Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bogus Software Removal Virus


  • This topic is locked This topic is locked
26 replies to this topic

#1 zpobric

zpobric

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 15 May 2012 - 02:11 PM

Hello all --

A few weeks ago, my computer got some kind of infection. The clearest symptoms are that my files have been "hidden" (I cannot see them in their folders), my desktop is absent of my standard icons, I cannot connect to the internet if I'm not in safe mode with networking, and the virus offers a bogus virus removal software to download--for a fee, of course! I'm barely computer literate, so I'm not quite sure what else to say about the issue, but I have noticed that it makes McAfee useless.

A couple of other little problems, such as consistent error pop ups, are also present. (To be honest, I cannot recall what they say. I've been using my netbook while the problem has persisted, and this is the first time I've turned on the infected computer for weeks.)

If anyone is able to help me out, I would greatly appreciate it! No major rush here, so please feel free to take your time, if you have any at all. I have attached/pasted logs below. Thanks so much for taking a look.

Best,
Pac

--

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
Run by Pac at 13:59:32 on 2012-05-15
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3061.2306 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uWinlogon: Shell=c:\users\pac\appdata\local\c1392a4f\X
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111220162252.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\pac\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [{5AE37CC6-CBE6-EC3B-62A3-1A55F1F7F6D5}] c:\users\pac\appdata\roaming\riowyb\atmiu.exe
uRun: [Akamai NetSession Interface] c:\users\pac\appdata\local\akamai\netsession_win.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\puppypictures\mbam.exe" /runcleanupscript
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McPvTray_exe] "c:\program files\mcafee\mat\McPvTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [JiKJGqSIsOjjAl.exe] c:\programdata\JiKJGqSIsOjjAl.exe
StartupFolder: c:\users\pac\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: nhlnetwork.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{5AAA7793-6359-4CA1-BDE9-DEEA5E75A942} : DhcpNameServer = 167.206.254.1 167.206.254.2
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pac\appdata\roaming\mozilla\firefox\profiles\z8323q06.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.nytimes.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64323
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\users\pac\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\pac\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\pac\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\pac\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\pac\appdata\roaming\neulion\adaptiveplugin\npadaptiveplugin_1_6_5_7131.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-7-10 64512]
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-6-16 64048]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 464176]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-6-16 64880]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-6-16 165680]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-16 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-6-16 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-16 150856]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-6-16 338176]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-6-16 54776]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-12-9 73728]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate1c9b632447ee143;Google Update Service (gupdate1c9b632447ee143);c:\program files\google\update\GoogleUpdate.exe [2009-4-5 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-20 2152152]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-9 366152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-16 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-16 214904]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-16 214904]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-6-16 166288]
S2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-6-16 57600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-5 133104]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-9 111616]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-6-20 15232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-9 22216]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-20 180816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-6-16 59456]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-6-16 87656]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-03-31 05:21:59 243200 ---ha-w- c:\programdata\BYPGXhjaRabNfa.exe
2012-03-30 19:10:24 315392 ---ha-w- c:\programdata\JiKJGqSIsOjjAl.exe
.
============= FINISH: 13:59:45.18 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 AM

Posted 15 May 2012 - 11:32 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 zpobric

zpobric
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 16 May 2012 - 01:23 PM

Gringo, you're back to the rescue! Greatly appreciated.

I am having a bit of trouble here. The first scan I ran successfully, and I've pasted the log. However, when trying to disable my MacAfee Total Protection as well as my Ad-Aware, I ran into trouble. I followed the instructions for disabling both in the links you kindly provided, but ComboFix nevertheless told me that the processes were running. So I'm a bit confused there. Maybe it's a false alarm? Any ideas?

Thanks again.

