Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus: a different search engine has taken over google chrome


  • This topic is locked This topic is locked
35 replies to this topic

#1 MeganMarie

MeganMarie

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 05 January 2012 - 01:43 AM

I am here after running Malwarebytes Antimalware, I currently have some kind of virus or something that runs everytime I click on my Google Chrome icon or try to perform a google search in my search bar-- my DDS log is as follows;


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_26
Run by Megan at 14:58:55 on 2012-01-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4028.2164 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Megan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Megan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Users\Megan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.wunderground.com/US/OR/Portland.html
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.dell.com
mDefault_Page_URL = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [FAStartup]
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Megan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VERSIO~1.LNK - C:\Windows\Installer\{64A32253-A906-4AEB-B6A7-A90512B68D87}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Bejeweled%203/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4E0AA75F-2B32-4509-AC10-629A243F9734} : DhcpNameServer = 68.87.69.146 68.87.85.98 68.87.78.130
TCP: Interfaces\{F774A917-C26F-4768-8E10-9B55B420B824} : DhcpNameServer = 192.168.0.1
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [FAStartup]
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun-x64: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun-x64: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\dxxj4xn2.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
FF - component: C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\dxxj4xn2.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll
FF - component: C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\dxxj4xn2.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll
FF - component: C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\dxxj4xn2.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\Megan\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Megan\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\Megan\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: C:\Users\Megan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Megan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\Megan\AppData\Roaming\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2008-9-5 2340096]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9f562f23eaba0;Google Update Service (gupdate1c9f562f23eaba0);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-24 133104]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-24 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-01-03 18:24:55 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6EDCD7A4-524D-4367-8E43-8CE742FC4322}\offreg.dll
2012-01-03 18:24:50 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6EDCD7A4-524D-4367-8E43-8CE742FC4322}\mpengine.dll
2012-01-01 22:39:27 -------- d-----w- C:\Users\Megan\AppData\Local\Ilivid Player
2012-01-01 19:36:27 -------- dc----w- C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
2012-01-01 19:36:12 -------- d-----w- C:\Program Files (x86)\iLivid
2012-01-01 19:34:00 -------- d-----w- C:\ProgramData\boost_interprocess
2012-01-01 19:33:59 -------- d-----w- C:\Program Files (x86)\Windows iLivid Toolbar
2012-01-01 19:33:02 -------- d-----w- C:\Users\Megan\AppData\Local\PackageAware
2011-12-20 05:32:43 -------- d-----w- C:\Program Files\iPod
2011-12-20 05:32:41 -------- d-----w- C:\Program Files\iTunes
2011-12-20 05:32:41 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-14 17:11:18 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-14 17:11:18 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-14 17:11:07 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-14 17:11:06 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-14 17:09:04 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-12-14 16:58:03 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-12-14 16:58:03 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-11-03 06:55:13 1147392 ----a-w- C:\Windows\System32\wininet.dll
2011-11-03 06:50:15 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-03 06:49:54 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-03 06:49:36 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-11-03 06:49:36 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-11-03 06:22:04 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-11-03 05:54:27 479232 ----a-w- C:\Windows\System32\html.iec
2011-11-03 05:22:43 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-03 05:11:55 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-11-03 05:10:39 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 04:45:39 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-25 16:09:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 14:59:40.84 ===============

and

I have another log that says not to post unless specifically requested to do so, so I'll wait

Please help

Please.

I really appreciate it

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 08 January 2012 - 03:13 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 10 January 2012 - 11:25 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 MeganMarie

MeganMarie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 10 January 2012 - 11:45 PM

I'm here!! Sorry didn't see your reply. I'll run combo fix right now and be back. Thank you!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 11 January 2012 - 12:11 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 MeganMarie

MeganMarie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 11 January 2012 - 12:32 AM

