Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ICE Moneypak virus has 3 three Safe Modes caught in a restart loop


  • This topic is locked This topic is locked
8 replies to this topic

#1 therooster42

therooster42

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 25 May 2013 - 06:30 PM

I loaded the Farbar Recovery Scan Tool for the 64 bit and this was the text document after the scan -

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2013 01
Ran by SYSTEM on 25-05-2013 17:46:11
Running from I:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [75064 2011-07-07] ()
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [968048 2012-02-01] ()
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295072 2012-12-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKU\Therooster7\...\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode [6129496 2011-01-12] (Logitech Inc.)
HKU\Therooster7\...\Run: [Google Update] "C:\Users\Therooster7\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-11-10] (Google Inc.)
HKU\Therooster7\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Therooster7\Documents\7d3eb149.exe [38400 2013-05-25] (Adobe Systems Incorporated)
HKU\Therooster7\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Therooster7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Messenger.lnk
ShortcutTarget: Yahoo! Messenger.lnk -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

==================== Services (Whitelisted) =================

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [73096 2012-09-14] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-25 17:45 - 2013-05-25 17:45 - 00000000 ____D C:\FRST
2013-05-25 06:08 - 2013-05-25 06:08 - 00833819 ____A C:\Users\Therooster7\Local Settings\Application Data\2433f433
2013-05-25 06:08 - 2013-05-25 06:08 - 00833819 ____A C:\Users\Therooster7\Local Settings\2433f433
2013-05-25 06:08 - 2013-05-25 06:08 - 00833819 ____A C:\Users\Therooster7\AppData\Local\2433f433
2013-05-25 06:08 - 2013-05-25 06:08 - 00833761 ____A C:\ProgramData\Application Data\2433f433
2013-05-25 06:08 - 2013-05-25 06:08 - 00833761 ____A C:\ProgramData\2433f433
2013-05-25 06:08 - 2013-05-25 06:08 - 00833750 ____A C:\Users\Therooster7\Application Data\2433f433
2013-05-25 06:08 - 2013-05-25 06:08 - 00833750 ____A C:\Users\Therooster7\AppData\Roaming\2433f433
2013-05-25 06:08 - 2013-05-25 06:08 - 00038400 ____A (Adobe Systems Incorporated) C:\Users\Therooster7\My Documents\7d3eb149.exe
2013-05-25 06:08 - 2013-05-25 06:08 - 00038400 ____A (Adobe Systems Incorporated) C:\Users\Therooster7\Documents\7d3eb149.exe
2013-05-24 22:45 - 2013-05-24 22:45 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-24 22:45 - 2013-05-24 22:45 - 00001847 ____A C:\ProgramData\Desktop\QuickTime Player.lnk
2013-05-24 22:45 - 2013-05-24 22:45 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-05-21 21:10 - 2013-05-21 21:10 - 01440846 ____A C:\Users\Therooster7\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-05-21 16:54 - 2013-05-21 16:54 - 00000000 ____D C:\Program Files\My Dell
2013-05-18 17:26 - 2013-05-18 17:26 - 00000091 ____A C:\Users\Therooster7\My Documents\objects.txt
2013-05-18 17:26 - 2013-05-18 17:26 - 00000091 ____A C:\Users\Therooster7\Documents\objects.txt
2013-05-18 17:25 - 2013-05-18 17:25 - 00026205 ____A C:\Users\Therooster7\Desktop\hs_err_pid9956.log
2013-05-17 21:52 - 2013-05-17 21:52 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-17 21:52 - 2013-05-17 21:52 - 00001785 ____A C:\ProgramData\Desktop\iTunes.lnk
2013-05-17 21:51 - 2013-05-17 21:52 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-17 21:51 - 2013-05-17 21:52 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-17 21:51 - 2013-05-17 21:52 - 00000000 ____D C:\Program Files\iTunes
2013-05-17 21:51 - 2013-05-17 21:52 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-17 21:51 - 2013-05-17 21:51 - 00000000 ____D C:\Program Files\iPod
2013-05-15 22:35 - 2013-05-15 22:35 - 00026487 ____A C:\Users\Therooster7\Desktop\hs_err_pid16852.log
2013-05-15 02:01 - 2013-04-05 01:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 02:01 - 2013-04-05 01:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 02:01 - 2013-04-05 01:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-15 02:01 - 2013-04-05 01:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 02:01 - 2013-04-05 01:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 02:01 - 2013-04-05 01:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 02:01 - 2013-04-05 01:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 02:01 - 2013-04-05 01:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 02:01 - 2013-04-05 01:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 02:01 - 2013-04-05 01:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 02:01 - 2013-04-05 01:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-15 02:01 - 2013-04-05 01:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-15 02:01 - 2013-04-05 01:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 02:01 - 2013-04-05 01:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-15 02:01 - 2013-04-05 00:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 02:01 - 2013-04-05 00:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 02:01 - 2013-04-05 00:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 02:01 - 2013-04-05 00:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 02:01 - 2013-04-05 00:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 02:01 - 2013-04-05 00:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 02:01 - 2013-04-05 00:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 02:01 - 2013-04-05 00:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 02:01 - 2013-04-05 00:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 02:01 - 2013-04-05 00:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-15 02:01 - 2013-04-05 00:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-15 02:01 - 2013-04-05 00:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 02:01 - 2013-04-05 00:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-15 02:01 - 2013-04-04 23:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 02:01 - 2013-04-04 23:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 02:01 - 2013-04-04 22:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-15 02:01 - 2013-04-04 22:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-14 22:38 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-14 22:38 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-14 22:38 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-14 22:38 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-14 22:38 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-14 22:38 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-14 22:38 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-14 22:38 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-14 22:38 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-14 22:38 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-14 22:38 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-14 22:38 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-14 22:38 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-14 22:38 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-01 02:59 - 2013-05-01 02:59 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2013-05-01 02:59 - 2013-05-01 02:59 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2013-04-28 06:31 - 2013-04-28 06:32 - 00000004 ____A C:\Users\Therooster7\Application Data\skype.ini
2013-04-28 06:31 - 2013-04-28 06:32 - 00000004 ____A C:\Users\Therooster7\AppData\Roaming\skype.ini