--

Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Total Protection
McAfee Online Backup
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Java™ 6 Update 22
Java version out of date!
Adobe Flash Player 10.3.183.10 Flash Player out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox 10.0.2 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
``````````End of Log````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 AM

Posted 16 May 2012 - 02:00 PM

go ahead and shut off what you can and then run it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 zpobric

zpobric
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 16 May 2012 - 03:12 PM

OK, here is the ComboFix log.

Good news: all my icons are back on the desktop. I'm still running the computer in safemode for now, which has allowed me to access the internet while running the computer normally hasn't. (The malware won't let me connect to anything other than the website it redirects me to.) But I can definitely reboot and try to run it the regular way and see what happens, if you like.


ComboFix 12-05-16.02 - Pac 05/16/2012 15:30:07.3.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3061.2493 [GMT -4:00]
Running from: c:\users\Pac\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pac\AppData\Roaming\Adobe\plugs
c:\users\Pac\AppData\Roaming\Adobe\shed
c:\users\Pac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Fix
c:\users\Pac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Fix\Uninstall Windows Vista Fix.lnk
c:\users\Pac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Fix\Windows Vista Fix.lnk
c:\users\Pac\AppData\Roaming\OpenCloud Security
c:\users\Pac\AppData\Roaming\OpenCloud Security\ldr.ini
c:\users\Pac\AppData\Roaming\OpenCloud Security\OpenCloud Security.ico
c:\users\Pac\AppData\Roaming\Riowyb\atmiu.exe
c:\users\Pac\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 05:21 . 2012-03-31 05:21 243200 ---ha-w- c:\programdata\BYPGXhjaRabNfa.exe
2012-03-30 19:10 . 2012-03-30 19:13 315392 ---ha-w- c:\programdata\JiKJGqSIsOjjAl.exe
2012-03-20 17:11 . 2011-06-16 18:45 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-02-22 17:29 . 2011-09-21 01:14 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 17:29 . 2011-06-16 18:58 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 17:29 . 2011-06-16 18:57 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 17:29 . 2011-06-16 18:57 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 17:29 . 2011-06-16 18:57 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 17:29 . 2011-06-16 18:57 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 17:29 . 2011-06-16 18:57 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 17:29 . 2011-06-16 18:57 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 17:29 . 2011-03-13 15:20 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 17:29 . 2011-03-13 15:20 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-19 05:40 . 2011-03-24 04:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Pac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Pac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Pac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Pac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-09 39408]
"Akamai NetSession Interface"="c:\users\Pac\AppData\Local\Akamai\netsession_win.exe" [2011-11-08 3295320]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"JiKJGqSIsOjjAl.exe"="c:\programdata\JiKJGqSIsOjjAl.exe" [2012-03-30 315392]
.
c:\users\Pac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-9 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 0082501337191463mcinstcleanup;McAfee Application Installer Cleanup (0082501337191463);c:\windows\TEMP\008250~1.EXE [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 07:40]
.
2012-04-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-09 18:34]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 21:05]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 21:05]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2976853594-588204126-2646710848-1000Core.job
- c:\users\Pac\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-26 03:47]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2976853594-588204126-2646710848-1000UA.job
- c:\users\Pac\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-26 03:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: nhlnetwork.com\www
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
FF - ProfilePath - c:\users\Pac\AppData\Roaming\Mozilla\Firefox\Profiles\z8323q06.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.nytimes.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64323
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-{5AE37CC6-CBE6-EC3B-62A3-1A55F1F7F6D5} - c:\users\Pac\AppData\Roaming\Riowyb\atmiu.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Puppypictures\mbam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-16 15:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3904)
c:\users\Pac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
.
Completion time: 2012-05-16 15:51:47
ComboFix-quarantined-files.txt 2012-05-16 19:51
.
Pre-Run: 54,994,477,056 bytes free
Post-Run: 55,725,903,872 bytes free
.
- - End Of File - - 4668E0780DEA734B54A95FE756716AFE

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 AM

Posted 17 May 2012 - 01:19 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 zpobric

zpobric
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 17 May 2012 - 04:34 PM

Ok, here is the TDSSKiller report:

17:20:39.0482 2936 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
