Michael West
Posts: 27 +0
I use this computer mainly for gaming and web surfing and have never had any type of AV or anything on here until recently when I noticed a significant decrease in performance where there should be none. I checked active processes and noticed IE would have multiple instances up and running and I do not even use IE I use Firefox. Also any time I stopped IE from running it would immediately pop back up. No IE browser windows ever opened up so that led me to believe I had a virus so I broke down and purchased McAfee. Another thing I have noticed is that all of a sudden, from my Google search results if I click a link I get redirected the first time but can go back and click again and make it to the page I am trying to view. The redirects are always different sites in which I never stay long enough to find out what site it is. I did run all the programs to pull the logs you all need and malwarebytes was able to remove some redirect trojans and a few other things. Here are my logs, please if there is anything else I need to do, help!
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.10.21.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Brandon :: BRANDON-PC [administrator]
Protection: Enabled
10/21/2012 3:44:09 AM
mbam-log-2012-10-21 (03-44-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223202
Time elapsed: 4 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\Users\Brandon\AppData\Local\Bugsplat\rkavsrfd.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Bugsplat (Trojan.RedirRdll2.Gen) -> Data: rundll32.exe C:\Users\Brandon\AppData\Local\Bugsplat\rkavsrfd.dll,ir_fe_ocr_linesegment -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\ProgramData\FREEzeFrogSA (Adware.FreezeFrog) -> Quarantined and deleted successfully.
Files Detected: 9
C:\Users\Brandon\Downloads\7zipap_718.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Users\Brandon\Downloads\installer_directx_sdk.exe (PUP.BundleInstaller.BT) -> Quarantined and deleted successfully.
C:\Users\Brandon\AppData\Local\Bugsplat\rkavsrfd.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.
C:\ProgramData\FREEzeFrogSA\FREEzeFrogSA.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully.
C:\ProgramData\FREEzeFrogSA\FREEzeFrogSAAbout.mht (Adware.FreezeFrog) -> Quarantined and deleted successfully.
C:\ProgramData\FREEzeFrogSA\FreezeFrogSAau.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully.
C:\ProgramData\FREEzeFrogSA\FREEzeFrogSAEULA.mht (Adware.FreezeFrog) -> Quarantined and deleted successfully.
C:\ProgramData\FREEzeFrogSA\FreezeFrogSA_hpk.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully.
C:\ProgramData\FREEzeFrogSA\FreezeFrogSA_kyf.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-21 04:31:55
Windows 6.1.7601 Service Pack 1
Running: 98bgtukb.exe
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DAFDE38B-9DF7-9413-34FB-8864AC837654}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DAFDE38B-9DF7-9413-34FB-8864AC837654}@oabhdkfjbbfagkmlkodhdfehckhlio 0x6A 0x61 0x66 0x65 ...
---- EOF - GMER 1.0.15 ----
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by Brandon at 4:40:54 on 2012-10-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.668 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = Preserve
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [Best Buy pc app] C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [] C:\Users\Brandon\AppData\Local\Temp\4.245763954103653E8
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...VMV0gtR0JZUzQtOU5USEQtUUE3WEQtQzJRSEgtTkZGS0o"&"inst=NzctNzA3Njg5NDQ5LUREVCs5OTU5LUxTRCsyLVNUMTBBUFArMS1ERDEwKzEtRkwxMCsxLVNUMTBGQVBQKzEtREQxMEYrMS1GMTBNMTJBVCsxLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQk4rMQ"&"prod=90"&"ver=10.0.1416
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{0A0BAC73-3118-4B66-B223-515C166C1C39}\7796C646775637475737D636 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{0A0BAC73-3118-4B66-B223-515C166C1C39}\7796C646775637475737D636D27657563747 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{B8981DBD-BBAD-48E9-8845-70003346BD56} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{B8981DBD-BBAD-48E9-8845-70003346BD56}\7796C646775637475737D636 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{B8981DBD-BBAD-48E9-8845-70003346BD56}\7796C646775637475737D636D27657563747 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{C38D4E61-CEEB-45D1-B7BF-ECE2B93160D8} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{C38D4E61-CEEB-45D1-B7BF-ECE2B93160D8}\7796C646775637475737D636D27657563747 : DHCPNameServer = 24.248.133.27 192.168.33.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: 2012-10-16 15:49; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-17 752672]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-17 335784]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-21 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-21 676936]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-16 201304]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-16 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-16 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-16 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-10-16 237920]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-10-16 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-10-16 177144]
R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