==================== One Month Modified Files and Folders =======

2013-05-25 17:45 - 2013-05-25 17:45 - 00000000 ____D C:\FRST
2013-05-25 07:29 - 2013-03-10 21:40 - 00003248 ____A C:\Windows\setupact.log
2013-05-25 07:29 - 2011-08-22 18:32 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-05-25 07:29 - 2011-08-22 18:22 - 01900644 ____A C:\Windows\WindowsUpdate.log
2013-05-25 07:29 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-25 07:05 - 2012-04-12 04:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-25 07:05 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-25 07:05 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-25 07:00 - 2011-08-30 20:41 - 00000000 ____D C:\users\Therooster7
2013-05-25 07:00 - 2011-08-22 18:48 - 00000000 ____D C:\ProgramData\Sonic
2013-05-25 07:00 - 2011-08-22 18:48 - 00000000 ____D C:\ProgramData\Application Data\Sonic
2013-05-25 06:57 - 2013-01-07 18:30 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3261295763-164987432-2291179314-1000UA.job
2013-05-25 06:49 - 2012-11-10 00:25 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-25 06:21 - 2012-11-10 00:25 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-25 06:15 - 2010-11-20 22:47 - 00054058 ____A C:\Windows\PFRO.log
2013-05-25 06:08 - 2013-05-25 06:08 - 00833819 ____A C:\Users\Therooster7\Local Settings\Application Data\2433f433
2013-05-25 06:08 - 2013-05-25 06:08 - 00833819 ____A C:\Users\Therooster7\Local Settings\2433f433
2013-05-25 06:08 - 2013-05-25 06:08 - 00833819 ____A C:\Users\Therooster7\AppData\Local\2433f433
2013-05-25 06:08 - 2013-05-25 06:08 - 00833761 ____A C:\ProgramData\Application Data\2433f433
2013-05-25 06:08 - 2013-05-25 06:08 - 00833761 ____A C:\ProgramData\2433f433
2013-05-25 06:08 - 2013-05-25 06:08 - 00833750 ____A C:\Users\Therooster7\Application Data\2433f433
2013-05-25 06:08 - 2013-05-25 06:08 - 00833750 ____A C:\Users\Therooster7\AppData\Roaming\2433f433
2013-05-25 06:08 - 2013-05-25 06:08 - 00038400 ____A (Adobe Systems Incorporated) C:\Users\Therooster7\My Documents\7d3eb149.exe
2013-05-25 06:08 - 2013-05-25 06:08 - 00038400 ____A (Adobe Systems Incorporated) C:\Users\Therooster7\Documents\7d3eb149.exe
2013-05-24 22:45 - 2013-05-24 22:45 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-24 22:45 - 2013-05-24 22:45 - 00001847 ____A C:\ProgramData\Desktop\QuickTime Player.lnk
2013-05-24 22:45 - 2013-05-24 22:45 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-05-24 22:42 - 2013-01-07 18:30 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3261295763-164987432-2291179314-1000Core.job
2013-05-24 04:41 - 2012-11-10 00:25 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-05-24 04:41 - 2012-11-10 00:25 - 00002185 ____A C:\ProgramData\Desktop\Google Chrome.lnk
2013-05-23 23:02 - 2011-09-11 20:14 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-05-23 20:13 - 2011-09-11 20:15 - 00001790 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-05-23 20:13 - 2011-09-11 20:15 - 00001790 ____A C:\ProgramData\Desktop\McAfee Total Protection.lnk
2013-05-23 02:53 - 2011-08-30 21:00 - 00000000 ____D C:\Users\Therooster7\Application Data\Adobe
2013-05-23 02:53 - 2011-08-30 21:00 - 00000000 ____D C:\Users\Therooster7\AppData\Roaming\Adobe
2013-05-22 23:02 - 2013-04-23 07:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-22 03:09 - 2011-08-22 18:55 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2013-05-22 03:09 - 2011-08-22 18:55 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2013-05-22 03:09 - 2011-08-22 18:55 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-05-22 03:09 - 2011-08-22 18:55 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2013-05-22 03:09 - 2011-08-22 18:55 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2013-05-22 03:09 - 2011-08-22 18:55 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-05-21 21:10 - 2013-05-21 21:10 - 01440846 ____A C:\Users\Therooster7\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-05-21 16:54 - 2013-05-21 16:54 - 00000000 ____D C:\Program Files\My Dell
2013-05-21 16:54 - 2011-08-22 18:44 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-21 16:53 - 2011-09-05 16:00 - 00000000 ____D C:\ProgramData\PCDr
2013-05-21 16:53 - 2011-09-05 16:00 - 00000000 ____D C:\ProgramData\Application Data\PCDr
2013-05-21 16:01 - 2011-11-01 22:41 - 00000000 ____D C:\Users\Therooster7\Downloads\V4
2013-05-20 20:01 - 2011-08-30 21:37 - 00000000 ____D C:\Users\Therooster7\Local Settings\Nero
2013-05-20 20:01 - 2011-08-30 21:37 - 00000000 ____D C:\Users\Therooster7\Local Settings\Application Data\Nero
2013-05-20 20:01 - 2011-08-30 21:37 - 00000000 ____D C:\Users\Therooster7\AppData\Local\Nero
2013-05-18 17:26 - 2013-05-18 17:26 - 00000091 ____A C:\Users\Therooster7\My Documents\objects.txt
2013-05-18 17:26 - 2013-05-18 17:26 - 00000091 ____A C:\Users\Therooster7\Documents\objects.txt
2013-05-18 17:25 - 2013-05-18 17:25 - 00026205 ____A C:\Users\Therooster7\Desktop\hs_err_pid9956.log
2013-05-18 06:55 - 2011-09-08 21:52 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-05-18 06:55 - 2011-09-08 21:52 - 00002021 ____A C:\ProgramData\Desktop\Adobe Reader X.lnk
2013-05-17 21:52 - 2013-05-17 21:52 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-17 21:52 - 2013-05-17 21:52 - 00001785 ____A C:\ProgramData\Desktop\iTunes.lnk
2013-05-17 21:52 - 2013-05-17 21:51 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-17 21:52 - 2013-05-17 21:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-17 21:52 - 2013-05-17 21:51 - 00000000 ____D C:\Program Files\iTunes
2013-05-17 21:52 - 2013-05-17 21:51 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-17 21:51 - 2013-05-17 21:51 - 00000000 ____D C:\Program Files\iPod
2013-05-15 22:37 - 2009-07-14 00:08 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-15 22:35 - 2013-05-15 22:35 - 00026487 ____A C:\Users\Therooster7\Desktop\hs_err_pid16852.log
