming\Syof
2012-10-07 03:25 . 2012-10-17 20:44 -------- d-----w- c:\users\cheryl\AppData\Roaming\Yhyhip
2012-10-01 21:58 . 2012-10-01 21:58 -------- d-----w- C:\4xTtG0TdfbgQERJ
2012-09-28 04:22 . 2012-10-17 20:44 -------- d-----w- c:\users\cheryl\AppData\Roaming\Ahbie
2012-09-28 04:22 . 2012-10-17 20:44 -------- d-----w- c:\users\cheryl\AppData\Roaming\Waumar
2012-09-28 04:22 . 2012-10-17 20:44 -------- d-----w- c:\users\cheryl\AppData\Roaming\Fahy
2012-09-28 04:21 . 2012-10-17 20:44 -------- d-----w- c:\users\cheryl\AppData\Roaming\Omedda
2012-09-28 04:21 . 2012-10-17 02:33 -------- d-----w- c:\users\cheryl\AppData\Roaming\Patyp
2012-09-27 20:24 . 2012-04-20 20:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-09-20 19:22 . 2012-09-20 19:22 -------- d-----w- c:\program files (x86)\GUM9860.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-29 23:54 . 2012-07-16 23:23 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-01-24 15:45 89008 ----a-w- c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-02-08 15:47 721288 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll" [2011-01-24 89008]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-28 39408]
"Facebook Update"="c:\users\cheryl\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Adobe"="c:\users\cheryl\AppData\Local\Adobe\acjeedsu.dll" [2012-09-16 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-29 1089608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728]
R2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-10-19 274432]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-11-04 59904]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-15 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-31 1255736]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-122914055-1351590200-686546638-1001Core.job
- c:\users\cheryl\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-19 01:35]
.
2012-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-122914055-1351590200-686546638-1001UA.job
- c:\users\cheryl\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-19 01:35]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 16:29]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 16:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-02-08 15:47 1057160 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-20 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-20 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-20 418328]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-21 525312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://moneygram.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\2375942554036303: NameServer = 8.8.8.8
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\2375942554132333: NameServer = 8.8.8.8
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\2375942554433373: NameServer = 8.8.8.8
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\2377962756132333: NameServer = 8.8.8.8
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\E4544574541425: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\cheryl\AppData\Roaming\Mozilla\Firefox\Profiles\y7c1ac59.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://moneygram.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20121041,6902,0,54,0&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxp://moneygram.com/
FF - user.js: browser.startup.page - 1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-drtsc - c:\users\cheryl\AppData\Roaming\drtsc.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 19 October 2012 - 08:47 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 cazpez

cazpez
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 19 October 2012 - 12:44 PM