17:20:39.0693 2936 ============================================================
17:20:39.0693 2936 Current date / time: 2012/05/17 17:20:39.0693
17:20:39.0693 2936 SystemInfo:
17:20:39.0693 2936
17:20:39.0693 2936 OS Version: 6.0.6002 ServicePack: 2.0
17:20:39.0693 2936 Product type: Workstation
17:20:39.0693 2936 ComputerName: PAC-PC
17:20:39.0693 2936 UserName: Pac
17:20:39.0693 2936 Windows directory: C:\Windows
17:20:39.0693 2936 System windows directory: C:\Windows
17:20:39.0693 2936 Processor architecture: Intel x86
17:20:39.0694 2936 Number of processors: 2
17:20:39.0694 2936 Page size: 0x1000
17:20:39.0694 2936 Boot type: Safe boot with network
17:20:39.0694 2936 ============================================================
17:20:40.0215 2936 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:20:40.0217 2936 ============================================================
17:20:40.0217 2936 \Device\Harddisk0\DR0:
17:20:40.0217 2936 MBR partitions:
17:20:40.0217 2936 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1388000
17:20:40.0217 2936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C000, BlocksNum 0x1B929168
17:20:40.0249 2936 ============================================================
17:20:40.0309 2936 C: <-> \Device\Harddisk0\DR0\Partition1
17:20:40.0358 2936 D: <-> \Device\Harddisk0\DR0\Partition0
17:20:40.0358 2936 ============================================================
17:20:40.0358 2936 Initialize success
17:20:40.0358 2936 ============================================================
17:20:45.0428 2964 ============================================================
17:20:45.0428 2964 Scan started
17:20:45.0428 2964 Mode: Manual;
17:20:45.0428 2964 ============================================================
17:20:45.0964 2964 0082501337191463mcinstcleanup - ok
17:20:46.0164 2964 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:20:46.0167 2964 ACPI - ok
17:20:46.0196 2964 adfs - ok
17:20:46.0316 2964 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:20:46.0318 2964 AdobeARMservice - ok
17:20:46.0409 2964 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:20:46.0416 2964 adp94xx - ok
17:20:46.0465 2964 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:20:46.0470 2964 adpahci - ok
17:20:46.0497 2964 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:20:46.0500 2964 adpu160m - ok
17:20:46.0529 2964 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:20:46.0532 2964 adpu320 - ok
17:20:46.0606 2964 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:20:46.0621 2964 AeLookupSvc - ok
17:20:46.0688 2964 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\system32\aestsrv.exe
17:20:46.0690 2964 AESTFilters - ok
17:20:46.0782 2964 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:20:46.0787 2964 AFD - ok
17:20:46.0873 2964 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:20:46.0875 2964 agp440 - ok
17:20:46.0933 2964 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:20:46.0935 2964 aic78xx - ok
17:20:47.0346 2964 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll
17:20:47.0346 2964 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
17:20:47.0354 2964 Akamai ( HiddenFile.Multi.Generic ) - warning
17:20:47.0354 2964 Akamai - detected HiddenFile.Multi.Generic (1)
17:20:47.0457 2964 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:20:47.0458 2964 ALG - ok
17:20:47.0501 2964 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:20:47.0502 2964 aliide - ok
17:20:47.0559 2964 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:20:47.0560 2964 amdagp - ok
17:20:47.0583 2964 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:20:47.0584 2964 amdide - ok
17:20:47.0637 2964 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:20:47.0638 2964 AmdK7 - ok
17:20:47.0660 2964 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:20:47.0662 2964 AmdK8 - ok
17:20:47.0744 2964 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
17:20:47.0745 2964 ApfiltrService - ok
17:20:47.0830 2964 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:20:47.0831 2964 Appinfo - ok
17:20:47.0967 2964 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:20:47.0971 2964 Apple Mobile Device - ok
17:20:48.0042 2964 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:20:48.0044 2964 arc - ok
17:20:48.0107 2964 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:20:48.0110 2964 arcsas - ok
17:20:48.0165 2964 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:20:48.0166 2964 AsyncMac - ok
17:20:48.0192 2964 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:20:48.0193 2964 atapi - ok
17:20:48.0274 2964 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:20:48.0279 2964 AudioEndpointBuilder - ok
17:20:48.0284 2964 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:20:48.0287 2964 Audiosrv - ok
17:20:48.0313 2964 BCM42RLY (7bd70aeed0d975285a1b20bd012ebf4e) C:\Windows\system32\drivers\BCM42RLY.sys
17:20:48.0315 2964 BCM42RLY - ok
17:20:48.0466 2964 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
17:20:48.0473 2964 BCM43XX - ok
17:20:48.0554 2964 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:20:48.0554 2964 Beep - ok
17:20:48.0626 2964 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
17:20:48.0628 2964 BFE - ok
17:20:48.0747 2964 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
17:20:48.0796 2964 BITS - ok
17:20:48.0822 2964 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:20:48.0823 2964 blbdrive - ok
17:20:48.0949 2964 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:20:48.0955 2964 Bonjour Service - ok
