Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 maanduude

maanduude

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 31 March 2012 - 08:10 PM

I have Windows Vista Home Basic version 6.0 and am infected with some kind of redirecting virus. I use Firefox and every google search redirects me to sites like happili, gimmeanswers, etc. I subscribe to McAfee and have run Malwarebytes and AVG but continue to get redirected.

Any help is greatly appreciated!!!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 01 April 2012 - 12:44 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 maanduude

maanduude
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 02 April 2012 - 11:06 PM

Thanks Gringo.

I'm having problems generating the 2 logs. Here's what I've done:

1)I ran DeFogger with no problems
2)Disabled AVG and McAfee Real-time scanning
3)Downloaded and double-clicked dds.scr

After step 3, a command window quickly flashes on the screen, but no logs follow.

Please advise.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 03 April 2012 - 05:08 AM

Hello


lets try this


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 maanduude

maanduude
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 03 April 2012 - 08:26 PM

Success, here is the OTL.txt log:

OTL logfile created on: 4/3/2012 8:07:38 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\joe&simone\Desktop\GringoHelp
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 62.78% Memory free
6.18 Gb Paging File | 4.65 Gb Available in Paging File | 75.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.79 Gb Total Space | 22.50 Gb Free Space | 7.87% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.85 Gb Free Space | 49.64% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: joe&simone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\joe&simone\Desktop\GringoHelp\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Core\mchost.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\AOL\1229132061\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1a5853155c4e5ab3f91cd37da331e89b\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files\Dell DataSafe Online\CppUtils.dll ()
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\Program Files\Dell DataSafe Online\BalloonWindow.dll ()


========== Win32 Services (SafeList) ==========

SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mfeavfk01) -- File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1726954449-1856997234-3908013800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081208
IE - HKU\S-1-5-21-1726954449-1856997234-3908013800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1726954449-1856997234-3908013800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1726954449-1856997234-3908013800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081208
IE - HKU\S-1-5-21-1726954449-1856997234-3908013800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1726954449-1856997234-3908013800-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1726954449-1856997234-3908013800-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DKUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1726954449-1856997234-3908013800-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=Q1u6zwrhlyigK-ZoZqao2mq0DDM?q={searchTerms}
IE - HKU\S-1-5-21-1726954449-1856997234-3908013800-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-1726954449-1856997234-3908013800-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-1726954449-1856997234-3908013800-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\joe&simone\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\joe&simone\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2012/04/02 22:50:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/24 23:49:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/04/03 06:55:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/03/12 20:38:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 08:11:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/19 20:55:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\joe&simone\AppData\Roaming\Move Networks [2010/04/18 21:15:16 | 000,000,000 | ---D | M]

[2010/05/25 22:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\joe&simone\AppData\Roaming\Mozilla\Extensions
[2012/03/10 22:53:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\joe&simone\AppData\Roaming\Mozilla\Firefox\Profiles\uxnxrhft.default\extensions
[2010/05/30 15:41:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\joe&simone\AppData\Roaming\Mozilla\Firefox\Profiles\uxnxrhft.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/19 19:13:10 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\joe&simone\AppData\Roaming\Mozilla\Firefox\Profiles\uxnxrhft.default\extensions\DTToolbar@toolbarnet.com
[2011/12/06 00:13:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/03 06:55:05 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
() (No name found) -- C:\USERS\JOE&SIMONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UXNXRHFT.DEFAULT\EXTENSIONS\PPDOJSKUMK@PPDOJSKUMK.ORG.XPI
[2012/03/18 08:11:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/18 20:23:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/18 20:23:52 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111219183830.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-1726954449-1856997234-3908013800-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] " /P DELLSUPPORTCENTER File not found
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] " /STARTUP File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1229132061\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1726954449-1856997234-3908013800-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1726954449-1856997234-3908013800-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1726954449-1856997234-3908013800-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1726954449-1856997234-3908013800-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{529CCB62-D962-4C8C-ACD0-4646305D11BD}: DhcpNameServer = 10.6.1.135 10.7.40.12 10.6.1.134 10.7.40.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAA1D353-903C-4101-8125-4DC10BFA9B08}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\joe&simone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\joe&simone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/03 06:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/04/02 19:01:35 | 000,000,000 | ---D | C] -- C:\Users\joe&simone\Desktop\diesel
[2012/04/01 10:09:38 | 000,000,000 | ---D | C] -- C:\Users\joe&simone\Desktop\GringoHelp
[2012/04/01 09:58:48 | 000,000,000 | ---D | C] -- C:\Users\joe&simone\AppData\Roaming\JAM Software
[2012/03/17 21:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/03/17 21:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/03/17 21:55:15 | 000,000,000 | ---D | C] -- C:\Users\joe&simone\AppData\Roaming\TestApp
[2012/03/14 09:04:14 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/14 09:04:11 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/14 09:04:11 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/14 09:04:11 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/14 09:04:11 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/14 09:04:10 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/14 09:03:55 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/12 21:17:12 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/03/12 20:39:18 | 000,000,000 | ---D | C] -- C:\Users\joe&simone\AppData\Roaming\AVG2012
[2012/03/12 20:38:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/03/12 20:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/03/12 20:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/03/12 20:36:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/03/12 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/03/12 20:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2 C:\Users\joe&simone\Documents\*.tmp files -> C:\Users\joe&simone\Documents\*.tmp -> ]
[2 C:\Users\joe&simone\Desktop\*.tmp files -> C:\Users\joe&simone\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/03 19:54:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/03 19:05:33 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/03 19:05:33 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/03 18:28:22 | 000,199,950 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/04/03 17:11:35 | 093,523,506 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/04/03 17:05:56 | 000,608,644 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/03 17:05:56 | 000,106,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/03 17:05:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/03 06:51:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/03 06:51:39 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/04/02 22:41:16 | 000,000,156 | ---- | M] () -- C:\Users\joe&simone\defogger_reenable
[2012/03/15 03:23:51 | 000,306,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/12 21:45:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/12 20:38:11 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2 C:\Users\joe&simone\Documents\*.tmp files -> C:\Users\joe&simone\Documents\*.tmp -> ]
[2 C:\Users\joe&simone\Desktop\*.tmp files -> C:\Users\joe&simone\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/03 18:28:22 | 000,199,950 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/04/03 17:11:35 | 093,523,506 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/04/02 22:41:15 | 000,000,156 | ---- | C] () -- C:\Users\joe&simone\defogger_reenable
[2012/03/12 21:45:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/12 20:38:11 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/01/24 20:26:17 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/12/30 11:45:48 | 000,003,688 | ---- | C] () -- C:\Windows\disney.ini
[2010/11/07 13:28:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

< End of report >

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 03 April 2012 - 08:43 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 maanduude

maanduude
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 03 April 2012 - 10:54 PM

Log from Combofix is below.

