Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects me to Happili.com


  • This topic is locked This topic is locked
34 replies to this topic

#1 drkgrss03

drkgrss03

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 15 April 2012 - 08:25 AM

My google search results keep getting re-directed to Happili.com. I have ran MBAM, Spyware search and Destroy, TrendMicro housecall, AVG, Norton Power Eraser, Panda yorkyt.exe and TDSSKiller. Nothing can seem to get rid of this. From what I've read I think I have the ZeroAccess rootkit.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Derek at 19:18:23 on 2012-04-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2342 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
C:\windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\system32\mfevtps.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Derek\AppData\Local\Akamai\netsession_win.exe
C:\Users\Derek\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Windows\KBStatusLED.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120307153948.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "C:\Users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "C:\Users\Derek\AppData\Local\Akamai\netsession_win.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [KBStatusLED1] C:\WINDOWS\KBStatusLED.exe
mRun: [KBStatusLED] C:\WINNT\KBStatusLED.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\Derek\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Derek\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 172.17.1.10 172.17.1.26
TCP: Interfaces\{691C8F97-B434-4150-B109-81FA7C7C6CE4} : DhcpNameServer = 192.168.2.1 172.17.1.10 172.17.1.26
TCP: Interfaces\{78FDB451-C310-43D8-B5D3-7E0FFCA07FD2} : DhcpNameServer = 192.168.2.1 172.17.1.10 172.17.1.26
TCP: Interfaces\{78FDB451-C310-43D8-B5D3-7E0FFCA07FD2}\2456C6B696E6E233837353 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{78FDB451-C310-43D8-B5D3-7E0FFCA07FD2}\2456C6B696E6F574F575962756C6563737F5430373341433 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{78FDB451-C310-43D8-B5D3-7E0FFCA07FD2}\B45737475627D616E6 : DhcpNameServer = 97.64.209.36 97.64.168.13
TCP: Interfaces\{78FDB451-C310-43D8-B5D3-7E0FFCA07FD2}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120307153948.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [KBStatusLED1] C:\WINDOWS\KBStatusLED.exe
mRun-x64: [KBStatusLED] C:\WINNT\KBStatusLED.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce-x64: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\0frdm10w.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Derek\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\0frdm10w.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll
FF - plugin: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\0frdm10w.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-6-11 89600]
R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-11 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-27 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-23 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-23 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-11 656624]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys --> C:\windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-6-11 2320920]
R3 BcmVWL;Broadcom Virtual Wireless;C:\windows\system32\DRIVERS\bcmvwl64.sys --> C:\windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 253600]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-20 129976]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\windows\system32\DRIVERS\silabenm.sys --> C:\windows\system32\DRIVERS\silabenm.sys [?]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\windows\system32\DRIVERS\silabser.sys --> C:\windows\system32\DRIVERS\silabser.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-14 22:40:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-13 23:18:51 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A01A258B-6CB1-4ECB-A23E-94EAFE7B53C8}\mpengine.dll
2012-04-13 23:18:50 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-04-13 00:18:40 -------- d-----w- C:\Users\Derek\AppData\Roaming\AVG2012
2012-04-13 00:18:16 -------- d--h--w- C:\ProgramData\Common Files
2012-04-13 00:17:53 -------- d-----w- C:\ProgramData\AVG2012
2012-04-13 00:17:22 -------- d-----w- C:\Program Files (x86)\AVG
2012-04-13 00:13:40 -------- d-----w- C:\ProgramData\MFAData
2012-04-12 23:42:25 -------- d-----w- C:\Users\Derek\AppData\Local\NPE
2012-04-12 23:42:25 -------- d-----w- C:\ProgramData\Norton
2012-04-11 07:00:21 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-11 07:00:21 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-11 07:00:21 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-11 07:00:21 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-11 07:00:21 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-04-11 07:00:21 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-11 07:00:21 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-08 13:03:37 -------- d-----r- C:\Users\Derek\Dropbox
2012-04-08 12:59:33 -------- d-----w- C:\Users\Derek\AppData\Roaming\Dropbox
2012-04-06 21:51:01 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-04-06 21:33:55 -------- d-----w- C:\Users\Derek\AppData\Local\Citrix
2012-04-06 21:33:51 103784 ----a-w- C:\Users\Derek\GoToAssistDownloadHelper.exe
2012-04-06 21:33:01 -------- d-----w- C:\Users\Derek\AppData\Local\Deployment
2012-04-06 21:33:01 -------- d-----w- C:\Users\Derek\AppData\Local\Apps
2012-04-06 20:48:59 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-03-31 15:29:48 -------- d-----w- C:\Users\Derek\AppData\Local\{4D960255-7B46-11E1-826D-B8AC6F996F26}
2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-21 00:16:11 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-03-21 00:16:09 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-03-21 00:16:09 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-04-06 20:48:59 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 06:53:37 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-02-04 00:01:43 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
.
============= FINISH: 19:19:33.40 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 AM

Posted 16 April 2012 - 02:54 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 drkgrss03

drkgrss03
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 16 April 2012 - 06:48 PM

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee Virtual Technician
McAfee SecurityCenter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
Java™ 6 Update 29
Java™ 6 Update 30
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

_____________________________________________________________________________________________



ComboFix 12-04-16.02 - Derek 04/16/2012 18:13:33.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2497 [GMT -4:00]
Running from: c:\users\Derek\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Derek\GoToAssistDownloadHelper.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 22:32 . 2012-04-16 22:32 -------- d-----w- c:\users\Derek\AppData\Local\CrashDumps
2012-04-16 22:32 . 2012-04-16 22:32 -------- d-----w- c:\users\Susan\AppData\Local\temp
2012-04-16 22:32 . 2012-04-16 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 19:06 . 2012-04-15 19:06 -------- d-----w- c:\programdata\CyberLink
2012-04-15 18:55 . 2012-04-15 18:55 -------- d-----w- c:\users\Mcx1-DEREK-PC
2012-04-15 16:49 . 2012-04-15 16:49 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A01A258B-6CB1-4ECB-A23E-94EAFE7B53C8}\offreg.dll
2012-04-14 22:40 . 2012-04-14 22:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-13 23:18 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A01A258B-6CB1-4ECB-A23E-94EAFE7B53C8}\mpengine.dll
2012-04-13 23:18 . 2012-02-23 14:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-04-13 00:18 . 2012-04-13 00:18 -------- d-----w- c:\users\Derek\AppData\Roaming\AVG2012
2012-04-13 00:18 . 2012-04-13 00:18 -------- d--h--w- c:\programdata\Common Files
2012-04-13 00:17 . 2012-04-13 23:00 -------- d-----w- c:\programdata\AVG2012
2012-04-13 00:17 . 2012-04-13 00:17 -------- d-----w- c:\program files (x86)\AVG
2012-04-13 00:13 . 2012-04-13 22:59 -------- d-----w- c:\programdata\MFAData
2012-04-12 23:42 . 2012-04-13 00:34 -------- d-----w- c:\users\Derek\AppData\Local\NPE
2012-04-12 23:42 . 2012-04-12 23:42 -------- d-----w- c:\programdata\Norton
2012-04-11 07:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 07:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 07:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 07:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 07:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 07:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 07:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-08 13:03 . 2012-04-14 21:57 -------- d-----r- c:\users\Derek\Dropbox
2012-04-08 12:59 . 2012-04-16 20:12 -------- d-----w- c:\users\Derek\AppData\Roaming\Dropbox
2012-04-06 21:51 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-06 21:33 . 2012-04-06 21:33 -------- d-----w- c:\users\Derek\AppData\Local\Citrix
2012-04-06 21:33 . 2012-04-06 21:33 -------- d-----w- c:\users\Derek\AppData\Local\Deployment
2012-04-06 21:33 . 2012-04-06 21:33 -------- d-----w- c:\users\Derek\AppData\Local\Apps
2012-04-06 20:48 . 2012-04-06 20:48 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-31 15:29 . 2012-03-31 15:29 -------- d-----w- c:\users\Derek\AppData\Local\{4D960255-7B46-11E1-826D-B8AC6F996F26}
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-21 00:16 . 2012-04-14 21:56 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-03-21 00:16 . 2012-04-14 18:40 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-03-21 00:16 . 2012-04-14 18:40 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 20:48 . 2011-06-18 13:58 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 02:41 . 2012-03-07 02:41 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-07 02:41 . 2012-03-07 02:41 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-07 02:41 . 2012-03-07 02:41 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-07 02:41 . 2012-03-07 02:41 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-07 02:41 . 2012-03-07 02:41 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-07 02:41 . 2012-03-07 02:41 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-07 02:41 . 2012-03-07 02:41 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-07 02:41 . 2012-03-07 02:41 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-07 02:41 . 2012-03-07 02:41 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-07 02:41 . 2012-03-07 02:41 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-07 02:41 . 2012-03-07 02:41 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-07 02:41 . 2012-03-07 02:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-07 02:41 . 2012-03-07 02:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-07 02:41 . 2012-03-07 02:41 448512 ----a-w- c:\windows\system32\html.iec
2012-03-07 02:41 . 2012-03-07 02:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-07 02:41 . 2012-03-07 02:41 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-07 02:41 . 2012-03-07 02:41 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-07 02:41 . 2012-03-07 02:41 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-07 02:41 . 2012-03-07 02:41 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-07 02:41 . 2012-03-07 02:41 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-07 02:41 . 2012-03-07 02:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-07 02:41 . 2012-03-07 02:41 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-07 02:41 . 2012-03-07 02:41 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-07 02:41 . 2012-03-07 02:41 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-07 02:41 . 2012-03-07 02:41 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-07 02:41 . 2012-03-07 02:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-07 02:41 . 2012-03-07 02:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-07 02:41 . 2012-03-07 02:41 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-07 02:41 . 2012-03-07 02:41 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-07 02:41 . 2012-03-07 02:41 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-07 02:41 . 2012-03-07 02:41 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-07 02:41 . 2012-03-07 02:41 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-07 02:41 . 2012-03-07 02:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-07 02:41 . 2012-03-07 02:41 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-17 06:38 . 2012-03-13 19:28 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 19:28 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 19:28 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 19:28 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-13 19:29 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 19:29 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-04 00:01 . 2012-02-04 00:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-03 04:34 . 2012-03-13 19:29 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-13 19:28 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 19:28 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 19:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Derek\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"KBStatusLED1"="c:\windows\KBStatusLED.exe" [2008-04-30 53248]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-12-02 165104]
"STToasterLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe" [2009-12-02 120048]
.
c:\users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
Dropbox.lnk - c:\users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-14 129976]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-03-17 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-12-02 656624]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-17 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 90972794
*NewlyCreated* - QWAVEDRV
*NewlyCreated* - RDPWD
*NewlyCreated* - TDTCP
*NewlyCreated* - TSSECSRV
*Deregistered* - 90972794
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 20:49]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053022043-3146009036-512691259-1000Core.job
- c:\users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-31 14:58]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053022043-3146009036-512691259-1000UA.job
- c:\users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-31 14:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2009-11-24 18160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.2.1 172.17.1.10 172.17.1.26
FF - ProfilePath - c:\users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\0frdm10w.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-KBStatusLED - c:\winnt\KBStatusLED.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
Completion time: 2012-04-16 18:51:23
ComboFix-quarantined-files.txt 2012-04-16 22:51
.
Pre-Run: 317,106,003,968 bytes free
Post-Run: 317,250,654,208 bytes free
.
- - End Of File - - B81F066535DC9FA585672A8D24B94533