17:20:49.0003 2964 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:20:49.0005 2964 bowser - ok
17:20:49.0070 2964 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:20:49.0071 2964 BrFiltLo - ok
17:20:49.0088 2964 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:20:49.0089 2964 BrFiltUp - ok
17:20:49.0123 2964 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:20:49.0125 2964 Browser - ok
17:20:49.0178 2964 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:20:49.0180 2964 Brserid - ok
17:20:49.0201 2964 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:20:49.0203 2964 BrSerWdm - ok
17:20:49.0217 2964 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:20:49.0218 2964 BrUsbMdm - ok
17:20:49.0234 2964 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:20:49.0250 2964 BrUsbSer - ok
17:20:49.0270 2964 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:20:49.0271 2964 BTHMODEM - ok
17:20:49.0433 2964 catchme - ok
17:20:49.0492 2964 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:20:49.0494 2964 cdfs - ok
17:20:49.0567 2964 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:20:49.0568 2964 cdrom - ok
17:20:49.0649 2964 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:20:49.0650 2964 CertPropSvc - ok
17:20:49.0712 2964 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys
17:20:49.0713 2964 cfwids - ok
17:20:49.0739 2964 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:20:49.0740 2964 circlass - ok
17:20:49.0787 2964 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:20:49.0791 2964 CLFS - ok
17:20:49.0871 2964 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:20:49.0875 2964 clr_optimization_v2.0.50727_32 - ok
17:20:49.0999 2964 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:20:50.0117 2964 clr_optimization_v4.0.30319_32 - ok
17:20:50.0157 2964 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:20:50.0158 2964 CmBatt - ok
17:20:50.0218 2964 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:20:50.0219 2964 cmdide - ok
17:20:50.0237 2964 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:20:50.0239 2964 Compbatt - ok
17:20:50.0242 2964 COMSysApp - ok
17:20:50.0249 2964 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:20:50.0251 2964 crcdisk - ok
17:20:50.0280 2964 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:20:50.0281 2964 Crusoe - ok
17:20:50.0348 2964 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
17:20:50.0350 2964 CryptSvc - ok
17:20:50.0413 2964 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:20:50.0418 2964 DcomLaunch - ok
17:20:50.0447 2964 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:20:50.0449 2964 DfsC - ok
17:20:50.0577 2964 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
17:20:50.0606 2964 DFSR - ok
17:20:50.0768 2964 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
17:20:50.0770 2964 Dhcp - ok
17:20:50.0864 2964 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:20:50.0865 2964 disk - ok
17:20:50.0937 2964 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
17:20:50.0938 2964 Dnscache - ok
17:20:51.0007 2964 DockLoginService (db29915209770d8b59654345ec2d943a) C:\Program Files\Dell\DellDock\DockLogin.exe
17:20:51.0010 2964 DockLoginService - ok
17:20:51.0044 2964 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
17:20:51.0047 2964 dot3svc - ok
17:20:51.0115 2964 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:20:51.0118 2964 DPS - ok
17:20:51.0185 2964 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:20:51.0186 2964 drmkaud - ok
17:20:51.0264 2964 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:20:51.0274 2964 DXGKrnl - ok
17:20:51.0356 2964 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
17:20:51.0360 2964 e1express - ok
17:20:51.0382 2964 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:20:51.0385 2964 E1G60 - ok
17:20:51.0413 2964 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:20:51.0414 2964 EapHost - ok
17:20:51.0500 2964 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:20:51.0503 2964 Ecache - ok
17:20:51.0578 2964 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
17:20:51.0579 2964 ElbyCDIO - ok
17:20:51.0663 2964 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:20:51.0668 2964 elxstor - ok
17:20:51.0728 2964 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
17:20:51.0737 2964 EMDMgmt - ok
17:20:51.0765 2964 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:20:51.0766 2964 ErrDev - ok
17:20:51.0850 2964 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
17:20:51.0853 2964 EventSystem - ok
17:20:51.0915 2964 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:20:51.0917 2964 exfat - ok
17:20:51.0947 2964 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:20:51.0951 2964 fastfat - ok
17:20:51.0979 2964 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:20:51.0981 2964 fdc - ok
17:20:52.0003 2964 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:20:52.0004 2964 fdPHost - ok
17:20:52.0020 2964 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:20:52.0021 2964 FDResPub - ok
17:20:52.0073 2964 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:20:52.0075 2964 FileInfo - ok
17:20:52.0095 2964 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:20:52.0096 2964 Filetrace - ok
17:20:52.0218 2964 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:20:52.0230 2964 FLEXnet Licensing Service - ok
17:20:52.0266 2964 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:20:52.0268 2964 flpydisk - ok
17:20:52.0302 2964 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:20:52.0305 2964 FltMgr - ok