I did not have any problems performing the tasks you listed. However, I am still being redirected to different websites when I google search and select a known link. Please advise. I appreciate your help, Gringo.

ComboFix 12-04-03.02 - joe&simone 04/03/2012 22:12:36.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3061.1793 [GMT -5:00]
Running from: c:\users\joe&simone\Desktop\GringoHelp\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\joe&simone\Documents\~WRL0001.tmp
c:\users\joe&simone\Documents\~WRL3498.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 03:20 . 2012-04-04 03:24 -------- d-----w- c:\users\joe&simone\AppData\Local\temp
2012-04-04 03:20 . 2012-04-04 03:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 14:58 . 2012-04-01 14:58 -------- d-----w- c:\users\joe&simone\AppData\Roaming\JAM Software
2012-03-18 13:11 . 2012-03-18 13:11 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 13:11 . 2012-03-18 13:11 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-18 02:55 . 2012-03-18 02:55 -------- d-----w- c:\programdata\PC Tools
2012-03-18 02:55 . 2012-03-18 02:55 -------- d-----w- c:\users\joe&simone\AppData\Roaming\TestApp
2012-03-14 14:04 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 14:04 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 14:04 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 14:04 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 14:04 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 14:04 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 14:04 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 14:03 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 14:03 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 02:17 . 2012-03-13 02:17 -------- d-----w- C:\$AVG
2012-03-13 01:39 . 2012-03-13 01:39 -------- d-----w- c:\users\joe&simone\AppData\Roaming\AVG2012
2012-03-13 01:38 . 2012-03-13 01:38 -------- d--h--w- c:\programdata\Common Files
2012-03-13 01:36 . 2012-04-03 23:28 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-13 01:36 . 2012-03-13 01:54 -------- d-----w- c:\programdata\AVG2012
2012-03-13 01:34 . 2012-03-13 01:34 -------- d-----w- c:\program files\AVG
2012-03-13 01:31 . 2012-04-03 22:11 -------- d-----w- c:\programdata\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 15:26 . 2011-05-24 00:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-18 13:11 . 2011-12-06 05:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-26 22:47 . 2010-08-26 22:47 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 19:01 . 2010-08-11 15:09 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-08 39408]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="/STARTUP" [X]
"DellSupportCenter"="DELLSUPPORTCENTER" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"HostManager"="c:\program files\Common Files\AOL\1229132061\ee\AOLSoftware.exe" [2006-09-26 50736]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-10-25 273528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-7 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-08 01:37 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 01:38]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 01:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081208
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\joe&simone\AppData\Roaming\Mozilla\Firefox\Profiles\uxnxrhft.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
SafeBoot-73736750.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-03 22:24
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-03 22:27:45
ComboFix-quarantined-files.txt 2012-04-04 03:27
.
Pre-Run: 23,991,697,408 bytes free
Post-Run: 24,249,450,496 bytes free
.
- - End Of File - - 438489FE91271DD5CF52882BB9C24873

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 03 April 2012 - 11:25 PM

Greetings

I want you to tell me which browser are being redirected - check all that are installed on the computer



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 maanduude

maanduude
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 05 April 2012 - 12:14 AM

Hey Gringo,

I use Firefox and IE. I'm being redirected when using Firefox, but not IE. Below are the logs, thanks again for your help!

tdsskiller log:

21:44:56.0455 5560 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
21:44:58.0458 5560 ============================================================
21:44:58.0458 5560 Current date / time: 2012/04/04 21:44:58.0458
21:44:58.0458 5560 SystemInfo:
21:44:58.0458 5560
21:44:58.0458 5560 OS Version: 6.0.6002 ServicePack: 2.0
21:44:58.0458 5560 Product type: Workstation
21:44:58.0458 5560 ComputerName: HOME-PC
21:44:58.0459 5560 UserName: joe&simone
21:44:58.0459 5560 Windows directory: C:\Windows
21:44:58.0459 5560 System windows directory: C:\Windows
21:44:58.0459 5560 Processor architecture: Intel x86
21:44:58.0459 5560 Number of processors: 2
21:44:58.0459 5560 Page size: 0x1000
21:44:58.0459 5560 Boot type: Normal boot
21:44:58.0459 5560 ============================================================
21:45:00.0104 5560 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:45:00.0106 5560 \Device\Harddisk0\DR0:
21:45:00.0106 5560 MBR used
21:45:00.0106 5560 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1388000
21:45:00.0106 5560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C000, BlocksNum 0x23B922A8
21:45:00.0224 5560 Initialize success
21:45:00.0224 5560 ============================================================
21:45:07.0531 5288 ============================================================
21:45:07.0532 5288 Scan started
21:45:07.0532 5288 Mode: Manual;
21:45:07.0532 5288 ============================================================
21:45:08.0350 5288 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:45:08.0355 5288 ACPI - ok
21:45:08.0504 5288 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:45:08.0512 5288 adp94xx - ok
21:45:08.0626 5288 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:45:08.0635 5288 adpahci - ok
21:45:08.0760 5288 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:45:08.0765 5288 adpu160m - ok
21:45:08.0883 5288 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:45:08.0890 5288 adpu320 - ok
21:45:08.0980 5288 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:45:08.0982 5288 AeLookupSvc - ok
21:45:09.0086 5288 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\system32\aestsrv.exe
21:45:09.0153 5288 AESTFilters - ok
21:45:09.0265 5288 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:45:09.0272 5288 AFD - ok
21:45:09.0377 5288 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:45:09.0381 5288 agp440 - ok
21:45:09.0485 5288 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:45:09.0501 5288 aic78xx - ok
21:45:09.0604 5288 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:45:09.0607 5288 ALG - ok
21:45:09.0698 5288 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:45:09.0701 5288 aliide - ok
21:45:09.0796 5288 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:45:09.0800 5288 amdagp - ok
21:45:09.0892 5288 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:45:09.0894 5288 amdide - ok
21:45:09.0985 5288 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:45:09.0987 5288 AmdK7 - ok
21:45:10.0078 5288 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:45:10.0080 5288 AmdK8 - ok
21:45:10.0156 5288 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
21:45:10.0216 5288 AOL ACS - ok
21:45:10.0337 5288 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:45:10.0418 5288 ApfiltrService - ok
21:45:10.0535 5288 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:45:10.0537 5288 Appinfo - ok
21:45:10.0617 5288 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:45:10.0620 5288 arc - ok
21:45:10.0690 5288 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:45:10.0693 5288 arcsas - ok
21:45:10.0739 5288 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:45:10.0742 5288 AsyncMac - ok
21:45:10.0770 5288 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:45:10.0778 5288 atapi - ok
21:45:10.0869 5288 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:45:10.0874 5288 AudioEndpointBuilder - ok
21:45:10.0892 5288 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:45:10.0896 5288 Audiosrv - ok
21:45:11.0163 5288 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
21:45:11.0334 5288 AVGIDSAgent - ok
21:45:11.0424 5288 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
21:45:11.0483 5288 AVGIDSDriver - ok
21:45:11.0516 5288 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
21:45:11.0567 5288 AVGIDSEH - ok
21:45:11.0631 5288 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
21:45:11.0681 5288 AVGIDSFilter - ok
21:45:11.0722 5288 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
21:45:11.0772 5288 AVGIDSShim - ok
21:45:11.0830 5288 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
21:45:11.0884 5288 Avgldx86 - ok
21:45:11.0900 5288 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
21:45:11.0949 5288 Avgmfx86 - ok
21:45:11.0981 5288 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
21:45:12.0031 5288 Avgrkx86 - ok
21:45:12.0057 5288 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
21:45:12.0129 5288 Avgtdix - ok
21:45:12.0207 5288 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:45:12.0282 5288 avgwd - ok
21:45:12.0389 5288 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:45:12.0392 5288 Beep - ok
21:45:12.0470 5288 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
21:45:12.0473 5288 BFE - ok
21:45:12.0548 5288 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
21:45:12.0556 5288 BITS - ok
21:45:12.0637 5288 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:45:12.0640 5288 blbdrive - ok
21:45:12.0680 5288 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:45:12.0684 5288 bowser - ok
21:45:12.0715 5288 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:45:12.0718 5288 BrFiltLo - ok
21:45:12.0731 5288 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:45:12.0739 5288 BrFiltUp - ok
21:45:12.0785 5288 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:45:12.0787 5288 Browser - ok
21:45:12.0820 5288 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:45:12.0825 5288 Brserid - ok
21:45:12.0845 5288 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:45:12.0849 5288 BrSerWdm - ok
21:45:12.0873 5288 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:45:12.0877 5288 BrUsbMdm - ok
21:45:12.0887 5288 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:45:12.0894 5288 BrUsbSer - ok
21:45:12.0915 5288 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:45:12.0920 5288 BTHMODEM - ok
21:45:13.0014 5288 catchme - ok
21:45:13.0064 5288 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:45:13.0070 5288 cdfs - ok
21:45:13.0136 5288 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:45:13.0139 5288 cdrom - ok
21:45:13.0192 5288 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:45:13.0194 5288 CertPropSvc - ok
21:45:13.0266 5288 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys
21:45:13.0372 5288 cfwids - ok
21:45:13.0407 5288 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:45:13.0414 5288 circlass - ok
21:45:13.0447 5288 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:45:13.0453 5288 CLFS - ok
21:45:13.0534 5288 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:45:13.0539 5288 clr_optimization_v2.0.50727_32 - ok
21:45:13.0631 5288 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:45:13.0682 5288 clr_optimization_v4.0.30319_32 - ok
21:45:13.0769 5288 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:45:13.0773 5288 CmBatt - ok
21:45:13.0843 5288 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:45:13.0848 5288 cmdide - ok
21:45:13.0873 5288 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:45:13.0875 5288 Compbatt - ok
21:45:13.0885 5288 COMSysApp - ok
21:45:13.0897 5288 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:45:13.0899 5288 crcdisk - ok
21:45:13.0928 5288 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:45:13.0934 5288 Crusoe - ok
21:45:13.0967 5288 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
21:45:13.0969 5288 CryptSvc - ok
21:45:14.0035 5288 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:45:14.0057 5288 DcomLaunch - ok
21:45:14.0116 5288 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:45:14.0181 5288 DfsC - ok
21:45:14.0262 5288 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
21:45:14.0344 5288 DFSR - ok
21:45:14.0422 5288 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:45:14.0426 5288 Dhcp - ok
21:45:14.0469 5288 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:45:14.0472 5288 disk - ok
21:45:14.0527 5288 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
21:45:14.0597 5288 Dnscache - ok
21:45:14.0682 5288 DockLoginService (db29915209770d8b59654345ec2d943a) C:\Program Files\Dell\DellDock\DockLogin.exe
21:45:14.0732 5288 DockLoginService - ok
21:45:14.0780 5288 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:45:14.0785 5288 dot3svc - ok
21:45:14.0843 5288 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:45:14.0845 5288 DPS - ok