2013-05-15 19:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-05-15 02:27 - 2009-07-13 23:45 - 02257392 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 02:06 - 2011-09-06 18:26 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 02:04 - 2009-07-14 00:13 - 00794098 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-14 20:14 - 2012-04-12 04:27 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 20:14 - 2011-08-22 18:24 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-13 02:52 - 2013-03-14 02:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-13 02:52 - 2013-01-07 18:05 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-05-13 02:52 - 2012-10-07 23:18 - 00000000 ____D C:\uninstall
2013-05-13 02:52 - 2012-05-02 04:25 - 00000000 ____D C:\Users\Therooster7\Local Settings\WinZip
2013-05-13 02:52 - 2012-05-02 04:25 - 00000000 ____D C:\Users\Therooster7\Local Settings\Application Data\WinZip
2013-05-13 02:52 - 2012-05-02 04:25 - 00000000 ____D C:\Users\Therooster7\AppData\Local\WinZip
2013-05-13 02:52 - 2012-05-02 04:25 - 00000000 ____D C:\Program Files\WinZip
2013-05-13 02:52 - 2012-04-21 19:52 - 00000000 ____D C:\Users\Therooster7\Application Data\Spotify
2013-05-13 02:52 - 2012-04-21 19:52 - 00000000 ____D C:\Users\Therooster7\AppData\Roaming\Spotify
2013-05-13 02:52 - 2012-02-18 19:05 - 00000000 ____D C:\Program Files (x86)\Safari
2013-05-13 02:52 - 2012-02-18 19:04 - 00000000 ____D C:\Program Files\Bonjour
2013-05-13 02:52 - 2011-09-23 15:19 - 00000000 ____D C:\ProgramData\Real
2013-05-13 02:52 - 2011-09-23 15:19 - 00000000 ____D C:\ProgramData\Application Data\Real
2013-05-13 02:52 - 2011-09-16 14:23 - 00000000 ___RD C:\THEROOSTER7-PC
2013-05-13 02:52 - 2011-09-11 20:15 - 00000000 __RSD C:\Users\Therooster7\My Documents\McAfee Vaults
2013-05-13 02:52 - 2011-09-11 20:15 - 00000000 __RSD C:\Users\Therooster7\Documents\McAfee Vaults
2013-05-13 02:52 - 2011-09-11 14:05 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-05-13 02:52 - 2011-09-11 14:05 - 00000000 ____D C:\ProgramData\Application Data\McAfee Security Scan
2013-05-13 02:52 - 2011-08-30 21:45 - 00000000 ____D C:\Program Files (x86)\Smith Micro
2013-05-13 02:52 - 2011-08-30 21:19 - 00000000 ___RD C:\Users\Therooster7\Desktop\MySyncUPFiles
2013-05-13 02:52 - 2011-08-22 20:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-05-13 02:52 - 2011-08-22 18:51 - 00000000 ____D C:\Program Files (x86)\Zinio Reader 4
2013-05-13 02:52 - 2011-08-22 18:49 - 00000000 ____D C:\ProgramData\McAfee
2013-05-13 02:52 - 2011-08-22 18:49 - 00000000 ____D C:\ProgramData\Application Data\McAfee
2013-05-13 02:52 - 2011-08-22 18:36 - 00000000 ____D C:\ProgramData\FLEXnet
2013-05-13 02:52 - 2011-08-22 18:36 - 00000000 ____D C:\ProgramData\Application Data\FLEXnet
2013-05-13 02:52 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-05-13 02:52 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\restore
2013-05-13 02:52 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-05-13 02:52 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-05-13 02:52 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-05-13 02:52 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-05-13 02:52 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-05-13 02:52 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-05-13 02:52 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-05-13 02:52 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-05-13 02:52 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-05-13 02:52 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2013-05-13 02:52 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-05-13 02:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-05-13 02:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2013-05-13 02:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
2013-05-13 02:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors
2013-05-13 02:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-05-13 02:52 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-05-13 02:52 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Services
2013-05-13 02:51 - 2013-03-14 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-05-13 02:51 - 2013-01-12 17:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-13 02:51 - 2012-05-03 19:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-13 02:51 - 2011-09-23 15:20 - 00000000 ____D C:\Program Files (x86)\Blinkx
2013-05-13 02:51 - 2011-09-13 16:52 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-05-13 02:51 - 2011-09-11 20:15 - 00000000 ____D C:\Program Files (x86)\McAfeeMOBK
2013-05-13 02:51 - 2011-09-11 20:15 - 00000000 ____D C:\Program Files (x86)\McAfee Online Backup
2013-05-13 02:51 - 2011-09-11 14:05 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-05-13 02:51 - 2011-09-01 17:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-05-13 02:51 - 2011-08-30 21:13 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-05-13 02:51 - 2011-08-30 20:58 - 00000000 ____D C:\FIND_EULA_PATH
2013-05-13 02:51 - 2011-08-22 18:43 - 00000000 ____D C:\Program Files (x86)\PlayReady
2013-05-13 02:51 - 2011-08-22 18:34 - 00000000 ____D C:\Program Files (x86)\Cozi Express
2013-05-13 02:51 - 2011-08-22 18:31 - 00000000 ____D C:\Program Files (x86)\Multimedia Card Reader(9106)
2013-05-13 02:51 - 2011-02-10 09:01 - 00000000 ____D C:\dell
2013-05-13 02:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-05-13 02:44 - 2011-09-01 17:22 - 00000000 ____D C:\Users\Therooster7\Application Data\SoftGrid Client
2013-05-13 02:44 - 2011-09-01 17:22 - 00000000 ____D C:\Users\Therooster7\AppData\Roaming\SoftGrid Client
2013-05-10 22:46 - 2011-11-26 19:38 - 00000179 ____A C:\Users\Public\Desktop\Get 3D Models.url
2013-05-10 22:46 - 2011-11-26 19:38 - 00000179 ____A C:\ProgramData\Desktop\Get 3D Models.url
2013-05-10 22:19 - 2011-09-01 21:48 - 00000000 ____D C:\Users\Therooster7\Application Data\Mozilla
2013-05-10 22:19 - 2011-09-01 21:48 - 00000000 ____D C:\Users\Therooster7\AppData\Roaming\Mozilla
2013-05-01 02:59 - 2013-05-01 02:59 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2013-05-01 02:59 - 2013-05-01 02:59 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2013-04-28 06:32 - 2013-04-28 06:31 - 00000004 ____A C:\Users\Therooster7\Application Data\skype.ini
2013-04-28 06:32 - 2013-04-28 06:31 - 00000004 ____A C:\Users\Therooster7\AppData\Roaming\skype.ini