ComboFix 12-01-10.02 - Megan 01/10/2012 21:01:41.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4028.2302 [GMT -8:00]
Running from: c:\users\Megan\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Megan\GoToAssistDownloadHelper.exe
c:\windows\system32\FAPassSync.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-11 04:49 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{801EE333-13E0-4AE2-B631-A72B9D6F20F9}\mpengine.dll
2012-01-11 01:57 . 2011-12-01 15:29 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 01:57 . 2011-12-01 15:21 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-01-11 01:50 . 2011-10-25 16:13 1570816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 01:50 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 01:50 . 2011-10-25 16:13 352256 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 01:50 . 2011-10-25 15:58 497152 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 01:49 . 2011-11-18 20:55 1585152 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 01:49 . 2011-11-18 20:55 1167984 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 01:49 . 2011-10-14 17:31 211968 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 01:49 . 2011-10-14 17:27 28672 ----a-w- c:\windows\system32\mciwave.dll
2012-01-11 01:49 . 2011-10-14 17:27 28160 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 01:49 . 2011-10-14 17:27 48128 ----a-w- c:\windows\system32\mcicda.dll
2012-01-11 01:49 . 2011-10-14 16:03 189952 ----a-w- c:\windows\SysWow64\winmm.dll
2012-01-11 01:49 . 2011-10-14 16:00 23552 ----a-w- c:\windows\SysWow64\mciseq.dll
2012-01-11 01:49 . 2011-11-25 16:25 451072 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 01:49 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-01-11 01:49 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 20:36 . 2012-01-10 20:36 -------- d-----w- c:\users\Megan\AppData\Local\Solid State Networks
2012-01-08 19:13 . 2012-01-08 19:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-01-01 22:39 . 2012-01-01 22:39 -------- d-----w- c:\users\Megan\AppData\Local\Ilivid Player
2012-01-01 19:36 . 2012-01-01 19:36 -------- dc----w- c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}
2012-01-01 19:36 . 2012-01-01 19:36 -------- d-----w- c:\program files (x86)\iLivid
2012-01-01 19:34 . 2012-01-01 19:34 -------- d-----w- c:\programdata\boost_interprocess
2012-01-01 19:33 . 2012-01-01 19:34 -------- d-----w- c:\program files (x86)\Windows iLivid Toolbar
2012-01-01 19:33 . 2012-01-01 19:33 -------- d-----w- c:\users\Megan\AppData\Local\PackageAware
2011-12-20 05:32 . 2011-12-20 05:32 -------- d-----w- c:\program files\iPod
2011-12-20 05:32 . 2011-12-20 05:33 -------- d-----w- c:\program files\iTunes
2011-12-20 05:32 . 2011-12-20 05:33 -------- d-----w- c:\program files (x86)\iTunes
2011-12-14 17:11 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 17:11 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 17:11 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 17:11 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 17:09 . 2011-11-23 13:57 2764800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 23:24 . 2010-11-13 01:22 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 11:40 . 2010-11-14 11:16 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-11-03 4823416]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2008-09-05 95488]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PCMService"="c:\program files (x86)\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1995344]
VersionTrackerPro.lnk - c:\windows\Installer\{64A32253-A906-4AEB-B6A7-A90512B68D87}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2009-12-10 53248]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2008-09-05 22:16 140544 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-08 10:03]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-25 07:02]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-25 07:02]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2297104158-2464278631-1469788335-1000Core.job
- c:\users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-05 02:14]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2297104158-2464278631-1469788335-1000UA.job
- c:\users\Megan\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-05 02:14]
.
2012-01-10 c:\windows\Tasks\User_Feed_Synchronization-{34E80F96-34FC-4D6F-A7FB-7E8DC26496EF}.job
- c:\windows\system32\msfeedssync.exe [2011-12-14 04:44]
.
2012-01-11 c:\windows\Tasks\vtscheduletask.job
- c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2010-11-05 21:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 272896]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 4119552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"combofix"="c:\combofix\CF20513.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 10.1.1.11
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\dxxj4xn2.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Megan\AppData\Roaming\Move Networks
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-FAStartup - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe
c:\program files (x86)\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-01-10 21:22:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-11 05:22
.
Pre-Run: 207,364,448,256 bytes free
Post-Run: 207,071,875,072 bytes free
.
- - End Of File - - 981249A0EC23EC0F119465497AFE0805


When the computer restarted a warning window popped up that said "A device attached to the (system?) is not functioning" I think it said system and not another word, but am not positive. I don't have anything connected to the computer except the battery.

My problem still exists with google chrome- always going to this website: http://www.searchqu.com/406

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 11 January 2012 - 08:07 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 MeganMarie

MeganMarie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 11 January 2012 - 09:34 AM