13:23:12.0029 1952 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
13:23:12.0341 1952 ============================================================
13:23:12.0341 1952 Current date / time: 2012/10/19 13:23:12.0341
13:23:12.0341 1952 SystemInfo:
13:23:12.0341 1952
13:23:12.0341 1952 OS Version: 6.1.7600 ServicePack: 0.0
13:23:12.0341 1952 Product type: Workstation
13:23:12.0341 1952 ComputerName: CHERYL-PC
13:23:12.0341 1952 UserName: cheryl
13:23:12.0341 1952 Windows directory: C:\Windows
13:23:12.0341 1952 System windows directory: C:\Windows
13:23:12.0341 1952 Running under WOW64
13:23:12.0341 1952 Processor architecture: Intel x64
13:23:12.0341 1952 Number of processors: 4
13:23:12.0341 1952 Page size: 0x1000
13:23:12.0341 1952 Boot type: Safe boot with network
13:23:12.0341 1952 ============================================================
13:23:12.0747 1952 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:23:12.0747 1952 Drive \Device\Harddisk1\DR1 - Size: 0x3D17C000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:23:12.0747 1952 ============================================================
13:23:12.0747 1952 \Device\Harddisk0\DR0:
13:23:12.0747 1952 MBR partitions:
13:23:12.0747 1952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
13:23:12.0747 1952 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
13:23:12.0747 1952 \Device\Harddisk1\DR1:
13:23:12.0747 1952 MBR partitions:
13:23:12.0747 1952 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x1E830B
13:23:12.0747 1952 ============================================================
13:23:12.0778 1952 C: <-> \Device\Harddisk0\DR0\Partition2
13:23:12.0778 1952 ============================================================
13:23:12.0778 1952 Initialize success
13:23:12.0778 1952 ============================================================
13:23:17.0911 1584 ============================================================
13:23:17.0911 1584 Scan started
13:23:17.0911 1584 Mode: Manual;
13:23:17.0911 1584 ============================================================
13:23:18.0207 1584 ================ Scan system memory ========================
13:23:18.0207 1584 System memory - ok
13:23:18.0207 1584 ================ Scan services =============================
13:23:18.0379 1584 [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
13:23:18.0379 1584 1394ohci - ok
13:23:18.0410 1584 [ 794FF35015209B9D44F1360C42C9776D ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
13:23:18.0410 1584 ACPI - ok
13:23:18.0441 1584 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
13:23:18.0441 1584 AcpiPmi - ok
13:23:18.0550 1584 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:23:18.0550 1584 AdobeARMservice - ok
13:23:18.0581 1584 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:23:18.0597 1584 adp94xx - ok
13:23:18.0628 1584 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:23:18.0628 1584 adpahci - ok
13:23:18.0644 1584 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:23:18.0659 1584 adpu320 - ok
13:23:18.0706 1584 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:23:18.0706 1584 AeLookupSvc - ok
13:23:18.0784 1584 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
13:23:18.0784 1584 AESTFilters - ok
13:23:18.0847 1584 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
13:23:18.0847 1584 AFD - ok
13:23:18.0878 1584 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
13:23:18.0878 1584 agp440 - ok
13:23:18.0909 1584 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:23:18.0909 1584 ALG - ok
13:23:18.0925 1584 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
13:23:18.0940 1584 aliide - ok
13:23:18.0940 1584 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
13:23:18.0940 1584 amdide - ok
13:23:18.0956 1584 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:23:18.0956 1584 AmdK8 - ok
13:23:18.0956 1584 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:23:18.0971 1584 AmdPPM - ok
13:23:19.0003 1584 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:23:19.0003 1584 amdsata - ok
13:23:19.0049 1584 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:23:19.0049 1584 amdsbs - ok
13:23:19.0081 1584 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:23:19.0081 1584 amdxata - ok
13:23:19.0143 1584 [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
13:23:19.0143 1584 ApfiltrService - ok
13:23:19.0190 1584 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
13:23:19.0190 1584 AppID - ok
13:23:19.0221 1584 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:23:19.0221 1584 AppIDSvc - ok
13:23:19.0237 1584 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
13:23:19.0237 1584 Appinfo - ok
13:23:19.0299 1584 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:23:19.0299 1584 arc - ok
13:23:19.0315 1584 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:23:19.0315 1584 arcsas - ok
13:23:19.0330 1584 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:23:19.0330 1584 AsyncMac - ok
13:23:19.0377 1584 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
13:23:19.0377 1584 atapi - ok
13:23:19.0408 1584 [ E1FFD1F7B043AEF0ACC9E7593043FD4C ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:23:19.0408 1584 AudioEndpointBuilder - ok
13:23:19.0424 1584 [ E1FFD1F7B043AEF0ACC9E7593043FD4C ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:23:19.0439 1584 AudioSrv - ok
13:23:19.0455 1584 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:23:19.0455 1584 AxInstSV - ok
13:23:19.0502 1584 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:23:19.0502 1584 b06bdrv - ok
13:23:19.0564 1584 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:23:19.0564 1584 b57nd60a - ok
13:23:19.0658 1584 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:23:19.0658 1584 BBSvc - ok
13:23:19.0689 1584 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:23:19.0689 1584 BDESVC - ok
13:23:19.0720 1584 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:23:19.0720 1584 Beep - ok
13:23:19.0767 1584 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
13:23:19.0783 1584 BFE - ok
13:23:19.0829 1584 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
13:23:19.0845 1584 BITS - ok
13:23:19.0861 1584 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:23:19.0861 1584 blbdrive - ok
13:23:19.0954 1584 [ 093B1B419EF25B15D3A1CA6953F41AFB ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
13:23:19.0970 1584 Bluetooth Device Monitor - ok
13:23:20.0001 1584 [ 03A7341E94ACD92E0831336D4F3ACE92 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
13:23:20.0001 1584 Bluetooth Media Service - ok
13:23:20.0032 1584 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:23:20.0032 1584 bowser - ok
13:23:20.0048 1584 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:23:20.0048 1584 BrFiltLo - ok
13:23:20.0063 1584 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:23:20.0063 1584 BrFiltUp - ok
13:23:20.0110 1584 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:23:20.0110 1584 BridgeMP - ok
13:23:20.0141 1584 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
13:23:20.0141 1584 Browser - ok
13:23:20.0157 1584 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:23:20.0157 1584 Brserid - ok
13:23:20.0173 1584 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:23:20.0173 1584 BrSerWdm - ok
13:23:20.0173 1584 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:23:20.0173 1584 BrUsbMdm - ok
13:23:20.0188 1584 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:23:20.0188 1584 BrUsbSer - ok
13:23:20.0235 1584 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
13:23:20.0235 1584 BthEnum - ok
13:23:20.0235 1584 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:23:20.0235 1584 BTHMODEM - ok
13:23:20.0282 1584 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:23:20.0282 1584 BthPan - ok
13:23:20.0329 1584 [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
13:23:20.0329 1584 BTHPORT - ok
13:23:20.0360 1584 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:23:20.0360 1584 bthserv - ok
13:23:20.0407 1584 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
13:23:20.0407 1584 BTHUSB - ok
13:23:20.0438 1584 [ 16C1BAC9760C9FA85A30F3FA0FBB1B7A ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
13:23:20.0438 1584 btmaux - ok
13:23:20.0453 1584 [ 0C468D8DA95BE16BFDD380BB9DE88259 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
13:23:20.0453 1584 btmhsf - ok
13:23:20.0453 1584 catchme - ok
13:23:20.0485 1584 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:23:20.0485 1584 cdfs - ok
13:23:20.0531 1584 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:23:20.0531 1584 cdrom - ok
13:23:20.0563 1584 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
13:23:20.0563 1584 CertPropSvc - ok
13:23:20.0609 1584 [ 7C6B5BE2696DFD2D0BF6C9EE20326EF8 ] cfwids C:\Windows\system32\drivers\cfwids.sys
13:23:20.0609 1584 cfwids - ok
