Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroAccess rootkit?


  • This topic is locked This topic is locked
62 replies to this topic

#1 betthemortgage

betthemortgage

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 07 June 2013 - 05:04 PM

I have downloaded DDS, but it will not run on the infected computer. Briefly, here's a synopsis of my System setup and my multiple problems:

 

I am running Windows 7 SP1. Everything was fine until about a week ago when I started getting McAfee Firewall warnings. Yesterday, my attempts to turn the McAfee Firewall ON were unsucessful - it kept turning itself OFF. Shortly thereafter, the computer shut itself down and requested a reboot in safe mode. Since that time, any attempts to boot normally or boot with Safe Mode w/Network will cause the boot sequence to abort to blue screen within 5 minutes of the boot. Thus, on the affected PC, I have no internet access. I've read numerous articles from various sites (on my non-infected laptop) and I attempted to download (to USB) and run (via drag/drop to infected PC desktop) fix-it programs and/or diagnostics including McAfee's rootkitremover, stinger32, MVT; mbam, FSS, several "rkill" executables/com files, and FRST64. ALL of these programs would NOT launch except FRST64. As it stands right now, only a few of my programs will run such as msconfig, calc, and - strangely enough - McAfee AV. 

 

I have the FRST log and the Addition log. I noticed that in the FRST log, I have the following line:

 

C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

 

So, in a nutshell - big problems: firewall, internet, blue screens, can't run most applications!

 

Please advise as to what to do next! I'm completely stumped :(



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:40 PM

Posted 07 June 2013 - 06:43 PM

please post the FRST logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 betthemortgage

betthemortgage
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 07 June 2013 - 07:36 PM

Here's the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-06-2013 02
Ran by owner (administrator) on 07-06-2013 16:45:58
Running from F:\Misc
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee.com\agent\mcagent.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Microsoft Corporation) C:\Windows\system32\msconfig.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ==================

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex [247968 2011-11-07] (Adobe Systems, Inc.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKU\Administrator\...\Run: [StartUp This] "C:\Program Files (x86)\Laplink\PCmover\LaunchSt.exe" [251184 2009-10-02] (Laplink Software, Inc.)
HKU\Administrator\...\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade [516096 2010-11-20] (Microsoft Corporation)
HKU\new account\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-09-24] (Google Inc.)
AppInit_DLLs: avgrssta.dll [13048 2010-07-15] (AVG Technologies CZ, s.r.o.)
BootExecute: autocheck autochk * lsdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
URLSearchHook: (No Name) - {37153479-1976-43c3-a1ee-557513977b64} -  No File
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  No File
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=PSI&o=15116&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=L6&apn_dtid=YYYYYYS8US&apn_uid=790265C4-76D0-43A7-84CB-B38931BE4E7A&apn_sauid=24BBB719-D5C2-4294-BB73-18BD778F17F8
SearchScopes: HKCU - {60CB234A-1392-4C34-8E4B-BCE55F7D8E91} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110301184100.dll (McAfee, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110301184100.dll (McAfee, Inc.)
BHO-x32: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {37153479-1976-43C3-A1EE-557513977B64} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
DPF: HKLM-x32 {09C6CAC0-936E-40A0-BC26-707480103DC3} http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
DPF: HKLM-x32 {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15030/CTSUEng.cab
DPF: HKLM-x32 {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: HKLM-x32 {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
DPF: HKLM-x32 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.photobiz.com/global/uploader/24/ImageUploader5.cab
DPF: HKLM-x32 {61628958-4627-48F4-99FD-30719188568D} http://www.ifrontiers.com/ActiveX/XCheck.CAB
DPF: HKLM-x32 {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: HKLM-x32 {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
DPF: HKLM-x32 {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5141/mcfscan.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15030/CTPID.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928
DPF: HKLM-x32 {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler: ipp - No CLSID Value -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: msdaipp - No CLSID Value -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} -  No File
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: ipp - No CLSID Value -
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: sysimage - {76E67A63-06E9-11D2-A840-006008059382} -  No File
Handler-x32: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\Windows\SysWOW64\wiascr.dll (Microsoft Corporation)
ShellExecuteHooks-x32:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kwitvgvo.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DVDVideoSoftTB Toolbar - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kwitvgvo.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF Extension: BitTorrentBar Community Toolbar - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kwitvgvo.default\Extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF Extension: No Name - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kwitvgvo.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF Extension: No Name - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kwitvgvo.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=48
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=48"
CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2790392
CHR DefaultSuggestURL: (Conduit) - http://search.conduit.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Angry Birds) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (SiteAdvisor) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0
CHR Extension: (BitTorrentBar) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.15.10_0
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236968 2012-12-14] (Lavasoft Limited)
S2 AudioSrv; C:\Windows\SysWow64\Audiosrv.dll [42496 2004-08-04] (Microsoft Corporation)
S2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2010-07-15] (AVG Technologies CZ, s.r.o.)
S3 BITS; C:\Windows\SysWow64\qmgr.dll [382464 2004-08-04] (Microsoft Corporation)
S2 HPWJAService; C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe [45056 2011-02-03] (Hewlett-Packard Development Company, L.P.)
S2 HPWSProAdapter; C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\HP.Dss.App.WinService.exe [10240 2011-01-21] (Hewlett-Packard)
S2 LanmanServer; C:\Windows\SysWow64\srvsvc.dll [96768 2004-12-07] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [103472 2012-06-15] (McAfee, Inc.)
S2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-07-27] (Alcatel-Lucent)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [509416 2010-10-07] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [200056 2010-10-13] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [245352 2010-10-13] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [149032 2010-10-13] (McAfee, Inc.)
S2 MSSQL$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
S3 RasAuto; C:\Windows\SysWow64\rasauto.dll [89088 2004-08-04] (Microsoft Corporation)
S3 RasMan; C:\Windows\SysWow64\rasmans.dll [181248 2006-05-14] (Microsoft Corporation)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 Schedule; C:\Windows\SysWow64\schedsvc.dll [190976 2004-08-04] (Microsoft Corporation)
S4 SQLAgent$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S2 StarWindService; C:\Drive_F\Program Files\Alcohol 120\StarWind\StarWindService.exe [217600 2005-04-01] (Rocket Division Software)
S3 TermService; C:\Windows\SysWow64\termsrv.dll [295424 2004-08-04] (Microsoft Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
S2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [492600 2007-09-14] ()
S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
S2 wuauserv; C:\Windows\SysWow64\wuaueng.dll [1929952 2009-08-06] (Microsoft Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
S2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62800 2010-10-13] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121248 2010-10-13] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190136 2010-10-13] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441328 2010-10-13] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [529128 2010-10-13] (McAfee, Inc.)
S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75032 2010-10-13] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94864 2010-10-13] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2010-02-17] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2010-02-17] (McAfee, Inc.)
S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283360 2010-10-13] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-10-22] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-10-22] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S1 AvgLdx64; \SystemRoot\System32\Drivers\avgldx64.sys [x]
S1 AvgMfx64; \SystemRoot\System32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA; \SystemRoot\System32\Drivers\avgtdia.sys [x]
R0 gfibto; system32\drivers\gfibto.sys [x]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [x]
S3 NPF; system32\DRIVERS\npf.sys [x]
S0 PxHlpa64; System32\Drivers\PxHlpa64.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-07 16:44 - 2013-06-07 16:44 - 00000000 ____D C:\FRST
2013-06-07 15:47 - 2013-06-07 15:43 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\owner\Desktop\WiNlOgOn.exe
2013-06-07 15:47 - 2013-06-07 15:43 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\owner\Desktop\uSeRiNiT.exe
2013-06-07 15:47 - 2013-06-07 15:43 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\owner\Desktop\rkill.scr
2013-06-07 15:47 - 2013-06-07 15:42 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\owner\Desktop\rkill.exe
2013-06-07 15:47 - 2013-06-07 15:42 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\owner\Desktop\rkill.com
2013-06-07 15:28 - 2013-06-07 15:28 - 00000000 ____D C:\Users\owner\Desktop\Fix it portable
2013-06-07 15:28 - 2013-06-07 14:46 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\owner\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-07 15:27 - 2013-06-07 14:25 - 11279904 ____A (McAfee Inc) C:\Users\owner\Desktop\stinger32.exe
2013-06-07 15:27 - 2013-06-07 14:23 - 00551408 ____A (McAfee, Inc.) C:\Users\owner\Desktop\rootkitremover.exe
2013-05-29 15:20 - 2013-05-29 15:20 - 00019840 ____H C:\Users\owner\Documents\~WRL2406.tmp
2013-05-14 18:03 - 2013-05-14 18:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\GoPro
2013-05-12 12:39 - 2013-06-07 14:29 - 00000000 ____D C:\Users\owner\AppData\Local\GoPro
2013-05-12 12:31 - 2013-05-12 12:32 - 00000000 ____D C:\Users\Public\CineForm
2013-05-12 12:30 - 2013-05-12 12:31 - 00000000 ____D C:\Program Files (x86)\GoPro