The only problems I was having was Google (using Firefox beta) was redirecting about 20% of my searches to happili.com. A few of my searches were redirected to infomash.com (I think that's what it was called) It also felt like my internet was running slower than normal.


Since running combofix, I have tinkered around on my computer for an hour or so and have NOT been redirected so far. I reset my computer (it usually redirects my first search when i open my browser) so far so good. I really hope this fixed it. Please let me know if you need anything else from me.

Thanks

#4 drkgrss03

drkgrss03
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 16 April 2012 - 08:51 PM

UPDATE

I just got back on my computer and on my first Google search I was redirected to happili.com

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 AM

Posted 16 April 2012 - 09:42 PM

Greetings

I would like you to check all browsers that are installed on the computer and let me know which ones are redirected

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 AM

Posted 18 April 2012 - 11:31 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 drkgrss03

drkgrss03
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 19 April 2012 - 07:11 AM

I'm sorry. For some reason the email just came through saying I got a reply from you. I'm at work now. As soon as I get home this evening I will check my other browsers, run the scans and post my logs. Thanks

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 AM

Posted 19 April 2012 - 07:22 AM

No problem and I will check on you later


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 drkgrss03

drkgrss03
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 19 April 2012 - 08:30 PM

20:23:47.0716 3344 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
20:23:49.0776 3344 ============================================================
20:23:49.0776 3344 Current date / time: 2012/04/19 20:23:49.0776
20:23:49.0776 3344 SystemInfo:
20:23:49.0776 3344
20:23:49.0776 3344 OS Version: 6.1.7601 ServicePack: 1.0
20:23:49.0776 3344 Product type: Workstation
20:23:49.0776 3344 ComputerName: DEREK-PC
20:23:49.0776 3344 UserName: Derek
20:23:49.0776 3344 Windows directory: C:\windows
20:23:49.0776 3344 System windows directory: C:\windows
20:23:49.0776 3344 Running under WOW64
20:23:49.0776 3344 Processor architecture: Intel x64
20:23:49.0776 3344 Number of processors: 4
20:23:49.0776 3344 Page size: 0x1000
20:23:49.0776 3344 Boot type: Normal boot
20:23:49.0776 3344 ============================================================
20:23:50.0415 3344 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:23:50.0415 3344 \Device\Harddisk0\DR0:
20:23:50.0415 3344 MBR partitions:
20:23:50.0415 3344 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
20:23:50.0415 3344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x3CA75FFE
20:23:50.0493 3344 C: <-> \Device\Harddisk0\DR0\Partition1
20:23:50.0493 3344 Initialize success
20:23:50.0493 3344 ============================================================
20:23:54.0019 7164 ============================================================
20:23:54.0019 7164 Scan started
20:23:54.0019 7164 Mode: Manual;
20:23:54.0019 7164 ============================================================
20:23:54.0268 7164 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
20:23:54.0331 7164 1394ohci - ok
20:23:54.0440 7164 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
20:23:54.0456 7164 ACPI - ok
20:23:54.0549 7164 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
20:23:54.0596 7164 AcpiPmi - ok
20:23:54.0721 7164 AdobeActiveFileMonitor8.0 (765fe0463e711e5a68ac7b69538ed922) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
20:23:54.0799 7164 AdobeActiveFileMonitor8.0 - ok
20:23:54.0924 7164 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:23:54.0924 7164 AdobeFlashPlayerUpdateSvc - ok
20:23:55.0033 7164 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
20:23:55.0048 7164 adp94xx - ok
20:23:55.0158 7164 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
20:23:55.0173 7164 adpahci - ok
20:23:55.0267 7164 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
20:23:55.0282 7164 adpu320 - ok
20:23:55.0360 7164 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
20:23:55.0360 7164 AeLookupSvc - ok
20:23:55.0470 7164 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
20:23:55.0516 7164 AESTFilters - ok
20:23:55.0610 7164 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
20:23:55.0626 7164 AFD - ok
20:23:55.0704 7164 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
20:23:55.0704 7164 agp440 - ok
20:23:55.0875 7164 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
20:23:55.0875 7164 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
20:23:55.0875 7164 Akamai ( HiddenFile.Multi.Generic ) - warning
20:23:55.0875 7164 Akamai - detected HiddenFile.Multi.Generic (1)
20:23:55.0953 7164 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
20:23:55.0969 7164 ALG - ok
20:23:56.0062 7164 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
20:23:56.0062 7164 aliide - ok
20:23:56.0140 7164 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
20:23:56.0156 7164 amdide - ok
20:23:56.0234 7164 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
20:23:56.0250 7164 AmdK8 - ok
20:23:56.0328 7164 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:23:56.0343 7164 AmdPPM - ok
20:23:56.0437 7164 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
20:23:56.0484 7164 amdsata - ok
20:23:56.0593 7164 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
20:23:56.0593 7164 amdsbs - ok
20:23:56.0686 7164 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
20:23:56.0749 7164 amdxata - ok
20:23:56.0858 7164 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
20:23:56.0905 7164 AppID - ok
20:23:56.0983 7164 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
20:23:56.0983 7164 AppIDSvc - ok
20:23:57.0061 7164 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
20:23:57.0092 7164 Appinfo - ok
20:23:57.0201 7164 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:23:57.0248 7164 Apple Mobile Device - ok
20:23:57.0373 7164 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
20:23:57.0388 7164 arc - ok
20:23:57.0482 7164 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
20:23:57.0482 7164 arcsas - ok
20:23:57.0576 7164 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:23:57.0591 7164 AsyncMac - ok
20:23:57.0669 7164 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
20:23:57.0685 7164 atapi - ok
20:23:57.0778 7164 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:23:57.0825 7164 AudioEndpointBuilder - ok
20:23:57.0841 7164 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:23:57.0841 7164 AudioSrv - ok
20:23:57.0934 7164 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
20:23:57.0981 7164 AxInstSV - ok
20:23:58.0075 7164 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
20:23:58.0090 7164 b06bdrv - ok
20:23:58.0168 7164 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:23:58.0184 7164 b57nd60a - ok
20:23:58.0340 7164 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\windows\system32\DRIVERS\bcmwl664.sys
20:23:58.0387 7164 BCM43XX - ok
20:23:58.0465 7164 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\windows\system32\DRIVERS\bcmvwl64.sys
20:23:58.0527 7164 BcmVWL - ok
20:23:58.0605 7164 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
20:23:58.0605 7164 BDESVC - ok
20:23:58.0683 7164 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:23:58.0699 7164 Beep - ok
20:23:58.0808 7164 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
20:23:58.0855 7164 BFE - ok
20:23:58.0933 7164 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
20:23:59.0042 7164 BITS - ok
20:23:59.0136 7164 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:23:59.0136 7164 blbdrive - ok
20:23:59.0214 7164 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:23:59.0276 7164 Bonjour Service - ok
20:23:59.0354 7164 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
20:23:59.0401 7164 bowser - ok
20:23:59.0479 7164 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:23:59.0494 7164 BrFiltLo - ok
20:23:59.0572 7164 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:23:59.0572 7164 BrFiltUp - ok
20:23:59.0682 7164 Bridge (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
20:23:59.0682 7164 Bridge - ok
20:23:59.0713 7164 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
20:23:59.0713 7164 BridgeMP - ok
20:23:59.0775 7164 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
20:23:59.0822 7164 Browser - ok
20:23:59.0916 7164 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:23:59.0931 7164 Brserid - ok
20:24:00.0025 7164 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:24:00.0025 7164 BrSerWdm - ok
20:24:00.0118 7164 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:24:00.0118 7164 BrUsbMdm - ok
20:24:00.0196 7164 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:24:00.0212 7164 BrUsbSer - ok
20:24:00.0290 7164 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
20:24:00.0306 7164 BthEnum - ok
20:24:00.0399 7164 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
20:24:00.0399 7164 BTHMODEM - ok
20:24:00.0493 7164 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
20:24:00.0508 7164 BthPan - ok
20:24:00.0602 7164 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
20:24:00.0649 7164 BTHPORT - ok
20:24:00.0727 7164 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
20:24:00.0742 7164 bthserv - ok
20:24:00.0789 7164 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
20:24:00.0852 7164 BTHUSB - ok
20:24:00.0961 7164 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\windows\system32\drivers\btwaudio.sys
20:24:01.0023 7164 btwaudio - ok
20:24:01.0117 7164 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\windows\system32\DRIVERS\btwavdt.sys
20:24:01.0164 7164 btwavdt - ok
20:24:01.0273 7164 btwdins (d65aa164acd0f6706dbcfbbcc9731584) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:24:01.0335 7164 btwdins - ok
20:24:01.0413 7164 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys
20:24:01.0476 7164 btwl2cap - ok
20:24:01.0554 7164 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\windows\system32\DRIVERS\btwrchid.sys
20:24:01.0616 7164 btwrchid - ok
20:24:01.0632 7164 catchme - ok
20:24:01.0725 7164 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:24:01.0725 7164 cdfs - ok