R3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2011-8-1 1101600]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-10-16 69672]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-21 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-10-16 300392]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-10-16 513456]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-10-7 189288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-7-29 2255464]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-16 196440]
S3 JmtFltr;n52te;C:\Windows\System32\drivers\JmtFltr.sys [2011-9-7 46464]
S3 LVUVC64;Logitech Webcam 300(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-4-1 4184672]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-10-16 106112]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 115168]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-26 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-3 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-8-13 14544]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-10-21 08:43:25 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Malwarebytes
2012-10-21 08:42:34 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-21 08:42:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-21 08:42:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-18 01:42:31 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Mumble
2012-10-18 01:42:24 -------- d-----w- C:\Program Files (x86)\Mumble
2012-10-16 16:53:04 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-16 16:53:04 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-16 16:53:02 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-10-16 16:53:02 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-10-16 16:53:02 136704 ----a-w- C:\Windows\System32\browser.dll
2012-10-16 16:52:42 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-16 16:52:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-16 16:51:00 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-16 16:46:18 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-16 16:46:18 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-16 16:46:17 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-16 16:46:17 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-16 16:46:17 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-16 16:46:17 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-16 16:32:04 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2012-10-16 16:30:51 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-10-16 16:30:45 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-10-16 16:30:44 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-10-16 16:30:33 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-10-16 16:30:33 513456 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-10-16 16:30:33 300392 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-10-16 16:30:33 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-10-16 16:30:27 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-10-16 16:30:15 -------- d-----w- C:\Program Files\McAfee.com
2012-10-16 16:30:15 -------- d-----w- C:\Program Files\McAfee
2012-10-16 16:30:05 -------- d-----w- C:\Program Files (x86)\McAfee
2012-10-16 16:14:13 -------- d-----w- C:\mfe
2012-10-16 16:07:36 177144 ----a-w- C:\Windows\System32\mfevtps.exe
2012-10-16 16:04:31 -------- d-----w- C:\ProgramData\Citrix
2012-10-16 15:55:51 -------- d-----w- C:\Program Files (x86)\Citrix
2012-10-16 15:55:42 -------- d-----w- C:\Users\Brandon\AppData\Local\Citrix
2012-10-16 15:55:37 103784 ----a-w- C:\Users\Brandon\GoToAssistDownloadHelper.exe
2012-10-15 12:54:46 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{68D2397E-40FD-480A-976F-0F083EC6F224}\mpengine.dll
2012-10-14 04:58:17 -------- d-----w- C:\Windows\2FDD750F49B740C19D5ED2955BC0E2D8.TMP
2012-10-14 00:36:45 -------- d-----w- C:\Program Files (x86)\SpeedFan
2012-10-07 19:30:57 830312 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
2012-09-25 15:54:48 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-25 15:54:30 -------- d-----w- C:\Program Files\iPod
2012-09-25 15:54:28 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-25 15:54:28 -------- d-----w- C:\Program Files\iTunes
2012-09-25 15:54:28 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-25 15:53:00 -------- d-----w- C:\Program Files\Bonjour
2012-09-25 15:53:00 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-09-24 14:19:03 -------- d-----w- C:\Users\Brandon\AppData\Local\Bugsplat
.
==================== Find3M ====================
.
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-30 16:18:05 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-08-30 16:18:05 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-08-30 16:18:05 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-08-30 16:18:04 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-08-30 16:18:01 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-08-30 16:17:59 6198120 ----a-w- C:\Windows\System32\nvcpl.dll
2012-08-30 15:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-08-29 03:20:22 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-08-29 03:20:22 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-08-29 03:20:22 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 18:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 18:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
.