==================== One Month Modified Files and Folders =======

2013-06-07 16:46 - 2012-11-26 04:03 - 00000000 ____D C:\users\UpdatusUser.owner-PC
2013-06-07 16:44 - 2013-06-07 16:44 - 00000000 ____D C:\FRST
2013-06-07 16:20 - 2009-11-19 20:08 - 00000000 ____D C:\Windows\pss
2013-06-07 15:43 - 2013-06-07 15:47 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\owner\Desktop\WiNlOgOn.exe
2013-06-07 15:43 - 2013-06-07 15:47 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\owner\Desktop\uSeRiNiT.exe
2013-06-07 15:43 - 2013-06-07 15:47 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\owner\Desktop\rkill.scr
2013-06-07 15:42 - 2013-06-07 15:47 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\owner\Desktop\rkill.exe
2013-06-07 15:42 - 2013-06-07 15:47 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\owner\Desktop\rkill.com
2013-06-07 15:28 - 2013-06-07 15:28 - 00000000 ____D C:\Users\owner\Desktop\Fix it portable
2013-06-07 15:25 - 2009-07-14 01:13 - 00837962 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-07 15:10 - 2011-11-03 06:00 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-07 15:10 - 2011-04-17 09:48 - 00000000 ____D C:\users\owner
2013-06-07 15:10 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-07 15:09 - 2009-07-14 00:51 - 34947215 ____A C:\Windows\setupact.log
2013-06-07 15:04 - 2013-01-12 09:39 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-06-07 15:04 - 2012-11-26 04:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-06-07 15:04 - 2012-11-18 04:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-07 15:04 - 2012-09-22 16:06 - 00000000 ____D C:\Program Files (x86)\Free YouTube to MP3 Converter Studio
2013-06-07 15:04 - 2012-07-01 15:30 - 00000000 ____D C:\users\new account
2013-06-07 15:04 - 2012-05-13 22:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-07 15:04 - 2011-11-28 18:12 - 00000000 ____D C:\ProgramData\ArcSoft
2013-06-07 15:04 - 2011-04-17 09:48 - 00000000 ____D C:\users\Administrator
2013-06-07 15:04 - 2010-09-26 10:08 - 00000000 ____D C:\Users\owner\Desktop\Shannen's Folder
2013-06-07 15:04 - 2010-05-23 17:50 - 00000000 ___RD C:\Users\owner\Documents\My Dropbox
2013-06-07 15:04 - 2009-11-20 10:12 - 00000000 ____D C:\Windows\System32\Drivers\Avg
2013-06-07 15:04 - 2009-11-19 22:38 - 00000000 ____D C:\Users\owner\AppData\Roaming\ArcSoft
2013-06-07 15:04 - 2009-11-19 20:02 - 00000000 ____D C:\ProgramData\pdf995
2013-06-07 15:04 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-06-07 15:04 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-06-07 15:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-06-07 15:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-07 15:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\L2Schemas
2013-06-07 15:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2013-06-07 15:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-06-07 15:04 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-07 15:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-06-07 14:59 - 2010-05-23 17:48 - 00000000 ____D C:\Users\owner\AppData\Roaming\Dropbox
2013-06-07 14:57 - 2009-11-24 19:33 - 00000000 __RHD C:\MSOCache
2013-06-07 14:46 - 2013-06-07 15:28 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\owner\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-07 14:29 - 2013-05-12 12:39 - 00000000 ____D C:\Users\owner\AppData\Local\GoPro
2013-06-07 14:25 - 2013-06-07 15:27 - 11279904 ____A (McAfee Inc) C:\Users\owner\Desktop\stinger32.exe
2013-06-07 14:23 - 2013-06-07 15:27 - 00551408 ____A (McAfee, Inc.) C:\Users\owner\Desktop\rootkitremover.exe
2013-06-06 17:41 - 2005-09-01 20:37 - 01682432 __ASH C:\Users\owner\Desktop\Thumbs.db
2013-06-06 17:31 - 2010-11-18 19:16 - 00000000 ____D C:\Users\owner\Documents\Outlook Files
2013-06-05 23:28 - 2009-07-14 00:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-05 23:28 - 2009-07-14 00:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-05 23:14 - 2009-11-10 16:56 - 00059488 ____A C:\aaw7boot.log
2013-06-04 17:14 - 2012-09-22 16:06 - 00000000 ____D C:\Users\owner\AppData\Roaming\Free YouTube to MP3 Converter Studio
2013-05-29 15:20 - 2013-05-29 15:20 - 00019840 ____H C:\Users\owner\Documents\~WRL2406.tmp
2013-05-28 10:22 - 2005-08-03 12:26 - 58266624 ___RA C:\Users\Public\Documents\ESBK.mbb
2013-05-28 10:22 - 2005-08-03 12:26 - 30925824 ___RA C:\Users\Public\Documents\ESBK.mb
2013-05-14 18:03 - 2013-05-14 18:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\GoPro
2013-05-12 12:32 - 2013-05-12 12:31 - 00000000 ____D C:\Users\Public\CineForm
2013-05-12 12:31 - 2013-05-12 12:30 - 00000000 ____D C:\Program Files (x86)\GoPro

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-337769825-2638339337-1360003580-1000\$2363e6bea9b3a76ad89f19803c82c2cd

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$2363e6bea9b3a76ad89f19803c82c2cd

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!

Last Boot: 2013-06-03 00:54

==================== End Of Log ============================

 

And here's the Addition log ...

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-06-2013 02
Ran by owner at 2013-06-07 16:46:58 Run:
Running from F:\Misc
Boot Mode: Safe Mode (minimal)
==========================================================

==================== Installed Programs =======================

#1 DVD Ripper 4.3 (Version: 4.3)
123 Free Solitaire 2009 v7.0
2011 Draft Cruncher (Version: 5.01)
2012 Draft Cruncher (Version: 5.02)
7-Zip 4.42
A1 DVD Ripper Professional V1.1.11
Acoustica CD/DVD Label Maker
Acronis True Image Home (Version: 11.0.8027)
Ad-Aware Antivirus (Version: 10.4.49.4168)
Ad-Aware Browsing Protection (Version: 1.0.1.82)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152)
Adobe Flash Player Plugin (Version: 9.0.47.0)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Photoshop Elements (Version: 1.0)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Advertising Center (Version: 0.0.0.1)
Amazon Games & Software Downloader (Version: 2.0.2.0)
Amazon MP3 Downloader 1.0.5
AM-DeadLink
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoBase
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations (Version: 2.8.255.384)
ArcSoft Software Suite
Ask Toolbar (Version: 1.11.3.0)
AT&T Self Support Tool
AT&T Service & Support Tool
Atlantis (Version: 1.50)
Audible Download Manager (Version: 4.6.0006)
AVCWare Ringtone Maker (Version: 2.0.4.0323)
AVG Free 9.0
Bing Rewards Client Installer (Version: 16.0.345.0)
BitTorrent (Version: 7.6.0)
BitTorrentBar Toolbar (Version: 6.8.5.1)
Bonjour (Version: 3.0.0.10)
Canon PhotoRecord
Canon ScanGear Toolbox 3.1
CCScore (Version: 8.02.0000.0001)
CDDRV_Installer (Version: 4.60)
CompanionLink (Version: 5.00.5000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Daniusoft Media Converter Pro(Build 2.6.2.1)
DeductionPro 2008 (Version: 16.04)
DeductionPro 2009 (Version: 17.04)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Movie Studio Diagnostics (Version: 1.50)
DiskAid 5.3 (Version: 5.3)
DolbyFiles (Version: 0.1)
Dropbox (Version: 1.6.18)
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
DVDSentry (Version: 1.00.0001)
EasyCleaner (Version: 2.0.6.380)
erLT (Version: 1.20.137.31)
ESSBrwr (Version: 8.02.0000.0001)
ESSCDBK (Version: 8.03.0000.0001)
ESScore (Version: 8.03.0000.0001)
ESSgui (Version: 8.03.0000.0001)
ESSini (Version: 8.02.0000.0001)
ESSPCD (Version: 8.02.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 8.00.0000.0001)
EuroTalk Talk Now! (Version: 2.2.5.1)
Family Feud: Battle of the Sexes
Free M4a to MP3 Converter 7.1
Free YouTube to MP3 Converter Studio 7.2
Garmin WebUpdater (Version: 2.4.1.1)
GizmoRip version 3.007
Google Chrome (Version: 26.0.1410.64)
Google Earth (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
H&R Block Deluxe + Efile + State 2009 (Version: 09.04.6401)
H&R Block Deluxe + Efile + State 2010 (Version: 10.04.6402)
H&R Block Deluxe + Efile + State 2011 (Version: 11.05.6901)
H&R Block Deluxe + Efile + State 2012 (Version: 12.05.7803)
H&R Block Georgia 2009 (Version: 1.09.2101)
H&R Block Georgia 2010 (Version: 1.10.1401)
H&R Block Georgia 2011 (Version: 1.11.2001)
H&R Block Georgia 2012 (Version: 1.12.3201)
H&R Block Oregon 2012 (Version: 1.12.3201)
HL-2270DW (Version: 1.0.7.0)
HP Download Manager
HP Web Jetadmin 10.2 (Version: 10.02.0003)
ieSpell (Version: 2.5.1 (build 106))
ImagXpress (Version: 7.0.74.0)
InfraRecorder
iPod Agent 1.1.2.0 (Version: 1.1.2.0)
iPod for Windows 2005-11-17 (Version: 4.7.0)
iPod for Windows 2006-03-23 (Version: 4.7.0)
iPod Updater 2004-11-15 (Version: 1.0)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
KhalInstallWrapper (Version: 4.60.122)
Kodak EasyShare software
LightScribe System Software (Version: 1.18.8.1)
Logitech SetPoint (Version: 4.60)
LoveMusic iPod transfer
MarkelSoft Media Finder for iTunes 2.1
McAfee SecurityCenter (Version: 10.5.227)
MediaJoin
MediaJoin (Version: 2.0)
MediaMonkey 4.0 (Version: 4.0)
Menu Templates - Starter Kit (Version: 9.4.2.0)
meta-iPod, the iTunes Cleaner 1.8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Data Access Components KB870669
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Runtime (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Picture It! Photo 7.0 (Version: 7.0.0.0000)
Microsoft PowerPoint Viewer 97
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.3.5500.0)
Microsoft SQL Server VSS Writer (Version: 10.3.5500.0)
Microsoft UI Engine (Version: 6.3.2348.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works 2003 Setup Launcher
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Monster Central Control Software 7 (Version: 7.2.0.9)
Movie Templates - Starter Kit (Version: 9.4.2.0)
Mp3tag v2.49b (Version: v2.49b)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyDVD
Nero 9 Essentials
Nero BurnRights (Version: 3.4.11.100)
Nero BurnRights Help (Version: 3.4.4.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.9.100)
Nero CoverDesigner Help (Version: 4.4.9.100)
Nero DiscSpeed (Version: 5.4.11.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.11.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.6.2.101)
Nero InfoTool (Version: 6.4.11.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero ShowTime (Version: 5.4.0.100)
Nero ShowTime (Version: 5.4.13.100)
Nero StartSmart (Version: 9.4.12.100)
Nero StartSmart Help (Version: 9.4.12.100)
Nero Vision (Version: 6.4.12.100)
Nero Vision Help (Version: 6.4.8.100)
NeroExpress (Version: 9.4.17.100)
neroxml (Version: 1.0.0)
netbrdg (Version: 7.01.0000.0001)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (Version: 1.03.000)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OfotoXMI (Version: 8.03.0000.0001)
Outlaws  (Version: )
PartyPoker
PCmover Professional (Version: 5.00.615.0)
PDF Settings CS5 (Version: 10.0)
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
PhotoMAX 2.0
Picasa 3 (Version: 3.9)
PowerDVD
QuickTime (Version: 7.72.80.56)
RealOne Player
RotoWire Baseball Software 2011
Roxio VideoWave Movie Creator (Version: 1.6.676.0)
Safari (Version: 4.31.9.1)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (Version: 10.3.5500.0)
SFR (Version: 8.01.0000.0001)
SHASTA (Version: 7.01.0000.0001)
ShopAtHome.com Helper (Version: 7.0.2.0)
ShowBiz
skin0001 (Version: 8.02.0000.0001)
SKINXSDK (Version: 8.02.0000.0001)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0)
staticcr (Version: 8.02.0000.0001)
Super DVD Creator 8.0
Tag&Rename 3.5.7 (Version: 3.5.7)
TaxCut Deluxe 2005
TaxCut Premium + State + Efile 2008 (Version: 08.07.6201)
TeamViewer 5 (Version: 5.0.7687 )
TerraExplorer (Version: 5.0.1)
TMPGEnc Plus 2.5 (Version: 2.524.63.181)
TuneUp Utilities 2007 (Version: 6.0.2311)
Ulead VideoStudio version 4.0 SE Basic
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
V1 Home 2.0 (Version: 2.00.42)
V1 Professional Version 5.5 (Version: 5.50.039)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
VLC media player 1.1.9 (Version: 1.1.9)
VPRINTOL (Version: 8.02.0000.0001)
Vuze (Version: 4.7)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
Windows XP Mode (Version: 1.3.7600.16423)
WinZip (Version:  9.0  BETA (5611))
WinZip Self-Extractor
WIRELESS (Version: 8.02.0000.0001)
World Timetable
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==================== Restore Points  =========================