21:45:14.0895 5288 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:45:14.0902 5288 drmkaud - ok
21:45:14.0950 5288 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:45:14.0972 5288 DXGKrnl - ok
21:45:15.0039 5288 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
21:45:15.0044 5288 e1express - ok
21:45:15.0075 5288 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:45:15.0079 5288 E1G60 - ok
21:45:15.0114 5288 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:45:15.0116 5288 EapHost - ok
21:45:15.0175 5288 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:45:15.0179 5288 Ecache - ok
21:45:15.0236 5288 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:45:15.0243 5288 elxstor - ok
21:45:15.0307 5288 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:45:15.0312 5288 EMDMgmt - ok
21:45:15.0335 5288 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:45:15.0337 5288 ErrDev - ok
21:45:15.0384 5288 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:45:15.0388 5288 EventSystem - ok
21:45:15.0483 5288 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
21:45:15.0570 5288 EvtEng - ok
21:45:15.0703 5288 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:45:15.0709 5288 exfat - ok
21:45:15.0760 5288 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:45:15.0764 5288 fastfat - ok
21:45:15.0853 5288 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:45:15.0859 5288 fdc - ok
21:45:15.0895 5288 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:45:15.0897 5288 fdPHost - ok
21:45:15.0912 5288 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:45:15.0914 5288 FDResPub - ok
21:45:15.0930 5288 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:45:15.0936 5288 FileInfo - ok
21:45:15.0960 5288 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:45:15.0965 5288 Filetrace - ok
21:45:15.0985 5288 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:45:15.0993 5288 flpydisk - ok
21:45:16.0024 5288 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:45:16.0032 5288 FltMgr - ok
21:45:16.0121 5288 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
21:45:16.0128 5288 FontCache - ok
21:45:16.0214 5288 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:45:16.0220 5288 FontCache3.0.0.0 - ok
21:45:16.0267 5288 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:45:16.0278 5288 Fs_Rec - ok
21:45:16.0308 5288 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:45:16.0310 5288 gagp30kx - ok
21:45:16.0410 5288 GameConsoleService (311acfcdd2c9a99481e91fa4cb028d70) C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
21:45:16.0477 5288 GameConsoleService - ok
21:45:16.0554 5288 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
21:45:16.0555 5288 GoogleDesktopManager-051210-111108 - ok
21:45:16.0596 5288 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
21:45:16.0651 5288 GoToAssist - ok
21:45:16.0743 5288 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:45:16.0764 5288 gpsvc - ok
21:45:16.0827 5288 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:45:16.0829 5288 gupdate - ok
21:45:16.0851 5288 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:45:16.0854 5288 gupdatem - ok
21:45:16.0942 5288 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:45:16.0943 5288 gusvc - ok
21:45:17.0043 5288 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:45:17.0062 5288 HDAudBus - ok
21:45:17.0130 5288 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:45:17.0132 5288 HidBth - ok
21:45:17.0148 5288 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:45:17.0150 5288 HidIr - ok
21:45:17.0185 5288 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
21:45:17.0188 5288 hidserv - ok
21:45:17.0239 5288 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:45:17.0242 5288 HidUsb - ok
21:45:17.0275 5288 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:45:17.0279 5288 hkmsvc - ok
21:45:17.0308 5288 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:45:17.0314 5288 HpCISSs - ok
21:45:17.0388 5288 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:45:17.0512 5288 HSF_DPV - ok
21:45:17.0607 5288 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:45:17.0804 5288 HSXHWAZL - ok
21:45:17.0845 5288 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
21:45:17.0858 5288 HTTP - ok
21:45:17.0893 5288 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:45:17.0895 5288 i2omp - ok
21:45:17.0946 5288 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:45:17.0952 5288 i8042prt - ok
21:45:18.0023 5288 IAANTMON (ae38a12f79a4980ddb88f36514f8a1da) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
21:45:18.0135 5288 IAANTMON - ok
21:45:18.0204 5288 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
21:45:18.0206 5288 iaStor - ok
21:45:18.0259 5288 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:45:18.0265 5288 iaStorV - ok
21:45:18.0352 5288 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:45:18.0387 5288 idsvc - ok
21:45:18.0483 5288 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:45:18.0654 5288 igfx - ok
21:45:18.0725 5288 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:45:18.0733 5288 iirsp - ok
21:45:18.0808 5288 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:45:18.0815 5288 IKEEXT - ok
21:45:18.0876 5288 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
21:45:18.0881 5288 IntcHdmiAddService - ok
21:45:18.0911 5288 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
21:45:18.0914 5288 intelide - ok
21:45:18.0932 5288 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:45:18.0934 5288 intelppm - ok
21:45:18.0969 5288 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:45:18.0974 5288 IPBusEnum - ok
21:45:19.0002 5288 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:45:19.0006 5288 IpFilterDriver - ok
21:45:19.0064 5288 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
21:45:19.0069 5288 iphlpsvc - ok
21:45:19.0080 5288 IpInIp - ok
21:45:19.0118 5288 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:45:19.0127 5288 IPMIDRV - ok
21:45:19.0158 5288 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:45:19.0163 5288 IPNAT - ok
21:45:19.0194 5288 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:45:19.0205 5288 IRENUM - ok
21:45:19.0232 5288 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:45:19.0244 5288 isapnp - ok
21:45:19.0284 5288 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:45:19.0289 5288 iScsiPrt - ok
21:45:19.0310 5288 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:45:19.0320 5288 iteatapi - ok
21:45:19.0344 5288 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:45:19.0348 5288 iteraid - ok
21:45:19.0366 5288 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:45:19.0372 5288 kbdclass - ok
21:45:19.0410 5288 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
21:45:19.0418 5288 kbdhid - ok
21:45:19.0487 5288 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:45:19.0490 5288 KeyIso - ok
21:45:19.0518 5288 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:45:19.0530 5288 KSecDD - ok
21:45:19.0600 5288 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:45:19.0628 5288 KtmRm - ok
21:45:19.0675 5288 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
21:45:19.0681 5288 LanmanServer - ok
21:45:19.0738 5288 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:45:19.0745 5288 LanmanWorkstation - ok
21:45:19.0792 5288 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:45:19.0802 5288 lltdio - ok
21:45:19.0849 5288 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:45:19.0859 5288 lltdsvc - ok
21:45:19.0893 5288 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:45:19.0896 5288 lmhosts - ok
21:45:19.0929 5288 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:45:19.0932 5288 LSI_FC - ok
21:45:19.0954 5288 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:45:19.0957 5288 LSI_SAS - ok
21:45:20.0006 5288 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:45:20.0009 5288 LSI_SCSI - ok
21:45:20.0061 5288 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:45:20.0067 5288 luafv - ok
21:45:20.0139 5288 McAfee SiteAdvisor Service (2ed44415685945d691f5089cc33dd237) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
21:45:20.0141 5288 McAfee SiteAdvisor Service - ok
21:45:20.0242 5288 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
21:45:20.0307 5288 McComponentHostService - ok
21:45:20.0402 5288 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
21:45:20.0405 5288 McMPFSvc - ok
21:45:20.0457 5288 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:45:20.0460 5288 mcmscsvc - ok
21:45:20.0465 5288 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:45:20.0468 5288 McNaiAnn - ok
21:45:20.0490 5288 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:45:20.0492 5288 McNASvc - ok
21:45:20.0544 5288 McODS (1d97a89e4c1917d7c7ac3a27a45ef87e) C:\Program Files\McAfee\VirusScan\mcods.exe