06:29:56.0479 1568 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
06:29:57.0036 1568 ============================================================
06:29:57.0036 1568 Current date / time: 2012/01/11 06:29:57.0036
06:29:57.0036 1568 SystemInfo:
06:29:57.0036 1568
06:29:57.0036 1568 OS Version: 6.0.6002 ServicePack: 2.0
06:29:57.0036 1568 Product type: Workstation
06:29:57.0036 1568 ComputerName: MEGAN-PC
06:29:57.0037 1568 UserName: Megan
06:29:57.0037 1568 Windows directory: C:\Windows
06:29:57.0037 1568 System windows directory: C:\Windows
06:29:57.0037 1568 Running under WOW64
06:29:57.0037 1568 Processor architecture: Intel x64
06:29:57.0037 1568 Number of processors: 2
06:29:57.0037 1568 Page size: 0x1000
06:29:57.0037 1568 Boot type: Normal boot
06:29:57.0037 1568 ============================================================
06:29:59.0773 1568 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
06:29:59.0854 1568 Initialize success
06:30:07.0191 4400 ============================================================
06:30:07.0191 4400 Scan started
06:30:07.0191 4400 Mode: Manual;
06:30:07.0191 4400 ============================================================
06:30:07.0805 4400 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
06:30:07.0810 4400 ACPI - ok
06:30:07.0864 4400 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
06:30:07.0867 4400 adp94xx - ok
06:30:07.0894 4400 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
06:30:07.0896 4400 adpahci - ok
06:30:07.0927 4400 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
06:30:07.0929 4400 adpu160m - ok
06:30:07.0956 4400 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
06:30:07.0958 4400 adpu320 - ok
06:30:08.0059 4400 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
06:30:08.0068 4400 AFD - ok
06:30:08.0128 4400 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
06:30:08.0129 4400 agp440 - ok
06:30:08.0192 4400 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
06:30:08.0193 4400 aic78xx - ok
06:30:08.0215 4400 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
06:30:08.0216 4400 aliide - ok
06:30:08.0239 4400 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
06:30:08.0240 4400 amdide - ok
06:30:08.0268 4400 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
06:30:08.0270 4400 AmdK8 - ok
06:30:08.0309 4400 ApfiltrService (8c85c812569df851e7a2159147323dfa) C:\Windows\system32\DRIVERS\Apfiltr.sys
06:30:08.0312 4400 ApfiltrService - ok
06:30:08.0399 4400 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
06:30:08.0401 4400 arc - ok
06:30:08.0450 4400 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
06:30:08.0452 4400 arcsas - ok
06:30:08.0503 4400 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
06:30:08.0504 4400 AsyncMac - ok
06:30:08.0546 4400 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
06:30:08.0547 4400 atapi - ok
06:30:08.0620 4400 BCM42RLY (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
06:30:08.0621 4400 BCM42RLY - ok
06:30:08.0718 4400 BCM43XX (d32f962b71fee6bdaaee630bb2c17280) C:\Windows\system32\DRIVERS\bcmwl664.sys
06:30:08.0738 4400 BCM43XX - ok
06:30:08.0784 4400 Beep - ok
06:30:08.0839 4400 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
06:30:08.0840 4400 blbdrive - ok
06:30:08.0914 4400 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
06:30:08.0917 4400 bowser - ok
06:30:08.0979 4400 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
06:30:08.0980 4400 BrFiltLo - ok
06:30:09.0000 4400 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
06:30:09.0001 4400 BrFiltUp - ok
06:30:09.0036 4400 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
06:30:09.0037 4400 Brserid - ok
06:30:09.0065 4400 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
06:30:09.0066 4400 BrSerWdm - ok
06:30:09.0107 4400 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
06:30:09.0108 4400 BrUsbMdm - ok
06:30:09.0131 4400 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
06:30:09.0132 4400 BrUsbSer - ok
06:30:09.0149 4400 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
06:30:09.0150 4400 BTHMODEM - ok
06:30:09.0203 4400 catchme - ok
06:30:09.0243 4400 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
06:30:09.0246 4400 cdfs - ok
06:30:09.0290 4400 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
06:30:09.0293 4400 cdrom - ok
06:30:09.0349 4400 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
06:30:09.0350 4400 circlass - ok
06:30:09.0398 4400 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
06:30:09.0407 4400 CLFS - ok
06:30:09.0518 4400 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
06:30:09.0519 4400 CmBatt - ok
06:30:09.0543 4400 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
06:30:09.0544 4400 cmdide - ok
06:30:09.0580 4400 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
06:30:09.0582 4400 Compbatt - ok
06:30:09.0598 4400 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
06:30:09.0599 4400 crcdisk - ok
06:30:09.0696 4400 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
06:30:09.0699 4400 DfsC - ok
06:30:09.0788 4400 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
06:30:09.0790 4400 disk - ok
06:30:09.0891 4400 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
06:30:09.0892 4400 drmkaud - ok
06:30:09.0945 4400 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
06:30:09.0981 4400 DXGKrnl - ok
06:30:10.0026 4400 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
06:30:10.0030 4400 e1express - ok
06:30:10.0082 4400 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
06:30:10.0088 4400 E1G60 - ok
06:30:10.0163 4400 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
06:30:10.0168 4400 Ecache - ok
06:30:10.0220 4400 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
06:30:10.0224 4400 elxstor - ok
06:30:10.0259 4400 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
06:30:10.0260 4400 ErrDev - ok
06:30:10.0329 4400 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
06:30:10.0334 4400 exfat - ok
06:30:10.0426 4400 FACAP (e7f412035b832013fa32f412246c5bff) C:\Windows\system32\DRIVERS\facap.sys
06:30:10.0429 4400 FACAP - ok
06:30:10.0494 4400 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
06:30:10.0501 4400 fastfat - ok
06:30:10.0580 4400 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
06:30:10.0581 4400 fdc - ok
06:30:10.0617 4400 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
06:30:10.0620 4400 FileInfo - ok
06:30:10.0664 4400 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
06:30:10.0666 4400 Filetrace - ok
06:30:10.0686 4400 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
06:30:10.0687 4400 flpydisk - ok
06:30:10.0733 4400 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
06:30:10.0740 4400 FltMgr - ok
06:30:10.0818 4400 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
06:30:10.0819 4400 Fs_Rec - ok
06:30:10.0851 4400 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
06:30:10.0853 4400 gagp30kx - ok
06:30:10.0904 4400 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:30:10.0905 4400 GEARAspiWDM - ok
06:30:11.0082 4400 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
06:30:11.0118 4400 HDAudBus - ok
06:30:11.0161 4400 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
06:30:11.0162 4400 HidBth - ok
06:30:11.0210 4400 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
06:30:11.0211 4400 HidIr - ok
06:30:11.0287 4400 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
06:30:11.0289 4400 HidUsb - ok
06:30:11.0346 4400 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
06:30:11.0347 4400 HpCISSs - ok
06:30:11.0403 4400 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
06:30:11.0428 4400 HTTP - ok
06:30:11.0447 4400 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
06:30:11.0448 4400 i2omp - ok
06:30:11.0516 4400 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
06:30:11.0519 4400 i8042prt - ok
06:30:11.0589 4400 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
06:30:11.0592 4400 iaStorV - ok
06:30:11.0865 4400 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
06:30:11.0936 4400 igfx - ok
06:30:12.0031 4400 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
06:30:12.0032 4400 iirsp - ok
06:30:12.0095 4400 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
06:30:12.0096 4400 IntcHdmiAddService - ok
06:30:12.0168 4400 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
06:30:12.0168 4400 intelide - ok
06:30:12.0196 4400 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
06:30:12.0197 4400 intelppm - ok
06:30:12.0274 4400 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:30:12.0276 4400 IpFilterDriver - ok