02-04-2013 19:00:13 Windows Backup
10-04-2013 04:00:01 Scheduled Checkpoint
11-04-2013 07:00:14 Windows Update
13-04-2013 07:00:21 Windows Update
21-04-2013 07:18:59 Scheduled Checkpoint
24-04-2013 07:00:10 Windows Update
02-05-2013 04:00:14 Scheduled Checkpoint
02-05-2013 19:00:02 Windows Backup
10-05-2013 05:21:18 Scheduled Checkpoint
12-05-2013 16:31:08 Device Driver Package Install: GoPro
15-05-2013 07:00:16 Windows Update
23-05-2013 04:00:16 Scheduled Checkpoint
31-05-2013 04:00:02 Scheduled Checkpoint
02-06-2013 19:00:06 Windows Backup
05-06-2013 07:00:12 Windows Update

==================== Faulty Device Manager Devices =============

Name: McAfee Inc. mfehidk
Description: McAfee Inc. mfehidk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfehidk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/07/2013 03:19:34 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: .

Error: (06/07/2013 02:52:52 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Windows Backup). Additional information: .

Error: (06/07/2013 02:46:53 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Windows Backup). Additional information: .

Error: (06/07/2013 01:48:51 PM) (Source: MSSQL$HPWJA) (User: )
Description: FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\DATA\tempdb.mdf for file number 1.  OS error: 32(The process cannot access the file because it is being used by another process.).

Error: (06/06/2013 02:09:05 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/05/2013 11:14:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: HP.Dss.App.WinService.exe, version: 4.91.0.0, time stamp: 0x4d394bc4
Faulting module name: mscorwks.dll, version: 2.0.50727.5466, time stamp: 0x503f0115
Exception code: 0xc0000005
Fault offset: 0x00035398
Faulting process id: 0x%9
Faulting application start time: 0xHP.Dss.App.WinService.exe0
Faulting application path: HP.Dss.App.WinService.exe1
Faulting module path: HP.Dss.App.WinService.exe2
Report Id: HP.Dss.App.WinService.exe3

Error: (06/05/2013 11:14:41 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.5466 - Fatal Execution Engine Error (7186EF72) (80131506)

Error: (06/05/2013 03:29:30 AM) (Source: Application Error) (User: )
Description: Faulting application name: HP.Dss.App.WinService.exe, version: 4.91.0.0, time stamp: 0x4d394bc4
Faulting module name: mscorwks.dll, version: 2.0.50727.5466, time stamp: 0x503f0115
Exception code: 0xc0000005
Fault offset: 0x00035398
Faulting process id: 0x%9
Faulting application start time: 0xHP.Dss.App.WinService.exe0
Faulting application path: HP.Dss.App.WinService.exe1
Faulting module path: HP.Dss.App.WinService.exe2
Report Id: HP.Dss.App.WinService.exe3

Error: (06/05/2013 03:29:30 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.5466 - Fatal Execution Engine Error (7364EF72) (80131506)

Error: (06/05/2013 03:00:23 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Windows Defender since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

System errors:
=============
Error: (06/07/2013 04:46:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (06/07/2013 04:46:16 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (06/07/2013 04:45:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (06/07/2013 04:45:16 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (06/07/2013 04:44:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (06/07/2013 04:44:16 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (06/07/2013 04:44:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (06/07/2013 04:43:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (06/07/2013 04:43:16 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (06/07/2013 04:42:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (06/07/2013 03:19:34 PM) (Source: System Restore)(User: )
Description: Scheduled Checkpoint

Error: (06/07/2013 02:52:52 PM) (Source: System Restore)(User: )
Description: Windows Backup

Error: (06/07/2013 02:46:53 PM) (Source: System Restore)(User: )
Description: Windows Backup

Error: (06/07/2013 01:48:51 PM) (Source: MSSQL$HPWJA)(User: )
Description: FCB::Open failedC:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\DATA\tempdb.mdf132(The process cannot access the file because it is being used by another process.)

Error: (06/06/2013 02:09:05 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/05/2013 11:14:41 PM) (Source: Application Error)(User: )
Description: HP.Dss.App.WinService.exe4.91.0.04d394bc4mscorwks.dll2.0.50727.5466503f0115c000000500035398

Error: (06/05/2013 11:14:41 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.5466 - Fatal Execution Engine Error (7186EF72) (80131506)

Error: (06/05/2013 03:29:30 AM) (Source: Application Error)(User: )
Description: HP.Dss.App.WinService.exe4.91.0.04d394bc4mscorwks.dll2.0.50727.5466503f0115c000000500035398

Error: (06/05/2013 03:29:30 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.5466 - Fatal Execution Engine Error (7364EF72) (80131506)

Error: (06/05/2013 03:00:23 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Windows Defender since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

CodeIntegrity Errors:
===================================
  Date: 2013-06-07 15:10:08.427
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-07 14:35:17.618
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-07 13:46:04.207
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-06 21:02:18.925
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-06 20:39:21.030
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-06 20:31:26.875
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-06 20:12:12.059
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-06 19:55:55.985
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-06 19:26:32.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-06 18:09:55.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 8183.12 MB
Available physical RAM: 7102.43 MB
Total Pagefile: 16364.42 MB
Available Pagefile: 15312.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:78.06 GB) NTFS (Disk=0 Partition=2)
Drive e: (Iomega 2TB Backup Drive) (Fixed) (Total:1863.01 GB) (Free:719.37 GB) NTFS (Disk=1 Partition=1)
Drive f: (kec ntfs 16g) (Removable) (Total:14.91 GB) (Free:13.15 GB) NTFS (Disk=2 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5B8B04B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: EE109927)
Partition 1: (Not Active) - (Size=-198626966528) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 15 GB) (Disk ID: 67FF90B6)
Partition 1: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Thanks for the help and support! :)



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:40 PM

Posted 07 June 2013 - 07:46 PM

Please do the following:


go to the start button and type "msconfig" (without the quotes.

On the "general" tab

make sure that a check mark is placed in the "Normal Startup" box > click apply

next select the "boot" tab > uncheck the "safeboot" box (if there is a checkmark there) > click "apply" > click "OK"



NEXT do the following:



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it on your desktop as fixlist.txt

(if you saved FRST to a different folder and not your desktop originally, then save fixlist.txt to the same location as FRST was saved)

 
start
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
URLSearchHook: (No Name) - {37153479-1976-43c3-a1ee-557513977b64} -  No File
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  No File
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=PSI&o=15116&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=L6&apn_dtid=YYYYYYS8US&apn_uid=790265C4-76D0-43A7-84CB-B38931BE4E7A&apn_sauid=24BBB719-D5C2-4294-BB73-18BD778F17F8
SearchScopes: HKCU - {60CB234A-1392-4C34-8E4B-BCE55F7D8E91} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
BHO-x32: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {37153479-1976-43C3-A1EE-557513977B64} -  No File
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
CHR HomePage: hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=48
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=48"
CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2790392
CHR DefaultSuggestURL: (Conduit) - http://search.conduit.com/
C:\$Recycle.Bin\S-1-5-21-337769825-2638339337-1360003580-1000\$2363e6bea9b3a76ad89f19803c82c2cd
C:\$Recycle.Bin\S-1-5-18\$2363e6bea9b3a76ad89f19803c82c2cd
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
end
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please attach that log to your reply.

Note: FixList.txt and FRST must be saved to the same location or the fix will not work

Reboot Normally.



NEXT


Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Edited by CatByte, 07 June 2013 - 07:47 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 betthemortgage

betthemortgage
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 07 June 2013 - 09:25 PM

Thank you for the quick replies and these latest instructions. I was able to run the fixlist.txt file and produce the fixlog.txt. I have attached the contents of that log below.