ZeroAccess:
C:\Users\Therooster7\AppData\Local\{b91f654a-8686-b92a-f69f-e784e1b2aa7c}
C:\Users\Therooster7\AppData\Local\{b91f654a-8686-b92a-f69f-e784e1b2aa7c}\L
C:\Users\Therooster7\AppData\Local\{b91f654a-8686-b92a-f69f-e784e1b2aa7c}\U

Other Malware:
===========
C:\Users\Therooster7\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-05-25 06:51:20

==================== Memory info ===========================

Percentage of memory in use: 8%
Total physical RAM: 12270.45 MB
Available physical RAM: 11271.09 MB
Total Pagefile: 12268.64 MB
Available Pagefile: 11267.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1383.98 GB) (Free:983.9 GB) NTFS (Disk=0 Partition=3)
Drive i: () (Removable) (Total:0.24 GB) (Free:0.23 GB) FAT (Disk=1 Partition=1)
Drive j: (RECOVERY) (Fixed) (Total:13.25 GB) (Free:5.47 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows Vista) (Size: 1397 GB) (Disk ID: 75B8B001)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-712989736960) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 244 MB) (Disk ID: D4565F20)
Partition 1: (Active) - (Size=244 MB) - (Type=06)


Last Boot: 2013-05-25 06:44

==================== End Of Log ============================

 

 

if you need me to run it again, i can.



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:26 PM

Posted 25 May 2013 - 07:04 PM

Hi therooster42,

 

Welocme to the forum.

 

Please download Attached File  fixlist.txt   1.21KB   23 downloads
Save it to your flash drive.
Boot to System Recovery Options and select "Command Prompt".

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Also restart, let it boot normally and tell me how it went.

 



#3 therooster42

therooster42
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 25 May 2013 - 07:31 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2013 01
Ran by SYSTEM at 2013-05-25 20:24:25 Run:3
Running from I:\
Boot Mode: Recovery
==============================================

HKEY_USERS\Therooster7\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
C:\Users\Therooster7\Documents\7d3eb149.exe => Moved successfully.
HKEY_USERS\Therooster7\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Therooster7\Local Settings\Application Data\2433f433 => Moved successfully.
C:\Users\Therooster7\Local Settings\2433f433 => File/Directory not found.
C:\Users\Therooster7\AppData\Local\2433f433 => File/Directory not found.
C:\ProgramData\Application Data\2433f433 => Moved successfully.
C:\ProgramData\2433f433 => File/Directory not found.
C:\Users\Therooster7\Application Data\2433f433 => Moved successfully.
C:\Users\Therooster7\AppData\Roaming\2433f433 => File/Directory not found.
C:\Users\Therooster7\My Documents\7d3eb149.exe => File/Directory not found.
C:\Users\Therooster7\AppData\Local\{b91f654a-8686-b92a-f69f-e784e1b2aa7c} => Moved successfully.
C:\Users\Therooster7\AppData\Roaming\skype.ini => Moved successfully.

==== End of Fixlog ====

 

 

I have a desktop now.



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:26 PM

Posted 25 May 2013 - 07:44 PM

Great. :thumbup2:

 

Now please run FRST in normal mode. It makes two logs. Copy and paste the FRST.txt to your reply and attach the Additon.txt to your reply.