06:30:12.0291 4400 IpInIp - ok
06:30:12.0326 4400 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
06:30:12.0327 4400 IPMIDRV - ok
06:30:12.0349 4400 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
06:30:12.0352 4400 IPNAT - ok
06:30:12.0402 4400 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
06:30:12.0404 4400 IRENUM - ok
06:30:12.0461 4400 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
06:30:12.0462 4400 isapnp - ok
06:30:12.0503 4400 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
06:30:12.0508 4400 iScsiPrt - ok
06:30:12.0546 4400 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
06:30:12.0547 4400 iteatapi - ok
06:30:12.0582 4400 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
06:30:12.0584 4400 itecir - ok
06:30:12.0640 4400 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
06:30:12.0642 4400 iteraid - ok
06:30:12.0717 4400 k57nd60a (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys
06:30:12.0720 4400 k57nd60a - ok
06:30:12.0741 4400 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
06:30:12.0742 4400 kbdclass - ok
06:30:12.0775 4400 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
06:30:12.0776 4400 kbdhid - ok
06:30:12.0828 4400 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
06:30:12.0839 4400 KSecDD - ok
06:30:12.0863 4400 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
06:30:12.0867 4400 ksthunk - ok
06:30:12.0937 4400 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
06:30:12.0939 4400 lltdio - ok
06:30:12.0976 4400 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
06:30:12.0977 4400 LSI_FC - ok
06:30:13.0009 4400 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
06:30:13.0010 4400 LSI_SAS - ok
06:30:13.0027 4400 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
06:30:13.0029 4400 LSI_SCSI - ok
06:30:13.0055 4400 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
06:30:13.0058 4400 luafv - ok
06:30:13.0148 4400 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
06:30:13.0149 4400 MBAMProtector - ok
06:30:13.0249 4400 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
06:30:13.0249 4400 megasas - ok
06:30:13.0291 4400 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
06:30:13.0294 4400 MegaSR - ok
06:30:13.0323 4400 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
06:30:13.0325 4400 Modem - ok
06:30:13.0359 4400 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
06:30:13.0360 4400 monitor - ok
06:30:13.0388 4400 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
06:30:13.0389 4400 mouclass - ok
06:30:13.0411 4400 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
06:30:13.0412 4400 mouhid - ok
06:30:13.0432 4400 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
06:30:13.0434 4400 MountMgr - ok
06:30:13.0508 4400 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
06:30:13.0510 4400 MpFilter - ok
06:30:13.0538 4400 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
06:30:13.0539 4400 mpio - ok
06:30:13.0577 4400 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
06:30:13.0578 4400 MpNWMon - ok
06:30:13.0600 4400 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
06:30:13.0603 4400 mpsdrv - ok
06:30:13.0645 4400 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
06:30:13.0646 4400 Mraid35x - ok
06:30:13.0697 4400 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
06:30:13.0702 4400 MRxDAV - ok
06:30:13.0747 4400 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:30:13.0751 4400 mrxsmb - ok
06:30:13.0812 4400 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:30:13.0819 4400 mrxsmb10 - ok
06:30:13.0839 4400 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:30:13.0843 4400 mrxsmb20 - ok
06:30:13.0906 4400 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
06:30:13.0907 4400 msahci - ok
06:30:13.0957 4400 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
06:30:13.0959 4400 msdsm - ok
06:30:13.0985 4400 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
06:30:13.0992 4400 Msfs - ok
06:30:14.0037 4400 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
06:30:14.0057 4400 msisadrv - ok
06:30:14.0125 4400 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
06:30:14.0127 4400 MSKSSRV - ok
06:30:14.0185 4400 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
06:30:14.0186 4400 MSPCLOCK - ok
06:30:14.0212 4400 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
06:30:14.0214 4400 MSPQM - ok
06:30:14.0267 4400 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
06:30:14.0274 4400 MsRPC - ok
06:30:14.0294 4400 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
06:30:14.0296 4400 mssmbios - ok
06:30:14.0352 4400 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
06:30:14.0353 4400 MSTEE - ok
06:30:14.0383 4400 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
06:30:14.0385 4400 Mup - ok
06:30:14.0459 4400 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
06:30:14.0463 4400 NativeWifiP - ok
06:30:14.0518 4400 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
06:30:14.0542 4400 NDIS - ok
06:30:14.0581 4400 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
06:30:14.0583 4400 NdisTapi - ok
06:30:14.0602 4400 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
06:30:14.0603 4400 Ndisuio - ok
06:30:14.0643 4400 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
06:30:14.0646 4400 NdisWan - ok
06:30:14.0674 4400 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
06:30:14.0675 4400 NDProxy - ok
06:30:14.0702 4400 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
06:30:14.0703 4400 NetBIOS - ok
06:30:14.0746 4400 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
06:30:14.0751 4400 netbt - ok
06:30:14.0791 4400 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
06:30:14.0792 4400 nfrd960 - ok
06:30:14.0838 4400 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
06:30:14.0840 4400 NisDrv - ok
06:30:14.0875 4400 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
06:30:14.0877 4400 Npfs - ok
06:30:14.0900 4400 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
06:30:14.0902 4400 nsiproxy - ok
06:30:14.0976 4400 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
06:30:15.0022 4400 Ntfs - ok
06:30:15.0043 4400 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
06:30:15.0045 4400 Null - ok
06:30:15.0072 4400 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
06:30:15.0132 4400 nvraid - ok
06:30:15.0161 4400 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
06:30:15.0161 4400 nvstor - ok
06:30:15.0187 4400 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
06:30:15.0188 4400 nv_agp - ok
06:30:15.0198 4400 NwlnkFlt - ok
06:30:15.0211 4400 NwlnkFwd - ok
06:30:15.0279 4400 OA001Ufd (d09cc91e92fd1ff81af3a14be2cbb20d) C:\Windows\system32\DRIVERS\OA001Ufd.sys
06:30:15.0280 4400 OA001Ufd - ok
06:30:15.0313 4400 OA001Vid (a42cb6914ad67e1584e807ce53f1e62c) C:\Windows\system32\DRIVERS\OA001Vid.sys
06:30:15.0316 4400 OA001Vid - ok
06:30:15.0397 4400 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
06:30:15.0399 4400 ohci1394 - ok
06:30:15.0454 4400 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
06:30:15.0456 4400 Parport - ok
06:30:15.0493 4400 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
06:30:15.0495 4400 partmgr - ok
06:30:15.0519 4400 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
06:30:15.0523 4400 pci - ok
06:30:15.0551 4400 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
06:30:15.0551 4400 pciide - ok
06:30:15.0578 4400 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
06:30:15.0580 4400 pcmcia - ok
06:30:15.0624 4400 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
06:30:15.0647 4400 PEAUTH - ok
06:30:15.0761 4400 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
06:30:15.0763 4400 PptpMiniport - ok
06:30:15.0794 4400 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
06:30:15.0795 4400 Processor - ok
06:30:15.0880 4400 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
06:30:15.0883 4400 PSched - ok
06:30:15.0946 4400 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
06:30:15.0947 4400 PxHlpa64 - ok
06:30:16.0016 4400 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
06:30:16.0027 4400 ql2300 - ok
06:30:16.0063 4400 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
06:30:16.0065 4400 ql40xx - ok
06:30:16.0133 4400 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
06:30:16.0134 4400 QWAVEdrv - ok
06:30:16.0288 4400 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
06:30:16.0321 4400 R300 - ok
06:30:16.0355 4400 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
06:30:16.0357 4400 RasAcd - ok