 

I also used msconfig to modify the config file as per your instructions. However, when I attempted your "Reboot Normally" instruction, the PC did reboot under the normal method but it gave me the blue screen about 3 minutes after I chose my user icon. This timing typically corresponds with the attempt to log into or poll the internet connection. The machine will then reboot and give me the option of booting into safe mode. Part of my troubleshooting last night included disconnecting my CAT5 Ethernet connection to the network and disconnecting my wireless connection USB dongle. This had no effect on the blue-screen forced reboot scenario. Interestingly, if I "Reboot Normally" and just let the first Windows 7 Splash screen stay active (just before one would select a login user), the PC will not bomb-out & reboot, no matter how much time has passed. So, there is something getting loaded in the user startup that must be causing the bomb-out. Subsequently, I cannot run ComboFix.exe in the "Reboot Normally" state. I do not know if I can even run it in the Safe Mode state as I do not want to try this unless you instruct me to do so.

 

Here's the contents of the Fixlog.txt file:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-06-2013 02
Ran by owner at 2013-06-07 21:54:48 Run:1
Running from F:\Misc
Boot Mode: Safe Mode (minimal)
==============================================

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value deleted successfully.
HKCR\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{37153479-1976-43c3-a1ee-557513977b64} => Value deleted successfully.
HKCR\CLSID\{37153479-1976-43c3-a1ee-557513977b64} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value deleted successfully.
HKCR\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Value deleted successfully.
HKCR\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{60CB234A-1392-4C34-8E4B-BCE55F7D8E91} => Key deleted successfully.
HKCR\CLSID\{60CB234A-1392-4C34-8E4B-BCE55F7D8E91} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37153479-1976-43C3-A1EE-557513977B64} => Value deleted successfully.
HKCR\CLSID\{37153479-1976-43C3-A1EE-557513977B64} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Value deleted successfully.
HKCR\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Key not found.
CHR HomePage: hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=48 ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=48" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2790392 ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSuggestURL: (Conduit) - http://search.conduit.com/ ==> The Chrome "Settings" can be used to fix the entry.
C:\$Recycle.Bin\S-1-5-21-337769825-2638339337-1360003580-1000\$2363e6bea9b3a76ad89f19803c82c2cd => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$2363e6bea9b3a76ad89f19803c82c2cd => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====

 

 

Awaiting further instructions.



#6 betthemortgage

betthemortgage
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 07 June 2013 - 09:37 PM

One other thing, when I just rebooted the PC in Safe Mode (no Network), it took about 10 minutes to load the windows files and finally display the login splash screen. Usually, that process has been taking only 2-3 minutes. Don't know if that's important, but it is different.



#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:40 PM

Posted 08 June 2013 - 07:47 AM

Please run ComboFix in safe mode

(enter safe mode via tapping F8 repeatedly until an advanced option menu appears > arrow up to safe mode with networking > hit enter > log in with your usual account)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 betthemortgage

betthemortgage
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 08 June 2013 - 08:12 AM

Good morning. I have attempted to run ComboFix in Safe Mode, When I double-click on the icon, I get the usual "Open File - Security Warning" regarding the unverified publisher. When I click on RUN, the program does not launch - much like the other 95% of my programs that are not launching correctly. So, unless we somehow figure out how to get my PC to launch programs in Safe Mode, using ComboFix (and who knows what other applications) will not work.



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:40 PM

Posted 08 June 2013 - 09:14 AM

Let's try this:

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
~~~~~~~~~~~~~~~~~~~~~~~

Note: <<<< - very important - please do this step:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit located in the mbar\plugins folder and reboot.
Verify that your system is now functioning normally.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 betthemortgage

betthemortgage
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 08 June 2013 - 09:37 AM

As you suggested, I downloaded Malwarebytes from the link onto my USB stick. Since I cannot unzip any fies from the infected PC, I unzipped them on my laptop to the USB stick. I then took the unzipped files and, via USB stick, placed them on my infected PC's desktop. I attempted to run the "mbar" executable, but once again, no good. This appears to be another application that will not run on my infected PC. There are precious few apps that will run on the infected PC (calc will, FRST64 will, Logictech Mouse and Keyboard Settings will).

 

I even tried launching "mbar" from the USB stick (plugged into the infected PC) as it looks like it could be a portable app, and it still wouldn't launch.

 

The inability to run these apps is absolutely killing your ability to fix this problem - for that I apologize. This must be like troubleshooting with MS-DOS tools! ;(



#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:40 PM

Posted 08 June 2013 - 06:49 PM

Let's run FRST from the Recovery Environment, let's see if anything else will show up outside of windows:


Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 betthemortgage

betthemortgage
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 09 June 2013 - 01:05 AM

Hello. I did as you requested. Below you will find the FRST log file. I should tell you that in the log file I have replaced my last name with the word "owner" to protect my identity. If you make a script file that specifies a direct path, and this direct path includes to word "owner", then you should tell me and I'll re-substitute my last name where applicable. One other thing, I cleaned-up my desktop icons a bit by placing them into folders - that's why this log may look a bit different than the first one I submitted.

Here's the log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-06-2013 02
Ran by SYSTEM on 09-06-2013 01:52:13
Running from G:\Misc
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" [3453440 2010-07-27] (Alcatel-Lucent)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [413696 2008-09-06] (Apple Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1484856 2011-01-17] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [2071904 2011-03-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [542104 2012-12-11] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKU\Administrator\...\Run: [StartUp This] "C:\Program Files (x86)\Laplink\PCmover\LaunchSt.exe" [251184 2009-10-02] (Laplink Software, Inc.)
HKU\Administrator\...\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade [516096 2010-11-20] (Microsoft Corporation)
HKU\owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-09-24] (Google Inc.)
HKU\owner\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\owner\...\Run: [CompanionLink] "c:\program files (x86)\companionlink\companionlink.exe" -Icon [49424384 2011-09-20] (CompanionLink Software, Inc.)
HKU\owner\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex [247968 2011-11-07] (Adobe Systems, Inc.)
HKU\new account\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-09-24] (Google Inc.)
AppInit_DLLs: avgrssta.dll [13048 2010-07-15] (AVG Technologies CZ, s.r.o.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
BootExecute: autocheck autochk * lsdelete

==================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236968 2012-12-14] (Lavasoft Limited)
S2 AudioSrv; C:\Windows\SysWow64\Audiosrv.dll [42496 2004-08-03] (Microsoft Corporation)
S2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2010-07-15] (AVG Technologies CZ, s.r.o.)
S3 BITS; C:\Windows\SysWow64\qmgr.dll [382464 2004-08-03] (Microsoft Corporation)
S2 HPWJAService; C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe [45056 2011-02-03] (Hewlett-Packard Development Company, L.P.)
S2 HPWSProAdapter; C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\HP.Dss.App.WinService.exe [10240 2011-01-21] (Hewlett-Packard)
S2 LanmanServer; C:\Windows\SysWow64\srvsvc.dll [96768 2004-12-07] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [103472 2012-06-15] (McAfee, Inc.)
S2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-07-27] (Alcatel-Lucent)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [509416 2010-10-07] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [200056 2010-10-13] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [245352 2010-10-13] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [149032 2010-10-13] (McAfee, Inc.)
S2 MSSQL$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
S3 RasAuto; C:\Windows\SysWow64\rasauto.dll [89088 2004-08-03] (Microsoft Corporation)
S3 RasMan; C:\Windows\SysWow64\rasmans.dll [181248 2006-05-14] (Microsoft Corporation)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 Schedule; C:\Windows\SysWow64\schedsvc.dll [190976 2004-08-03] (Microsoft Corporation)
S4 SQLAgent$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S2 StarWindService; C:\Drive_F\Program Files\Alcohol 120\StarWind\StarWindService.exe [217600 2005-04-01] (Rocket Division Software)
S3 TermService; C:\Windows\SysWow64\termsrv.dll [295424 2004-08-03] (Microsoft Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
S2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [492600 2007-09-14] ()
S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
S2 wuauserv; C:\Windows\SysWow64\wuaueng.dll [1929952 2009-08-06] (Microsoft Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
S2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62800 2010-10-13] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121248 2010-10-13] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190136 2010-10-13] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441328 2010-10-13] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [529128 2010-10-13] (McAfee, Inc.)
S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75032 2010-10-13] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94864 2010-10-13] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2010-02-17] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2010-02-17] (McAfee, Inc.)
S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283360 2010-10-13] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-10-21] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-10-21] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S1 AvgLdx64; \SystemRoot\System32\Drivers\avgldx64.sys [x]
S1 AvgMfx64; \SystemRoot\System32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA; \SystemRoot\System32\Drivers\avgtdia.sys [x]
S0 gfibto; system32\drivers\gfibto.sys [x]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [x]
S3 NPF; system32\DRIVERS\npf.sys [x]
S0 PxHlpa64; System32\Drivers\PxHlpa64.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwlhigh664.sys 44E6E51AEDBF3E0B38A6CD5432649E57
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\drivers\cfwids.sys E02C9CDB15F13DE4EB2FF67660E62317
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LHidFilt.Sys AA3D903C5A7538803F2400A8391F1881
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys 90B4B2B0B5F05ABB9FB365405A7B825B
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\mfeapfk.sys C1556CA9695FCD6BBD23D75D402FD43D
C:\Windows\System32\drivers\mfeavfk.sys 8857EE8B49F3338FC1FAD476BFCCA146
C:\Windows\System32\drivers\mfefirek.sys 19C44295F6BF085C83352D48397F7870
C:\Windows\System32\drivers\mfehidk.sys 5F915E20AB56121C41C6BF9A91A83BDA
C:\Windows\System32\DRIVERS\mfenlfk.sys 23AE332E32FF615CA5E5224C8D91AF11
C:\Windows\System32\drivers\mferkdet.sys 9C7A9273E345F8D653394B5C542BF86A
C:\Windows\System32\drivers\mferkdk.sys 624D717B11E5004F68442B5740F17F21
C:\Windows\System32\drivers\mfesmfk.sys 0CD9DE7B96735F33F078C4EA044E8B34
C:\Windows\System32\drivers\mfewfpk.sys 3140B2C56D7119BA314F68FC785683F0
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Motive\MREMP50.sys 9BD4DCB5412921864A7AACDEDFBD1923
C:\Program Files\Common Files\Motive\MREMP50a64.sys C2758DF79C83A0D12A5599A040CA1818
C:\Program Files (x86)\Common Files\Motive\MRESP50.sys 07C02C892E8E1A72D6BF35004F0E9C5E
C:\Program Files\Common Files\Motive\MRESP50a64.sys 38BD5B32E0722752BE8465D2A6DA43D9
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr7364.sys F3A1D8B7317939813568992D1BFDDE37
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys FCBA1C22727939E7CFF9EB08FE9692AB
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys C903D49655B4AAE46673F0AAA6BE0F58
C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:\Windows\System32\DRIVERS\RsFx0105.sys C9FE05A63C500ABE3AFA5786504C4D36
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scmndisp.sys 2A50BE713FAF033420466C25979C028E
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys FB251567F41BC61988B26731DEC19E4B
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-08 06:26 - 2013-06-08 06:26 - 00000000 ____D C:\Users\owner\Desktop\mbar
2013-06-08 05:23 - 2013-06-08 05:24 - 00000000 ____D C:\Users\owner\Desktop\HR Block
2013-06-08 05:18 - 2013-06-08 05:43 - 00000000 ____D C:\Users\owner\Desktop\Dads Folder
2013-06-08 05:13 - 2013-06-08 05:18 - 00000000 ____D C:\Users\owner\Desktop\Scanners and Utilities
2013-06-08 04:50 - 2013-06-07 17:58 - 05078746 ____A (Swearware) C:\Users\owner\Desktop\ComboFix.exe
2013-06-07 12:44 - 2013-06-07 17:54 - 00000000 ____D C:\FRST
2013-05-29 11:20 - 2013-05-29 11:20 - 00019840 ____H C:\Users\owner\Documents\~WRL2406.tmp
2013-05-14 14:03 - 2013-05-14 14:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\GoPro
2013-05-12 08:39 - 2013-06-07 10:29 - 00000000 ____D C:\Users\owner\AppData\Local\GoPro
2013-05-12 08:31 - 2013-05-12 08:32 - 00000000 ____D C:\Users\Public\CineForm
2013-05-12 08:30 - 2013-05-12 08:31 - 00000000 ____D C:\Program Files (x86)\GoPro

==================== One Month Modified Files and Folders =======

2013-06-08 06:26 - 2013-06-08 06:26 - 00000000 ____D C:\Users\owner\Desktop\mbar
2013-06-08 06:17 - 2011-04-17 07:04 - 01141154 ____A C:\Windows\WindowsUpdate.log
2013-06-08 05:43 - 2013-06-08 05:18 - 00000000 ____D C:\Users\owner\Desktop\Dads Folder
2013-06-08 05:27 - 2010-09-26 06:08 - 00000000 ____D C:\Users\owner\Desktop\Shannen's Folder
2013-06-08 05:24 - 2013-06-08 05:23 - 00000000 ____D C:\Users\owner\Desktop\HR Block
2013-06-08 05:22 - 2010-11-09 17:16 - 00000000 ____D C:\Users\owner\Desktop\Stevens Folder
2013-06-08 05:18 - 2013-06-08 05:13 - 00000000 ____D C:\Users\owner\Desktop\Scanners and Utilities
2013-06-07 19:02 - 2004-11-08 15:19 - 01720320 __ASH C:\Users\owner\Documents\Thumbs.db
2013-06-07 19:01 - 2009-07-13 21:13 - 00837962 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-07 18:23 - 2011-11-03 02:00 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-07 18:22 - 2009-07-13 20:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-07 18:22 - 2009-07-13 20:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-07 18:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-07 18:07 - 2009-07-13 20:51 - 34997607 ____A C:\Windows\setupact.log
2013-06-07 17:58 - 2013-06-08 04:50 - 05078746 ____A (Swearware) C:\Users\owner\Desktop\ComboFix.exe
2013-06-07 17:54 - 2013-06-07 12:44 - 00000000 ____D C:\FRST
2013-06-07 17:49 - 2009-11-19 16:08 - 00000000 ____D C:\Windows\pss
2013-06-07 12:46 - 2012-11-26 00:03 - 00000000 ____D C:\users\UpdatusUser.owner-PC
2013-06-07 11:10 - 2011-04-17 05:48 - 00000000 ____D C:\users\owner
2013-06-07 11:04 - 2013-01-12 05:39 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-06-07 11:04 - 2012-11-26 00:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-06-07 11:04 - 2012-11-18 00:03 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-07 11:04 - 2012-09-22 12:06 - 00000000 ____D C:\Program Files (x86)\Free YouTube to MP3 Converter Studio
2013-06-07 11:04 - 2012-07-01 11:30 - 00000000 ____D C:\users\new account
2013-06-07 11:04 - 2012-05-13 18:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-07 11:04 - 2011-11-28 14:12 - 00000000 ____D C:\ProgramData\ArcSoft
2013-06-07 11:04 - 2011-04-17 05:48 - 00000000 ____D C:\users\Administrator
2013-06-07 11:04 - 2010-05-23 13:50 - 00000000 ___RD C:\Users\owner\Documents\My Dropbox
2013-06-07 11:04 - 2009-11-20 06:12 - 00000000 ____D C:\Windows\System32\Drivers\Avg
2013-06-07 11:04 - 2009-11-19 18:38 - 00000000 ____D C:\Users\owner\AppData\Roaming\ArcSoft
2013-06-07 11:04 - 2009-11-19 16:02 - 00000000 ____D C:\ProgramData\pdf995
2013-06-07 11:04 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-06-07 11:04 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-06-07 11:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-06-07 11:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-07 11:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2013-06-07 11:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2013-06-07 11:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-06-07 11:04 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-07 11:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-06-07 10:59 - 2010-05-23 13:48 - 00000000 ____D C:\Users\owner\AppData\Roaming\Dropbox
2013-06-07 10:57 - 2009-11-24 15:33 - 00000000 __RHD C:\MSOCache
2013-06-07 10:29 - 2013-05-12 08:39 - 00000000 ____D C:\Users\owner\AppData\Local\GoPro
2013-06-06 13:41 - 2005-09-01 16:37 - 01682432 __ASH C:\Users\owner\Desktop\Thumbs.db
2013-06-06 13:31 - 2010-11-18 15:16 - 00000000 ____D C:\Users\owner\Documents\Outlook Files
2013-06-05 19:14 - 2009-11-10 12:56 - 00059488 ____A C:\aaw7boot.log
2013-06-04 13:14 - 2012-09-22 12:06 - 00000000 ____D C:\Users\owner\AppData\Roaming\Free YouTube to MP3 Converter Studio
2013-05-29 11:20 - 2013-05-29 11:20 - 00019840 ____H C:\Users\owner\Documents\~WRL2406.tmp
2013-05-28 06:22 - 2005-08-03 08:26 - 58266624 ___RA C:\Users\Public\Documents\ESBK.mbb
2013-05-28 06:22 - 2005-08-03 08:26 - 30925824 ___RA C:\Users\Public\Documents\ESBK.mb
2013-05-14 14:03 - 2013-05-14 14:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\GoPro
2013-05-12 08:32 - 2013-05-12 08:31 - 00000000 ____D C:\Users\Public\CineForm
2013-05-12 08:31 - 2013-05-12 08:30 - 00000000 ____D C:\Program Files (x86)\GoPro

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-09 20:00:18
Restore point made on: 2013-04-10 23:00:29
Restore point made on: 2013-04-12 23:00:41
Restore point made on: 2013-04-20 23:19:29
Restore point made on: 2013-04-23 23:00:24
Restore point made on: 2013-05-01 20:00:29
Restore point made on: 2013-05-02 11:00:07
Restore point made on: 2013-05-09 21:21:40
Restore point made on: 2013-05-12 08:31:30
Restore point made on: 2013-05-14 23:00:30
Restore point made on: 2013-05-22 20:00:34
Restore point made on: 2013-05-30 20:00:19
Restore point made on: 2013-06-02 11:00:25
Restore point made on: 2013-06-04 23:00:28
Restore point made on: 2013-06-07 18:22:05