13:23:20.0625 1584 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:23:20.0625 1584 circlass - ok
13:23:20.0656 1584 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:23:20.0656 1584 CLFS - ok
13:23:20.0719 1584 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:23:20.0719 1584 clr_optimization_v2.0.50727_32 - ok
13:23:20.0766 1584 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:23:20.0766 1584 clr_optimization_v2.0.50727_64 - ok
13:23:20.0859 1584 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:23:20.0859 1584 clr_optimization_v4.0.30319_32 - ok
13:23:20.0906 1584 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:23:20.0906 1584 clr_optimization_v4.0.30319_64 - ok
13:23:20.0953 1584 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:23:20.0953 1584 CmBatt - ok
13:23:20.0968 1584 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
13:23:20.0968 1584 cmdide - ok
13:23:21.0015 1584 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
13:23:21.0031 1584 CNG - ok
13:23:21.0046 1584 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:23:21.0046 1584 Compbatt - ok
13:23:21.0078 1584 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:23:21.0078 1584 CompositeBus - ok
13:23:21.0093 1584 COMSysApp - ok
13:23:21.0109 1584 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:23:21.0109 1584 crcdisk - ok
13:23:21.0156 1584 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:23:21.0156 1584 CryptSvc - ok
13:23:21.0202 1584 [ FBE228ABEAB2BE13B9C3A3A112D4D8DC ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
13:23:21.0202 1584 CtClsFlt - ok
13:23:21.0249 1584 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:23:21.0249 1584 DcomLaunch - ok
13:23:21.0280 1584 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:23:21.0280 1584 defragsvc - ok
13:23:21.0296 1584 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:23:21.0296 1584 DfsC - ok
13:23:21.0327 1584 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
13:23:21.0327 1584 Dhcp - ok
13:23:21.0358 1584 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:23:21.0358 1584 discache - ok
13:23:21.0390 1584 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:23:21.0390 1584 Disk - ok
13:23:21.0452 1584 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:23:21.0452 1584 Dnscache - ok
13:23:21.0483 1584 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
13:23:21.0483 1584 dot3svc - ok
13:23:21.0499 1584 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
13:23:21.0499 1584 DPS - ok
13:23:21.0546 1584 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:23:21.0546 1584 drmkaud - ok
13:23:21.0577 1584 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:23:21.0592 1584 DXGKrnl - ok
13:23:21.0639 1584 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:23:21.0639 1584 EapHost - ok
13:23:21.0733 1584 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:23:21.0748 1584 ebdrv - ok
13:23:21.0780 1584 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
13:23:21.0780 1584 EFS - ok
13:23:21.0826 1584 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:23:21.0826 1584 ehRecvr - ok
13:23:21.0858 1584 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:23:21.0873 1584 ehSched - ok
13:23:21.0904 1584 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:23:21.0904 1584 elxstor - ok
13:23:21.0920 1584 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
13:23:21.0920 1584 ErrDev - ok
13:23:21.0982 1584 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:23:21.0982 1584 EventSystem - ok
13:23:22.0092 1584 [ 8B6C9924B0D333DBF76086B8258A0891 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:23:22.0107 1584 EvtEng - ok
13:23:22.0123 1584 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:23:22.0123 1584 exfat - ok
13:23:22.0154 1584 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:23:22.0154 1584 fastfat - ok
13:23:22.0201 1584 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
13:23:22.0201 1584 Fax - ok
13:23:22.0216 1584 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:23:22.0216 1584 fdc - ok
13:23:22.0248 1584 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:23:22.0248 1584 fdPHost - ok
13:23:22.0248 1584 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:23:22.0248 1584 FDResPub - ok
13:23:22.0279 1584 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:23:22.0279 1584 FileInfo - ok
13:23:22.0294 1584 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:23:22.0294 1584 Filetrace - ok
13:23:22.0310 1584 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:23:22.0310 1584 flpydisk - ok
13:23:22.0326 1584 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:23:22.0326 1584 FltMgr - ok
13:23:22.0388 1584 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
13:23:22.0388 1584 FontCache - ok
13:23:22.0435 1584 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:23:22.0435 1584 FontCache3.0.0.0 - ok
13:23:22.0450 1584 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:23:22.0450 1584 FsDepends - ok
13:23:22.0482 1584 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:23:22.0482 1584 Fs_Rec - ok
13:23:22.0528 1584 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:23:22.0528 1584 fvevol - ok
13:23:22.0575 1584 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:23:22.0575 1584 gagp30kx - ok
13:23:22.0638 1584 [ 8F6AE606EB0CC884EE12C41948424422 ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
13:23:22.0638 1584 GoToAssist - ok
13:23:22.0700 1584 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
13:23:22.0700 1584 gpsvc - ok
13:23:22.0825 1584 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:23:22.0825 1584 gupdate - ok
13:23:22.0840 1584 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:23:22.0840 1584 gupdatem - ok
13:23:22.0887 1584 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:23:22.0887 1584 gusvc - ok
13:23:22.0903 1584 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:23:22.0903 1584 hcw85cir - ok
13:23:22.0934 1584 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:23:22.0934 1584 HdAudAddService - ok
13:23:22.0965 1584 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:23:22.0981 1584 HDAudBus - ok
13:23:22.0996 1584 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:23:22.0996 1584 HidBatt - ok
13:23:23.0012 1584 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:23:23.0012 1584 HidBth - ok
13:23:23.0028 1584 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:23:23.0028 1584 HidIr - ok
13:23:23.0043 1584 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
13:23:23.0043 1584 hidserv - ok
13:23:23.0074 1584 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:23:23.0074 1584 HidUsb - ok
13:23:23.0137 1584 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
13:23:23.0137 1584 HipShieldK - ok
13:23:23.0168 1584 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:23:23.0168 1584 hkmsvc - ok
13:23:23.0184 1584 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:23:23.0184 1584 HomeGroupListener - ok
13:23:23.0215 1584 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:23:23.0215 1584 HomeGroupProvider - ok
13:23:23.0215 1584 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
13:23:23.0215 1584 HpSAMD - ok
13:23:23.0246 1584 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:23:23.0246 1584 HTTP - ok
13:23:23.0277 1584 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:23:23.0277 1584 hwpolicy - ok
13:23:23.0308 1584 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:23:23.0308 1584 i8042prt - ok
13:23:23.0340 1584 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:23:23.0355 1584 iaStor - ok
13:23:23.0371 1584 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
13:23:23.0371 1584 IAStorDataMgrSvc - ok
13:23:23.0402 1584 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:23:23.0402 1584 iaStorV - ok
13:23:23.0418 1584 [ FC85972037815FA7B413E790B426ACB2 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
13:23:23.0418 1584 iBtFltCoex - ok
13:23:23.0464 1584 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:23:23.0464 1584 idsvc - ok
13:23:23.0714 1584 [ 78527E6A4D78B1153925914C55872BEB ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:23:23.0776 1584 igfx - ok
13:23:23.0808 1584 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:23:23.0808 1584 iirsp - ok
13:23:23.0854 1584 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
13:23:23.0854 1584 IKEEXT - ok
13:23:23.0901 1584 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
13:23:23.0901 1584 IntcDAud - ok
13:23:23.0917 1584 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
13:23:23.0917 1584 intelide - ok
13:23:23.0964 1584 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:23:23.0964 1584 intelppm - ok
13:23:24.0026 1584 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:23:24.0026 1584 IPBusEnum - ok