17:20:52.0444 2964 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
17:20:52.0457 2964 FontCache - ok
17:20:52.0538 2964 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:20:52.0540 2964 FontCache3.0.0.0 - ok
17:20:52.0561 2964 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:20:52.0562 2964 Fs_Rec - ok
17:20:52.0578 2964 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:20:52.0580 2964 gagp30kx - ok
17:20:52.0609 2964 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:20:52.0610 2964 GEARAspiWDM - ok
17:20:52.0669 2964 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
17:20:52.0678 2964 gpsvc - ok
17:20:52.0776 2964 gupdate1c9b632447ee143 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
17:20:52.0779 2964 gupdate1c9b632447ee143 - ok
17:20:52.0803 2964 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
17:20:52.0804 2964 gupdatem - ok
17:20:52.0869 2964 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:20:52.0872 2964 gusvc - ok
17:20:52.0939 2964 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:20:52.0947 2964 HDAudBus - ok
17:20:52.0987 2964 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:20:52.0988 2964 HidBth - ok
17:20:53.0013 2964 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:20:53.0014 2964 HidIr - ok
17:20:53.0043 2964 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
17:20:53.0044 2964 hidserv - ok
17:20:53.0075 2964 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
17:20:53.0077 2964 HidUsb - ok
17:20:53.0110 2964 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:20:53.0112 2964 hkmsvc - ok
17:20:53.0132 2964 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:20:53.0134 2964 HpCISSs - ok
17:20:53.0247 2964 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:20:53.0264 2964 HSF_DPV - ok
17:20:53.0292 2964 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:20:53.0296 2964 HSXHWAZL - ok
17:20:53.0353 2964 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
17:20:53.0359 2964 HTTP - ok
17:20:53.0413 2964 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:20:53.0414 2964 i2omp - ok
17:20:53.0478 2964 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:20:53.0480 2964 i8042prt - ok
17:20:53.0597 2964 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
17:20:53.0605 2964 IAANTMON - ok
17:20:53.0657 2964 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\drivers\iastor.sys
17:20:53.0660 2964 iaStor - ok
17:20:53.0713 2964 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:20:53.0718 2964 iaStorV - ok
17:20:53.0841 2964 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:20:53.0856 2964 idsvc - ok
17:20:54.0044 2964 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:20:54.0076 2964 igfx - ok
17:20:54.0228 2964 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:20:54.0230 2964 iirsp - ok
17:20:54.0277 2964 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
17:20:54.0280 2964 IKEEXT - ok
17:20:54.0354 2964 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
17:20:54.0357 2964 IntcHdmiAddService - ok
17:20:54.0381 2964 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
17:20:54.0382 2964 intelide - ok
17:20:54.0434 2964 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:20:54.0436 2964 intelppm - ok
17:20:54.0471 2964 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:20:54.0474 2964 IPBusEnum - ok
17:20:54.0526 2964 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:20:54.0527 2964 IpFilterDriver - ok
17:20:54.0593 2964 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
17:20:54.0596 2964 iphlpsvc - ok
17:20:54.0600 2964 IpInIp - ok
17:20:54.0645 2964 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:20:54.0647 2964 IPMIDRV - ok
17:20:54.0670 2964 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:20:54.0673 2964 IPNAT - ok
17:20:54.0845 2964 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
17:20:54.0858 2964 iPod Service - ok
17:20:54.0896 2964 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:20:54.0898 2964 IRENUM - ok
17:20:54.0923 2964 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:20:54.0925 2964 isapnp - ok
17:20:54.0971 2964 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:20:54.0972 2964 iScsiPrt - ok
17:20:54.0984 2964 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:20:54.0985 2964 iteatapi - ok
17:20:55.0039 2964 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:20:55.0040 2964 iteraid - ok
17:20:55.0062 2964 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:20:55.0063 2964 kbdclass - ok
17:20:55.0114 2964 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
17:20:55.0115 2964 kbdhid - ok
17:20:55.0168 2964 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:20:55.0169 2964 KeyIso - ok
17:20:55.0208 2964 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:20:55.0215 2964 KSecDD - ok
17:20:55.0302 2964 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:20:55.0309 2964 KtmRm - ok
17:20:55.0380 2964 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
17:20:55.0404 2964 LanmanServer - ok
17:20:55.0481 2964 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
17:20:55.0497 2964 LanmanWorkstation - ok
17:20:55.0753 2964 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
17:20:55.0766 2964 Lavasoft Ad-Aware Service - ok
17:20:55.0803 2964 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
17:20:55.0804 2964 Lavasoft Kernexplorer - ok
17:20:55.0917 2964 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
17:20:55.0919 2964 Lbd - ok
17:20:55.0953 2964 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:20:55.0955 2964 lltdio - ok