21:45:20.0551 5288 McODS - ok
21:45:20.0559 5288 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:45:20.0562 5288 McProxy - ok
21:45:20.0615 5288 McShield (16767b4cb7ae8f388e091717db34ff6c) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
21:45:20.0619 5288 McShield - ok
21:45:20.0698 5288 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:45:20.0708 5288 mdmxsdk - ok
21:45:20.0753 5288 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:45:20.0755 5288 megasas - ok
21:45:20.0785 5288 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:45:20.0798 5288 MegaSR - ok
21:45:20.0844 5288 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys
21:45:20.0937 5288 mfeapfk - ok
21:45:20.0977 5288 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys
21:45:21.0090 5288 mfeavfk - ok
21:45:21.0128 5288 mfeavfk01 - ok
21:45:21.0162 5288 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys
21:45:21.0254 5288 mfebopk - ok
21:45:21.0366 5288 mfefire (3f17534b8867854113df2b45fff3acf5) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
21:45:21.0368 5288 mfefire - ok
21:45:21.0452 5288 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys
21:45:21.0458 5288 mfefirek - ok
21:45:21.0525 5288 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys
21:45:21.0534 5288 mfehidk - ok
21:45:21.0582 5288 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys
21:45:21.0585 5288 mfenlfk - ok
21:45:21.0642 5288 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys
21:45:21.0645 5288 mferkdet - ok
21:45:21.0763 5288 mfevtp (ad52269897626d614b31e153f5c5d65c) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
21:45:21.0765 5288 mfevtp - ok
21:45:21.0799 5288 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys
21:45:21.0804 5288 mfewfpk - ok
21:45:21.0832 5288 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:45:21.0834 5288 MMCSS - ok
21:45:21.0867 5288 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:45:21.0869 5288 Modem - ok
21:45:21.0885 5288 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:45:21.0887 5288 monitor - ok
21:45:21.0920 5288 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:45:21.0924 5288 mouclass - ok
21:45:21.0950 5288 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:45:21.0952 5288 mouhid - ok
21:45:21.0978 5288 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:45:21.0983 5288 MountMgr - ok
21:45:22.0026 5288 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:45:22.0030 5288 mpio - ok
21:45:22.0067 5288 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:45:22.0070 5288 mpsdrv - ok
21:45:22.0119 5288 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
21:45:22.0157 5288 MpsSvc - ok
21:45:22.0181 5288 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:45:22.0189 5288 Mraid35x - ok
21:45:22.0229 5288 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:45:22.0233 5288 MRxDAV - ok
21:45:22.0275 5288 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:45:22.0279 5288 mrxsmb - ok
21:45:22.0320 5288 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:45:22.0326 5288 mrxsmb10 - ok
21:45:22.0338 5288 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:45:22.0342 5288 mrxsmb20 - ok
21:45:22.0365 5288 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
21:45:22.0368 5288 msahci - ok
21:45:22.0395 5288 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:45:22.0403 5288 msdsm - ok
21:45:22.0453 5288 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:45:22.0476 5288 MSDTC - ok
21:45:22.0512 5288 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:45:22.0521 5288 Msfs - ok
21:45:22.0548 5288 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:45:22.0551 5288 msisadrv - ok
21:45:22.0593 5288 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:45:22.0602 5288 MSiSCSI - ok
21:45:22.0610 5288 msiserver - ok
21:45:22.0704 5288 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
21:45:22.0706 5288 MSK80Service - ok
21:45:22.0782 5288 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:45:22.0788 5288 MSKSSRV - ok
21:45:22.0804 5288 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:45:22.0806 5288 MSPCLOCK - ok
21:45:22.0827 5288 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:45:22.0831 5288 MSPQM - ok
21:45:22.0864 5288 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:45:22.0871 5288 MsRPC - ok
21:45:22.0888 5288 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:45:22.0894 5288 mssmbios - ok
21:45:22.0920 5288 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:45:22.0922 5288 MSTEE - ok
21:45:22.0946 5288 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:45:22.0949 5288 Mup - ok
21:45:22.0988 5288 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:45:22.0995 5288 napagent - ok
21:45:23.0028 5288 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:45:23.0037 5288 NativeWifiP - ok
21:45:23.0116 5288 NBService (f46070ddada5c396b1f2ebf1c46dbb08) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
21:45:23.0199 5288 NBService - ok
21:45:23.0271 5288 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:45:23.0293 5288 NDIS - ok
21:45:23.0317 5288 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:45:23.0322 5288 NdisTapi - ok
21:45:23.0337 5288 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:45:23.0346 5288 Ndisuio - ok
21:45:23.0387 5288 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:45:23.0391 5288 NdisWan - ok
21:45:23.0417 5288 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:45:23.0423 5288 NDProxy - ok
21:45:23.0446 5288 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:45:23.0449 5288 NetBIOS - ok
21:45:23.0488 5288 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:45:23.0493 5288 netbt - ok
21:45:23.0529 5288 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:45:23.0532 5288 Netlogon - ok
21:45:23.0592 5288 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:45:23.0598 5288 Netman - ok
21:45:23.0630 5288 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:45:23.0636 5288 netprofm - ok
21:45:23.0705 5288 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:45:23.0713 5288 NetTcpPortSharing - ok
21:45:23.0840 5288 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
21:45:23.0954 5288 NETw4v32 - ok
21:45:23.0988 5288 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:45:23.0990 5288 nfrd960 - ok
21:45:24.0028 5288 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:45:24.0032 5288 NlaSvc - ok
21:45:24.0140 5288 NMIndexingService (433049770b810d7c83c5c94cdb3e09d2) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
21:45:24.0228 5288 NMIndexingService - ok
21:45:24.0270 5288 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:45:24.0272 5288 Npfs - ok
21:45:24.0288 5288 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:45:24.0290 5288 nsi - ok
21:45:24.0316 5288 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:45:24.0320 5288 nsiproxy - ok
21:45:24.0378 5288 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:45:24.0419 5288 Ntfs - ok
21:45:24.0441 5288 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:45:24.0451 5288 ntrigdigi - ok
21:45:24.0462 5288 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:45:24.0465 5288 Null - ok
21:45:24.0498 5288 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:45:24.0502 5288 nvraid - ok
21:45:24.0534 5288 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:45:24.0538 5288 nvstor - ok
21:45:24.0571 5288 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:45:24.0580 5288 nv_agp - ok
21:45:24.0592 5288 NwlnkFlt - ok
21:45:24.0605 5288 NwlnkFwd - ok
21:45:24.0689 5288 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:45:24.0846 5288 odserv - ok
21:45:24.0937 5288 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
21:45:24.0942 5288 OEM02Dev - ok
21:45:24.0970 5288 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
21:45:24.0972 5288 OEM02Vfx - ok
21:45:25.0020 5288 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:45:25.0022 5288 ohci1394 - ok
21:45:25.0111 5288 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:45:25.0211 5288 ose - ok
21:45:25.0256 5288 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:45:25.0278 5288 p2pimsvc - ok
21:45:25.0292 5288 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:45:25.0298 5288 p2psvc - ok
21:45:25.0343 5288 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:45:25.0350 5288 Parport - ok
21:45:25.0383 5288 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:45:25.0386 5288 partmgr - ok
21:45:25.0409 5288 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:45:25.0414 5288 Parvdm - ok
21:45:25.0445 5288 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:45:25.0448 5288 PcaSvc - ok
21:45:25.0486 5288 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:45:25.0490 5288 pci - ok
21:45:25.0508 5288 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:45:25.0510 5288 pciide - ok