============= FINISH: 4:41:19.10 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/1/2011 10:46:28 AM
System Uptime: 10/21/2012 3:53:52 AM (1 hours ago)
.
Motherboard: EVGA | | 132-YW-E179-FTW
Processor: Intel(R) Core(TM)2 Duo CPU E8600 @ 3.33GHz | Socket 775 | 3333/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 16.799 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 932 GiB total, 911.93 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP185: 10/10/2012 4:33:35 AM - Windows Update
RP186: 10/15/2012 7:54:25 AM - Windows Update
RP188: 10/16/2012 10:00:54 AM - Windows Defender Checkpoint
RP189: 10/16/2012 11:54:13 AM - Windows Update
RP190: 10/17/2012 8:41:42 PM - Installed Mumble 1.2.3
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
7-Zip 9.20
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Best Buy pc app
Bonjour
Cisco Connect
Diablo II
Diablo III
DivX Setup
Game Booster 3
ImgBurn
iTunes
Java 7 Update 6 (64-bit)
Java Auto Updater
Java(TM) 7 Update 5
Java(TM) SE Development Kit 7 Update 3 (64-bit)
JavaFX 2.0.3 (64-bit)
JavaFX 2.0.3 SDK (64-bit)
JavaFX 2.1.1
League of Legends
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee Internet Security
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft DirectX SDK (June 2010)
Microsoft Expression Blend 4
Microsoft Help Viewer 1.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Web Deploy 2.0
Microsoft Web Platform Installer 3.0
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
Mumble 1.2.3
NuGet
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 306.23
NVIDIA 3D Vision Driver 306.23
NVIDIA Control Panel 306.23
NVIDIA Endless City demo
NVIDIA Graphics Driver 306.23
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.4.28
NVIDIA Update Components
Paint.NET v3.5.10
Pando Media Booster
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Shared C Run-time for x64
SpeedFan (remove only)
Steam
TransMac version 10.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client for Windows x64
Warcraft III
Web Deployment Tool
Windows Live ID Sign-in Assistant
World of Warcraft
WPF Toolkit February 2010 (Version 3.5.50211.1)
.
==== Event Viewer Messages From Past Week ========
.
10/21/2012 3:56:22 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/21/2012 3:56:22 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
10/16/2012 10:38:40 AM, Error: Service Control Manager [7003] - The McAfee Validation Trust Protection Service service depends the following service: mfehidk. This service might not be installed.
.
==== End Of File ===========================
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.10.21.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Brandon :: BRANDON-PC [administrator]
Protection: Enabled
10/21/2012 3:44:09 AM
mbam-log-2012-10-21 (03-44-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223202
Time elapsed: 4 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\Users\Brandon\AppData\Local\Bugsplat\rkavsrfd.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Bugsplat (Trojan.RedirRdll2.Gen) -> Data: rundll32.exe C:\Users\Brandon\AppData\Local\Bugsplat\rkavsrfd.dll,ir_fe_ocr_linesegment -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\ProgramData\FREEzeFrogSA (Adware.FreezeFrog) -> Quarantined and deleted successfully.
Files Detected: 9
C:\Users\Brandon\Downloads\7zipap_718.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Users\Brandon\Downloads\installer_directx_sdk.exe (PUP.BundleInstaller.BT) -> Quarantined and deleted successfully.
C:\Users\Brandon\AppData\Local\Bugsplat\rkavsrfd.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.
C:\ProgramData\FREEzeFrogSA\FREEzeFrogSA.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully.
C:\ProgramData\FREEzeFrogSA\FREEzeFrogSAAbout.mht (Adware.FreezeFrog) -> Quarantined and deleted successfully.
C:\ProgramData\FREEzeFrogSA\FreezeFrogSAau.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully.
C:\ProgramData\FREEzeFrogSA\FREEzeFrogSAEULA.mht (Adware.FreezeFrog) -> Quarantined and deleted successfully.
C:\ProgramData\FREEzeFrogSA\FreezeFrogSA_hpk.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully.