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 8183.12 MB
Available physical RAM: 7191 MB
Total Pagefile: 8181.27 MB
Available Pagefile: 7183.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:79.3 GB) NTFS (Disk=0 Partition=2)
Drive f: (Iomega 2TB Backup Drive) (Fixed) (Total:1863.01 GB) (Free:719.37 GB) NTFS (Disk=1 Partition=1)
Drive g: (kec ntfs 16g) (Removable) (Total:14.91 GB) (Free:13.11 GB) NTFS (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 5B8B04B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: EE109927)
Partition 1: (Not Active) - (Size=-198626966528) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 15 GB) (Disk ID: 67FF90B6)
Partition 1: (Not Active) - (Size=15 GB) - (Type=07 NTFS)


Last Boot: 2013-06-02 20:54

==================== End Of Log ============================

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:40 PM

Posted 09 June 2013 - 06:33 AM

well, that didn't help us much as it doesn't show what is preventing the other tools from running.

Boot back into safe mode with networking and run rkill, then immediately try and run MBAR again:

Please download and run rkill which will kill the rogue process and allow other programs to run.
(if you are unable to download anything to your infected computer, download to a USB stick via another computer and transfer over to the infected computer)

There are 6 different versions. If one of them won't run then download and try to run the next one.

Note: Vista and Windows 7 users need to right click on the file and choose "Run as administrator"

You only need to get one of them to run, not all of them.

http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr
http://download.bleepingcomputer.com/grinler/rkill.pif
http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe

Once the bad process has been killed, you should now be able to run MBAR:

Edited by CatByte, 09 June 2013 - 06:34 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 betthemortgage

betthemortgage
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 09 June 2013 - 10:40 AM

As it turns out, while reading about problems such as mine a few days ago, I, at that time, downloaded all of the files you recommended for the RKILL and attempted to run each of those programs. While each one appeared to launch (I say appeared because I would only see a new window appear with a blinking cursor, but no commands were scrolling across in the new window), ultimately I was convinced that none of the RKILL or WiNIOgOn or uSeRiNiT programs was running correctly.<br /><br />So, this morning, as per your request I once again attempted to run those programs. Now, mind you, I only have less than 5 minutes from the time I select my login user to the time the "blue screen" forces a reboot of my infected PC. However, using three successive reboots into Safe Mode w/Networking, I was at least able to try to launch these programs once again. UNFORTUNTELY, I received the same results as previously - each would look like it was launching, but nothing was really happening.<br /><br />On the fourth reboot into SafeMode w/Networking, something a bit strange occured -- my infected PC actually stayed up beyond the 5-minute threshold (and, in fact, is still up some 30 minutes later as I write this). I took this opportunity to attempt to run other executables, but it definitely looks like none of those executables run at all. I can get on the internet now, but I still cannot run any of the programs you have recommended in this thread with the exception of FRST64.<br /><br />So, speaking of FRST64, I took the opportunity to run it once again while the PC was in SafeMode with Networking and produced the folowing log just in case you wanted to see it:<br /><br />Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2013<br />Ran by owner (administrator) on 09-06-2013 11:08:32<br />Running from C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N7LOPA6C<br />Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)<br />Internet Explorer Version 9<br />Boot Mode: Safe Mode (with Networking)<br /><br />==================== Processes (Whitelisted) =================<br /><br />(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe<br />(McAfee, Inc.) c:\PROGRA~1\mcafee.com\agent\mcagent.exe<br />(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE<br />(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE<br /><br />==================== Registry (Whitelisted) ==================<br /><br />HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]<br />HKLM\...\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" [3453440 2010-07-27] (Alcatel-Lucent)<br />Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)<br />HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-09-24] (Google Inc.)<br />HKCU\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)<br />HKCU\...\Run: [CompanionLink] "c:\program files (x86)\companionlink\companionlink.exe" -Icon [49424384 2011-09-20] (CompanionLink Software, Inc.)<br />HKCU\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_0_1_ActiveX.exe -update activex [461984 2011-11-07] (Adobe Systems, Inc.)<br />HKCU\...\Policies\system: [DisableRegistryTools] 0<br />HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)<br />HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [413696 2008-09-06] (Apple Inc.)<br />HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)<br />HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1484856 2011-01-17] (McAfee, Inc.)<br />HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)<br />HKLM-x32\...\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-06-10] (Brother Industries, Ltd.)<br />HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)<br />HKLM-x32\...\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe [2071904 2011-03-15] (AVG Technologies CZ, s.r.o.)<br />HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)<br />HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)<br />HKLM-x32\...\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games &amp; Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)<br />HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)<br />HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [542104 2012-12-11] (Lavasoft)<br />HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]<br />HKU\Administrator\...\Run: [StartUp This] "C:\Program Files (x86)\Laplink\PCmover\LaunchSt.exe" [251184 2009-10-02] (Laplink Software, Inc.)<br />HKU\Administrator\...\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade [516096 2010-11-20] (Microsoft Corporation)<br />HKU\new account\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-09-24] (Google Inc.)<br />AppInit_DLLs: avgrssta.dll [13048 2010-07-15] (AVG Technologies CZ, s.r.o.)<br />Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk<br />ShortcutTarget: Logitech SetPoint.lnk -&gt; C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)<br />Startup: C:\ProgramData\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk<br />ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -&gt; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()<br />Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk<br />ShortcutTarget: Dropbox.lnk -&gt; C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)<br />BootExecute: autocheck autochk * lsdelete<br /><br />==================== Internet (Whitelisted) ====================<br /><br />HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com<br />URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)<br />BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)<br />BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)<br />BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110301184100.dll (McAfee, Inc.)<br />BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)<br />BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)<br />BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)<br />BHO-x32: &amp;Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)<br />BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)<br />BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)<br />BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)<br />BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110301184100.dll (McAfee, Inc.)<br />BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)<br />BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)<br />BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)<br />BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)<br />BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)<br />Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)<br />Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)<br />Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)<br />Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)<br />Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)<br />Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)<br />DPF: HKLM-x32 {09C6CAC0-936E-40A0-BC26-707480103DC3} http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab<br />DPF: HKLM-x32 {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15030/CTSUEng.cab<br />DPF: HKLM-x32 {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab<br />DPF: HKLM-x32 {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab<br />DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab<br />DPF: HKLM-x32 {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab<br />DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab<br />DPF: HKLM-x32 {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab<br />DPF: HKLM-x32 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.photobiz.com/global/uploader/24/ImageUploader5.cab<br />DPF: HKLM-x32 {61628958-4627-48F4-99FD-30719188568D} http://www.ifrontiers.com/ActiveX/XCheck.CAB<br />DPF: HKLM-x32 {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab<br />DPF: HKLM-x32 {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab<br />DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}<br />DPF: HKLM-x32 {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab<br />DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab<br />DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab<br />DPF: HKLM-x32 {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab<br />DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab<br />DPF: HKLM-x32 {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5141/mcfscan.cab<br />DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15030/CTPID.cab<br />DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928<br />DPF: HKLM-x32 {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab<br />Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)<br />Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File<br />Handler: ipp - No CLSID Value -<br />Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)<br />Handler: msdaipp - No CLSID Value -<br />Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)<br />Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - No File<br />Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - No File<br />Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)<br />Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File<br />Handler-x32: ipp - No CLSID Value -<br />Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)<br />Handler-x32: msdaipp - No CLSID Value -<br />Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)<br />Handler-x32: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - No File<br />Handler-x32: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\Windows\SysWOW64\wiascr.dll (Microsoft Corporation)<br />ShellExecuteHooks-x32: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]<br />Tcpip\Parameters: [DhcpNameServer] 192.168.1.254<br /><br />FireFox:<br />========<br />FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kwitvgvo.default<br />FF SelectedSearchEngine: Google<br />FF Homepage: hxxp://www.google.com/<br />FF Plugin: @microsoft.com/GENUINE - disabled No File<br />FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)<br />FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)<br />FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()<br />FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File<br />FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)<br />FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)<br />FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)<br />FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)<br />FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)<br />FF Plugin-x32: @microsoft.com/GENUINE - disabled No File<br />FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)<br />FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)<br />FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)<br />FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)<br />FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)<br />FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)<br />FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)<br />FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)<br />FF Extension: DVDVideoSoftTB Toolbar - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kwitvgvo.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}<br />FF Extension: BitTorrentBar Community Toolbar - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kwitvgvo.default\Extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}<br />FF Extension: No Name - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kwitvgvo.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}<br />FF Extension: No Name - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kwitvgvo.