17:20:55.0991 2964 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:20:55.0995 2964 lltdsvc - ok
17:20:56.0012 2964 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:20:56.0013 2964 lmhosts - ok
17:20:56.0041 2964 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:20:56.0043 2964 LSI_FC - ok
17:20:56.0063 2964 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:20:56.0066 2964 LSI_SAS - ok
17:20:56.0090 2964 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:20:56.0092 2964 LSI_SCSI - ok
17:20:56.0117 2964 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:20:56.0119 2964 luafv - ok
17:20:56.0180 2964 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
17:20:56.0182 2964 MBAMProtector - ok
17:20:56.0248 2964 MBAMService (94e920be59b9ab65d95e582dbaa136ac) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:20:56.0254 2964 MBAMService - ok
17:20:56.0283 2964 MBAMSwissArmy - ok
17:20:56.0368 2964 McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:56.0370 2964 McAfee SiteAdvisor Service - ok
17:20:56.0375 2964 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:56.0377 2964 McMPFSvc - ok
17:20:56.0381 2964 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:56.0383 2964 mcmscsvc - ok
17:20:56.0391 2964 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:56.0393 2964 McNaiAnn - ok
17:20:56.0429 2964 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:56.0431 2964 McNASvc - ok
17:20:56.0581 2964 McODS (42117cbc4849a5cf11129912dabbdeca) C:\Program Files\McAfee\VirusScan\mcods.exe
17:20:56.0587 2964 McODS - ok
17:20:56.0611 2964 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:56.0613 2964 McProxy - ok
17:20:56.0659 2964 McPvDrv (000751813ecef491689176e72b3a8bee) C:\Windows\system32\drivers\McPvDrv.sys
17:20:56.0660 2964 McPvDrv - ok
17:20:56.0726 2964 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:20:56.0729 2964 McShield - ok
17:20:56.0756 2964 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:20:56.0757 2964 mdmxsdk - ok
17:20:56.0824 2964 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:20:56.0825 2964 megasas - ok
17:20:56.0892 2964 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:20:56.0899 2964 MegaSR - ok
17:20:56.0939 2964 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys
17:20:56.0942 2964 mfeapfk - ok
17:20:57.0004 2964 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys
17:20:57.0007 2964 mfeavfk - ok
17:20:57.0071 2964 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys
17:20:57.0073 2964 mfebopk - ok
17:20:57.0116 2964 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:20:57.0117 2964 mfefire - ok
17:20:57.0165 2964 mfefirek (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys
17:20:57.0167 2964 mfefirek - ok
17:20:57.0236 2964 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys
17:20:57.0245 2964 mfehidk - ok
17:20:57.0295 2964 mfenlfk (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys
17:20:57.0296 2964 mfenlfk - ok
17:20:57.0326 2964 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\Windows\system32\drivers\mferkdet.sys
17:20:57.0328 2964 mferkdet - ok
17:20:57.0375 2964 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Windows\system32\mfevtps.exe
17:20:57.0377 2964 mfevtp - ok
17:20:57.0408 2964 mfewfpk (f284337aedb7483df8a5fa840647e2b0) C:\Windows\system32\drivers\mfewfpk.sys
17:20:57.0409 2964 mfewfpk - ok
17:20:57.0435 2964 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:20:57.0437 2964 MMCSS - ok
17:20:57.0571 2964 MOBKbackup (35176fa09a0fc58db630991a81a0ba39) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
17:20:57.0576 2964 MOBKbackup - ok
17:20:57.0595 2964 MOBKFilter (e896775837a8bce436348df460522394) C:\Windows\system32\DRIVERS\MOBK.sys
17:20:57.0597 2964 MOBKFilter - ok
17:20:57.0624 2964 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:20:57.0625 2964 Modem - ok
17:20:57.0644 2964 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:20:57.0645 2964 monitor - ok
17:20:57.0662 2964 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:20:57.0663 2964 mouclass - ok
17:20:57.0677 2964 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:20:57.0678 2964 mouhid - ok
17:20:57.0695 2964 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:20:57.0696 2964 MountMgr - ok
17:20:57.0722 2964 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:20:57.0724 2964 mpio - ok
17:20:57.0739 2964 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:20:57.0741 2964 mpsdrv - ok
17:20:57.0795 2964 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
17:20:57.0798 2964 MpsSvc - ok
17:20:57.0823 2964 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:20:57.0825 2964 Mraid35x - ok
17:20:57.0857 2964 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:20:57.0860 2964 MRxDAV - ok
17:20:57.0889 2964 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:20:57.0891 2964 mrxsmb - ok
17:20:57.0928 2964 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:20:57.0932 2964 mrxsmb10 - ok
17:20:57.0953 2964 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:20:57.0955 2964 mrxsmb20 - ok
17:20:57.0966 2964 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
17:20:57.0976 2964 msahci - ok
17:20:58.0005 2964 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:20:58.0007 2964 msdsm - ok
17:20:58.0041 2964 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:20:58.0044 2964 MSDTC - ok
17:20:58.0074 2964 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:20:58.0075 2964 Msfs - ok
17:20:58.0126 2964 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:20:58.0127 2964 msisadrv - ok