13:23:24.0042 1584 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:23:24.0042 1584 IpFilterDriver - ok
13:23:24.0057 1584 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:23:24.0057 1584 IPMIDRV - ok
13:23:24.0088 1584 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:23:24.0088 1584 IPNAT - ok
13:23:24.0120 1584 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:23:24.0120 1584 IRENUM - ok
13:23:24.0120 1584 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
13:23:24.0120 1584 isapnp - ok
13:23:24.0135 1584 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:23:24.0135 1584 iScsiPrt - ok
13:23:24.0166 1584 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:23:24.0166 1584 kbdclass - ok
13:23:24.0182 1584 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:23:24.0182 1584 kbdhid - ok
13:23:24.0182 1584 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
13:23:24.0198 1584 KeyIso - ok
13:23:24.0229 1584 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:23:24.0244 1584 KSecDD - ok
13:23:24.0276 1584 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:23:24.0276 1584 KSecPkg - ok
13:23:24.0307 1584 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:23:24.0307 1584 ksthunk - ok
13:23:24.0354 1584 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:23:24.0354 1584 KtmRm - ok
13:23:24.0400 1584 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:23:24.0400 1584 LanmanServer - ok
13:23:24.0432 1584 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:23:24.0432 1584 LanmanWorkstation - ok
13:23:24.0463 1584 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:23:24.0463 1584 lltdio - ok
13:23:24.0494 1584 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:23:24.0494 1584 lltdsvc - ok
13:23:24.0525 1584 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:23:24.0525 1584 lmhosts - ok
13:23:24.0588 1584 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:23:24.0603 1584 LMS - ok
13:23:24.0634 1584 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:23:24.0634 1584 LSI_FC - ok
13:23:24.0650 1584 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:23:24.0650 1584 LSI_SAS - ok
13:23:24.0666 1584 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:23:24.0666 1584 LSI_SAS2 - ok
13:23:24.0681 1584 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:23:24.0681 1584 LSI_SCSI - ok
13:23:24.0697 1584 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:23:24.0697 1584 luafv - ok
13:23:24.0759 1584 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:23:24.0759 1584 MBAMScheduler - ok
13:23:24.0853 1584 [ C121367D21599367F2ADB9C11B7BABAA ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:23:24.0853 1584 McAfee SiteAdvisor Service - ok
13:23:24.0868 1584 [ C121367D21599367F2ADB9C11B7BABAA ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:23:24.0868 1584 McMPFSvc - ok
13:23:24.0931 1584 [ C121367D21599367F2ADB9C11B7BABAA ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:23:24.0931 1584 mcmscsvc - ok
13:23:24.0931 1584 [ C121367D21599367F2ADB9C11B7BABAA ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:23:24.0946 1584 McNaiAnn - ok
13:23:24.0978 1584 [ C121367D21599367F2ADB9C11B7BABAA ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:23:24.0978 1584 McNASvc - ok
13:23:25.0071 1584 [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
13:23:25.0087 1584 McODS - ok
13:23:25.0102 1584 [ C121367D21599367F2ADB9C11B7BABAA ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:23:25.0102 1584 McProxy - ok
13:23:25.0149 1584 [ D4F9C8CE2D7D5B9A1F739AADEBFFCA6F ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
13:23:25.0149 1584 McShield - ok
13:23:25.0180 1584 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:23:25.0196 1584 Mcx2Svc - ok
13:23:25.0212 1584 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:23:25.0212 1584 megasas - ok
13:23:25.0243 1584 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:23:25.0243 1584 MegaSR - ok
13:23:25.0290 1584 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:23:25.0290 1584 MEIx64 - ok
13:23:25.0321 1584 [ C73B93FED17829F11273459DA05E1976 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
13:23:25.0336 1584 mfeapfk - ok
13:23:25.0368 1584 [ 298C065BB9E09D5F14CCD9E8244DE4A0 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
13:23:25.0368 1584 mfeavfk - ok
13:23:25.0399 1584 [ AB66AF840EF1667AA73DDA6CE987D0E1 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
13:23:25.0399 1584 mfefire - ok
13:23:25.0446 1584 [ 4D604F0B85E98C5AD99B89AF72A4E28A ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
13:23:25.0461 1584 mfefirek - ok
13:23:25.0508 1584 [ 85AFDEAD1366BED11A84A5C6FC0A65D2 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
13:23:25.0508 1584 mfehidk - ok
13:23:25.0539 1584 [ 1B08579938FD72626D92F3C2219903EA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
13:23:25.0539 1584 mferkdet - ok
13:23:25.0555 1584 [ 984BBBB9BE02EF838DABDF3F3126A91B ] mfevtp C:\Windows\system32\mfevtps.exe
13:23:25.0555 1584 mfevtp - ok
13:23:25.0602 1584 [ 6251BE428073704FF1002231520C8F16 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
13:23:25.0602 1584 mfewfpk - ok
13:23:25.0633 1584 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:23:25.0633 1584 MMCSS - ok
13:23:25.0648 1584 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:23:25.0648 1584 Modem - ok
13:23:25.0711 1584 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:23:25.0711 1584 monitor - ok
13:23:25.0726 1584 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:23:25.0726 1584 mouclass - ok
13:23:25.0758 1584 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:23:25.0758 1584 mouhid - ok
13:23:25.0773 1584 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:23:25.0773 1584 mountmgr - ok
13:23:25.0851 1584 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:23:25.0851 1584 MozillaMaintenance - ok
13:23:25.0882 1584 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
13:23:25.0882 1584 mpio - ok
13:23:25.0898 1584 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:23:25.0898 1584 mpsdrv - ok
13:23:25.0914 1584 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:23:25.0914 1584 MRxDAV - ok
13:23:25.0960 1584 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:23:25.0960 1584 mrxsmb - ok
13:23:25.0992 1584 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:23:25.0992 1584 mrxsmb10 - ok
13:23:26.0023 1584 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:23:26.0023 1584 mrxsmb20 - ok
13:23:26.0023 1584 [ BCCF16D5FB1109162380E3E28DC9E4E5 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
13:23:26.0023 1584 msahci - ok
13:23:26.0054 1584 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
13:23:26.0054 1584 msdsm - ok
13:23:26.0085 1584 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:23:26.0085 1584 MSDTC - ok
13:23:26.0116 1584 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:23:26.0116 1584 Msfs - ok
13:23:26.0132 1584 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:23:26.0132 1584 mshidkmdf - ok
13:23:26.0132 1584 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
13:23:26.0132 1584 msisadrv - ok
13:23:26.0163 1584 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:23:26.0163 1584 MSiSCSI - ok
13:23:26.0163 1584 msiserver - ok
13:23:26.0210 1584 [ C121367D21599367F2ADB9C11B7BABAA ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:23:26.0210 1584 MSK80Service - ok
13:23:26.0241 1584 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:23:26.0241 1584 MSKSSRV - ok
13:23:26.0272 1584 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:23:26.0272 1584 MSPCLOCK - ok
13:23:26.0288 1584 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:23:26.0288 1584 MSPQM - ok
13:23:26.0304 1584 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:23:26.0304 1584 MsRPC - ok
13:23:26.0319 1584 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:23:26.0319 1584 mssmbios - ok
13:23:26.0335 1584 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:23:26.0335 1584 MSTEE - ok
13:23:26.0335 1584 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:23:26.0335 1584 MTConfig - ok
13:23:26.0350 1584 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:23:26.0350 1584 Mup - ok
13:23:26.0397 1584 [ 6ED8935257672F4CD04A88A0F3DE093D ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
13:23:26.0397 1584 MyWiFiDHCPDNS - ok
13:23:26.0428 1584 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
13:23:26.0444 1584 napagent - ok
13:23:26.0491 1584 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:23:26.0491 1584 NativeWifiP - ok
13:23:26.0553 1584 [ A3151B3463EEA7E47F618F115D0D142E ] NDIS C:\Windows\system32\drivers\ndis.sys
13:23:26.0553 1584 NDIS - ok
13:23:26.0569 1584 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:23:26.0569 1584 NdisCap - ok
13:23:26.0600 1584 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:23:26.0600 1584 NdisTapi - ok