#5 therooster42

therooster42
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 25 May 2013 - 08:01 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2013 01
Ran by Therooster7 (administrator) on 25-05-2013 20:56:16
Running from I:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
(Google Inc.) C:\Users\Therooster7\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Core\mchost.exe
(Farbar) I:\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
HKCU\...\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode [6129496 2011-01-12] (Logitech Inc.)
HKCU\...\Run: [Google Update] "C:\Users\Therooster7\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-11-10] (Google Inc.)
MountPoints2: {87af1fc8-cd25-11e0-843c-806e6f6e6963} - D:\setup.exe
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [75064 2011-07-07] ()
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [968048 2012-02-01] ()
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295072 2012-12-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Therooster7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Messenger.lnk
ShortcutTarget: Yahoo! Messenger.lnk -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
HKCU SearchScopes: DefaultScope {C6221D7B-4838-4C0C-B15D-81E2B2F06D5B} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {C6221D7B-4838-4C0C-B15D-81E2B2F06D5B} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120621181433.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120621181433.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
PDF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://webvpn.progress-energy.com/CACHE/stc/3/binaries/vpnweb.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Therooster7\AppData\Roaming\Mozilla\Firefox\Profiles\xj1d4rto.default
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://www.msn.com/?pc=Z157&install_date=20110910
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Yahoo! Toolbar - C:\Users\Therooster7\AppData\Roaming\Mozilla\Firefox\Profiles\xj1d4rto.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: lahkwukxss - C:\Users\Therooster7\AppData\Roaming\Mozilla\Firefox\Profiles\xj1d4rto.default\Extensions\lahkwukxss@lahkwukxss.org.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Therooster7\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (Google Talk Plugin) - C:\Users\Therooster7\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Therooster7\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Therooster7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Therooster7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Therooster7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Therooster7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SiteAdvisor) - C:\Users\Therooster7\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0
CHR Extension: (RealDownloader) - C:\Users\Therooster7\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Gmail) - C:\Users\Therooster7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [73096 2012-09-14] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-25 20:54 - 2013-05-25 20:54 - 00001946 ____A C:\Users\Therooster7\Desktop\RKreport[2]_D_05252013_02d2054.txt
2013-05-25 20:51 - 2013-05-25 20:51 - 00001994 ____A C:\Users\Therooster7\Desktop\RKreport[1]_S_05252013_02d2051.txt
2013-05-25 20:49 - 2013-05-25 20:53 - 00000000 ____D C:\Users\Therooster7\Desktop\RK_Quarantine
2013-05-25 20:47 - 2013-05-25 12:13 - 00791040 ____A C:\Users\Therooster7\Desktop\RogueKillerX64.exe
2013-05-25 20:43 - 2013-05-25 20:44 - 00002976 ____A C:\AdwCleaner[S1].txt
2013-05-25 20:43 - 2013-05-25 20:43 - 00002906 ____A C:\AdwCleaner[R2].txt
2013-05-25 20:41 - 2013-05-25 20:41 - 00002760 ____A C:\AdwCleaner[R1].txt
2013-05-25 18:45 - 2013-05-25 18:45 - 00000000 ____D C:\FRST
2013-05-24 23:45 - 2013-05-24 23:45 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-24 23:45 - 2013-05-24 23:45 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-05-21 22:10 - 2013-05-21 22:10 - 01440846 ____A C:\Users\Therooster7\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-05-21 17:54 - 2013-05-21 17:54 - 00000000 ____D C:\Program Files\My Dell
2013-05-18 18:26 - 2013-05-18 18:26 - 00000091 ____A C:\Users\Therooster7\Documents\objects.txt
2013-05-18 18:25 - 2013-05-18 18:25 - 00026205 ____A C:\Users\Therooster7\Desktop\hs_err_pid9956.log
2013-05-17 22:52 - 2013-05-17 22:52 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-17 22:51 - 2013-05-17 22:52 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-17 22:51 - 2013-05-17 22:52 - 00000000 ____D C:\Program Files\iTunes
2013-05-17 22:51 - 2013-05-17 22:52 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-17 22:51 - 2013-05-17 22:51 - 00000000 ____D C:\Program Files\iPod
2013-05-15 23:35 - 2013-05-15 23:35 - 00026487 ____A C:\Users\Therooster7\Desktop\hs_err_pid16852.log
2013-05-15 03:01 - 2013-04-05 02:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 03:01 - 2013-04-05 02:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 03:01 - 2013-04-05 02:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-15 03:01 - 2013-04-05 02:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 03:01 - 2013-04-05 02:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 03:01 - 2013-04-05 02:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 03:01 - 2013-04-05 02:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 03:01 - 2013-04-05 02:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 03:01 - 2013-04-05 02:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 03:01 - 2013-04-05 02:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 03:01 - 2013-04-05 02:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-15 03:01 - 2013-04-05 02:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-15 03:01 - 2013-04-05 02:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 03:01 - 2013-04-05 02:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-15 03:01 - 2013-04-05 01:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 03:01 - 2013-04-05 01:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 03:01 - 2013-04-05 01:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 03:01 - 2013-04-05 01:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 03:01 - 2013-04-05 01:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 03:01 - 2013-04-05 01:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 03:01 - 2013-04-05 01:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 03:01 - 2013-04-05 01:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 03:01 - 2013-04-05 01:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 03:01 - 2013-04-05 01:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-15 03:01 - 2013-04-05 01:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-15 03:01 - 2013-04-05 01:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 03:01 - 2013-04-05 01:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-15 03:01 - 2013-04-05 00:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 03:01 - 2013-04-05 00:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 03:01 - 2013-04-04 23:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-15 03:01 - 2013-04-04 23:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-14 23:38 - 2013-04-10 02:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-14 23:38 - 2013-04-10 02:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-14 23:38 - 2013-04-09 23:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-14 23:38 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-14 23:38 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-14 23:38 - 2013-02-27 02:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-14 23:38 - 2013-02-27 01:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-14 23:38 - 2013-02-27 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-14 23:38 - 2013-02-27 01:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-14 23:38 - 2013-02-27 01:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-14 23:38 - 2013-02-27 00:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-14 23:38 - 2013-02-27 00:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-14 23:38 - 2013-02-27 00:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-14 23:38 - 2011-02-03 07:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-01 03:59 - 2013-05-01 03:59 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2013-05-01 03:59 - 2013-05-01 03:59 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts

==================== One Month Modified Files and Folders =======

2013-05-25 20:57 - 2013-01-07 19:30 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3261295763-164987432-2291179314-1000UA.job
2013-05-25 20:57 - 2013-01-07 19:30 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3261295763-164987432-2291179314-1000Core.job
2013-05-25 20:54 - 2013-05-25 20:54 - 00001946 ____A C:\Users\Therooster7\Desktop\RKreport[2]_D_05252013_02d2054.txt
2013-05-25 20:53 - 2013-05-25 20:49 - 00000000 ____D C:\Users\Therooster7\Desktop\RK_Quarantine
2013-05-25 20:52 - 2009-07-14 00:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-25 20:52 - 2009-07-14 00:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-25 20:51 - 2013-05-25 20:51 - 00001994 ____A C:\Users\Therooster7\Desktop\RKreport[1]_S_05252013_02d2051.txt
2013-05-25 20:50 - 2011-09-11 21:15 - 00001790 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-05-25 20:49 - 2012-11-10 01:25 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-25 20:49 - 2011-08-22 19:32 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-05-25 20:45 - 2013-03-10 22:40 - 00003584 ____A C:\Windows\setupact.log
2013-05-25 20:45 - 2012-11-10 01:25 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-25 20:45 - 2011-08-22 19:55 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-05-25 20:45 - 2011-08-22 19:55 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-05-25 20:45 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-25 20:44 - 2013-05-25 20:43 - 00002976 ____A C:\AdwCleaner[S1].txt
2013-05-25 20:44 - 2011-08-22 19:22 - 01927399 ____A C:\Windows\WindowsUpdate.log
2013-05-25 20:43 - 2013-05-25 20:43 - 00002906 ____A C:\AdwCleaner[R2].txt
2013-05-25 20:42 - 2011-08-30 22:37 - 00000000 ____D C:\Users\Therooster7\AppData\Local\Nero
2013-05-25 20:41 - 2013-05-25 20:41 - 00002760 ____A C:\AdwCleaner[R1].txt
2013-05-25 20:05 - 2012-04-12 05:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-25 18:45 - 2013-05-25 18:45 - 00000000 ____D C:\FRST
2013-05-25 12:13 - 2013-05-25 20:47 - 00791040 ____A C:\Users\Therooster7\Desktop\RogueKillerX64.exe
2013-05-25 08:00 - 2011-08-30 21:41 - 00000000 ____D C:\users\Therooster7
2013-05-25 08:00 - 2011-08-22 19:48 - 00000000 ____D C:\ProgramData\Sonic
2013-05-25 07:21 - 2011-09-11 21:14 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-05-25 07:15 - 2010-11-20 23:47 - 00054058 ____A C:\Windows\PFRO.log
2013-05-24 23:45 - 2013-05-24 23:45 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-24 23:45 - 2013-05-24 23:45 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-05-24 05:41 - 2012-11-10 01:25 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-05-23 03:53 - 2011-08-30 22:00 - 00000000 ____D C:\Users\Therooster7\AppData\Roaming\Adobe
2013-05-23 00:02 - 2013-04-23 08:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-21 22:10 - 2013-05-21 22:10 - 01440846 ____A C:\Users\Therooster7\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-05-21 17:54 - 2013-05-21 17:54 - 00000000 ____D C:\Program Files\My Dell
2013-05-21 17:54 - 2011-08-22 19:44 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-21 17:53 - 2011-09-05 17:00 - 00000000 ____D C:\ProgramData\PCDr
2013-05-21 17:01 - 2011-11-01 23:41 - 00000000 ____D C:\Users\Therooster7\Downloads\V4
2013-05-18 18:26 - 2013-05-18 18:26 - 00000091 ____A C:\Users\Therooster7\Documents\objects.txt
2013-05-18 18:25 - 2013-05-18 18:25 - 00026205 ____A C:\Users\Therooster7\Desktop\hs_err_pid9956.log
2013-05-18 07:55 - 2011-09-08 22:52 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-05-17 22:52 - 2013-05-17 22:52 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-17 22:52 - 2013-05-17 22:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-17 22:52 - 2013-05-17 22:51 - 00000000 ____D C:\Program Files\iTunes
2013-05-17 22:52 - 2013-05-17 22:51 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-17 22:51 - 2013-05-17 22:51 - 00000000 ____D C:\Program Files\iPod
2013-05-15 23:37 - 2009-07-14 01:08 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-15 23:35 - 2013-05-15 23:35 - 00026487 ____A C:\Users\Therooster7\Desktop\hs_err_pid16852.log
2013-05-15 20:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-05-15 03:27 - 2009-07-14 00:45 - 02257392 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 03:06 - 2011-09-06 19:26 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 03:04 - 2009-07-14 01:13 - 00794098 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-14 21:14 - 2012-04-12 05:27 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 21:14 - 2011-08-22 19:24 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-13 03:52 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-13 03:52 - 2013-01-07 19:05 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-05-13 03:52 - 2012-10-08 00:18 - 00000000 ____D C:\uninstall
2013-05-13 03:52 - 2012-05-02 05:25 - 00000000 ____D C:\Users\Therooster7\AppData\Local\WinZip
2013-05-13 03:52 - 2012-05-02 05:25 - 00000000 ____D C:\Program Files\WinZip
2013-05-13 03:52 - 2012-04-21 20:52 - 00000000 ____D C:\Users\Therooster7\AppData\Roaming\Spotify
2013-05-13 03:52 - 2012-02-18 20:05 - 00000000 ____D C:\Program Files (x86)\Safari
2013-05-13 03:52 - 2012-02-18 20:04 - 00000000 ____D C:\Program Files\Bonjour
2013-05-13 03:52 - 2011-09-23 16:19 - 00000000 ____D C:\ProgramData\Real
2013-05-13 03:52 - 2011-09-16 15:23 - 00000000 ___RD C:\THEROOSTER7-PC
2013-05-13 03:52 - 2011-09-11 21:15 - 00000000 __RSD C:\Users\Therooster7\Documents\McAfee Vaults
2013-05-13 03:52 - 2011-09-11 15:05 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-05-13 03:52 - 2011-08-30 22:45 - 00000000 ____D C:\Program Files (x86)\Smith Micro
2013-05-13 03:52 - 2011-08-30 22:19 - 00000000 ___RD C:\Users\Therooster7\Desktop\MySyncUPFiles
2013-05-13 03:52 - 2011-08-22 21:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-05-13 03:52 - 2011-08-22 19:51 - 00000000 ____D C:\Program Files (x86)\Zinio Reader 4
2013-05-13 03:52 - 2011-08-22 19:49 - 00000000 ____D C:\ProgramData\McAfee
2013-05-13 03:52 - 2011-08-22 19:36 - 00000000 ____D C:\ProgramData\FLEXnet
2013-05-13 03:52 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-05-13 03:52 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\System32\restore
2013-05-13 03:52 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-05-13 03:52 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-05-13 03:52 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-05-13 03:52 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-05-13 03:52 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-05-13 03:52 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-05-13 03:52 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-05-13 03:52 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-05-13 03:52 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-05-13 03:52 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2013-05-13 03:52 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-05-13 03:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-05-13 03:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\servicing
2013-05-13 03:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\IME
2013-05-13 03:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Cursors
2013-05-13 03:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-05-13 03:52 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-05-13 03:52 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Services
2013-05-13 03:51 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-05-13 03:51 - 2013-01-12 18:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-13 03:51 - 2012-05-03 20:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-13 03:51 - 2011-09-23 16:20 - 00000000 ____D C:\Program Files (x86)\Blinkx
2013-05-13 03:51 - 2011-09-13 17:52 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-05-13 03:51 - 2011-09-11 21:15 - 00000000 ____D C:\Program Files (x86)\McAfeeMOBK
2013-05-13 03:51 - 2011-09-11 21:15 - 00000000 ____D C:\Program Files (x86)\McAfee Online Backup
2013-05-13 03:51 - 2011-09-11 15:05 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-05-13 03:51 - 2011-09-01 18:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-05-13 03:51 - 2011-08-30 22:13 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-05-13 03:51 - 2011-08-30 21:58 - 00000000 ____D C:\FIND_EULA_PATH
2013-05-13 03:51 - 2011-08-22 19:43 - 00000000 ____D C:\Program Files (x86)\PlayReady
2013-05-13 03:51 - 2011-08-22 19:34 - 00000000 ____D C:\Program Files (x86)\Cozi Express
2013-05-13 03:51 - 2011-08-22 19:31 - 00000000 ____D C:\Program Files (x86)\Multimedia Card Reader(9106)
2013-05-13 03:51 - 2011-02-10 10:01 - 00000000 ____D C:\dell
2013-05-13 03:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-05-13 03:44 - 2011-09-01 18:22 - 00000000 ____D C:\Users\Therooster7\AppData\Roaming\SoftGrid Client
2013-05-10 23:46 - 2011-11-26 20:38 - 00000179 ____A C:\Users\Public\Desktop\Get 3D Models.url
2013-05-10 23:19 - 2011-09-01 22:48 - 00000000 ____D C:\Users\Therooster7\AppData\Roaming\Mozilla
2013-05-01 03:59 - 2013-05-01 03:59 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2013-05-01 03:59 - 2013-05-01 03:59 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-25 07:44