C:\ProgramData\FREEzeFrogSA\FreezeFrogSA_kyf.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-21 04:31:55
Windows 6.1.7601 Service Pack 1
Running: 98bgtukb.exe
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DAFDE38B-9DF7-9413-34FB-8864AC837654}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DAFDE38B-9DF7-9413-34FB-8864AC837654}@oabhdkfjbbfagkmlkodhdfehckhlio 0x6A 0x61 0x66 0x65 ...
---- EOF - GMER 1.0.15 ----
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by Brandon at 4:40:54 on 2012-10-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.668 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = Preserve
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [Best Buy pc app] C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [] C:\Users\Brandon\AppData\Local\Temp\4.245763954103653E8
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...VMV0gtR0JZUzQtOU5USEQtUUE3WEQtQzJRSEgtTkZGS0o"&"inst=NzctNzA3Njg5NDQ5LUREVCs5OTU5LUxTRCsyLVNUMTBBUFArMS1ERDEwKzEtRkwxMCsxLVNUMTBGQVBQKzEtREQxMEYrMS1GMTBNMTJBVCsxLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQk4rMQ"&"prod=90"&"ver=10.0.1416
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{0A0BAC73-3118-4B66-B223-515C166C1C39}\7796C646775637475737D636 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{0A0BAC73-3118-4B66-B223-515C166C1C39}\7796C646775637475737D636D27657563747 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{B8981DBD-BBAD-48E9-8845-70003346BD56} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{B8981DBD-BBAD-48E9-8845-70003346BD56}\7796C646775637475737D636 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{B8981DBD-BBAD-48E9-8845-70003346BD56}\7796C646775637475737D636D27657563747 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{C38D4E61-CEEB-45D1-B7BF-ECE2B93160D8} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{C38D4E61-CEEB-45D1-B7BF-ECE2B93160D8}\7796C646775637475737D636D27657563747 : DHCPNameServer = 24.248.133.27 192.168.33.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: 2012-10-16 15:49; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-17 752672]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-17 335784]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-21 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-21 676936]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-16 201304]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-16 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-16 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-16 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-10-16 237920]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-10-16 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-10-16 177144]
R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
R3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2011-8-1 1101600]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-10-16 69672]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-21 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-10-16 300392]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-10-16 513456]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-10-7 189288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-7-29 2255464]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-16 196440]
S3 JmtFltr;n52te;C:\Windows\System32\drivers\JmtFltr.sys [2011-9-7 46464]
S3 LVUVC64;Logitech Webcam 300(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-4-1 4184672]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-10-16 106112]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 115168]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-26 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-3 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-8-13 14544]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-10-21 08:43:25 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Malwarebytes
2012-10-21 08:42:34 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-21 08:42:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-21 08:42:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-18 01:42:31 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Mumble
2012-10-18 01:42:24 -------- d-----w- C:\Program Files (x86)\Mumble
2012-10-16 16:53:04 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-16 16:53:04 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-16 16:53:02 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-10-16 16:53:02 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-10-16 16:53:02 136704 ----a-w- C:\Windows\System32\browser.dll
2012-10-16 16:52:42 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-16 16:52:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-16 16:51:00 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-16 16:46:18 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-16 16:46:18 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-16 16:46:17 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-16 16:46:17 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-16 16:46:17 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-16 16:46:17 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-16 16:32:04 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2012-10-16 16:30:51 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-10-16 16:30:45 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-10-16 16:30:44 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-10-16 16:30:33 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-10-16 16:30:33 513456 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-10-16 16:30:33 300392 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-10-16 16:30:33 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-10-16 16:30:27 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-10-16 16:30:15 -------- d-----w- C:\Program Files\McAfee.com
2012-10-16 16:30:15 -------- d-----w- C:\Program Files\McAfee
2012-10-16 16:30:05 -------- d-----w- C:\Program Files (x86)\McAfee
2012-10-16 16:14:13 -------- d-----w- C:\mfe
2012-10-16 16:07:36 177144 ----a-w- C:\Windows\System32\mfevtps.exe
2012-10-16 16:04:31 -------- d-----w- C:\ProgramData\Citrix
2012-10-16 15:55:51 -------- d-----w- C:\Program Files (x86)\Citrix
2012-10-16 15:55:42 -------- d-----w- C:\Users\Brandon\AppData\Local\Citrix
2012-10-16 15:55:37 103784 ----a-w- C:\Users\Brandon\GoToAssistDownloadHelper.exe
2012-10-15 12:54:46 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{68D2397E-40FD-480A-976F-0F083EC6F224}\mpengine.dll
2012-10-14 04:58:17 -------- d-----w- C:\Windows\2FDD750F49B740C19D5ED2955BC0E2D8.TMP
2012-10-14 00:36:45 -------- d-----w- C:\Program Files (x86)\SpeedFan
2012-10-07 19:30:57 830312 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
2012-09-25 15:54:48 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-25 15:54:30 -------- d-----w- C:\Program Files\iPod
2012-09-25 15:54:28 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-25 15:54:28 -------- d-----w- C:\Program Files\iTunes
2012-09-25 15:54:28 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-25 15:53:00 -------- d-----w- C:\Program Files\Bonjour
2012-09-25 15:53:00 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-09-24 14:19:03 -------- d-----w- C:\Users\Brandon\AppData\Local\Bugsplat
.