06:30:16.0405 4400 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:30:16.0408 4400 Rasl2tp - ok
06:30:16.0448 4400 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
06:30:16.0450 4400 RasPppoe - ok
06:30:16.0493 4400 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
06:30:16.0496 4400 RasSstp - ok
06:30:16.0541 4400 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
06:30:16.0549 4400 rdbss - ok
06:30:16.0581 4400 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:30:16.0582 4400 RDPCDD - ok
06:30:16.0616 4400 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
06:30:16.0619 4400 rdpdr - ok
06:30:16.0632 4400 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
06:30:16.0634 4400 RDPENCDD - ok
06:30:16.0673 4400 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
06:30:16.0679 4400 RDPWD - ok
06:30:16.0759 4400 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
06:30:16.0760 4400 rimmptsk - ok
06:30:16.0818 4400 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
06:30:16.0820 4400 rimsptsk - ok
06:30:16.0833 4400 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
06:30:16.0835 4400 rismxdp - ok
06:30:16.0878 4400 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
06:30:16.0881 4400 rspndr - ok
06:30:16.0923 4400 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
06:30:16.0925 4400 sbp2port - ok
06:30:16.0985 4400 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
06:30:16.0988 4400 sdbus - ok
06:30:17.0019 4400 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
06:30:17.0021 4400 secdrv - ok
06:30:17.0060 4400 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
06:30:17.0061 4400 Serenum - ok
06:30:17.0088 4400 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
06:30:17.0090 4400 Serial - ok
06:30:17.0127 4400 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
06:30:17.0129 4400 sermouse - ok
06:30:17.0186 4400 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
06:30:17.0188 4400 sffdisk - ok
06:30:17.0214 4400 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
06:30:17.0215 4400 sffp_mmc - ok
06:30:17.0244 4400 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
06:30:17.0246 4400 sffp_sd - ok
06:30:17.0266 4400 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
06:30:17.0267 4400 sfloppy - ok
06:30:17.0310 4400 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
06:30:17.0311 4400 SiSRaid2 - ok
06:30:17.0339 4400 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
06:30:17.0341 4400 SiSRaid4 - ok
06:30:17.0391 4400 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
06:30:17.0394 4400 Smb - ok
06:30:17.0443 4400 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
06:30:17.0445 4400 spldr - ok
06:30:17.0503 4400 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
06:30:17.0525 4400 srv - ok
06:30:17.0568 4400 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
06:30:17.0572 4400 srv2 - ok
06:30:17.0597 4400 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
06:30:17.0602 4400 srvnet - ok
06:30:17.0701 4400 STHDA (3281204b2e6049100d0ff04270c2aea5) C:\Windows\system32\DRIVERS\stwrt64.sys
06:30:17.0706 4400 STHDA - ok
06:30:17.0749 4400 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
06:30:17.0750 4400 swenum - ok
06:30:17.0790 4400 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
06:30:17.0791 4400 Symc8xx - ok
06:30:17.0829 4400 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
06:30:17.0830 4400 Sym_hi - ok
06:30:17.0858 4400 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
06:30:17.0860 4400 Sym_u3 - ok
06:30:17.0957 4400 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
06:30:17.0977 4400 Tcpip - ok
06:30:18.0068 4400 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
06:30:18.0086 4400 Tcpip6 - ok
06:30:18.0127 4400 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
06:30:18.0129 4400 tcpipreg - ok
06:30:18.0149 4400 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
06:30:18.0151 4400 TDPIPE - ok
06:30:18.0181 4400 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
06:30:18.0183 4400 TDTCP - ok
06:30:18.0210 4400 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
06:30:18.0212 4400 tdx - ok
06:30:18.0256 4400 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
06:30:18.0258 4400 TermDD - ok
06:30:18.0309 4400 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:30:18.0311 4400 tssecsrv - ok
06:30:18.0333 4400 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
06:30:18.0334 4400 tunmp - ok
06:30:18.0369 4400 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
06:30:18.0370 4400 tunnel - ok
06:30:18.0409 4400 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
06:30:18.0411 4400 uagp35 - ok
06:30:18.0460 4400 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
06:30:18.0468 4400 udfs - ok
06:30:18.0508 4400 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
06:30:18.0509 4400 uliagpkx - ok
06:30:18.0549 4400 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
06:30:18.0552 4400 uliahci - ok
06:30:18.0602 4400 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
06:30:18.0605 4400 UlSata - ok
06:30:18.0633 4400 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
06:30:18.0635 4400 ulsata2 - ok
06:30:18.0657 4400 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
06:30:18.0660 4400 umbus - ok
06:30:18.0759 4400 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
06:30:18.0776 4400 USBAAPL64 - ok
06:30:18.0819 4400 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
06:30:18.0822 4400 usbccgp - ok
06:30:18.0853 4400 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
06:30:18.0855 4400 usbcir - ok
06:30:18.0913 4400 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
06:30:18.0915 4400 usbehci - ok
06:30:18.0950 4400 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
06:30:18.0957 4400 usbhub - ok
06:30:18.0993 4400 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
06:30:18.0994 4400 usbohci - ok
06:30:19.0037 4400 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
06:30:19.0039 4400 usbprint - ok
06:30:19.0069 4400 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:30:19.0072 4400 USBSTOR - ok
06:30:19.0110 4400 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
06:30:19.0111 4400 usbuhci - ok
06:30:19.0141 4400 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
06:30:19.0142 4400 vga - ok
06:30:19.0170 4400 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
06:30:19.0172 4400 VgaSave - ok
06:30:19.0198 4400 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
06:30:19.0199 4400 viaide - ok
06:30:19.0232 4400 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
06:30:19.0235 4400 volmgr - ok
06:30:19.0284 4400 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
06:30:19.0294 4400 volmgrx - ok
06:30:19.0483 4400 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
06:30:19.0515 4400 volsnap - ok
06:30:19.0549 4400 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
06:30:19.0551 4400 vsmraid - ok
06:30:19.0595 4400 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
06:30:19.0597 4400 WacomPen - ok
06:30:19.0633 4400 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
06:30:19.0637 4400 Wanarp - ok
06:30:19.0644 4400 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
06:30:19.0646 4400 Wanarpv6 - ok
06:30:19.0683 4400 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
06:30:19.0684 4400 Wd - ok
06:30:19.0734 4400 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
06:30:19.0769 4400 Wdf01000 - ok
06:30:19.0883 4400 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
06:30:19.0885 4400 WmiAcpi - ok
06:30:19.0950 4400 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
06:30:19.0952 4400 WpdUsb - ok
06:30:20.0015 4400 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
06:30:20.0021 4400 ws2ifsl - ok
06:30:20.0069 4400 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:30:20.0072 4400 WUDFRd - ok
06:30:20.0147 4400 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
06:30:20.0216 4400 \Device\Harddisk0\DR0 - ok
06:30:20.0230 4400 Boot (0x1200) (0819b017ae7e2bc8165374065109a60f) \Device\Harddisk0\DR0\Partition0
06:30:20.0232 4400 \Device\Harddisk0\DR0\Partition0 - ok
06:30:20.0237 4400 Boot (0x1200) (71e1e8c31fdb4f7e49c68d38ab64ea55) \Device\Harddisk0\DR0\Partition1
06:30:20.0239 4400 \Device\Harddisk0\DR0\Partition1 - ok
06:30:20.0243 4400 ============================================================
06:30:20.0243 4400 Scan finished
06:30:20.0243 4400 ============================================================
06:30:20.0263 3640 Detected object count: 0
06:30:20.0263 3640 Actual detected object count: 0