17:20:58.0158 2964 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:20:58.0162 2964 MSiSCSI - ok
17:20:58.0166 2964 msiserver - ok
17:20:58.0279 2964 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:20:58.0281 2964 MSK80Service - ok
17:20:58.0309 2964 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:20:58.0310 2964 MSKSSRV - ok
17:20:58.0359 2964 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:20:58.0360 2964 MSPCLOCK - ok
17:20:58.0372 2964 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:20:58.0373 2964 MSPQM - ok
17:20:58.0411 2964 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:20:58.0415 2964 MsRPC - ok
17:20:58.0431 2964 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:20:58.0432 2964 mssmbios - ok
17:20:58.0453 2964 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:20:58.0454 2964 MSTEE - ok
17:20:58.0476 2964 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:20:58.0478 2964 Mup - ok
17:20:58.0519 2964 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
17:20:58.0525 2964 napagent - ok
17:20:58.0569 2964 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:20:58.0572 2964 NativeWifiP - ok
17:20:58.0672 2964 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:20:58.0679 2964 NDIS - ok
17:20:58.0712 2964 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:20:58.0714 2964 NdisTapi - ok
17:20:58.0728 2964 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:20:58.0729 2964 Ndisuio - ok
17:20:58.0763 2964 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:20:58.0765 2964 NdisWan - ok
17:20:58.0782 2964 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:20:58.0784 2964 NDProxy - ok
17:20:58.0803 2964 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:20:58.0804 2964 NetBIOS - ok
17:20:58.0850 2964 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:20:58.0853 2964 netbt - ok
17:20:58.0887 2964 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:20:58.0888 2964 Netlogon - ok
17:20:58.0947 2964 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:20:58.0950 2964 Netman - ok
17:20:58.0974 2964 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:20:58.0977 2964 netprofm - ok
17:20:59.0042 2964 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:20:59.0044 2964 NetTcpPortSharing - ok
17:20:59.0084 2964 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:20:59.0088 2964 nfrd960 - ok
17:20:59.0133 2964 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:20:59.0136 2964 NlaSvc - ok
17:20:59.0162 2964 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:20:59.0163 2964 Npfs - ok
17:20:59.0171 2964 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:20:59.0173 2964 nsi - ok
17:20:59.0183 2964 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:20:59.0184 2964 nsiproxy - ok
17:20:59.0269 2964 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:20:59.0285 2964 Ntfs - ok
17:20:59.0311 2964 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:20:59.0312 2964 ntrigdigi - ok
17:20:59.0330 2964 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:20:59.0331 2964 Null - ok
17:20:59.0361 2964 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:20:59.0364 2964 nvraid - ok
17:20:59.0392 2964 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:20:59.0394 2964 nvstor - ok
17:20:59.0431 2964 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:20:59.0433 2964 nv_agp - ok
17:20:59.0438 2964 NwlnkFlt - ok
17:20:59.0444 2964 NwlnkFwd - ok
17:20:59.0596 2964 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:20:59.0605 2964 odserv - ok
17:20:59.0680 2964 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
17:20:59.0685 2964 OEM02Dev - ok
17:20:59.0697 2964 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
17:20:59.0698 2964 OEM02Vfx - ok
17:20:59.0773 2964 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:20:59.0774 2964 ohci1394 - ok
17:20:59.0861 2964 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:20:59.0888 2964 ose - ok
17:20:59.0956 2964 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:20:59.0966 2964 p2pimsvc - ok
17:20:59.0974 2964 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:20:59.0980 2964 p2psvc - ok
17:21:00.0010 2964 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:21:00.0012 2964 Parport - ok
17:21:00.0036 2964 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:21:00.0038 2964 partmgr - ok
17:21:00.0051 2964 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:21:00.0052 2964 Parvdm - ok
17:21:00.0080 2964 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:21:00.0082 2964 PcaSvc - ok
17:21:00.0127 2964 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:21:00.0130 2964 pci - ok
17:21:00.0185 2964 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:21:00.0187 2964 pciide - ok
17:21:00.0221 2964 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:21:00.0224 2964 pcmcia - ok
17:21:00.0321 2964 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:21:00.0334 2964 PEAUTH - ok
17:21:00.0466 2964 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:21:00.0488 2964 pla - ok
17:21:00.0613 2964 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
17:21:00.0616 2964 PlugPlay - ok
17:21:00.0688 2964 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:21:00.0693 2964 PNRPAutoReg - ok
17:21:00.0703 2964 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:21:00.0708 2964 PNRPsvc - ok
17:21:00.0741 2964 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
17:21:00.0744 2964 PolicyAgent - ok
17:21:00.0789 2964 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:21:00.0791 2964 PptpMiniport - ok