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2013 01
Ran by Therooster7 at 2013-05-25 20:57:17 Run:
Running from I:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe AIR (Version: 2.7.1.19610)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0.1)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader X (10.1.7) MUI (Version: 10.1.7)
Adobe Setup (Version: 1.0)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bing Bar (Version: 7.1.391.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
blinkx beat (Version: 1.5.0)
Blio (Version: 2.3.7140)
Bonjour (Version: 3.0.0.10)
CameraHelperMsi (Version: 13.50.854.0)
Centurion Poses (Version: ps_mo310_CenturionPoses)
Cisco AnyConnect VPN Client (Version: 2.3.0254)
Consumer In-Home Service Agreement (Version: 2.0.0)
Cozi (Version: 1.0.6505.38692)
D3DX10 (Version: 15.4.2368.0902)
DAZ 3D Install Manager 1 (Version: 1.0.0.112)
Dell DataSafe Local Backup - Support Software (Version: 9.4.60)
Dell DataSafe Local Backup (Version: 9.4.60)
Dell DataSafe Online (Version: 2.1.19634)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell MusicStage (Version: 1.5.201.0)
Dell PhotoStage (Version: 1.5.0.65)
Dell Stage (Version: 1.7.209.0)
Dell VideoStage  (Version: 1.2.0.1712)
DirectX 9 Runtime (Version: 1.00.0000)
DW WLAN Card (Version: 5.60.48.35)
erLT (Version: 1.20.138.34)
Google Chrome (Version: 27.0.1453.94)
Google Talk Plugin (Version: 3.19.1.13088)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
High-Definition Video Playback (Version: 7.3.10900.8.0)
iCloud (Version: 2.1.2.8)
Intel® Rapid Storage Technology (Version: 10.0.0.1046)
iTunes (Version: 11.0.3.42)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 15.4.3502.0922)
Logitech Vid HD (Version: 7.2 (7248))
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.50.854.0)
LWS Gallery (Version: 13.50.854.0)
LWS Help_main (Version: 13.50.862.0)
LWS Launcher (Version: 13.50.859.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.50.861.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Online Backup (Version: 1.16.4.0)
McAfee Security Scan Plus (Version: 3.0.318.3)
McAfee Total Protection (Version: 11.6.511)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Multimedia Card Reader (Version: 1.7.915.93)
My Dell (Version: 3.3.6261.27)
Nero 10 Movie ThemePack Basic (Version: 10.6.10000.1.0)
Nero Control Center 10 (Version: 10.6.13000.0.11)
Nero ControlCenter 10 Help (CHM) (Version: 10.2.10800)
Nero Core Components 10 (Version: 2.0.19800.9.10)
Nero Update (Version: 11.0.11800.31.0)
NVIDIA Display Control Panel (Version: 6.14.12.6716)
PDF Settings (Version: 1.0)
PhotoShowExpress (Version: 2.0.063)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poser Pro 2012 (Version: 9.0.0)
Poser Pro 7.0.4 Service Release
PoserContent2012 (Version: 9.0.0)
Queue Manager
QuickTime (Version: 7.74.80.86)
RBVirtualFolder64Inst (Version: 1.00.0000)
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer
RealPlayer (Version: 16.0.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6141)
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Safari (Version: 5.34.57.2)
Secure Download Manager (Version: 3.0.3)
Shared C Run-time for x64 (Version: 10.0.0)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Spotify (Version: 0.8.3.222.g317ab79d)
SyncUP (Version: 1.10.11100.8.106)
SyncUP (Version: 10.2.13500)
TeamViewer 7 (Version: 7.0.12189)
THX TruStudio PC (Version: 1.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
WD Diagnostics (Version: 1.09.0002)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinZip 16.5 (Version: 16.5.10095)
Yahoo! Detect
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zinio Reader 4 (Version: 4.2.4164)