Nothing of interest happened during the scan- and problems persists

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 11 January 2012 - 09:59 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 MeganMarie

MeganMarie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 11 January 2012 - 07:58 PM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-11 16:47:15
-----------------------------
16:47:15.157 OS Version: Windows x64 6.0.6002 Service Pack 2
16:47:15.157 Number of processors: 2 586 0x170A
16:47:15.158 ComputerName: MEGAN-PC UserName: Megan
16:47:16.903 Initialize success
16:47:21.861 AVAST engine defs: 12011100
16:47:27.732 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:47:27.735 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 3
16:47:27.817 Disk 0 MBR read successfully
16:47:27.819 Disk 0 MBR scan
16:47:27.824 Disk 0 Windows VISTA default MBR code
16:47:27.831 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
16:47:27.871 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 145408
16:47:27.901 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294933 MB offset 21116928
16:47:27.922 Service scanning
16:47:29.294 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
16:47:29.932 Modules scanning
16:47:29.936 Disk 0 trace - called modules:
16:47:29.975 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:47:30.315 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e74790]
16:47:30.319 3 CLASSPNP.SYS[fffffa6000b9dc33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bbe4b0]
16:47:32.047 AVAST engine scan C:\Windows
16:47:39.122 File: C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
16:47:52.081 AVAST engine scan C:\Windows\system32
16:51:04.119 AVAST engine scan C:\Windows\system32\drivers
16:51:21.796 AVAST engine scan C:\Users\Megan
16:55:33.665 Disk 0 MBR has been saved successfully to "C:\Users\Megan\Desktop\MBR.dat"
16:55:33.674 The log file has been saved successfully to "C:\Users\Megan\Desktop\aswMBR2.txt"