==================== Find3M ====================
.
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-30 16:18:05 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-08-30 16:18:05 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-08-30 16:18:05 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-08-30 16:18:04 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-08-30 16:18:01 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-08-30 16:17:59 6198120 ----a-w- C:\Windows\System32\nvcpl.dll
2012-08-30 15:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-08-29 03:20:22 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-08-29 03:20:22 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-08-29 03:20:22 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 18:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 18:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
.
============= FINISH: 4:41:19.10 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/1/2011 10:46:28 AM
System Uptime: 10/21/2012 3:53:52 AM (1 hours ago)
.
Motherboard: EVGA | | 132-YW-E179-FTW
Processor: Intel(R) Core(TM)2 Duo CPU E8600 @ 3.33GHz | Socket 775 | 3333/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 16.799 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 932 GiB total, 911.93 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP185: 10/10/2012 4:33:35 AM - Windows Update
RP186: 10/15/2012 7:54:25 AM - Windows Update
RP188: 10/16/2012 10:00:54 AM - Windows Defender Checkpoint
RP189: 10/16/2012 11:54:13 AM - Windows Update
RP190: 10/17/2012 8:41:42 PM - Installed Mumble 1.2.3
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
7-Zip 9.20
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Best Buy pc app
Bonjour
Cisco Connect
Diablo II
Diablo III
DivX Setup
Game Booster 3
ImgBurn
iTunes
Java 7 Update 6 (64-bit)
Java Auto Updater
Java(TM) 7 Update 5
Java(TM) SE Development Kit 7 Update 3 (64-bit)
JavaFX 2.0.3 (64-bit)
JavaFX 2.0.3 SDK (64-bit)
JavaFX 2.1.1
League of Legends
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee Internet Security
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft DirectX SDK (June 2010)
Microsoft Expression Blend 4
Microsoft Help Viewer 1.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Web Deploy 2.0
Microsoft Web Platform Installer 3.0
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
Mumble 1.2.3
NuGet
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 306.23
NVIDIA 3D Vision Driver 306.23
NVIDIA Control Panel 306.23
NVIDIA Endless City demo
NVIDIA Graphics Driver 306.23
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.4.28
NVIDIA Update Components
Paint.NET v3.5.10
Pando Media Booster
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Shared C Run-time for x64
SpeedFan (remove only)
Steam
TransMac version 10.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client for Windows x64
Warcraft III
Web Deployment Tool
Windows Live ID Sign-in Assistant
World of Warcraft
WPF Toolkit February 2010 (Version 3.5.50211.1)
.
==== Event Viewer Messages From Past Week ========
.
10/21/2012 3:56:22 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/21/2012 3:56:22 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
10/16/2012 10:38:40 AM, Error: Service Control Manager [7003] - The McAfee Validation Trust Protection Service service depends the following service: mfehidk. This service might not be installed.
.
==== End Of File ===========================