20:24:01.0819 7164 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
20:24:01.0866 7164 cdrom - ok
20:24:01.0959 7164 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:24:02.0006 7164 CertPropSvc - ok
20:24:02.0084 7164 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\windows\system32\drivers\cfwids.sys
20:24:02.0146 7164 cfwids - ok
20:24:02.0240 7164 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
20:24:02.0240 7164 circlass - ok
20:24:02.0302 7164 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:24:02.0318 7164 CLFS - ok
20:24:02.0412 7164 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:24:02.0412 7164 clr_optimization_v2.0.50727_32 - ok
20:24:02.0490 7164 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:24:02.0490 7164 clr_optimization_v2.0.50727_64 - ok
20:24:02.0599 7164 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:24:02.0646 7164 clr_optimization_v4.0.30319_32 - ok
20:24:02.0755 7164 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:24:02.0817 7164 clr_optimization_v4.0.30319_64 - ok
20:24:02.0911 7164 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:24:02.0911 7164 CmBatt - ok
20:24:02.0989 7164 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
20:24:02.0989 7164 cmdide - ok
20:24:03.0082 7164 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
20:24:03.0145 7164 CNG - ok
20:24:03.0238 7164 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
20:24:03.0238 7164 Compbatt - ok
20:24:03.0332 7164 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
20:24:03.0363 7164 CompositeBus - ok
20:24:03.0426 7164 COMSysApp - ok
20:24:03.0504 7164 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
20:24:03.0519 7164 crcdisk - ok
20:24:03.0613 7164 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
20:24:03.0660 7164 CryptSvc - ok
20:24:03.0753 7164 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\windows\system32\DRIVERS\CtClsFlt.sys
20:24:03.0800 7164 CtClsFlt - ok
20:24:03.0909 7164 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:24:03.0925 7164 DcomLaunch - ok
20:24:03.0987 7164 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
20:24:04.0003 7164 defragsvc - ok
20:24:04.0096 7164 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
20:24:04.0143 7164 DfsC - ok
20:24:04.0237 7164 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
20:24:04.0284 7164 Dhcp - ok
20:24:04.0362 7164 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:24:04.0362 7164 discache - ok
20:24:04.0455 7164 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
20:24:04.0471 7164 Disk - ok
20:24:04.0533 7164 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
20:24:04.0596 7164 Dnscache - ok
20:24:04.0674 7164 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
20:24:04.0736 7164 DockLoginService - ok
20:24:04.0814 7164 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
20:24:04.0876 7164 dot3svc - ok
20:24:04.0892 7164 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
20:24:04.0892 7164 DPS - ok
20:24:04.0986 7164 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:24:04.0986 7164 drmkaud - ok
20:24:05.0079 7164 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
20:24:05.0157 7164 DXGKrnl - ok
20:24:05.0251 7164 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
20:24:05.0251 7164 EapHost - ok
20:24:05.0391 7164 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
20:24:05.0454 7164 ebdrv - ok
20:24:05.0516 7164 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
20:24:05.0516 7164 EFS - ok
20:24:05.0610 7164 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
20:24:05.0672 7164 ehRecvr - ok
20:24:05.0703 7164 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
20:24:05.0703 7164 ehSched - ok
20:24:05.0812 7164 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
20:24:05.0828 7164 elxstor - ok
20:24:05.0906 7164 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
20:24:05.0922 7164 ErrDev - ok
20:24:06.0015 7164 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
20:24:06.0015 7164 EventSystem - ok
20:24:06.0093 7164 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:24:06.0109 7164 exfat - ok
20:24:06.0187 7164 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:24:06.0187 7164 fastfat - ok
20:24:06.0280 7164 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
20:24:06.0358 7164 Fax - ok
20:24:06.0436 7164 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
20:24:06.0436 7164 fdc - ok
20:24:06.0499 7164 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
20:24:06.0514 7164 fdPHost - ok
20:24:06.0592 7164 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
20:24:06.0592 7164 FDResPub - ok
20:24:06.0670 7164 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:24:06.0686 7164 FileInfo - ok
20:24:06.0764 7164 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:24:06.0780 7164 Filetrace - ok
20:24:06.0873 7164 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:24:06.0967 7164 FLEXnet Licensing Service - ok
20:24:07.0060 7164 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
20:24:07.0060 7164 flpydisk - ok
20:24:07.0138 7164 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
20:24:07.0185 7164 FltMgr - ok
20:24:07.0279 7164 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
20:24:07.0341 7164 FontCache - ok
20:24:07.0419 7164 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:24:07.0497 7164 FontCache3.0.0.0 - ok
20:24:07.0575 7164 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:24:07.0575 7164 FsDepends - ok
20:24:07.0669 7164 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
20:24:07.0731 7164 fssfltr - ok
20:24:07.0872 7164 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:24:07.0950 7164 fsssvc - ok
20:24:08.0028 7164 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
20:24:08.0090 7164 Fs_Rec - ok
20:24:08.0168 7164 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
20:24:08.0215 7164 fvevol - ok
20:24:08.0308 7164 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
20:24:08.0308 7164 gagp30kx - ok
20:24:08.0402 7164 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
20:24:08.0511 7164 GameConsoleService - ok
20:24:08.0574 7164 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:24:08.0636 7164 GEARAspiWDM - ok
20:24:08.0714 7164 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
20:24:08.0776 7164 gpsvc - ok
20:24:08.0854 7164 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:24:08.0870 7164 hcw85cir - ok
20:24:08.0964 7164 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
20:24:09.0026 7164 HdAudAddService - ok
20:24:09.0120 7164 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
20:24:09.0120 7164 HDAudBus - ok
20:24:09.0198 7164 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
20:24:09.0244 7164 HECIx64 - ok
20:24:09.0322 7164 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
20:24:09.0338 7164 HidBatt - ok
20:24:09.0400 7164 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
20:24:09.0416 7164 HidBth - ok
20:24:09.0494 7164 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
20:24:09.0510 7164 HidIr - ok
20:24:09.0572 7164 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
20:24:09.0572 7164 hidserv - ok
20:24:09.0666 7164 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
20:24:09.0712 7164 HidUsb - ok
20:24:09.0790 7164 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
20:24:09.0837 7164 hkmsvc - ok
20:24:09.0915 7164 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
20:24:09.0962 7164 HomeGroupListener - ok
20:24:10.0024 7164 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
20:24:10.0071 7164 HomeGroupProvider - ok
20:24:10.0149 7164 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
20:24:10.0196 7164 HpSAMD - ok
20:24:10.0274 7164 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
20:24:10.0290 7164 HTTP - ok
20:24:10.0383 7164 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
20:24:10.0383 7164 hwpolicy - ok
20:24:10.0477 7164 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
20:24:10.0492 7164 i8042prt - ok
20:24:10.0586 7164 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\windows\system32\DRIVERS\iaStor.sys
20:24:10.0586 7164 iaStor - ok
20:24:10.0695 7164 IAStorDataMgrSvc (48362e5db5cb2c000c514ee1f3890acd) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
20:24:10.0758 7164 IAStorDataMgrSvc - ok
20:24:10.0867 7164 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
20:24:10.0929 7164 iaStorV - ok
20:24:11.0007 7164 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:24:11.0070 7164 idsvc - ok
20:24:11.0350 7164 igfx (677aa5991026a65ada128c4b59cf2bad) C:\windows\system32\DRIVERS\igdkmd64.sys
20:24:11.0616 7164 igfx - ok
20:24:11.0694 7164 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
20:24:11.0694 7164 iirsp - ok
20:24:11.0756 7164 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
20:24:11.0818 7164 IKEEXT - ok
20:24:11.0912 7164 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
20:24:11.0974 7164 Impcd - ok
20:24:12.0068 7164 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
20:24:12.0115 7164 IntcDAud - ok
20:24:12.0193 7164 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
20:24:12.0208 7164 intelide - ok
20:24:12.0271 7164 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:24:12.0271 7164 intelppm - ok
20:24:12.0302 7164 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
20:24:12.0318 7164 IPBusEnum - ok
20:24:12.0396 7164 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:24:12.0442 7164 IpFilterDriver - ok
20:24:12.0520 7164 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
20:24:12.0567 7164 iphlpsvc - ok
20:24:12.0645 7164 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
20:24:12.0692 7164 IPMIDRV - ok
20:24:12.0770 7164 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:24:12.0770 7164 IPNAT - ok
20:24:12.0879 7164 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
20:24:12.0942 7164 iPod Service - ok
20:24:13.0020 7164 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:24:13.0020 7164 IRENUM - ok
20:24:13.0098 7164 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
20:24:13.0113 7164 isapnp - ok
20:24:13.0191 7164 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
20:24:13.0238 7164 iScsiPrt - ok
20:24:13.0332 7164 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
20:24:13.0347 7164 kbdclass - ok
20:24:13.0410 7164 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
20:24:13.0488 7164 kbdhid - ok