Here's what it found. What's next?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 11 January 2012 - 09:23 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 MeganMarie

MeganMarie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 11 January 2012 - 09:58 PM

OTL logfile created on: 1/11/2012 6:48:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Megan\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 37.25% Memory free
8.07 Gb Paging File | 5.33 Gb Available in Paging File | 66.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.02 Gb Total Space | 192.71 Gb Free Space | 66.91% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.20 Gb Free Space | 31.96% Space Free | Partition Type: NTFS

Computer Name: MEGAN-PC | User Name: Megan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Megan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Users\Megan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
PRC - C:\Program Files (x86)\TechTracker\VersionTracker Pro\VersionTrackerPro.exe (CNET TechTracker)


========== Modules (No Company Name) ==========

MOD - C:\Users\Megan\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Megan\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll ()
MOD - C:\Users\Megan\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll ()
MOD - C:\Users\Megan\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll ()
MOD - C:\Users\Megan\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll ()
MOD - C:\Users\Megan\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\SDL.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FAService) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (OA001Ufd) -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (OA001Vid) -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (FACAP) -- C:\Windows\SysNative\DRIVERS\facap.sys (Sensible Vision )
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (e1express) Intel® -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2297104158-2464278631-1469788335-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-2297104158-2464278631-1469788335-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2297104158-2464278631-1469788335-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2297104158-2464278631-1469788335-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.75
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Megan\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Megan\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Megan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Megan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Megan\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Megan\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/04 20:39:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/08 11:14:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Megan\AppData\Roaming\Move Networks [2009/12/15 06:50:55 | 000,000,000 | ---D | M]

[2012/01/01 11:34:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Megan\AppData\Roaming\Mozilla\Extensions
[2012/01/08 21:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\dxxj4xn2.default\extensions
[2010/08/15 21:17:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\dxxj4xn2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/10 17:26:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\dxxj4xn2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/01 11:34:05 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\dxxj4xn2.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2010/11/05 18:13:25 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\dxxj4xn2.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2012/01/01 11:34:00 | 000,002,519 | ---- | M] () -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\dxxj4xn2.default\searchplugins\Search_Results.xml
[2012/01/01 11:34:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/09 22:21:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/12 18:06:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/16 07:10:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/17 21:07:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/12/15 06:50:55 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\MEGAN\APPDATA\ROAMING\MOVE NETWORKS
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/01 11:34:00 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=101&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Megan\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Megan\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Megan\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Megan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Megan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Megan\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Megan\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AT_OP = C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecaabliejjdikjnkahhikeelbblahgoi\3_0\
CHR - Extension: Gmail = C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/10 21:16:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-2297104158-2464278631-1469788335-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2297104158-2464278631-1469788335-1000..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2297104158-2464278631-1469788335-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2297104158-2464278631-1469788335-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2297104158-2464278631-1469788335-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2297104158-2464278631-1469788335-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2297104158-2464278631-1469788335-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Bejeweled%203/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E0AA75F-2B32-4509-AC10-629A243F9734}: DhcpNameServer = 68.87.69.146 68.87.85.98 68.87.78.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F774A917-C26F-4768-8E10-9B55B420B824}: DhcpNameServer = 10.1.1.11
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Users\Megan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Megan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/10 21:34:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/10 21:22:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/10 21:22:04 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\temp
[2012/01/10 20:58:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/10 20:58:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/10 20:58:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/10 20:57:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/10 20:56:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/10 17:50:15 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/10 17:50:15 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/10 17:50:13 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/10 17:50:13 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/10 17:50:12 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/10 17:50:12 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/10 17:49:18 | 001,585,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/10 17:49:16 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2012/01/10 17:49:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciwave.dll
[2012/01/10 17:49:16 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciseq.dll
[2012/01/10 17:49:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcicda.dll
[2012/01/10 17:49:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciseq.dll
[2012/01/10 17:49:12 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/01/10 17:49:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/10 17:49:10 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/10 12:36:07 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\Solid State Networks
[2012/01/08 11:13:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/01/08 11:13:41 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/01 14:39:27 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\Ilivid Player
[2012/01/01 11:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
[2012/01/01 11:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLivid
[2012/01/01 11:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/01/01 11:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2012/01/01 11:33:02 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\PackageAware
[2011/12/19 21:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/19 21:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/19 21:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/19 21:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/14 09:17:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 09:17:38 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/14 09:17:34 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/14 09:17:34 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/12/14 09:17:33 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/14 09:17:33 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/14 09:17:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/14 09:17:32 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/14 09:17:32 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/14 09:17:32 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/12/14 09:17:31 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/14 09:17:31 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/14 09:17:31 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/12/14 09:17:31 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/14 09:17:31 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/14 09:17:31 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/14 09:17:31 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/14 09:17:30 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/12/14 09:17:30 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/12/14 09:17:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/12/14 09:17:30 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/12/14 09:17:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/12/14 09:17:30 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/14 09:17:29 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/12/14 09:17:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/12/14 09:17:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/12/14 09:17:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/14 09:17:28 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/12/14 09:17:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/14 09:17:28 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/14 09:11:07 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 09:11:06 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