13:23:26.0631 1584 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:23:26.0631 1584 Ndisuio - ok
13:23:26.0647 1584 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:23:26.0647 1584 NdisWan - ok
13:23:26.0662 1584 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:23:26.0662 1584 NDProxy - ok
13:23:26.0694 1584 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:23:26.0694 1584 NetBIOS - ok
13:23:26.0709 1584 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:23:26.0709 1584 NetBT - ok
13:23:26.0725 1584 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
13:23:26.0725 1584 Netlogon - ok
13:23:26.0740 1584 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:23:26.0756 1584 Netman - ok
13:23:26.0756 1584 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:23:26.0756 1584 netprofm - ok
13:23:26.0787 1584 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:23:26.0787 1584 NetTcpPortSharing - ok
13:23:26.0974 1584 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
13:23:27.0006 1584 NETwNs64 - ok
13:23:27.0037 1584 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:23:27.0037 1584 nfrd960 - ok
13:23:27.0084 1584 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:23:27.0084 1584 NlaSvc - ok
13:23:27.0193 1584 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
13:23:27.0208 1584 NOBU - ok
13:23:27.0240 1584 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:23:27.0240 1584 Npfs - ok
13:23:27.0255 1584 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:23:27.0255 1584 nsi - ok
13:23:27.0271 1584 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:23:27.0286 1584 nsiproxy - ok
13:23:27.0333 1584 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:23:27.0364 1584 Ntfs - ok
13:23:27.0364 1584 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:23:27.0380 1584 Null - ok
13:23:27.0427 1584 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
13:23:27.0427 1584 nusb3hub - ok
13:23:27.0458 1584 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:23:27.0458 1584 nusb3xhc - ok
13:23:27.0489 1584 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:23:27.0489 1584 nvraid - ok
13:23:27.0505 1584 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:23:27.0505 1584 nvstor - ok
13:23:27.0520 1584 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
13:23:27.0520 1584 nv_agp - ok
13:23:27.0536 1584 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:23:27.0536 1584 ohci1394 - ok
13:23:27.0583 1584 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:23:27.0583 1584 ose - ok
13:23:27.0754 1584 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:23:27.0770 1584 osppsvc - ok
13:23:27.0801 1584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:23:27.0801 1584 p2pimsvc - ok
13:23:27.0832 1584 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:23:27.0848 1584 p2psvc - ok
13:23:27.0864 1584 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:23:27.0864 1584 Parport - ok
13:23:27.0910 1584 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:23:27.0910 1584 partmgr - ok
13:23:27.0942 1584 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:23:27.0942 1584 PcaSvc - ok
13:23:28.0035 1584 PcdrNdisuio - ok
13:23:28.0098 1584 [ 7317A0B550F7AC0223B7070897670476 ] PCDSRVC{1E208CE0-FB7451FF-06020101}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
13:23:28.0098 1584 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
13:23:28.0129 1584 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
13:23:28.0129 1584 pci - ok
13:23:28.0144 1584 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
13:23:28.0144 1584 pciide - ok
13:23:28.0160 1584 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:23:28.0160 1584 pcmcia - ok
13:23:28.0176 1584 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:23:28.0176 1584 pcw - ok
13:23:28.0207 1584 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:23:28.0207 1584 PEAUTH - ok
13:23:28.0238 1584 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:23:28.0238 1584 PerfHost - ok
13:23:28.0300 1584 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
13:23:28.0300 1584 pla - ok
13:23:28.0347 1584 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:23:28.0363 1584 PlugPlay - ok
13:23:28.0378 1584 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:23:28.0378 1584 PNRPAutoReg - ok
13:23:28.0394 1584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:23:28.0394 1584 PNRPsvc - ok
13:23:28.0441 1584 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:23:28.0441 1584 PolicyAgent - ok
13:23:28.0472 1584 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:23:28.0472 1584 Power - ok
13:23:28.0503 1584 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:23:28.0503 1584 PptpMiniport - ok
13:23:28.0519 1584 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:23:28.0519 1584 Processor - ok
13:23:28.0550 1584 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
13:23:28.0550 1584 ProfSvc - ok
13:23:28.0581 1584 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:23:28.0581 1584 ProtectedStorage - ok
13:23:28.0612 1584 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:23:28.0612 1584 Psched - ok
13:23:28.0644 1584 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
13:23:28.0644 1584 PxHlpa64 - ok
13:23:28.0675 1584 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:23:28.0690 1584 ql2300 - ok
13:23:28.0706 1584 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:23:28.0722 1584 ql40xx - ok
13:23:28.0737 1584 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:23:28.0737 1584 QWAVE - ok
13:23:28.0753 1584 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:23:28.0753 1584 QWAVEdrv - ok
13:23:28.0768 1584 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:23:28.0768 1584 RasAcd - ok
13:23:28.0815 1584 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:23:28.0815 1584 RasAgileVpn - ok
13:23:28.0846 1584 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:23:28.0846 1584 RasAuto - ok
13:23:28.0862 1584 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:23:28.0862 1584 Rasl2tp - ok
13:23:28.0878 1584 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
13:23:28.0878 1584 RasMan - ok
13:23:28.0893 1584 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:23:28.0893 1584 RasPppoe - ok
13:23:28.0909 1584 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:23:28.0909 1584 RasSstp - ok
13:23:28.0956 1584 [ 96597C96D5ACF4A3EF0B24D396853879 ] rcmirror C:\Windows\system32\DRIVERS\rcmirror.sys
13:23:28.0956 1584 rcmirror - ok
13:23:28.0987 1584 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:23:28.0987 1584 rdbss - ok
13:23:28.0987 1584 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:23:28.0987 1584 rdpbus - ok
13:23:29.0018 1584 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:23:29.0018 1584 RDPCDD - ok
13:23:29.0018 1584 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:23:29.0018 1584 RDPENCDD - ok
13:23:29.0049 1584 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:23:29.0049 1584 RDPREFMP - ok
13:23:29.0065 1584 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:23:29.0065 1584 RDPWD - ok
13:23:29.0096 1584 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:23:29.0112 1584 rdyboost - ok
13:23:29.0174 1584 [ 189C5A8D2098E0AA14FD157A954B34FC ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:23:29.0190 1584 RegSrvc - ok
13:23:29.0221 1584 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:23:29.0221 1584 RemoteAccess - ok
13:23:29.0252 1584 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:23:29.0252 1584 RemoteRegistry - ok
13:23:29.0299 1584 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:23:29.0299 1584 RFCOMM - ok
13:23:29.0424 1584 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
13:23:29.0424 1584 RoxMediaDB12OEM - ok
13:23:29.0486 1584 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
13:23:29.0486 1584 RoxWatch12 - ok
13:23:29.0502 1584 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:23:29.0517 1584 RpcEptMapper - ok
13:23:29.0533 1584 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:23:29.0533 1584 RpcLocator - ok
13:23:29.0548 1584 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
13:23:29.0564 1584 RpcSs - ok
13:23:29.0611 1584 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:23:29.0611 1584 rspndr - ok
13:23:29.0673 1584 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
13:23:29.0673 1584 RSUSBSTOR - ok
13:23:29.0720 1584 [ 2777226EE8BF50B059D7A7C90177E99C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:23:29.0720 1584 RTL8167 - ok
13:23:29.0736 1584 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
13:23:29.0736 1584 SamSs - ok
13:23:29.0751 1584 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
13:23:29.0767 1584 sbp2port - ok
13:23:29.0782 1584 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:23:29.0782 1584 SCardSvr - ok