20:24:13.0566 7164 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:24:13.0566 7164 KeyIso - ok
20:24:13.0644 7164 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
20:24:13.0690 7164 KSecDD - ok
20:24:13.0768 7164 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
20:24:13.0831 7164 KSecPkg - ok
20:24:13.0924 7164 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:24:13.0924 7164 ksthunk - ok
20:24:13.0971 7164 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
20:24:13.0987 7164 KtmRm - ok
20:24:14.0065 7164 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
20:24:14.0112 7164 LanmanServer - ok
20:24:14.0190 7164 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
20:24:14.0236 7164 LanmanWorkstation - ok
20:24:14.0330 7164 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:24:14.0330 7164 lltdio - ok
20:24:14.0377 7164 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
20:24:14.0392 7164 lltdsvc - ok
20:24:14.0455 7164 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
20:24:14.0455 7164 lmhosts - ok
20:24:14.0548 7164 LMS (5460828f8951d310b42b442877603b8d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:24:14.0658 7164 LMS - ok
20:24:14.0736 7164 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
20:24:14.0751 7164 LSI_FC - ok
20:24:14.0845 7164 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
20:24:14.0860 7164 LSI_SAS - ok
20:24:14.0876 7164 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:24:14.0876 7164 LSI_SAS2 - ok
20:24:14.0970 7164 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:24:14.0970 7164 LSI_SCSI - ok
20:24:15.0001 7164 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:24:15.0001 7164 luafv - ok
20:24:15.0126 7164 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:24:15.0126 7164 McAfee SiteAdvisor Service - ok
20:24:15.0141 7164 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:24:15.0141 7164 McMPFSvc - ok
20:24:15.0172 7164 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:24:15.0188 7164 mcmscsvc - ok
20:24:15.0204 7164 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:24:15.0219 7164 McNaiAnn - ok
20:24:15.0250 7164 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:24:15.0250 7164 McNASvc - ok
20:24:15.0344 7164 McODS (07b89e7de2f7971cf7eef0262207c4de) C:\Program Files\McAfee\VirusScan\mcods.exe
20:24:15.0344 7164 McODS - ok
20:24:15.0469 7164 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:24:15.0469 7164 McProxy - ok
20:24:15.0562 7164 McShield (325b166bf78d8a8ad93e44ca7a6fc332) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:24:15.0625 7164 McShield - ok
20:24:15.0718 7164 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
20:24:15.0765 7164 Mcx2Svc - ok
20:24:15.0812 7164 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
20:24:15.0812 7164 megasas - ok
20:24:15.0921 7164 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
20:24:15.0921 7164 MegaSR - ok
20:24:16.0015 7164 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\windows\system32\drivers\mfeapfk.sys
20:24:16.0015 7164 mfeapfk - ok
20:24:16.0093 7164 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\windows\system32\drivers\mfeavfk.sys
20:24:16.0155 7164 mfeavfk - ok
20:24:16.0233 7164 mfeavfk01 - ok
20:24:16.0327 7164 mfefire (7d8fdc43972d059907e09ee4022f77e8) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:24:16.0342 7164 mfefire - ok
20:24:16.0420 7164 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\windows\system32\drivers\mfefirek.sys
20:24:16.0498 7164 mfefirek - ok
20:24:16.0576 7164 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\windows\system32\drivers\mfehidk.sys
20:24:16.0639 7164 mfehidk - ok
20:24:16.0732 7164 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\windows\system32\DRIVERS\mfenlfk.sys
20:24:16.0810 7164 mfenlfk - ok
20:24:16.0904 7164 mferkdet (65776bd8029e409935b90de30bf99526) C:\windows\system32\drivers\mferkdet.sys
20:24:16.0951 7164 mferkdet - ok
20:24:17.0029 7164 mfevtp (8a78905057308b084eaa29a9fe1b4f58) C:\windows\system32\mfevtps.exe
20:24:17.0076 7164 mfevtp - ok
20:24:17.0169 7164 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\windows\system32\drivers\mfewfpk.sys
20:24:17.0216 7164 mfewfpk - ok
20:24:17.0294 7164 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:24:17.0294 7164 MMCSS - ok
20:24:17.0356 7164 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:24:17.0372 7164 Modem - ok
20:24:17.0466 7164 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:24:17.0466 7164 monitor - ok
20:24:17.0544 7164 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
20:24:17.0559 7164 mouclass - ok
20:24:17.0653 7164 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:24:17.0653 7164 mouhid - ok
20:24:17.0746 7164 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
20:24:17.0746 7164 mountmgr - ok
20:24:17.0840 7164 MozillaMaintenance (b160ab483b3f3b313131caeda84904f7) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:24:17.0902 7164 MozillaMaintenance - ok
20:24:17.0980 7164 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
20:24:18.0043 7164 mpio - ok
20:24:18.0121 7164 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:24:18.0136 7164 mpsdrv - ok
20:24:18.0183 7164 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
20:24:18.0199 7164 MpsSvc - ok
20:24:18.0277 7164 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
20:24:18.0355 7164 MRxDAV - ok
20:24:18.0433 7164 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
20:24:18.0495 7164 mrxsmb - ok
20:24:18.0573 7164 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:24:18.0636 7164 mrxsmb10 - ok
20:24:18.0714 7164 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:24:18.0776 7164 mrxsmb20 - ok
20:24:18.0838 7164 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
20:24:18.0901 7164 msahci - ok
20:24:18.0979 7164 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
20:24:19.0041 7164 msdsm - ok
20:24:19.0104 7164 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
20:24:19.0119 7164 MSDTC - ok
20:24:19.0197 7164 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:24:19.0213 7164 Msfs - ok
20:24:19.0291 7164 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:24:19.0291 7164 mshidkmdf - ok
20:24:19.0322 7164 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
20:24:19.0338 7164 msisadrv - ok
20:24:19.0416 7164 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
20:24:19.0416 7164 MSiSCSI - ok
20:24:19.0431 7164 msiserver - ok
20:24:19.0525 7164 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:24:19.0525 7164 MSK80Service - ok
20:24:19.0618 7164 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:24:19.0618 7164 MSKSSRV - ok
20:24:19.0712 7164 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:24:19.0728 7164 MSPCLOCK - ok
20:24:19.0790 7164 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:24:19.0806 7164 MSPQM - ok
20:24:19.0837 7164 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
20:24:19.0884 7164 MsRPC - ok
20:24:19.0962 7164 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
20:24:19.0962 7164 mssmbios - ok
20:24:20.0040 7164 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:24:20.0055 7164 MSTEE - ok
20:24:20.0133 7164 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
20:24:20.0133 7164 MTConfig - ok
20:24:20.0196 7164 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:24:20.0211 7164 Mup - ok
20:24:20.0289 7164 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
20:24:20.0352 7164 napagent - ok
20:24:20.0430 7164 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:24:20.0445 7164 NativeWifiP - ok
20:24:20.0554 7164 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
20:24:20.0570 7164 NDIS - ok
20:24:20.0648 7164 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:24:20.0664 7164 NdisCap - ok
20:24:20.0742 7164 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:24:20.0742 7164 NdisTapi - ok
20:24:20.0851 7164 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
20:24:20.0913 7164 Ndisuio - ok
20:24:20.0960 7164 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
20:24:21.0007 7164 NdisWan - ok
20:24:21.0085 7164 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
20:24:21.0132 7164 NDProxy - ok
20:24:21.0225 7164 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:24:21.0225 7164 NetBIOS - ok
20:24:21.0303 7164 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
20:24:21.0303 7164 NetBT - ok
20:24:21.0381 7164 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:24:21.0397 7164 Netlogon - ok
20:24:21.0475 7164 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
20:24:21.0490 7164 Netman - ok
20:24:21.0568 7164 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
20:24:21.0584 7164 netprofm - ok
20:24:21.0646 7164 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:24:21.0646 7164 NetTcpPortSharing - ok
20:24:21.0709 7164 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
20:24:21.0709 7164 nfrd960 - ok
20:24:21.0802 7164 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
20:24:21.0802 7164 NlaSvc - ok
20:24:21.0880 7164 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:24:21.0880 7164 Npfs - ok
20:24:21.0896 7164 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
20:24:21.0912 7164 nsi - ok
20:24:21.0974 7164 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:24:21.0974 7164 nsiproxy - ok
20:24:22.0083 7164 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
20:24:22.0161 7164 Ntfs - ok
20:24:22.0224 7164 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:24:22.0224 7164 Null - ok
20:24:22.0317 7164 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
20:24:22.0380 7164 nvraid - ok
20:24:22.0473 7164 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
20:24:22.0536 7164 nvstor - ok
20:24:22.0614 7164 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
20:24:22.0629 7164 nv_agp - ok
20:24:22.0707 7164 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
20:24:22.0707 7164 ohci1394 - ok
20:24:22.0785 7164 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:24:22.0785 7164 p2pimsvc - ok
20:24:22.0848 7164 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
20:24:22.0863 7164 p2psvc - ok
20:24:22.0926 7164 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
20:24:22.0941 7164 Parport - ok
20:24:22.0972 7164 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
20:24:23.0035 7164 partmgr - ok
20:24:23.0097 7164 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
20:24:23.0113 7164 PcaSvc - ok
20:24:23.0191 7164 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