========== Files - Modified Within 30 Days ==========

[2012/01/11 18:33:18 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 18:33:18 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 18:31:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/11 18:19:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2297104158-2464278631-1469788335-1000UA.job
[2012/01/11 16:55:33 | 000,000,512 | ---- | M] () -- C:\Users\Megan\Desktop\MBR.dat
[2012/01/11 16:40:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/11 16:33:48 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job
[2012/01/11 16:33:33 | 000,000,832 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/11 16:33:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/11 07:18:24 | 000,706,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/11 07:18:24 | 000,606,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/11 07:18:24 | 000,105,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/11 06:39:50 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2297104158-2464278631-1469788335-1000Core.job
[2012/01/10 22:57:40 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{34E80F96-34FC-4D6F-A7FB-7E8DC26496EF}.job
[2012/01/10 21:16:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/08 20:00:37 | 000,000,680 | ---- | M] () -- C:\Users\Megan\AppData\Local\d3d9caps.dat
[2012/01/08 11:14:56 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/08 08:29:34 | 000,002,044 | ---- | M] () -- C:\Users\Megan\Desktop\Google Chrome.lnk
[2012/01/08 08:29:34 | 000,002,006 | ---- | M] () -- C:\Users\Megan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/04 14:12:11 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/03 11:27:18 | 000,000,000 | ---- | M] () -- C:\Users\Megan\defogger_reenable
[2011/12/23 15:05:53 | 000,013,312 | ---- | M] () -- C:\Users\Megan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/23 14:37:17 | 001,411,398 | ---- | M] () -- C:\Users\Megan\Desktop\Copy of Official Transcripts.pdf
[2011/12/19 21:33:48 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/19 21:23:39 | 000,001,245 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2011/12/15 03:28:17 | 000,305,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/01/11 16:45:55 | 000,000,512 | ---- | C] () -- C:\Users\Megan\Desktop\MBR.dat
[2012/01/10 20:58:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/10 20:58:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/10 20:58:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/10 20:58:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/10 20:58:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/08 11:14:07 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/08 11:14:07 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/04 14:12:11 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/03 11:27:18 | 000,000,000 | ---- | C] () -- C:\Users\Megan\defogger_reenable
[2011/12/23 14:37:17 | 001,411,398 | ---- | C] () -- C:\Users\Megan\Desktop\Copy of Official Transcripts.pdf
[2011/12/19 21:33:48 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/10 04:51:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\InkjetPrinter
[2011/08/10 04:51:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Importer
[2011/08/10 04:51:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Images
[2011/08/10 04:51:00 | 000,000,268 | RH-- | C] () -- C:\Users\Megan\AppData\Roaming\Image Manipulation
[2011/08/10 04:51:00 | 000,000,268 | RH-- | C] () -- C:\Users\Megan\AppData\Roaming\Image Capture
[2011/08/10 04:51:00 | 000,000,268 | RH-- | C] () -- C:\Users\Megan\AppData\Roaming\Icons
[2011/08/10 04:51:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/08/10 04:51:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/08/10 04:51:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/02/01 17:35:30 | 000,029,028 | ---- | C] () -- C:\Windows\SysWow64\MSPLIT.EXE
[2011/02/01 17:35:30 | 000,021,638 | ---- | C] () -- C:\Windows\SysWow64\Mpack.exe
[2011/02/01 17:35:30 | 000,017,858 | ---- | C] () -- C:\Windows\SysWow64\Munpack.exe
[2011/02/01 17:35:30 | 000,015,956 | ---- | C] () -- C:\Windows\SysWow64\MJOIN.EXE
[2011/01/25 19:16:11 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/20 18:54:28 | 000,000,552 | ---- | C] () -- C:\Users\Megan\AppData\Local\d3d8caps.dat
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/12/03 17:50:45 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 17:49:59 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 17:49:15 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/26 18:53:46 | 000,000,732 | ---- | C] () -- C:\Users\Megan\AppData\Local\d3d9caps64.dat
[2009/08/26 18:44:58 | 000,000,680 | ---- | C] () -- C:\Users\Megan\AppData\Local\d3d9caps.dat
[2009/06/24 23:39:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/13 17:34:39 | 000,000,202 | ---- | C] () -- C:\Users\Megan\AppData\Roaming\wklnhst.dat
[2009/05/05 19:58:42 | 000,013,312 | ---- | C] () -- C:\Users\Megan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/20 13:37:31 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/04/20 12:57:18 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/04/20 11:26:53 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/09/05 14:16:36 | 000,233,216 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2008/09/05 14:16:36 | 000,059,136 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2008/09/05 14:16:20 | 000,087,296 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 07:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 04:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 04:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 01:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B

< End of report >


Do you know what to make of this?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 12 January 2012 - 05:29 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:55422315
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B  
    [2012/01/01 11:34:05 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\dxxj4xn2.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    [2012/01/01 11:34:00 | 000,002,519 | ---- | M] () -- C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\dxxj4xn2.default\searchplugins\Search_Results.xml
    [2012/01/01 11:34:00 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
    [2012/01/01 14:39:27 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\Ilivid Player
    [2012/01/01 11:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLivid
    [2012/01/01 11:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
    [2012/01/01 11:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows iLivid Toolbar
    [2012/01/01 11:33:02 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Local\PackageAware
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 15 January 2012 - 02:56 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 MeganMarie

MeganMarie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 15 January 2012 - 10:58 AM

Hello

It hasn't been working. OTL freezes up every time I try to run the fix with the script you gave me. Then every other (literally every other) time I open OTL, it doesn't open at all, but rather offers this response:

Files\Folders moved on Reboot...
File\Folder C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!

Registry entries deleted on Reboot...


Then the next time I go to open it, it opens normally, I copy and paste the script, run fix, and it freezes up and doesn't respond so I have to shut it down

I tried to go back to the post where you originally gave me the download of OTL, started from there and tried to run the fix, but that gives the same results.

??




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users