13:23:29.0814 1584 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:23:29.0814 1584 scfilter - ok
13:23:29.0860 1584 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
13:23:29.0876 1584 Schedule - ok
13:23:29.0923 1584 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:23:29.0923 1584 SCPolicySvc - ok
13:23:29.0954 1584 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:23:29.0954 1584 SDRSVC - ok
13:23:30.0016 1584 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
13:23:30.0016 1584 SeaPort - ok
13:23:30.0048 1584 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:23:30.0048 1584 secdrv - ok
13:23:30.0079 1584 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
13:23:30.0079 1584 seclogon - ok
13:23:30.0094 1584 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
13:23:30.0094 1584 SENS - ok
13:23:30.0110 1584 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:23:30.0110 1584 SensrSvc - ok
13:23:30.0126 1584 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:23:30.0126 1584 Serenum - ok
13:23:30.0157 1584 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:23:30.0157 1584 Serial - ok
13:23:30.0172 1584 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:23:30.0172 1584 sermouse - ok
13:23:30.0188 1584 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
13:23:30.0188 1584 SessionEnv - ok
13:23:30.0188 1584 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
13:23:30.0188 1584 sffdisk - ok
13:23:30.0188 1584 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:23:30.0188 1584 sffp_mmc - ok
13:23:30.0204 1584 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
13:23:30.0204 1584 sffp_sd - ok
13:23:30.0204 1584 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:23:30.0204 1584 sfloppy - ok
13:23:30.0266 1584 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
13:23:30.0282 1584 SftService - ok
13:23:30.0344 1584 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:23:30.0344 1584 SharedAccess - ok
13:23:30.0375 1584 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:23:30.0375 1584 ShellHWDetection - ok
13:23:30.0406 1584 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:23:30.0406 1584 SiSRaid2 - ok
13:23:30.0406 1584 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:23:30.0406 1584 SiSRaid4 - ok
13:23:30.0422 1584 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:23:30.0422 1584 Smb - ok
13:23:30.0453 1584 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:23:30.0453 1584 SNMPTRAP - ok
13:23:30.0469 1584 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:23:30.0469 1584 spldr - ok
13:23:30.0484 1584 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
13:23:30.0484 1584 Spooler - ok
13:23:30.0562 1584 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
13:23:30.0578 1584 sppsvc - ok
13:23:30.0594 1584 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:23:30.0594 1584 sppuinotify - ok
13:23:30.0625 1584 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:23:30.0625 1584 srv - ok
13:23:30.0640 1584 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:23:30.0656 1584 srv2 - ok
13:23:30.0687 1584 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:23:30.0687 1584 srvnet - ok
13:23:30.0718 1584 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:23:30.0718 1584 SSDPSRV - ok
13:23:30.0734 1584 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:23:30.0734 1584 SstpSvc - ok
13:23:30.0781 1584 [ 9547816FDFB53BF023D6DF57B42F8EDE ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
13:23:30.0781 1584 STacSV - ok
13:23:30.0812 1584 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:23:30.0812 1584 stexstor - ok
13:23:30.0859 1584 [ 0EED97162CBC151F072E2D36A3FDBF62 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
13:23:30.0859 1584 STHDA - ok
13:23:30.0906 1584 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
13:23:30.0906 1584 stisvc - ok
13:23:30.0952 1584 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:23:30.0952 1584 stllssvr - ok
13:23:30.0968 1584 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:23:30.0968 1584 swenum - ok
13:23:31.0015 1584 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:23:31.0015 1584 swprv - ok
13:23:31.0062 1584 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
13:23:31.0062 1584 SysMain - ok
13:23:31.0077 1584 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:23:31.0077 1584 TabletInputService - ok
13:23:31.0108 1584 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
13:23:31.0108 1584 TapiSrv - ok
13:23:31.0124 1584 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:23:31.0124 1584 TBS - ok
13:23:31.0186 1584 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:23:31.0233 1584 Tcpip - ok
13:23:31.0264 1584 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:23:31.0280 1584 TCPIP6 - ok
13:23:31.0296 1584 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:23:31.0296 1584 tcpipreg - ok
13:23:31.0327 1584 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:23:31.0327 1584 TDPIPE - ok
13:23:31.0342 1584 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:23:31.0342 1584 TDTCP - ok
13:23:31.0358 1584 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:23:31.0358 1584 tdx - ok
13:23:31.0389 1584 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:23:31.0389 1584 TermDD - ok
13:23:31.0436 1584 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
13:23:31.0436 1584 TermService - ok
13:23:31.0452 1584 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:23:31.0452 1584 Themes - ok
13:23:31.0467 1584 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:23:31.0467 1584 THREADORDER - ok
13:23:31.0483 1584 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:23:31.0483 1584 TrkWks - ok
13:23:31.0561 1584 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:23:31.0561 1584 TrustedInstaller - ok
13:23:31.0592 1584 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:23:31.0592 1584 tssecsrv - ok
13:23:31.0608 1584 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:23:31.0608 1584 tunnel - ok
13:23:31.0654 1584 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
13:23:31.0654 1584 TurboB - ok
13:23:31.0686 1584 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
13:23:31.0686 1584 TurboBoost - ok
13:23:31.0717 1584 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:23:31.0717 1584 uagp35 - ok
13:23:31.0732 1584 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:23:31.0748 1584 udfs - ok
13:23:31.0764 1584 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:23:31.0764 1584 UI0Detect - ok
13:23:31.0795 1584 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
13:23:31.0795 1584 uliagpkx - ok
13:23:31.0826 1584 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:23:31.0826 1584 umbus - ok
13:23:31.0842 1584 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:23:31.0842 1584 UmPass - ok
13:23:31.0966 1584 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:23:31.0982 1584 UNS - ok
13:23:31.0998 1584 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:23:31.0998 1584 upnphost - ok
13:23:32.0060 1584 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:23:32.0060 1584 usbaudio - ok
13:23:32.0076 1584 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:23:32.0076 1584 usbccgp - ok
13:23:32.0107 1584 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
13:23:32.0107 1584 usbcir - ok
13:23:32.0138 1584 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:23:32.0138 1584 usbehci - ok
13:23:32.0154 1584 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:23:32.0169 1584 usbhub - ok
13:23:32.0185 1584 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:23:32.0185 1584 usbohci - ok
13:23:32.0216 1584 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:23:32.0216 1584 usbprint - ok
13:23:32.0232 1584 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:23:32.0232 1584 usbscan - ok
13:23:32.0278 1584 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:23:32.0278 1584 USBSTOR - ok
13:23:32.0310 1584 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:23:32.0310 1584 usbuhci - ok
13:23:32.0341 1584 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:23:32.0341 1584 usbvideo - ok
13:23:32.0372 1584 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:23:32.0372 1584 UxSms - ok
13:23:32.0372 1584 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
13:23:32.0372 1584 VaultSvc - ok
13:23:32.0403 1584 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
13:23:32.0403 1584 vdrvroot - ok
13:23:32.0434 1584 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
13:23:32.0434 1584 vds - ok
13:23:32.0450 1584 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:23:32.0450 1584 vga - ok
13:23:32.0466 1584 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:23:32.0466 1584 VgaSave - ok
13:23:32.0481 1584 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