20:24:23.0191 7164 pci - ok
20:24:23.0269 7164 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
20:24:23.0284 7164 pciide - ok
20:24:23.0362 7164 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
20:24:23.0378 7164 pcmcia - ok
20:24:23.0440 7164 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:24:23.0440 7164 pcw - ok
20:24:23.0472 7164 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:24:23.0487 7164 PEAUTH - ok
20:24:23.0565 7164 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
20:24:23.0581 7164 PerfHost - ok
20:24:23.0674 7164 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
20:24:23.0737 7164 pla - ok
20:24:23.0830 7164 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
20:24:23.0877 7164 PlugPlay - ok
20:24:23.0940 7164 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
20:24:23.0940 7164 PNRPAutoReg - ok
20:24:24.0018 7164 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:24:24.0018 7164 PNRPsvc - ok
20:24:24.0080 7164 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
20:24:24.0127 7164 PolicyAgent - ok
20:24:24.0189 7164 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
20:24:24.0189 7164 Power - ok
20:24:24.0283 7164 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
20:24:24.0330 7164 PptpMiniport - ok
20:24:24.0408 7164 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
20:24:24.0408 7164 Processor - ok
20:24:24.0486 7164 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
20:24:24.0517 7164 ProfSvc - ok
20:24:24.0595 7164 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:24:24.0595 7164 ProtectedStorage - ok
20:24:24.0673 7164 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
20:24:24.0735 7164 Psched - ok
20:24:24.0798 7164 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys
20:24:24.0844 7164 PxHlpa64 - ok
20:24:24.0954 7164 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
20:24:24.0985 7164 ql2300 - ok
20:24:25.0078 7164 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
20:24:25.0078 7164 ql40xx - ok
20:24:25.0156 7164 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
20:24:25.0156 7164 QWAVE - ok
20:24:25.0203 7164 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:24:25.0203 7164 QWAVEdrv - ok
20:24:25.0266 7164 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:24:25.0266 7164 RasAcd - ok
20:24:25.0344 7164 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:24:25.0359 7164 RasAgileVpn - ok
20:24:25.0422 7164 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
20:24:25.0437 7164 RasAuto - ok
20:24:25.0515 7164 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
20:24:25.0562 7164 Rasl2tp - ok
20:24:25.0656 7164 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
20:24:25.0702 7164 RasMan - ok
20:24:25.0780 7164 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:24:25.0780 7164 RasPppoe - ok
20:24:25.0858 7164 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:24:25.0874 7164 RasSstp - ok
20:24:25.0905 7164 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
20:24:25.0952 7164 rdbss - ok
20:24:26.0014 7164 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
20:24:26.0030 7164 rdpbus - ok
20:24:26.0046 7164 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:24:26.0046 7164 RDPCDD - ok
20:24:26.0139 7164 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:24:26.0139 7164 RDPENCDD - ok
20:24:26.0202 7164 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:24:26.0202 7164 RDPREFMP - ok
20:24:26.0233 7164 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
20:24:26.0280 7164 RDPWD - ok
20:24:26.0389 7164 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
20:24:26.0436 7164 rdyboost - ok
20:24:26.0514 7164 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
20:24:26.0514 7164 RemoteAccess - ok
20:24:26.0592 7164 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
20:24:26.0592 7164 RemoteRegistry - ok
20:24:26.0685 7164 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
20:24:26.0701 7164 RFCOMM - ok
20:24:26.0779 7164 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\windows\system32\Drivers\RimUsb_AMD64.sys
20:24:26.0826 7164 RimUsb - ok
20:24:26.0919 7164 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
20:24:26.0982 7164 RimVSerPort - ok
20:24:27.0075 7164 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys
20:24:27.0091 7164 ROOTMODEM - ok
20:24:27.0106 7164 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
20:24:27.0122 7164 RpcEptMapper - ok
20:24:27.0184 7164 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
20:24:27.0200 7164 RpcLocator - ok
20:24:27.0231 7164 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:24:27.0247 7164 RpcSs - ok
20:24:27.0325 7164 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:24:27.0325 7164 rspndr - ok
20:24:27.0434 7164 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\windows\system32\Drivers\RtsUStor.sys
20:24:27.0481 7164 RSUSBSTOR - ok
20:24:27.0574 7164 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\windows\system32\DRIVERS\Rt64win7.sys
20:24:27.0637 7164 RTL8167 - ok
20:24:27.0699 7164 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:24:27.0699 7164 SamSs - ok
20:24:27.0777 7164 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
20:24:27.0840 7164 sbp2port - ok
20:24:27.0902 7164 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
20:24:27.0918 7164 SCardSvr - ok
20:24:27.0964 7164 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
20:24:28.0027 7164 scfilter - ok
20:24:28.0120 7164 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
20:24:28.0167 7164 Schedule - ok
20:24:28.0245 7164 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:24:28.0245 7164 SCPolicySvc - ok
20:24:28.0323 7164 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
20:24:28.0370 7164 SDRSVC - ok
20:24:28.0464 7164 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:24:28.0464 7164 secdrv - ok
20:24:28.0526 7164 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
20:24:28.0573 7164 seclogon - ok
20:24:28.0651 7164 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
20:24:28.0651 7164 SENS - ok
20:24:28.0729 7164 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
20:24:28.0744 7164 SensrSvc - ok
20:24:28.0822 7164 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
20:24:28.0822 7164 Serenum - ok
20:24:28.0932 7164 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
20:24:28.0932 7164 Serial - ok
20:24:29.0025 7164 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
20:24:29.0025 7164 sermouse - ok
20:24:29.0103 7164 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
20:24:29.0150 7164 SessionEnv - ok
20:24:29.0228 7164 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
20:24:29.0228 7164 sffdisk - ok
20:24:29.0306 7164 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
20:24:29.0306 7164 sffp_mmc - ok
20:24:29.0400 7164 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
20:24:29.0446 7164 sffp_sd - ok
20:24:29.0524 7164 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
20:24:29.0524 7164 sfloppy - ok
20:24:29.0649 7164 SftService (16a5cc62f79a32a974b55110a898945c) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:24:29.0758 7164 SftService - ok
20:24:29.0852 7164 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
20:24:29.0868 7164 SharedAccess - ok
20:24:29.0930 7164 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
20:24:29.0977 7164 ShellHWDetection - ok
20:24:30.0070 7164 silabenm (720088aad691ff1d90be8ec28727f6ca) C:\windows\system32\DRIVERS\silabenm.sys
20:24:30.0117 7164 silabenm - ok
20:24:30.0148 7164 silabser (77d4f56682ab668dd7d4bd4f1178d3c9) C:\windows\system32\DRIVERS\silabser.sys
20:24:30.0211 7164 silabser - ok
20:24:30.0273 7164 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:24:30.0289 7164 SiSRaid2 - ok
20:24:30.0367 7164 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
20:24:30.0367 7164 SiSRaid4 - ok
20:24:30.0398 7164 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:24:32.0816 7164 SkypeUpdate - ok
20:24:32.0925 7164 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:24:32.0925 7164 Smb - ok
20:24:33.0034 7164 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
20:24:33.0050 7164 SNMPTRAP - ok
20:24:33.0097 7164 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:24:33.0097 7164 spldr - ok
20:24:33.0190 7164 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
20:24:33.0253 7164 Spooler - ok
20:24:33.0378 7164 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
20:24:33.0393 7164 sppsvc - ok
20:24:33.0456 7164 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
20:24:33.0471 7164 sppuinotify - ok
20:24:33.0549 7164 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
20:24:33.0627 7164 sprtsvc_DellSupportCenter - ok
20:24:33.0705 7164 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
20:24:33.0768 7164 srv - ok
20:24:33.0846 7164 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
20:24:33.0892 7164 srv2 - ok
20:24:33.0970 7164 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
20:24:34.0017 7164 srvnet - ok
20:24:34.0095 7164 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
20:24:34.0111 7164 SSDPSRV - ok
20:24:34.0173 7164 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
20:24:34.0189 7164 SstpSvc - ok
20:24:34.0298 7164 STacSV (da7702025dfd169b909c4da3126762cc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
20:24:34.0345 7164 STacSV - ok
20:24:34.0407 7164 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
20:24:34.0423 7164 stexstor - ok
20:24:34.0516 7164 STHDA (caf5a9708671b14b9670260735b22c4e) C:\windows\system32\DRIVERS\stwrt64.sys
20:24:34.0579 7164 STHDA - ok
20:24:34.0672 7164 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
20:24:34.0719 7164 stisvc - ok
20:24:34.0797 7164 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
20:24:34.0797 7164 swenum - ok
20:24:34.0891 7164 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
20:24:34.0906 7164 swprv - ok
20:24:35.0016 7164 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\windows\system32\DRIVERS\SynTP.sys
20:24:35.0062 7164 SynTP - ok
20:24:35.0172 7164 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
20:24:35.0218 7164 SysMain - ok
20:24:35.0312 7164 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
20:24:35.0359 7164 TabletInputService - ok
20:24:35.0437 7164 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
20:24:35.0484 7164 TapiSrv - ok
20:24:35.0546 7164 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