==================== Restore Points  =========================

25-05-2013 11:50:50 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2013 08:47:46 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2c99c5ca-66d1-4e44-a827-31254cb421ff}

Error: (05/25/2013 08:47:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2013 08:29:04 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5c6d5bc7-bc5f-457f-a1ec-7c08a2941c54}

Error: (05/25/2013 08:28:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2013 07:52:08 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fb489873-a81b-415a-af2d-67ce1f26894e}

Error: (05/25/2013 07:51:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2013 08:00:37 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {09a2e9e4-07a2-4b7b-b299-347ab09869b9}

Error: (05/25/2013 07:59:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2013 07:46:54 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/25/2013 07:41:22 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The operation timed out


System errors:
=============
Error: (05/25/2013 08:43:31 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{3340D8BD-3EBB-4B1A-888D-4C96E5ADAE39}.
The backup browser is stopping.

Error: (05/25/2013 08:28:07 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (05/25/2013 08:27:37 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (05/25/2013 08:23:08 PM) (Source: Service Control Manager) (User: )
Description: The Server service terminated with the following error:
%%1062

Error: (05/25/2013 08:23:06 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error:
%%1069

Error: (05/25/2013 08:23:06 PM) (Source: Service Control Manager) (User: )
Description: The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/25/2013 08:06:59 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{3340D8BD-3EBB-4B1A-888D-4C96E5ADAE39}.
The backup browser is stopping.

Error: (05/25/2013 07:48:35 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
DfsC
discache
mfehidk
MOBKFilter
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
vwififlt
Wanarpv6
WfpLwf

Error: (05/25/2013 07:48:35 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:
%%1068

Error: (05/25/2013 07:48:35 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (05/25/2013 08:47:46 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2c99c5ca-66d1-4e44-a827-31254cb421ff}

Error: (05/25/2013 08:47:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2013 08:29:04 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5c6d5bc7-bc5f-457f-a1ec-7c08a2941c54}

Error: (05/25/2013 08:28:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2013 07:52:08 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fb489873-a81b-415a-af2d-67ce1f26894e}

Error: (05/25/2013 07:51:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2013 08:00:37 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {09a2e9e4-07a2-4b7b-b299-347ab09869b9}

Error: (05/25/2013 07:59:34 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2013 07:46:54 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (05/25/2013 07:41:22 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The operation timed out


CodeIntegrity Errors:
===================================
  Date: 2013-05-13 22:03:56.046
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-13 22:03:56.046
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-13 22:03:56.046
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-13 06:09:11.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-13 06:09:11.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-13 06:09:11.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-28 07:35:14.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-28 07:35:14.495
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-28 07:35:14.493
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-19 02:47:18.113
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 12270.45 MB
Available physical RAM: 9966.99 MB
Total Pagefile: 24539.07 MB
Available Pagefile: 21171.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1383.98 GB) (Free:983.71 GB) NTFS (Disk=0 Partition=3)
Drive i: () (Removable) (Total:0.24 GB) (Free:0.23 GB) FAT (Disk=1 Partition=1)
Drive y: (RECOVERY) (Fixed) (Total:13.25 GB) (Free:5.47 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows Vista) (Size: 1397 GB) (Disk ID: 75B8B001)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-712989736960) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 244 MB) (Disk ID: D4565F20)
Partition 1: (Active) - (Size=244 MB) - (Type=06)

==================== End Of Log ============================

Mod Edit: Moved topic from Windows7 to the Logs forum due to FRST logs. ~bloopie


Edited by bloopie, 25 May 2013 - 09:56 PM.


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:26 PM

Posted 26 May 2013 - 06:20 AM

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 in normal mode.
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
Note: If the tool warned you about the outdated version please download and run the updated version.

Attached Files


Edited by Farbar, 26 May 2013 - 06:20 AM.


#7 therooster42

therooster42
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 26 May 2013 - 01:56 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2013 01
Ran by Therooster7 at 2013-05-26 14:47:19 Run:4
Running from I:\
Boot Mode: Normal
==============================================

C:\Users\Therooster7\AppData\Roaming\Mozilla\Firefox\Profiles\xj1d4rto.default\Extensions\lahkwukxss@lahkwukxss.org.xpi => Moved successfully.

==== End of Fixlog ====



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:26 PM

Posted 26 May 2013 - 02:14 PM

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Check all the boxes.

  • Press "Scan".

  • It will create a log (FSS.txt) in the same directory the tool is run.

  • Please copy and paste the log to your reply.

 



#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:26 PM

Posted 04 June 2013 - 08:13 AM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users