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}<br /><br />Chrome:<br />=======<br />CHR HomePage: hxxp://search.conduit.com/?ctid=CT2790392&amp;SearchSource=48<br />CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT2790392&amp;SearchSource=48"<br />CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.aspx?q={searchTerms}&amp;hl=en&amp;SelfSearch=1&amp;SearchSource=49&amp;ctid=CT2790392<br />CHR DefaultSuggestURL: (Conduit) - http://search.conduit.com/<br />CHR Plugin: (Remoting Viewer) - internal-remoting-viewer<br />CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll No File<br />CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll No File<br />CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll No File<br />CHR Plugin: (Shockwave Flash) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll ()<br />CHR Plugin: (McAfee SiteAdvisor) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File<br />CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)<br />CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File<br />CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)<br />CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)<br />CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)<br />CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)<br />CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)<br />CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)<br />CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)<br />CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)<br />CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)<br />CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)<br />CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)<br />CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll No File<br />CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)<br />CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)<br />CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File<br />CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File<br />CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()<br />CHR Extension: (Angry Birds) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0<br />CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1<br />CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1<br />CHR Extension: (SiteAdvisor) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0<br />CHR Extension: (BitTorrentBar) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.15.10_0<br />CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1<br /><br />==================== Services (Whitelisted) =================<br /><br />S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)<br />S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236968 2012-12-14] (Lavasoft Limited)<br />S2 AudioSrv; C:\Windows\SysWow64\Audiosrv.dll [42496 2004-08-04] (Microsoft Corporation)<br />S2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2010-07-15] (AVG Technologies CZ, s.r.o.)<br />S3 BITS; C:\Windows\SysWow64\qmgr.dll [382464 2004-08-04] (Microsoft Corporation)<br />S2 HPWJAService; C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe [45056 2011-02-03] (Hewlett-Packard Development Company, L.P.)<br />S2 HPWSProAdapter; C:\Program Files\Hewlett-Packard\Web Jetadmin 10\HPWSProAdapter\FileSystems\Core\bin\XP-x86\release\HP.Dss.App.WinService.exe [10240 2011-01-21] (Hewlett-Packard)<br />S2 LanmanServer; C:\Windows\SysWow64\srvsvc.dll [96768 2004-12-07] (Microsoft Corporation)<br />S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [103472 2012-06-15] (McAfee, Inc.)<br />S2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-07-27] (Alcatel-Lucent)<br />S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)<br />R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)<br />S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)<br />S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)<br />S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [509416 2010-10-07] (McAfee, Inc.)<br />S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)<br />S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [200056 2010-10-13] (McAfee, Inc.)<br />S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [245352 2010-10-13] (McAfee, Inc.)<br />S2 mfevtp; C:\Windows\system32\mfevtps.exe [149032 2010-10-13] (McAfee, Inc.)<br />S2 MSSQL$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)<br />S3 RasAuto; C:\Windows\SysWow64\rasauto.dll [89088 2004-08-04] (Microsoft Corporation)<br />S3 RasMan; C:\Windows\SysWow64\rasmans.dll [181248 2006-05-14] (Microsoft Corporation)<br />S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)<br />S2 Schedule; C:\Windows\SysWow64\schedsvc.dll [190976 2004-08-04] (Microsoft Corporation)<br />S4 SQLAgent$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)<br />S2 StarWindService; C:\Drive_F\Program Files\Alcohol 120\StarWind\StarWindService.exe [217600 2005-04-01] (Rocket Division Software)<br />S3 TermService; C:\Windows\SysWow64\termsrv.dll [295424 2004-08-04] (Microsoft Corporation)<br />S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)<br />S2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [492600 2007-09-14] ()<br />S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()<br />S2 wuauserv; C:\Windows\SysWow64\wuaueng.dll [1929952 2009-08-06] (Microsoft Corporation)<br />S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]<br />S2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [x]<br /><br />==================== Drivers (Whitelisted) ====================<br /><br />S1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [269904 2010-07-15] (AVG Technologies CZ, s.r.o.)<br />S1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35536 2010-06-02] (AVG Technologies CZ, s.r.o.)<br />R1 AvgTdiA; C:\Windows\System32\Drivers\avgtdia.sys [317520 2010-07-15] (AVG Technologies CZ, s.r.o.)<br />S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62800 2010-10-13] (McAfee, Inc.)<br />R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-12] (GFI Software)<br />S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121248 2010-10-13] (McAfee, Inc.)<br />S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190136 2010-10-13] (McAfee, Inc.)<br />S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441328 2010-10-13] (McAfee, Inc.)<br />R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [529128 2010-10-13] (McAfee, Inc.)<br />S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75032 2010-10-13] (McAfee, Inc.)<br />S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94864 2010-10-13] (McAfee, Inc.)<br />S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2010-02-17] (McAfee, Inc.)<br />S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2010-02-17] (McAfee, Inc.)<br />R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283360 2010-10-13] (McAfee, Inc.)<br />S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-10-22] (Printing Communications Assoc., Inc. (PCAUSA))<br />S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-10-22] (Printing Communications Assoc., Inc. (PCAUSA))<br />S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA))<br />S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-10-22] (Printing Communications Assoc., Inc. (PCAUSA))<br />S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-10-22] (Printing Communications Assoc., Inc. (PCAUSA))<br />S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA))<br />S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)<br />S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)<br />S3 lmimirr; system32\DRIVERS\lmimirr.sys [x]<br />S0 PxHlpa64; System32\Drivers\PxHlpa64.sys [x]<br />S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]<br /><br />========================== Drivers MD5 =======================<br /><br />C:\Windows\system32\drivers\1394ohci.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\ACPI.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\acpipmi.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\adp94xx.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\adpahci.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\adpu320.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825<br />C:\Windows\system32\drivers\agp440.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\aliide.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\amdide.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\amdk8.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\amdppm.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49<br />C:\Windows\system32\DRIVERS\amdsbs.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048<br />C:\Windows\system32\drivers\appid.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\arc.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\arcsas.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\asyncmac.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\atapi.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\avgldx64.sys B447DB072BF939DB9E07BEF2ADF4ECBD<br />C:\Windows\System32\Drivers\avgmfx64.sys 405BAABBB48F9176E220020B1A77C47B<br />C:\Windows\System32\Drivers\avgtdia.sys CE90AEC358A809E7BCE6BB0F1DA84622<br />C:\Windows\system32\DRIVERS\bxvbda.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\b57nd60a.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\bcmwlhigh664.sys 44E6E51AEDBF3E0B38A6CD5432649E57<br />C:\Windows\System32\Drivers\Beep.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\blbdrive.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\bowser.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\BrFiltLo.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\BrFiltUp.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\Brserid.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\BrSerWdm.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\BrUsbMdm.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\BrUsbSer.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\bthmodem.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\cdfs.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\cdrom.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\cfwids.sys E02C9CDB15F13DE4EB2FF67660E62317<br />C:\Windows\system32\DRIVERS\circlass.sys ==&gt; MD5 is legit<br />C:\Windows\System32\CLFS.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\CmBatt.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\cmdide.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD<br />C:\Windows\system32\DRIVERS\compbatt.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\CompositeBus.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\crcdisk.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\csc.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\dfsc.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\discache.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\disk.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\drmkaud.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\dxgkrnl.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\evbda.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\elxstor.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\errdev.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\exfat.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\fastfat.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\fdc.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\fileinfo.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\filetrace.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\flpydisk.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\fltmgr.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\FsDepends.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B<br />C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0<br />C:\Windows\system32\DRIVERS\gagp30kx.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\gfibto.sys 14908F4F9005C29DE8F5587E271390EE<br />C:\Windows\system32\drivers\hcw85cir.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A<br />C:\Windows\system32\drivers\HDAudBus.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\HidBatt.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\hidbth.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\hidir.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\hidusb.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\HpSAMD.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\HTTP.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\hwpolicy.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\i8042prt.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366<br />C:\Windows\system32\DRIVERS\iirsp.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\intelide.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\intelppm.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\ipfltdrv.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\IPMIDrv.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\ipnat.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\irenum.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\isapnp.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\msiscsi.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\kbdclass.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\kbdhid.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4<br />C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07<br />C:\Windows\system32\drivers\ksthunk.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\LHidFilt.Sys AA3D903C5A7538803F2400A8391F1881<br />C:\Windows\System32\DRIVERS\lltdio.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\LMouFilt.Sys 90B4B2B0B5F05ABB9FB365405A7B825B<br />C:\Windows\system32\DRIVERS\lsi_fc.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\lsi_sas.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\lsi_sas2.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\lsi_scsi.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\luafv.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\megasas.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\MegaSR.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\mfeapfk.sys C1556CA9695FCD6BBD23D75D402FD43D<br />C:\Windows\System32\drivers\mfeavfk.sys 8857EE8B49F3338FC1FAD476BFCCA146<br />C:\Windows\System32\drivers\mfefirek.sys 19C44295F6BF085C83352D48397F7870<br />C:\Windows\System32\drivers\mfehidk.sys 5F915E20AB56121C41C6BF9A91A83BDA<br />C:\Windows\System32\DRIVERS\mfenlfk.sys 23AE332E32FF615CA5E5224C8D91AF11<br />C:\Windows\System32\drivers\mferkdet.sys 9C7A9273E345F8D653394B5C542BF86A<br />C:\Windows\System32\drivers\mferkdk.sys 624D717B11E5004F68442B5740F17F21<br />C:\Windows\System32\drivers\mfesmfk.sys 0CD9DE7B96735F33F078C4EA044E8B34<br />C:\Windows\System32\drivers\mfewfpk.sys 3140B2C56D7119BA314F68FC785683F0<br />C:\Windows\System32\drivers\modem.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\monitor.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\mouclass.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\mouhid.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\mountmgr.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\mpio.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\mpsdrv.sys ==&gt; MD5 is legit<br />C:\Program Files (x86)\Common Files\Motive\MREMP50.sys 9BD4DCB5412921864A7AACDEDFBD1923<br />C:\Program Files (x86)\Common Files\Motive\MREMP50.sys 9BD4DCB5412921864A7AACDEDFBD1923<br />C:\Program Files\Common Files\Motive\MREMP50a64.sys C2758DF79C83A0D12A5599A040CA1818<br />C:\Program Files (x86)\Common Files\Motive\MRESP50.sys 07C02C892E8E1A72D6BF35004F0E9C5E<br />C:\Program Files (x86)\Common Files\Motive\MRESP50.sys 07C02C892E8E1A72D6BF35004F0E9C5E<br />C:\Program Files\Common Files\Motive\MRESP50a64.sys 38BD5B32E0722752BE8465D2A6DA43D9<br />C:\Windows\system32\drivers\mrxdav.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC<br />C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163<br />C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C<br />C:\Windows\system32\drivers\msahci.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\msdsm.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\Msfs.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\mshidkmdf.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\msisadrv.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\MSKSSRV.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\MSPCLOCK.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\MSPQM.