20:24:35.0546 7164 TBS - ok
20:24:35.0655 7164 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
20:24:35.0733 7164 Tcpip - ok
20:24:35.0874 7164 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
20:24:35.0889 7164 TCPIP6 - ok
20:24:35.0983 7164 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
20:24:36.0030 7164 tcpipreg - ok
20:24:36.0108 7164 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:24:36.0123 7164 TDPIPE - ok
20:24:36.0186 7164 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
20:24:36.0232 7164 TDTCP - ok
20:24:36.0310 7164 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
20:24:36.0373 7164 tdx - ok
20:24:36.0451 7164 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
20:24:36.0498 7164 TermDD - ok
20:24:36.0591 7164 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
20:24:36.0607 7164 TermService - ok
20:24:36.0669 7164 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
20:24:36.0685 7164 Themes - ok
20:24:36.0747 7164 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:24:36.0747 7164 THREADORDER - ok
20:24:36.0841 7164 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
20:24:36.0856 7164 TrkWks - ok
20:24:36.0903 7164 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
20:24:36.0903 7164 TrustedInstaller - ok
20:24:36.0981 7164 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
20:24:37.0028 7164 tssecsrv - ok
20:24:37.0122 7164 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
20:24:37.0168 7164 TsUsbFlt - ok
20:24:37.0246 7164 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
20:24:37.0309 7164 tunnel - ok
20:24:37.0340 7164 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\windows\system32\DRIVERS\TurboB.sys
20:24:37.0402 7164 TurboB - ok
20:24:37.0480 7164 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
20:24:37.0543 7164 TurboBoost - ok
20:24:37.0636 7164 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
20:24:37.0636 7164 uagp35 - ok
20:24:37.0714 7164 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
20:24:37.0792 7164 udfs - ok
20:24:37.0855 7164 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
20:24:37.0855 7164 UI0Detect - ok
20:24:37.0948 7164 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
20:24:37.0948 7164 uliagpkx - ok
20:24:38.0042 7164 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
20:24:38.0104 7164 umbus - ok
20:24:38.0182 7164 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
20:24:38.0198 7164 UmPass - ok
20:24:38.0338 7164 UNS (9e89c2d6945389270de067ce51ff7425) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:24:38.0448 7164 UNS - ok
20:24:38.0510 7164 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
20:24:38.0526 7164 upnphost - ok
20:24:38.0619 7164 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\windows\system32\Drivers\usbaapl64.sys
20:24:38.0666 7164 USBAAPL64 - ok
20:24:38.0744 7164 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
20:24:38.0806 7164 usbccgp - ok
20:24:38.0900 7164 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
20:24:38.0900 7164 usbcir - ok
20:24:38.0994 7164 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
20:24:39.0025 7164 usbehci - ok
20:24:39.0118 7164 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
20:24:39.0181 7164 usbhub - ok
20:24:39.0259 7164 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
20:24:39.0306 7164 usbohci - ok
20:24:39.0384 7164 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:24:39.0384 7164 usbprint - ok
20:24:39.0493 7164 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:24:39.0540 7164 USBSTOR - ok
20:24:39.0618 7164 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
20:24:39.0664 7164 usbuhci - ok
20:24:39.0758 7164 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
20:24:39.0805 7164 usbvideo - ok
20:24:39.0883 7164 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
20:24:39.0883 7164 UxSms - ok
20:24:39.0961 7164 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:24:39.0961 7164 VaultSvc - ok
20:24:40.0039 7164 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
20:24:40.0039 7164 vdrvroot - ok
20:24:40.0117 7164 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
20:24:40.0179 7164 vds - ok
20:24:40.0242 7164 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:24:40.0257 7164 vga - ok
20:24:40.0335 7164 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:24:40.0335 7164 VgaSave - ok
20:24:40.0429 7164 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
20:24:40.0476 7164 vhdmp - ok
20:24:40.0554 7164 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
20:24:40.0569 7164 viaide - ok
20:24:40.0647 7164 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
20:24:40.0710 7164 volmgr - ok
20:24:40.0788 7164 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
20:24:40.0803 7164 volmgrx - ok
20:24:40.0881 7164 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
20:24:40.0959 7164 volsnap - ok
20:24:41.0022 7164 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
20:24:41.0037 7164 vsmraid - ok
20:24:41.0147 7164 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
20:24:41.0209 7164 VSS - ok
20:24:41.0287 7164 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:24:41.0287 7164 vwifibus - ok
20:24:41.0365 7164 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:24:41.0381 7164 vwififlt - ok
20:24:41.0474 7164 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
20:24:41.0474 7164 vwifimp - ok
20:24:41.0552 7164 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
20:24:41.0568 7164 W32Time - ok
20:24:41.0646 7164 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
20:24:41.0646 7164 WacomPen - ok
20:24:41.0739 7164 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:24:41.0786 7164 WANARP - ok
20:24:41.0802 7164 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:24:41.0802 7164 Wanarpv6 - ok
20:24:41.0895 7164 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
20:24:41.0958 7164 WatAdminSvc - ok
20:24:42.0067 7164 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
20:24:42.0129 7164 wbengine - ok
20:24:42.0207 7164 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
20:24:42.0223 7164 WbioSrvc - ok
20:24:42.0285 7164 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
20:24:42.0317 7164 wcncsvc - ok
20:24:42.0348 7164 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
20:24:42.0348 7164 WcsPlugInService - ok
20:24:42.0426 7164 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
20:24:42.0441 7164 Wd - ok
20:24:42.0519 7164 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:24:42.0535 7164 Wdf01000 - ok
20:24:42.0597 7164 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:24:42.0613 7164 WdiServiceHost - ok
20:24:42.0613 7164 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:24:42.0613 7164 WdiSystemHost - ok
20:24:42.0691 7164 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
20:24:42.0738 7164 WebClient - ok
20:24:42.0831 7164 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
20:24:42.0831 7164 Wecsvc - ok
20:24:42.0863 7164 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
20:24:42.0878 7164 wercplsupport - ok
20:24:42.0956 7164 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
20:24:42.0972 7164 WerSvc - ok
20:24:43.0050 7164 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:24:43.0050 7164 WfpLwf - ok
20:24:43.0143 7164 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
20:24:43.0206 7164 WimFltr - ok
20:24:43.0268 7164 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:24:43.0284 7164 WIMMount - ok
20:24:43.0299 7164 WinDefend - ok
20:24:43.0315 7164 WinHttpAutoProxySvc - ok
20:24:43.0409 7164 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
20:24:43.0409 7164 Winmgmt - ok
20:24:43.0518 7164 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
20:24:43.0580 7164 WinRM - ok
20:24:43.0689 7164 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
20:24:43.0736 7164 WinUsb - ok
20:24:43.0830 7164 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
20:24:43.0830 7164 Wlansvc - ok
20:24:43.0939 7164 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:24:43.0986 7164 wlcrasvc - ok
20:24:44.0111 7164 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:24:44.0142 7164 wlidsvc - ok
20:24:44.0220 7164 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
20:24:44.0220 7164 WmiAcpi - ok
20:24:44.0313 7164 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
20:24:44.0329 7164 wmiApSrv - ok
20:24:44.0360 7164 WMPNetworkSvc - ok
20:24:44.0423 7164 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
20:24:44.0438 7164 WPCSvc - ok
20:24:44.0454 7164 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
20:24:44.0501 7164 WPDBusEnum - ok
20:24:44.0594 7164 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:24:44.0594 7164 ws2ifsl - ok
20:24:44.0641 7164 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
20:24:44.0657 7164 wscsvc - ok
20:24:44.0672 7164 WSearch - ok
20:24:44.0750 7164 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
20:24:44.0766 7164 wuauserv - ok
20:24:44.0844 7164 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
20:24:44.0922 7164 WudfPf - ok
20:24:45.0031 7164 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
20:24:45.0093 7164 WUDFRd - ok
20:24:45.0156 7164 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
20:24:45.0203 7164 wudfsvc - ok
20:24:45.0265 7164 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
20:24:45.0281 7164 WwanSvc - ok
20:24:45.0359 7164 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\windows\system32\DRIVERS\yk62x64.sys
20:24:45.0374 7164 yukonw7 - ok
20:24:45.0437 7164 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:24:45.0499 7164 \Device\Harddisk0\DR0 - ok
20:24:45.0499 7164 Boot (0x1200) (de4cfc9a6bceac4db23f9f39b2598578) \Device\Harddisk0\DR0\Partition0
20:24:45.0499 7164 \Device\Harddisk0\DR0\Partition0 - ok
20:24:45.0515 7164 Boot (0x1200) (32c9185877b58266df558b326a99298b) \Device\Harddisk0\DR0\Partition1
20:24:45.0530 7164 \Device\Harddisk0\DR0\Partition1 - ok
20:24:45.0530 7164 ============================================================
20:24:45.0530 7164 Scan finished
20:24:45.0530 7164 ============================================================
20:24:45.0530 3400 Detected object count: 1
20:24:45.0530 3400 Actual detected object count: 1
20:24:57.0807 3400 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:24:57.0807 3400 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip





I ran aswMBR but about 15 minutes into the scan I got the blue screen of death and my computer reset itself. I tried running it again and got the BSOD again. It's only on my screen for about 5 seconds so I'm not able to read all of what it says.

I ran IE, Chrome and Firefox. Firefox is typically the only browser I use. Firefox is the only one that redirected me. Although I only ran the other two for about 10 minutes. Also Firefox is running EXTREMELY slow.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 AM

Posted 19 April 2012 - 08:35 PM

Hello


I want you to uninstall FireFox and if asked about user data or settings - remove those also


then reinstall it and check if it is still being redirected


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 drkgrss03

drkgrss03
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 19 April 2012 - 09:17 PM

I uninstalled and reinstalled and my first Google search was redirected. It didn't ask me about user data and settings. All of my bookmarks and everything were still here when I reinstalled.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 AM

Posted 19 April 2012 - 09:40 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 drkgrss03

drkgrss03
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 19 April 2012 - 09:59 PM

OTL logfile created on: 4/19/2012 10:47:03 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Derek\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 63.32% Memory free
7.60 Gb Paging File | 5.53 Gb Available in Paging File | 72.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 485.23 Gb Total Space | 293.22 Gb Free Space | 60.43% Space Free | Partition Type: NTFS

Computer Name: DEREK-PC | User Name: Derek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Derek\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Derek\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\KBStatusLED.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Windows\KBStatusLED.exe ()
MOD - C:\Windows\KBHook.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe (IDT, Inc.)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (BcmVWL) -- C:\Windows\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (silabser) -- C:\Windows\SysNative\drivers\silabser.sys (Silicon Laboratories)
DRV:64bit: - (silabenm) -- C:\Windows\SysNative\drivers\silabenm.sys (Silicon Laboratories, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:33440

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:33440



IE - HKU\S-1-5-21-3053022043-3146009036-512691259-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3053022043-3146009036-512691259-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3053022043-3146009036-512691259-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3053022043-3146009036-512691259-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3053022043-3146009036-512691259-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3053022043-3146009036-512691259-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Derek\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Derek\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/03/06 10:36:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/03/11 02:15:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/19 22:14:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/14 17:59:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4D960255-7B46-11E1-826D-B8AC6F996F26}: C:\Users\Derek\AppData\Local\{4D960255-7B46-11E1-826D-B8AC6F996F26}\ [2012/03/31 11:29:48 | 000,000,000 | ---D | M]

[2010/08/26 19:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derek\AppData\Roaming\Mozilla\Extensions
[2012/03/22 18:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\0frdm10w.default\extensions
[2012/02/02 19:19:18 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\0frdm10w.default\extensions\LogMeInClient@logmein.com
[2012/04/19 22:14:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/06 10:36:26 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012/03/31 11:29:48 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\DEREK\APPDATA\LOCAL\{4D960255-7B46-11E1-826D-B8AC6F996F26}
() (No name found) -- C:\USERS\DEREK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0FRDM10W.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/04/19 21:24:00 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Derek\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Derek\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Derek\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Derek\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Entanglement = C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\
CHR - Extension: SiteAdvisor = C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Poppit = C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/04/16 18:32:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120307153948.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120307153948.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-3053022043-3146009036-512691259-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KBStatusLED1] C:\Windows\KBStatusLED.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKU\S-1-5-21-3053022043-3146009036-512691259-1000..\Run: [Akamai NetSession Interface] C:\Users\Derek\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Mcx1-DEREK-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3053022043-3146009036-512691259-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3053022043-3146009036-512691259-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3053022043-3146009036-512691259-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3053022043-3146009036-512691259-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3053022043-3146009036-512691259-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 172.17.1.10 172.17.1.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{691C8F97-B434-4150-B109-81FA7C7C6CE4}: DhcpNameServer = 192.168.2.1 172.17.1.10 172.17.1.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78FDB451-C310-43D8-B5D3-7E0FFCA07FD2}: DhcpNameServer = 192.168.2.1 172.17.1.10 172.17.1.26
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 22:44:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Derek\Desktop\OTL.exe
[2012/04/19 21:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/19 21:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/04/19 20:50:43 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/04/19 20:28:42 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Derek\Desktop\aswMBR.exe
[2012/04/19 20:23:10 | 002,072,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Derek\Desktop\tdsskiller.exe
[2012/04/16 19:00:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/16 18:32:42 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\CrashDumps
[2012/04/16 18:11:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/04/16 18:11:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/04/16 18:11:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/04/16 18:11:00 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/04/16 18:10:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/16 18:09:41 | 004,465,601 | R--- | C] (Swearware) -- C:\Users\Derek\Desktop\ComboFix.exe
[2012/04/15 15:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/04/14 18:40:57 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/12 20:18:40 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\AVG2012
[2012/04/12 20:18:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/04/12 20:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/04/12 20:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/04/12 20:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/04/12 19:42:25 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\NPE
[2012/04/12 19:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/04/11 03:03:20 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/04/11 03:03:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/04/11 03:03:19 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/04/11 03:03:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/04/11 03:03:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/04/11 03:03:18 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/04/11 03:03:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/04/11 03:03:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/04/11 03:03:17 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/04/11 03:03:17 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/04/11 03:03:17 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/04/11 03:03:05 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/04/11 03:03:05 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/04/11 03:03:05 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/04/11 03:00:21 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/04/11 03:00:21 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2012/04/11 03:00:21 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
[2012/04/08 09:03:37 | 000,000,000 | R--D | C] -- C:\Users\Derek\Dropbox
[2012/04/08 09:00:05 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/04/08 08:59:33 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Dropbox
[2012/04/06 17:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/06 17:51:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/04/06 17:33:55 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Citrix
[2012/04/06 17:33:01 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Deployment
[2012/04/06 17:33:01 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Apps
[2012/04/06 16:48:59 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/03/31 14:17:43 | 002,405,568 | ---- | C] (Trend Micro Inc.) -- C:\Users\Derek\Desktop\House Call.exe
[2012/03/31 11:29:48 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\{4D960255-7B46-11E1-826D-B8AC6F996F26}