13:23:32.0481 1584 vhdmp - ok
13:23:32.0481 1584 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
13:23:32.0481 1584 viaide - ok
13:23:32.0497 1584 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
13:23:32.0497 1584 volmgr - ok
13:23:32.0512 1584 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:23:32.0512 1584 volmgrx - ok
13:23:32.0528 1584 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
13:23:32.0528 1584 volsnap - ok
13:23:32.0544 1584 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:23:32.0559 1584 vsmraid - ok
13:23:32.0622 1584 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
13:23:32.0622 1584 VSS - ok
13:23:32.0637 1584 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:23:32.0637 1584 vwifibus - ok
13:23:32.0653 1584 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:23:32.0653 1584 vwififlt - ok
13:23:32.0700 1584 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:23:32.0700 1584 vwifimp - ok
13:23:32.0746 1584 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:23:32.0746 1584 W32Time - ok
13:23:32.0762 1584 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:23:32.0762 1584 WacomPen - ok
13:23:32.0809 1584 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:23:32.0809 1584 WANARP - ok
13:23:32.0824 1584 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:23:32.0824 1584 Wanarpv6 - ok
13:23:32.0887 1584 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:23:32.0902 1584 WatAdminSvc - ok
13:23:32.0949 1584 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
13:23:32.0949 1584 wbengine - ok
13:23:32.0965 1584 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:23:32.0965 1584 WbioSrvc - ok
13:23:33.0012 1584 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:23:33.0012 1584 wcncsvc - ok
13:23:33.0027 1584 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:23:33.0027 1584 WcsPlugInService - ok
13:23:33.0058 1584 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:23:33.0058 1584 Wd - ok
13:23:33.0090 1584 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:23:33.0090 1584 Wdf01000 - ok
13:23:33.0105 1584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:23:33.0105 1584 WdiServiceHost - ok
13:23:33.0121 1584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:23:33.0121 1584 WdiSystemHost - ok
13:23:33.0136 1584 [ 94DC2BF6CBAAA95E369C3756D3115A76 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
13:23:33.0136 1584 wdkmd - ok
13:23:33.0168 1584 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
13:23:33.0183 1584 WebClient - ok
13:23:33.0214 1584 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:23:33.0214 1584 Wecsvc - ok
13:23:33.0230 1584 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:23:33.0230 1584 wercplsupport - ok
13:23:33.0246 1584 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:23:33.0246 1584 WerSvc - ok
13:23:33.0277 1584 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:23:33.0277 1584 WfpLwf - ok
13:23:33.0308 1584 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
13:23:33.0308 1584 WimFltr - ok
13:23:33.0339 1584 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:23:33.0339 1584 WIMMount - ok
13:23:33.0370 1584 WinDefend - ok
13:23:33.0370 1584 WinHttpAutoProxySvc - ok
13:23:33.0433 1584 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:23:33.0433 1584 Winmgmt - ok
13:23:33.0495 1584 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
13:23:33.0511 1584 WinRM - ok
13:23:33.0558 1584 [ 4D52C872018AF7E18D078978DCC3F6F2 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:23:33.0558 1584 WinUsb - ok
13:23:33.0604 1584 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:23:33.0620 1584 Wlansvc - ok
13:23:33.0682 1584 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:23:33.0682 1584 wlcrasvc - ok
13:23:33.0760 1584 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:23:33.0776 1584 wlidsvc - ok
13:23:33.0807 1584 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:23:33.0807 1584 WmiAcpi - ok
13:23:33.0838 1584 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:23:33.0838 1584 wmiApSrv - ok
13:23:33.0870 1584 WMPNetworkSvc - ok
13:23:33.0901 1584 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:23:33.0901 1584 WPCSvc - ok
13:23:33.0916 1584 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:23:33.0916 1584 WPDBusEnum - ok
13:23:33.0932 1584 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:23:33.0932 1584 ws2ifsl - ok
13:23:33.0994 1584 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
13:23:33.0994 1584 wscsvc - ok
13:23:34.0041 1584 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
13:23:34.0041 1584 WSDPrintDevice - ok
13:23:34.0041 1584 WSearch - ok
13:23:34.0135 1584 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:23:34.0150 1584 wuauserv - ok
13:23:34.0166 1584 [ C63907207B837A5C05CF6D1606AA0008 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:23:34.0166 1584 WudfPf - ok
13:23:34.0197 1584 [ D885A873D733020F8B9B9FF4B1666158 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:23:34.0197 1584 WUDFRd - ok
13:23:34.0228 1584 [ 27B9BEE5AAC00139E3A3AF5D6227A0DC ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:23:34.0228 1584 wudfsvc - ok
13:23:34.0244 1584 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:23:34.0244 1584 WwanSvc - ok
13:23:34.0275 1584 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
13:23:34.0275 1584 yukonw7 - ok
13:23:34.0306 1584 ================ Scan global ===============================
13:23:34.0338 1584 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:23:34.0369 1584 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
13:23:34.0369 1584 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
13:23:34.0400 1584 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:23:34.0431 1584 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:23:34.0431 1584 [Global] - ok
13:23:34.0431 1584 ================ Scan MBR ==================================
13:23:34.0447 1584 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:23:34.0696 1584 \Device\Harddisk0\DR0 - ok
13:23:34.0712 1584 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
13:23:34.0712 1584 \Device\Harddisk1\DR1 - ok
13:23:34.0712 1584 ================ Scan VBR ==================================
13:23:34.0728 1584 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
13:23:34.0728 1584 \Device\Harddisk0\DR0\Partition1 - ok
13:23:34.0743 1584 [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition2
13:23:34.0743 1584 \Device\Harddisk0\DR0\Partition2 - ok
13:23:34.0743 1584 [ 006D6FF19E3CCF448268FF94B439553F ] \Device\Harddisk1\DR1\Partition1
13:23:34.0743 1584 \Device\Harddisk1\DR1\Partition1 - ok
13:23:34.0743 1584 ============================================================
13:23:34.0743 1584 Scan finished
13:23:34.0743 1584 ============================================================
13:23:34.0759 0952 Detected object count: 0
13:23:34.0759 0952 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-19 13:31:45
-----------------------------
13:31:45.551 OS Version: Windows x64 6.1.7600
13:31:45.551 Number of processors: 4 586 0x2A07
13:31:45.551 ComputerName: CHERYL-PC UserName: cheryl
13:31:46.612 Initialize success
13:32:51.103 AVAST engine defs: 12101900
13:33:40.321 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:33:40.321 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
13:33:40.321 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007a
13:33:40.321 Disk 1 Vendor: Size: 476940MB BusType: 0
13:33:40.336 Disk 0 MBR read successfully
13:33:40.336 Disk 0 MBR scan
13:33:40.336 Disk 0 Windows 7 default MBR code
13:33:40.352 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
13:33:40.367 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
13:33:40.383 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
13:33:40.399 Disk 0 scanning C:\Windows\system32\drivers
13:33:48.417 Service scanning
13:34:47.697 Modules scanning
13:34:47.697 Disk 0 trace - called modules:
13:34:47.713 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
13:34:47.713 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80067af060]
13:34:47.728 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa80059959f0]
13:34:47.728 5 ACPI.sys[fffff88000f64769] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800599b050]
13:34:49.226 AVAST engine scan C:\Windows
13:34:53.001 AVAST engine scan C:\Windows\system32
13:37:26.895 AVAST engine scan C:\Windows\system32\drivers
13:37:43.790 AVAST engine scan C:\Users\cheryl
13:41:43.298 Disk 0 MBR has been saved successfully to "C:\Users\cheryl\Documents\MBR.dat"
13:41:43.298 The log file has been saved successfully to "C:\Users\cheryl\Documents\aswMBR.txt"
13:43:13.342 Disk 0 MBR has been saved successfully to "C:\Users\cheryl\Downloads\MBR.dat"
13:43:13.342 The log file has been saved successfully to "C:\Users\cheryl\Downloads\aswMBR.txt"