21:45:25.0532 5288 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:45:25.0536 5288 pcmcia - ok
21:45:25.0593 5288 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:45:25.0627 5288 PEAUTH - ok
21:45:25.0698 5288 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:45:25.0713 5288 pla - ok
21:45:25.0752 5288 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:45:25.0758 5288 PlugPlay - ok
21:45:25.0801 5288 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:45:25.0809 5288 PNRPAutoReg - ok
21:45:25.0835 5288 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:45:25.0843 5288 PNRPsvc - ok
21:45:25.0889 5288 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:45:25.0918 5288 PolicyAgent - ok
21:45:25.0963 5288 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:45:25.0973 5288 PptpMiniport - ok
21:45:26.0013 5288 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:45:26.0022 5288 Processor - ok
21:45:26.0096 5288 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:45:26.0104 5288 ProfSvc - ok
21:45:26.0168 5288 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:45:26.0172 5288 ProtectedStorage - ok
21:45:26.0212 5288 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:45:26.0214 5288 PSched - ok
21:45:26.0255 5288 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
21:45:26.0348 5288 PxHelp20 - ok
21:45:26.0403 5288 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:45:26.0438 5288 ql2300 - ok
21:45:26.0467 5288 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:45:26.0470 5288 ql40xx - ok
21:45:26.0516 5288 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:45:26.0531 5288 QWAVE - ok
21:45:26.0545 5288 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:45:26.0547 5288 QWAVEdrv - ok
21:45:26.0625 5288 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
21:45:26.0680 5288 R300 - ok
21:45:26.0708 5288 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:45:26.0713 5288 RasAcd - ok
21:45:26.0731 5288 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:45:26.0735 5288 RasAuto - ok
21:45:26.0782 5288 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:45:26.0785 5288 Rasl2tp - ok
21:45:26.0825 5288 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:45:26.0830 5288 RasMan - ok
21:45:26.0868 5288 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:45:26.0871 5288 RasPppoe - ok
21:45:26.0910 5288 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:45:26.0918 5288 RasSstp - ok
21:45:26.0950 5288 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:45:26.0957 5288 rdbss - ok
21:45:26.0987 5288 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:45:26.0989 5288 RDPCDD - ok
21:45:27.0025 5288 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:45:27.0034 5288 rdpdr - ok
21:45:27.0048 5288 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:45:27.0050 5288 RDPENCDD - ok
21:45:27.0119 5288 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
21:45:27.0246 5288 RDPWD - ok
21:45:27.0405 5288 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
21:45:27.0467 5288 RegSrvc - ok
21:45:27.0517 5288 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:45:27.0520 5288 RemoteAccess - ok
21:45:27.0551 5288 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:45:27.0554 5288 RemoteRegistry - ok
21:45:27.0629 5288 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:45:27.0631 5288 rimmptsk - ok
21:45:27.0655 5288 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:45:27.0753 5288 rimsptsk - ok
21:45:27.0764 5288 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:45:27.0767 5288 rismxdp - ok
21:45:27.0803 5288 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:45:27.0805 5288 RpcLocator - ok
21:45:27.0854 5288 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
21:45:27.0861 5288 RpcSs - ok
21:45:27.0897 5288 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:45:27.0900 5288 rspndr - ok
21:45:27.0958 5288 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:45:27.0960 5288 SamSs - ok
21:45:27.0989 5288 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:45:27.0992 5288 sbp2port - ok
21:45:28.0033 5288 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:45:28.0038 5288 SCardSvr - ok
21:45:28.0082 5288 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
21:45:28.0088 5288 Schedule - ok
21:45:28.0145 5288 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:45:28.0146 5288 SCPolicySvc - ok
21:45:28.0184 5288 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:45:28.0192 5288 sdbus - ok
21:45:28.0248 5288 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:45:28.0252 5288 SDRSVC - ok
21:45:28.0290 5288 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:45:28.0294 5288 secdrv - ok
21:45:28.0316 5288 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:45:28.0318 5288 seclogon - ok
21:45:28.0341 5288 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
21:45:28.0344 5288 SENS - ok
21:45:28.0371 5288 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:45:28.0373 5288 Serenum - ok
21:45:28.0402 5288 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:45:28.0405 5288 Serial - ok
21:45:28.0430 5288 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:45:28.0432 5288 sermouse - ok
21:45:28.0468 5288 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:45:28.0473 5288 SessionEnv - ok
21:45:28.0496 5288 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
21:45:28.0498 5288 sffdisk - ok
21:45:28.0518 5288 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:45:28.0521 5288 sffp_mmc - ok
21:45:28.0555 5288 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:45:28.0557 5288 sffp_sd - ok
21:45:28.0580 5288 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:45:28.0587 5288 sfloppy - ok
21:45:28.0623 5288 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
21:45:28.0631 5288 SharedAccess - ok
21:45:28.0666 5288 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
21:45:28.0671 5288 ShellHWDetection - ok
21:45:28.0695 5288 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:45:28.0698 5288 sisagp - ok
21:45:28.0730 5288 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:45:28.0744 5288 SiSRaid2 - ok
21:45:28.0768 5288 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:45:28.0772 5288 SiSRaid4 - ok
21:45:28.0896 5288 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:45:28.0926 5288 slsvc - ok
21:45:28.0970 5288 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:45:28.0974 5288 SLUINotify - ok
21:45:29.0006 5288 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:45:29.0009 5288 Smb - ok
21:45:29.0079 5288 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:45:29.0082 5288 SNMPTRAP - ok
21:45:29.0152 5288 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:45:29.0154 5288 spldr - ok
21:45:29.0193 5288 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
21:45:29.0196 5288 Spooler - ok
21:45:29.0239 5288 sprtsvc_dellsupportcenter - ok
21:45:29.0286 5288 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:45:29.0292 5288 srv - ok
21:45:29.0334 5288 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:45:29.0338 5288 srv2 - ok
21:45:29.0370 5288 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:45:29.0374 5288 srvnet - ok
21:45:29.0417 5288 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:45:29.0421 5288 SSDPSRV - ok
21:45:29.0443 5288 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:45:29.0446 5288 SstpSvc - ok
21:45:29.0479 5288 STacSV (7e6dd4b34acd36af6c711d2bde91b040) C:\Windows\system32\STacSV.exe
21:45:29.0483 5288 STacSV - ok
21:45:29.0525 5288 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
21:45:29.0627 5288 STHDA - ok
21:45:29.0670 5288 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:45:29.0675 5288 stisvc - ok
21:45:29.0764 5288 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:45:29.0869 5288 stllssvr - ok
21:45:29.0913 5288 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:45:29.0915 5288 swenum - ok
21:45:29.0954 5288 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:45:29.0961 5288 swprv - ok
21:45:29.0992 5288 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:45:29.0998 5288 Symc8xx - ok
21:45:30.0024 5288 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:45:30.0026 5288 Sym_hi - ok
21:45:30.0075 5288 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:45:30.0080 5288 Sym_u3 - ok
21:45:30.0134 5288 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:45:30.0140 5288 SysMain - ok
21:45:30.0172 5288 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:45:30.0175 5288 TabletInputService - ok
21:45:30.0209 5288 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:45:30.0222 5288 TapiSrv - ok
21:45:30.0268 5288 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:45:30.0271 5288 TBS - ok
21:45:30.0323 5288 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:45:30.0344 5288 Tcpip - ok