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\MsRPC.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\mssmbios.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\MSTEE.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\MTConfig.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\mup.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\nwifi.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88<br />C:\Windows\System32\DRIVERS\ndiscap.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\ndistapi.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\ndisuio.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\ndiswan.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\NDProxy.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\netbios.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\netbt.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\netr7364.sys F3A1D8B7317939813568992D1BFDDE37<br />C:\Windows\system32\DRIVERS\nfrd960.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\npf.sys C31FA031335EFF434B2D94278E74BCCE<br />C:\Windows\System32\drivers\nsiproxy.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0<br />C:\Windows\System32\Drivers\Null.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\nvlddmkm.sys FCBA1C22727939E7CFF9EB08FE9692AB<br />C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD<br />C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A<br />C:\Windows\system32\drivers\nv_agp.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\ohci1394.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\parport.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C<br />C:\Windows\System32\drivers\pci.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\pciide.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\pcmcia.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\pcw.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\peauth.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\raspptp.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\processr.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\pacer.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\ql2300.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\ql40xx.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\qwavedrv.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\rasacd.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\AgileVpn.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\rasl2tp.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\raspppoe.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\rassstp.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\rdbss.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\rdpbus.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\RDPCDD.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\rdpdr.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\rdpencdd.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\rdprefmp.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A<br />C:\Windows\System32\drivers\rdyboost.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys C903D49655B4AAE46673F0AAA6BE0F58<br />C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1<br />C:\Windows\System32\DRIVERS\RsFx0105.sys C9FE05A63C500ABE3AFA5786504C4D36<br />C:\Windows\System32\DRIVERS\rspndr.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0<br />C:\Windows\system32\drivers\vms3cap.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\sbp2port.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\scfilter.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\scmndisp.sys 2A50BE713FAF033420466C25979C028E<br />C:\Windows\System32\Drivers\secdrv.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\serenum.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\serial.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\sermouse.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\sffdisk.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\sffp_mmc.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\sffp_sd.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\sfloppy.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\SiSRaid2.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\sisraid4.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\smb.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\spldr.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B<br />C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28<br />C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3<br />C:\Windows\system32\DRIVERS\stexstor.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\vmstorfl.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\storvsc.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\swenum.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899<br />C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899<br />C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC<br />C:\Windows\System32\drivers\tdpipe.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8<br />C:\Windows\System32\DRIVERS\tdx.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\termdd.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\tssecsrv.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\tsusbflt.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\tunnel.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\uagp35.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\udfs.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\uliagpkx.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\umbus.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\umpass.sys ==&gt; MD5 is legit<br />C:\Windows\System32\Drivers\usbaapl64.sys FB251567F41BC61988B26731DEC19E4B<br />C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C<br />C:\Windows\system32\drivers\usbcir.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B<br />C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24<br />C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31<br />C:\Windows\System32\DRIVERS\usbprint.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6<br />C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD<br />C:\Windows\System32\drivers\vdrvroot.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\vgapnp.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\vga.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\vhdmp.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\viaide.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\vmbus.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\VMBusHID.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\volmgr.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\volmgrx.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\volsnap.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\vsmraid.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\vwifibus.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\vwififlt.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\vwifimp.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\wacompen.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\wanarp.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\wanarp.sys ==&gt; MD5 is legit<br />C:\Windows\system32\DRIVERS\wd.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4<br />C:\Windows\System32\DRIVERS\wfplwf.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A<br />C:\Windows\System32\drivers\wimmount.sys ==&gt; MD5 is legit<br />C:\Windows\SysWow64\drivers\wimmount.sys ==&gt; MD5 is legit<br />C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D<br />C:\Windows\system32\drivers\wmiacpi.sys ==&gt; MD5 is legit<br />C:\Windows\system32\drivers\ws2ifsl.sys ==&gt; MD5 is legit<br />C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F<br />C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659<br />C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B<br /><br />==================== NetSvcs (Whitelisted) ===================<br /><br /><br />==================== One Month Created Files and Folders ========<br /><br />2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\Users\owner\Desktop\mbar<br />2013-06-08 09:23 - 2013-06-08 09:24 - 00000000 ____D C:\Users\owner\Desktop\HR Block<br />2013-06-08 09:18 - 2013-06-08 09:43 - 00000000 ____D C:\Users\owner\Desktop\Dads Folder<br />2013-06-08 09:13 - 2013-06-08 09:18 - 00000000 ____D C:\Users\owner\Desktop\Scanners and Utilities<br />2013-06-08 08:50 - 2013-06-07 21:58 - 05078746 ____A (Swearware) C:\Users\owner\Desktop\ComboFix.exe<br />2013-06-07 16:44 - 2013-06-07 21:54 - 00000000 ____D C:\FRST<br />2013-05-29 15:20 - 2013-05-29 15:20 - 00019840 ____H C:\Users\owner\Documents\~WRL2406.tmp<br />2013-05-14 18:03 - 2013-05-14 18:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\GoPro<br />2013-05-12 12:39 - 2013-06-07 14:29 - 00000000 ____D C:\Users\owner\AppData\Local\GoPro<br />2013-05-12 12:31 - 2013-05-12 12:32 - 00000000 ____D C:\Users\Public\CineForm<br />2013-05-12 12:30 - 2013-05-12 12:31 - 00000000 ____D C:\Program Files (x86)\GoPro<br /><br />==================== One Month Modified Files and Folders =======<br /><br />2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\Users\owner\Desktop\mbar<br />2013-06-08 10:17 - 2011-04-17 11:04 - 01141154 ____A C:\Windows\WindowsUpdate.log<br />2013-06-08 09:43 - 2013-06-08 09:18 - 00000000 ____D C:\Users\owner\Desktop\Dads Folder<br />2013-06-08 09:27 - 2010-09-26 10:08 - 00000000 ____D C:\Users\owner\Desktop\Shannen's Folder<br />2013-06-08 09:24 - 2013-06-08 09:23 - 00000000 ____D C:\Users\owner\Desktop\HR Block<br />2013-06-08 09:22 - 2010-11-09 21:16 - 00000000 ____D C:\Users\owner\Desktop\Stevens Folder<br />2013-06-08 09:18 - 2013-06-08 09:13 - 00000000 ____D C:\Users\owner\Desktop\Scanners and Utilities<br />2013-06-07 23:02 - 2004-11-08 19:19 - 01720320 __ASH C:\Users\owner\Documents\Thumbs.db<br />2013-06-07 23:01 - 2009-07-14 01:13 - 00837962 ____A C:\Windows\System32\PerfStringBackup.INI<br />2013-06-07 22:23 - 2011-11-03 06:00 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job<br />2013-06-07 22:22 - 2009-07-14 00:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0<br />2013-06-07 22:22 - 2009-07-14 00:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0<br />2013-06-07 22:07 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT<br />2013-06-07 22:07 - 2009-07-14 00:51 - 34997607 ____A C:\Windows\setupact.log<br />2013-06-07 21:58 - 2013-06-08 08:50 - 05078746 ____A (Swearware) C:\Users\owner\Desktop\ComboFix.exe<br />2013-06-07 21:54 - 2013-06-07 16:44 - 00000000 ____D C:\FRST<br />2013-06-07 21:49 - 2009-11-19 20:08 - 00000000 ____D C:\Windows\pss<br />2013-06-07 16:46 - 2012-11-26 04:03 - 00000000 ____D C:\users\UpdatusUser.owner-PC<br />2013-06-07 15:10 - 2011-04-17 09:48 - 00000000 ____D C:\users\owner<br />2013-06-07 15:04 - 2013-01-12 09:39 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus<br />2013-06-07 15:04 - 2012-11-26 04:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation<br />2013-06-07 15:04 - 2012-11-18 04:03 - 00000000 ____D C:\ProgramData\NVIDIA<br />2013-06-07 15:04 - 2012-09-22 16:06 - 00000000 ____D C:\Program Files (x86)\Free YouTube to MP3 Converter Studio<br />2013-06-07 15:04 - 2012-07-01 15:30 - 00000000 ____D C:\users\new account<br />2013-06-07 15:04 - 2012-05-13 22:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation<br />2013-06-07 15:04 - 2011-11-28 18:12 - 00000000 ____D C:\ProgramData\ArcSoft<br />2013-06-07 15:04 - 2011-04-17 09:48 - 00000000 ____D C:\users\Administrator<br />2013-06-07 15:04 - 2010-05-23 17:50 - 00000000 ___RD C:\Users\owner\Documents\My Dropbox<br />2013-06-07 15:04 - 2009-11-20 10:12 - 00000000 ____D C:\Windows\System32\Drivers\Avg<br />2013-06-07 15:04 - 2009-11-19 22:38 - 00000000 ____D C:\Users\owner\AppData\Roaming\ArcSoft<br />2013-06-07 15:04 - 2009-11-19 20:02 - 00000000 ____D C:\ProgramData\pdf995<br />2013-06-07 15:04 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Offline Web Pages<br />2013-06-07 15:04 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender<br />2013-06-07 15:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache<br />2013-06-07 15:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions<br />2013-06-07 15:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\L2Schemas<br />2013-06-07 15:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help<br />2013-06-07 15:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat<br />2013-06-07 15:04 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared<br />2013-06-07 15:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration<br />2013-06-07 14:59 - 2010-05-23 17:48 - 00000000 ____D C:\Users\owner\AppData\Roaming\Dropbox<br />2013-06-07 14:57 - 2009-11-24 19:33 - 00000000 __RHD C:\MSOCache<br />2013-06-07 14:29 - 2013-05-12 12:39 - 00000000 ____D C:\Users\owner\AppData\Local\GoPro<br />2013-06-06 17:41 - 2005-09-01 20:37 - 01682432 __ASH C:\Users\owner\Desktop\Thumbs.db<br />2013-06-06 17:31 - 2010-11-18 19:16 - 00000000 ____D C:\Users\owner\Documents\Outlook Files<br />2013-06-05 23:14 - 2009-11-10 16:56 - 00059488 ____A C:\aaw7boot.log<br />2013-06-04 17:14 - 2012-09-22 16:06 - 00000000 ____D C:\Users\owner\AppData\Roaming\Free YouTube to MP3 Converter Studio<br />2013-05-29 15:20 - 2013-05-29 15:20 - 00019840 ____H C:\Users\owner\Documents\~WRL2406.tmp<br />2013-05-28 10:22 - 2005-08-03 12:26 - 58266624 ___RA C:\Users\Public\Documents\ESBK.mbb<br />2013-05-28 10:22 - 2005-08-03 12:26 - 30925824 ___RA C:\Users\Public\Documents\ESBK.mb<br />2013-05-14 18:03 - 2013-05-14 18:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\GoPro<br />2013-05-12 12:32 - 2013-05-12 12:31 - 00000000 ____D C:\Users\Public\CineForm<br />2013-05-12 12:31 - 2013-05-12 12:30 - 00000000 ____D C:\Program Files (x86)\GoPro<br /><br />==================== Bamital &amp; volsnap Check =================<br /><br />C:\Windows\System32\winlogon.exe =&gt; MD5 is legit<br />C:\Windows\System32\wininit.exe =&gt; MD5 is legit<br />C:\Windows\SysWOW64\wininit.exe =&gt; MD5 is legit<br />C:\Windows\explorer.exe =&gt; MD5 is legit<br />C:\Windows\SysWOW64\explorer.exe =&gt; MD5 is legit<br />C:\Windows\System32\svchost.exe =&gt; MD5 is legit<br />C:\Windows\SysWOW64\svchost.exe =&gt; MD5 is legit<br />C:\Windows\System32\services.exe =&gt; MD5 is legit<br />C:\Windows\System32\User32.dll =&gt; MD5 is legit<br />C:\Windows\SysWOW64\User32.dll =&gt; MD5 is legit<br />C:\Windows\System32\userinit.exe =&gt; MD5 is legit<br />C:\Windows\SysWOW64\userinit.exe =&gt; MD5 is legit<br />C:\Windows\System32\Drivers\volsnap.sys =&gt; MD5 is legit<br /><br /><br />LastRegBack: 2013-06-03 00:54<br /><br />==================== End Of Log ============================<br /><br /><br />I will leave the computer in its current state (up and running in SafeMode w/Networking) until it either "blue screens" or you tell me to reboot.

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:40 PM

Posted 09 June 2013 - 04:55 PM

Try running the following:
  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users