Gringo, I had no problems running either scan. Above are the log files.
Cheryl

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 19 October 2012 - 02:23 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\cheryl\AppData\Roaming\Biemko
c:\users\cheryl\AppData\Roaming\Syof
c:\users\cheryl\AppData\Roaming\Yhyhip
C:\4xTtG0TdfbgQERJ
c:\users\cheryl\AppData\Roaming\Ahbie
c:\users\cheryl\AppData\Roaming\Waumar
c:\users\cheryl\AppData\Roaming\Fahy
c:\users\cheryl\AppData\Roaming\Omedda
c:\users\cheryl\AppData\Roaming\Patyp
c:\progra~2\IMESHA~1

File::
c:\users\cheryl\AppData\Local\Adobe\acjeedsu.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 cazpez

cazpez
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 19 October 2012 - 03:38 PM

Here's the log - no errors while I ran it other than combo fix warning me that McAfee was still active. I'm going to reboot the system after this message and will NOT go back into Safe Mode. I'll let you know how that goes.

Cheryl

ComboFix 12-10-19.01 - cheryl 10/19/2012 16:29:45.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6051.4292 [GMT -4:00]
Running from: c:\users\cheryl\Downloads\ComboFix.exe
Command switches used :: c:\users\cheryl\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\cheryl\AppData\Local\Adobe\acjeedsu.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\4xTtG0TdfbgQERJ
c:\4xttg0tdfbgqerj\wndsksi.inf
c:\progra~2\IMESHA~1
c:\progra~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll
c:\progra~2\IMESHA~1\MediaBar\Datamngr\datamngrUI.exe
c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll
c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\datamngrUI.exe
c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\data\search\engines.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\data\search\search.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\imeshcode.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\about.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\dtxpanel.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\dtxwin.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\external.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\imeshcode.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\neterror.xhtml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\nsDragAndDrop.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\rsspreview.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\rsswin.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\rsswin.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\vmncode.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\modules\datastore.jsm
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\neterror.xhtml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\preferences.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\template.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\toolbar.htm
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\toolbar.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\vmncode.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\vmnrsswin.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.jsw
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\index.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\defscript.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\login.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.jsw
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\arrow-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-left.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-right.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\bg.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\powered-by-youtube.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\vid-bg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\youtube.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\index.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.3.2.min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.4.3.min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.autocomplete.min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.event.wheel.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.scrollTo-min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\youtube.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\bg.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\default.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\tab-off-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\tab-off-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\tab-on-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\tab-on-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\Thumbs.db
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\transparent.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right-resize.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\main.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts\defscript.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\tb_icon.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\widget.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\widget.jsw
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\widget.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\widget_version.txt
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\about_logo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\babylon_logo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\bluelite.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\bluesky.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-search-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-settings-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-settings.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-widgets-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-widgets.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn_settings.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\ca.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\dictionary.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\divider.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\downloadcom.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\dtxlogo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\ebay.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\ebay_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\email.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\email_on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\email_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\facebook.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\games.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred0.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred0_5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred1.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred1_5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred2.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred2_5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred3.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred3_5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred4.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred4_5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphredna.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\grey.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\ico-shield.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\icon_seperator_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\images.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\imesh.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\add.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\aol.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\blank.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btn-widgets.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btn_slider.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\checkmark.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\chevron.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\collapse.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\comcast.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\dtx.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\edit-back.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\expand.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\found.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\gmail.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\hotmail.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\ico-check.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\imap.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\lock.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\logo-separator.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\mailcom.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\modify.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\move.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\movetarget.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\main.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\games.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\scroll.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\pop.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\reload.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\remove.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\rename.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\resize-box.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\rss.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\scroll-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\scroll-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\search-go.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\template.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\yahoo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lichen.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo-about.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo-separator.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo_about_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo_over_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo_over_t_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo_t_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\mail.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\maps.bmp
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\menuseparatorback.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\modify-save.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\modify.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\modifyhot.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\music.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\news.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\options\options-main.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\options\options-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\options\options-weather.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\options\options-weather.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\options\options-widgets.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\orange.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\pixsy.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\protect-id.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\relatedlinks.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-collapse.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-delete.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-expand.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-feed.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-folder-remove.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-folder-rename.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-folder.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-found.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-reload.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-subscribe.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rssback.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rsstopback.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\search-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\search_button_over_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\search_button_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\settings.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\shopping.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\siteinfo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-bluelite.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-bluesky.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-lichen.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-orange.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-yellow.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\technorati.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\toolbarsplitter.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\translate.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\TRUSTe_about.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\video.bmp
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\vmn.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\vmn.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\weather.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\web.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\widgets-square-16px.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\wikipedia.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\yahoosearch.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\yellow.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\youtube.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\zoom.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\components\windowmediator.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshbandmltbpi.dll
c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
c:\progra~2\IMESHA~1\MediaBar\ToolBar\manifest.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\uninstall.exe
c:\progra~2\IMESHA~1\MediaBar\uninstall.exe
c:\users\cheryl\AppData\Local\Adobe\acjeedsu.dll
c:\users\cheryl\AppData\Roaming\Ahbie
c:\users\cheryl\AppData\Roaming\Biemko
c:\users\cheryl\AppData\Roaming\Fahy
c:\users\cheryl\AppData\Roaming\Omedda
c:\users\cheryl\AppData\Roaming\Patyp
c:\users\cheryl\AppData\Roaming\Patyp\yvnau.dat
c:\users\cheryl\AppData\Roaming\Syof
c:\users\cheryl\AppData\Roaming\Waumar
c:\users\cheryl\AppData\Roaming\Yhyhip
c:\users\cheryl\hosts
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-19 20:34 . 2012-10-19 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-19 20:34 . 2012-10-19 20:34 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-10-08 21:33 . 2012-10-08 21:33 -------- d-----w- c:\program files (x86)\mPlayer
2012-09-27 20:24 . 2012-04-20 20:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-09-20 19:22 . 2012-09-20 19:22 -------- d-----w- c:\program files (x86)\GUM9860.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-29 23:54 . 2012-07-16 23:23 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-28 39408]
"Facebook Update"="c:\users\cheryl\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-29 1089608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728]
R2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-10-19 274432]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-11-04 59904]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-15 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-31 1255736]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 19242567
*NewlyCreated* - ASWMBR
*Deregistered* - 19242567
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-122914055-1351590200-686546638-1001Core.job
- c:\users\cheryl\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-19 01:35]
.
2012-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-122914055-1351590200-686546638-1001UA.job
- c:\users\cheryl\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-19 01:35]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 16:29]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 16:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-20 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-20 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-20 418328]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-21 525312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://moneygram.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\2375942554036303: NameServer = 8.8.8.8
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\2375942554132333: NameServer = 8.8.8.8
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\2375942554433373: NameServer = 8.8.8.8
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\2377962756132333: NameServer = 8.8.8.8
TCP: Interfaces\{56E27965-99A4-40C1-897C-AE1AFADA3277}\E4544574541425: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\cheryl\AppData\Roaming\Mozilla\Firefox\Profiles\y7c1ac59.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://moneygram.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20121041,6902,0,54,0&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxp://moneygram.com/
FF - user.js: browser.startup.page - 1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Adobe - c:\users\cheryl\AppData\Local\Adobe\acjeedsu.dll

#10 cazpez

cazpez
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 19 October 2012 - 03:52 PM

Okay - reboot was succesful! No icons loaded on the desktop though. When I opened Firefox my browser has beem hijacked by MoneyGram.com. This had been the case even before the FBI virus though. I'm getting a flashing icon telling me that Java Auto Updater is requesting approval to make changes to the computer. I dismissed it for now. Everything else looks good!

Cheryl

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 19 October 2012 - 04:17 PM

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 cazpez

cazpez
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 19 October 2012 - 08:20 PM

Here is the 1st log. I will send the next one shortly.
Cheryl



AdwCleaner v2.005 - Logfile created 10/19/2012 at 21:12:44
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : cheryl - CHERYL-PC
# Boot Mode : Normal
# Running from : C:\Users\cheryl\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Users\cheryl\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\cheryl\AppData\LocalLow\imeshbandmltbpi
Folder Deleted : C:\Users\cheryl\AppData\LocalLow\mediabarim
Folder Deleted : C:\Users\cheryl\AppData\LocalLow\MyWebSearch

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\cheryl\AppData\Roaming\Mozilla\Firefox\Profiles\y7c1ac59.default\prefs.js

C:\Users\cheryl\AppData\Roaming\Mozilla\Firefox\Profiles\y7c1ac59.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8383 octets] - [19/10/2012 21:12:44]

########## EOF - C:\AdwCleaner[S1].txt - [8443 octets] ##########

#13 cazpez

cazpez
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 19 October 2012 - 08:28 PM

And here is the report(s) from Rogue Killer:


RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : cheryl [Admin rights]
Mode : Scan -- Date : 10/19/2012 21:23:54

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\cheryl\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\cheryl\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
--- User ---
[MBR] 2c66f29109684e65ae0c283cb27811e8
[BSP] 8013085e2af5d4aba8fd9a700ea8870e : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt







RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : cheryl [Admin rights]
Mode : Remove -- Date : 10/19/2012 21:25:33

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\cheryl\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\cheryl\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
--- User ---
[MBR] 2c66f29109684e65ae0c283cb27811e8
[BSP] 8013085e2af5d4aba8fd9a700ea8870e : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#14 cazpez

cazpez
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 19 October 2012 - 08:38 PM

I'm rebooting the computer after running the last 2 apps and I'm getting a blue screen with Windows 7 logo on the bottom and a message in the middle of the screen stating not to power off or unplug your machine Installing update xx of 20. I'm guessing this is an automated Windows update. I sure hope so. I'll let you know how the next reboot goes when its done. Thank you again for all of your time and help with this.
Cheryl

#15 cazpez

cazpez
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 19 October 2012 - 08:51 PM

Okay - reboot went the the same as before. The home page defaults to MoneyGram, Java Auto Updater is flashing wanting permission to update and I still have no icons on my desktop.

Cheryl




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users