21:45:30.0368 5288 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:45:30.0376 5288 Tcpip6 - ok
21:45:30.0417 5288 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:45:30.0430 5288 tcpipreg - ok
21:45:30.0466 5288 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:45:30.0476 5288 TDPIPE - ok
21:45:30.0499 5288 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:45:30.0502 5288 TDTCP - ok
21:45:30.0534 5288 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:45:30.0537 5288 tdx - ok
21:45:30.0575 5288 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:45:30.0583 5288 TermDD - ok
21:45:30.0630 5288 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:45:30.0636 5288 TermService - ok
21:45:30.0678 5288 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
21:45:30.0685 5288 Themes - ok
21:45:30.0726 5288 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:45:30.0730 5288 THREADORDER - ok
21:45:30.0773 5288 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:45:30.0778 5288 TrkWks - ok
21:45:30.0804 5288 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:45:30.0806 5288 TrustedInstaller - ok
21:45:30.0851 5288 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:45:30.0863 5288 tssecsrv - ok
21:45:30.0888 5288 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:45:30.0891 5288 tunmp - ok
21:45:30.0923 5288 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:45:30.0927 5288 tunnel - ok
21:45:30.0953 5288 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:45:30.0963 5288 uagp35 - ok
21:45:31.0013 5288 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:45:31.0020 5288 udfs - ok
21:45:31.0078 5288 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:45:31.0084 5288 UI0Detect - ok
21:45:31.0119 5288 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:45:31.0124 5288 uliagpkx - ok
21:45:31.0156 5288 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:45:31.0162 5288 uliahci - ok
21:45:31.0196 5288 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:45:31.0203 5288 UlSata - ok
21:45:31.0229 5288 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:45:31.0235 5288 ulsata2 - ok
21:45:31.0261 5288 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:45:31.0264 5288 umbus - ok
21:45:31.0286 5288 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:45:31.0291 5288 upnphost - ok
21:45:31.0318 5288 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:45:31.0322 5288 usbccgp - ok
21:45:31.0357 5288 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:45:31.0363 5288 usbcir - ok
21:45:31.0422 5288 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:45:31.0427 5288 usbehci - ok
21:45:31.0464 5288 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:45:31.0469 5288 usbhub - ok
21:45:31.0498 5288 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:45:31.0505 5288 usbohci - ok
21:45:31.0539 5288 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:45:31.0546 5288 usbprint - ok
21:45:31.0595 5288 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:45:31.0597 5288 usbscan - ok
21:45:31.0633 5288 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:45:31.0641 5288 USBSTOR - ok
21:45:31.0674 5288 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:45:31.0680 5288 usbuhci - ok
21:45:31.0716 5288 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:45:31.0721 5288 UxSms - ok
21:45:31.0771 5288 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:45:31.0780 5288 vds - ok
21:45:31.0808 5288 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:45:31.0810 5288 vga - ok
21:45:31.0839 5288 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:45:31.0842 5288 VgaSave - ok
21:45:31.0886 5288 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:45:31.0889 5288 viaagp - ok
21:45:31.0915 5288 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:45:31.0923 5288 ViaC7 - ok
21:45:31.0939 5288 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:45:31.0942 5288 viaide - ok
21:45:31.0970 5288 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:45:31.0978 5288 volmgr - ok
21:45:32.0018 5288 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:45:32.0025 5288 volmgrx - ok
21:45:32.0080 5288 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:45:32.0090 5288 volsnap - ok
21:45:32.0126 5288 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:45:32.0132 5288 vsmraid - ok
21:45:32.0208 5288 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:45:32.0223 5288 VSS - ok
21:45:32.0269 5288 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:45:32.0276 5288 W32Time - ok
21:45:32.0311 5288 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:45:32.0315 5288 WacomPen - ok
21:45:32.0339 5288 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:45:32.0351 5288 Wanarp - ok
21:45:32.0358 5288 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:45:32.0360 5288 Wanarpv6 - ok
21:45:32.0413 5288 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
21:45:32.0417 5288 wanatw - ok
21:45:32.0444 5288 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:45:32.0453 5288 wcncsvc - ok
21:45:32.0492 5288 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:45:32.0498 5288 WcsPlugInService - ok
21:45:32.0528 5288 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:45:32.0531 5288 Wd - ok
21:45:32.0575 5288 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:45:32.0588 5288 Wdf01000 - ok
21:45:32.0614 5288 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:45:32.0621 5288 WdiServiceHost - ok
21:45:32.0629 5288 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:45:32.0635 5288 WdiSystemHost - ok
21:45:32.0672 5288 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:45:32.0679 5288 WebClient - ok
21:45:32.0713 5288 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:45:32.0846 5288 Wecsvc - ok
21:45:32.0866 5288 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:45:32.0870 5288 wercplsupport - ok
21:45:32.0904 5288 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:45:32.0909 5288 WerSvc - ok
21:45:32.0961 5288 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:45:32.0982 5288 winachsf - ok
21:45:33.0056 5288 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:45:33.0067 5288 WinDefend - ok
21:45:33.0073 5288 WinHttpAutoProxySvc - ok
21:45:33.0129 5288 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:45:33.0131 5288 Winmgmt - ok
21:45:33.0189 5288 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:45:33.0223 5288 WinRM - ok
21:45:33.0271 5288 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
21:45:33.0292 5288 Wlansvc - ok
21:45:33.0335 5288 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:45:33.0336 5288 WmiAcpi - ok
21:45:33.0381 5288 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:45:33.0385 5288 wmiApSrv - ok
21:45:33.0495 5288 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:45:33.0501 5288 WMPNetworkSvc - ok
21:45:33.0617 5288 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
21:45:33.0623 5288 WPCSvc - ok
21:45:33.0689 5288 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
21:45:33.0693 5288 WPDBusEnum - ok
21:45:33.0744 5288 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:45:33.0748 5288 WpdUsb - ok
21:45:33.0889 5288 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:45:33.0909 5288 WPFFontCache_v0400 - ok
21:45:33.0966 5288 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:45:33.0968 5288 ws2ifsl - ok
21:45:34.0026 5288 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
21:45:34.0030 5288 wscsvc - ok
21:45:34.0041 5288 WSearch - ok
21:45:34.0138 5288 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
21:45:34.0194 5288 wuauserv - ok
21:45:34.0275 5288 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:45:34.0283 5288 WUDFRd - ok
21:45:34.0325 5288 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:45:34.0329 5288 wudfsvc - ok
21:45:34.0361 5288 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
21:45:34.0448 5288 XAudio - ok
21:45:34.0499 5288 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
21:45:34.0569 5288 XAudioService - ok
21:45:34.0604 5288 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
21:45:34.0610 5288 yukonwlh - ok
21:45:34.0646 5288 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
21:45:34.0704 5288 \Device\Harddisk0\DR0 - ok
21:45:34.0722 5288 Boot (0x1200) (1c87bb41b794aa77b498067de1159056) \Device\Harddisk0\DR0\Partition0
21:45:34.0724 5288 \Device\Harddisk0\DR0\Partition0 - ok
21:45:34.0727 5288 Boot (0x1200) (30f3e47d2d87c4a1987714e2f79baf1e) \Device\Harddisk0\DR0\Partition1
21:45:34.0728 5288 \Device\Harddisk0\DR0\Partition1 - ok
21:45:34.0729 5288 ============================================================
21:45:34.0729 5288 Scan finished
21:45:34.0729 5288 ============================================================
21:45:34.0739 2608 Detected object count: 0
21:45:34.0739 2608 Actual detected object count: 0

asMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-04 21:49:51
-----------------------------
21:49:51.864 OS Version: Windows 6.0.6002 Service Pack 2
21:49:51.865 Number of processors: 2 586 0x1706
21:49:51.941 ComputerName: HOME-PC UserName:
21:50:26.825 Initialize success
21:52:04.154 AVAST engine defs: 12040401
21:56:53.742 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:56:53.747 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
21:56:53.763 Disk 0 MBR read successfully
21:56:53.769 Disk 0 MBR scan
21:56:53.779 Disk 0 Windows VISTA default MBR code
21:56:53.786 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:56:53.805 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
21:56:53.832 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 292644 MB offset 20561920
21:56:53.846 Disk 0 Partition - 00 0F Extended LBA 2559 MB offset 619898880
21:56:53.896 Disk 0 Partition 4 00 DD MSDOS5.0 2558 MB offset 619900928
21:56:53.913 Disk 0 scanning sectors +625139712
21:56:53.987 Disk 0 scanning C:\Windows\system32\drivers
21:57:07.754 Service scanning
21:57:32.013 Modules scanning
21:57:45.391 Disk 0 trace - called modules:
21:57:45.420 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
21:57:45.432 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863e4148]
21:57:45.443 3 CLASSPNP.SYS[8a9a48b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85912030]
21:57:47.406 AVAST engine scan C:\Windows
21:57:59.002 AVAST engine scan C:\Windows\system32
22:03:09.322 AVAST engine scan C:\Windows\system32\drivers
22:03:30.476 AVAST engine scan C:\Users\joe&simone
22:27:26.529 Disk 0 MBR has been saved successfully to "C:\Users\joe&simone\Desktop\GringoHelp\MBR.dat"
22:27:26.535 The log file has been saved successfully to "C:\Users\joe&simone\Desktop\GringoHelp\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-04 22:28:12
-----------------------------
22:28:12.704 OS Version: Windows 6.0.6002 Service Pack 2
22:28:12.704 Number of processors: 2 586 0x1706
22:28:12.705 ComputerName: HOME-PC UserName:
22:28:14.036 Initialize success
22:28:26.172 AVAST engine defs: 12040401
22:28:35.301 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:28:35.307 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
22:28:35.384 Disk 0 MBR read successfully
22:28:35.405 Disk 0 MBR scan
22:28:35.415 Disk 0 Windows VISTA default MBR code
22:28:35.451 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:28:35.494 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
22:28:35.565 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 292644 MB offset 20561920
22:28:35.579 Disk 0 Partition - 00 0F Extended LBA 2559 MB offset 619898880
22:28:36.386 Disk 0 Partition 4 00 DD MSDOS5.0 2558 MB offset 619900928
22:28:36.641 Disk 0 scanning sectors +625139712
22:28:37.395 Disk 0 scanning C:\Windows\system32\drivers
22:28:55.185 Service scanning
22:29:17.628 Modules scanning
22:29:35.276 Disk 0 trace - called modules:
22:29:35.325 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
22:29:35.330 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863e4148]
22:29:35.335 3 CLASSPNP.SYS[8a9a48b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85912030]
22:29:37.055 AVAST engine scan C:\Windows
22:29:51.995 AVAST engine scan C:\Windows\system32
22:35:49.097 AVAST engine scan C:\Windows\system32\drivers
22:36:41.381 AVAST engine scan C:\Users\joe&simone
23:45:29.332 AVAST engine scan C:\ProgramData
23:58:52.619 Scan finished successfully
00:03:47.844 Disk 0 MBR has been saved successfully to "C:\Users\joe&simone\Desktop\GringoHelp\MBR.dat"
00:03:48.013 The log file has been saved successfully to "C:\Users\joe&simone\Desktop\GringoHelp\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 05 April 2012 - 12:39 AM

Hello


I want you to uninstall FireFox

this is important** when asked about user data or settings remove them also


reinstall firefox and check for redirects


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 maanduude

maanduude
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 06 April 2012 - 07:17 PM

That did it, Gringo! Thank you very much for your help. Have a great weekend.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 06 April 2012 - 08:37 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 09 April 2012 - 12:04 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 11 April 2012 - 11:19 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 14 April 2012 - 11:52 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users