========== Files - Modified Within 30 Days ==========

[2012/04/19 22:44:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Derek\Desktop\OTL.exe
[2012/04/19 22:36:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/19 22:25:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3053022043-3146009036-512691259-1000UA.job
[2012/04/19 22:14:16 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/19 22:08:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/19 21:23:59 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/04/19 21:23:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2012/04/19 21:23:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/04/19 21:23:58 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/04/19 21:22:26 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 21:22:26 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 21:21:20 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/04/19 21:21:20 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/04/19 21:21:20 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/04/19 21:15:26 | 000,000,374 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2012/04/19 21:14:48 | 697,834,890 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/04/19 21:14:47 | 3062,804,480 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/19 20:53:45 | 000,001,053 | ---- | M] () -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/19 20:53:35 | 000,001,021 | ---- | M] () -- C:\Users\Derek\Desktop\Dropbox.lnk
[2012/04/19 20:29:08 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Derek\Desktop\aswMBR.exe
[2012/04/19 20:23:22 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Derek\Desktop\tdsskiller.exe
[2012/04/19 14:12:20 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3053022043-3146009036-512691259-1000Core.job
[2012/04/16 18:32:55 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/04/16 18:09:47 | 004,465,601 | R--- | M] (Swearware) -- C:\Users\Derek\Desktop\ComboFix.exe
[2012/04/16 17:55:35 | 000,879,714 | ---- | M] () -- C:\Users\Derek\Desktop\SecurityCheck.exe
[2012/04/15 14:54:24 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/04/14 19:13:46 | 000,000,000 | ---- | M] () -- C:\Users\Derek\defogger_reenable
[2012/04/14 17:59:28 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/14 09:25:28 | 000,002,401 | ---- | M] () -- C:\Users\Derek\Desktop\Google Chrome.lnk
[2012/04/12 21:57:55 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 16:48:59 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/04/06 16:48:59 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/04/01 01:43:08 | 007,014,401 | ---- | M] () -- C:\Users\Derek\AppData\Local\census.cache
[2012/04/01 01:30:58 | 000,109,744 | ---- | M] () -- C:\Users\Derek\AppData\Local\ars.cache
[2012/03/31 14:19:31 | 000,000,036 | ---- | M] () -- C:\Users\Derek\AppData\Local\housecall.guid.cache
[2012/03/31 14:17:57 | 002,405,568 | ---- | M] (Trend Micro Inc.) -- C:\Users\Derek\Desktop\House Call.exe

========== Files Created - No Company Name ==========

[2012/04/19 22:14:16 | 000,001,144 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/19 22:14:16 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/19 20:50:37 | 697,834,890 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/04/16 18:11:05 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/04/16 18:11:05 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/04/16 18:11:05 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/04/16 18:11:05 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/04/16 18:11:05 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/04/16 17:55:27 | 000,879,714 | ---- | C] () -- C:\Users\Derek\Desktop\SecurityCheck.exe
[2012/04/15 14:54:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/04/14 19:13:46 | 000,000,000 | ---- | C] () -- C:\Users\Derek\defogger_reenable
[2012/04/14 17:58:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/04/14 17:58:53 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/08 09:03:37 | 000,001,021 | ---- | C] () -- C:\Users\Derek\Desktop\Dropbox.lnk
[2012/04/08 09:00:11 | 000,001,053 | ---- | C] () -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/06 17:51:09 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/06 16:49:02 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/03/31 15:36:26 | 007,014,401 | ---- | C] () -- C:\Users\Derek\AppData\Local\census.cache
[2012/03/31 15:35:33 | 000,109,744 | ---- | C] () -- C:\Users\Derek\AppData\Local\ars.cache
[2012/03/31 14:19:31 | 000,000,036 | ---- | C] () -- C:\Users\Derek\AppData\Local\housecall.guid.cache
[2011/12/18 20:41:31 | 000,723,294 | ---- | C] () -- C:\windows\unins000.exe
[2011/12/18 20:41:31 | 000,136,488 | ---- | C] () -- C:\windows\unins000.dat
[2011/08/27 18:17:36 | 000,015,872 | ---- | C] () -- C:\Users\Derek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/07 23:37:00 | 000,007,598 | ---- | C] () -- C:\Users\Derek\AppData\Local\Resmon.ResmonCfg
[2010/09/26 18:38:48 | 000,000,230 | ---- | C] () -- C:\Users\Derek\AppData\Roaming\wklnhst.dat
[2010/08/25 20:34:30 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/08/25 20:34:30 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/06/11 15:37:08 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/06/11 15:37:08 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/06/11 15:37:08 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2010/06/11 15:27:24 | 000,000,193 | ---- | C] () -- C:\windows\Prelaunch.ini
[2010/06/11 15:27:24 | 000,000,147 | ---- | C] () -- C:\windows\WisPriority.ini
[2010/06/11 15:27:24 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2010/06/11 15:27:24 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2010/06/11 15:27:24 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2010/06/11 15:27:24 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2010/06/11 15:27:24 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2010/06/11 13:13:55 | 000,000,074 | RHS- | C] () -- C:\windows\CT4CET.bin

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 AM

Posted 19 April 2012 - 10:09 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:33440
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:33440
    FF - prefs.js..network.proxy.type: 4
    FF - user.js - File not found
    () (No name found) -- C:\USERS\DEREK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0FRDM10W.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
    [2012/03/31 11:29:48 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\DEREK\APPDATA\LOCAL\{4D960255-7B46-11E1-826D-B8AC6F996F26}
    :Files
    C:\USERS\DEREK\APPDATA\LOCAL\{4D960255-7B46-11E1-826D-B8AC6F996F26}
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Edited by gringo_pr, 19 April 2012 - 10:28 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 drkgrss03

drkgrss03
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 20 April 2012 - 05:17 PM

========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: 4 removed from network.proxy.type
C:\USERS\DEREK\APPDATA\LOCAL\{4D960255-7B46-11E1-826D-B8AC6F996F26}\chrome\content folder moved successfully.
C:\USERS\DEREK\APPDATA\LOCAL\{4D960255-7B46-11E1-826D-B8AC6F996F26}\chrome folder moved successfully.
C:\USERS\DEREK\APPDATA\LOCAL\{4D960255-7B46-11E1-826D-B8AC6F996F26} folder moved successfully.
========== FILES ==========
File\Folder C:\USERS\DEREK\APPDATA\LOCAL\{4D960255-7B46-11E1-826D-B8AC6F996F26} not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Derek\Desktop\cmd.bat deleted successfully.
C:\Users\Derek\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Derek
->Java cache emptied: 0 bytes

User: Mcx1-DEREK-PC

User: Public

User: Susan

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Derek
->Flash cache emptied: 196308 bytes

User: Mcx1-DEREK-PC

User: Public

User: Susan

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.40.0 log created on 04202012_180139




It didn't have me reset my computer. So far so good though. I've tinkered for about 20 minutes or so and I haven't been redirected yet. Fingers crossed. I'll let you know as the evening goes on if I get redirected. Also I've noticed that my proxy settings have been changing. I really don't know much about proxies but I know my work computer is set to no proxy. My computer was set to auto detect. When I changed it to no proxy, it would change back to auto detect. Now after running OTL my proxy is set to "Use system proxy settings". Is this anything I should be concerned with? Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users