17:21:00.0820 2964 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:21:00.0822 2964 Processor - ok
17:21:00.0861 2964 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
17:21:00.0863 2964 ProfSvc - ok
17:21:00.0922 2964 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:21:00.0924 2964 ProtectedStorage - ok
17:21:00.0964 2964 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:21:00.0966 2964 PSched - ok
17:21:01.0055 2964 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
17:21:01.0057 2964 PxHelp20 - ok
17:21:01.0173 2964 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:21:01.0189 2964 ql2300 - ok
17:21:01.0221 2964 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:21:01.0223 2964 ql40xx - ok
17:21:01.0277 2964 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:21:01.0282 2964 QWAVE - ok
17:21:01.0306 2964 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:21:01.0307 2964 QWAVEdrv - ok
17:21:01.0489 2964 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
17:21:01.0524 2964 R300 - ok
17:21:01.0658 2964 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:21:01.0659 2964 RasAcd - ok
17:21:01.0689 2964 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:21:01.0692 2964 RasAuto - ok
17:21:01.0741 2964 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:21:01.0743 2964 Rasl2tp - ok
17:21:01.0781 2964 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
17:21:01.0787 2964 RasMan - ok
17:21:01.0814 2964 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:21:01.0816 2964 RasPppoe - ok
17:21:01.0843 2964 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:21:01.0845 2964 RasSstp - ok
17:21:01.0874 2964 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:21:01.0877 2964 rdbss - ok
17:21:01.0897 2964 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:21:01.0899 2964 RDPCDD - ok
17:21:01.0923 2964 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:21:01.0927 2964 rdpdr - ok
17:21:01.0932 2964 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:21:01.0933 2964 RDPENCDD - ok
17:21:01.0973 2964 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
17:21:01.0976 2964 RDPWD - ok
17:21:02.0000 2964 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:21:02.0002 2964 RemoteAccess - ok
17:21:02.0035 2964 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
17:21:02.0038 2964 RemoteRegistry - ok
17:21:02.0106 2964 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
17:21:02.0107 2964 rimmptsk - ok
17:21:02.0129 2964 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
17:21:02.0130 2964 rimsptsk - ok
17:21:02.0144 2964 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
17:21:02.0146 2964 rismxdp - ok
17:21:02.0163 2964 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:21:02.0165 2964 RpcLocator - ok
17:21:02.0223 2964 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
17:21:02.0228 2964 RpcSs - ok
17:21:02.0252 2964 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:21:02.0254 2964 rspndr - ok
17:21:02.0286 2964 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:21:02.0288 2964 SamSs - ok
17:21:02.0317 2964 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:21:02.0319 2964 sbp2port - ok
17:21:02.0350 2964 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
17:21:02.0354 2964 SCardSvr - ok
17:21:02.0422 2964 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
17:21:02.0432 2964 Schedule - ok
17:21:02.0470 2964 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:21:02.0471 2964 SCPolicySvc - ok
17:21:02.0514 2964 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
17:21:02.0516 2964 sdbus - ok
17:21:02.0554 2964 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:21:02.0557 2964 SDRSVC - ok
17:21:02.0570 2964 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:21:02.0571 2964 secdrv - ok
17:21:02.0583 2964 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:21:02.0585 2964 seclogon - ok
17:21:02.0605 2964 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
17:21:02.0607 2964 SENS - ok
17:21:02.0638 2964 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:21:02.0640 2964 Serenum - ok
17:21:02.0667 2964 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:21:02.0669 2964 Serial - ok
17:21:02.0684 2964 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:21:02.0686 2964 sermouse - ok
17:21:02.0714 2964 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:21:02.0718 2964 SessionEnv - ok
17:21:02.0723 2964 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
17:21:02.0724 2964 sffdisk - ok
17:21:02.0737 2964 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:21:02.0738 2964 sffp_mmc - ok
17:21:02.0773 2964 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:21:02.0775 2964 sffp_sd - ok
17:21:02.0790 2964 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:21:02.0800 2964 sfloppy - ok
17:21:02.0843 2964 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:21:02.0848 2964 SharedAccess - ok
17:21:02.0883 2964 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
17:21:02.0886 2964 ShellHWDetection - ok
17:21:02.0900 2964 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:21:02.0901 2964 sisagp - ok
17:21:02.0922 2964 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:21:02.0923 2964 SiSRaid2 - ok
17:21:02.0947 2964 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:21:02.0950 2964 SiSRaid4 - ok
17:21:03.0161 2964 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
17:21:03.0215 2964 slsvc - ok
17:21:03.0326 2964 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
17:21:03.0329 2964 SLUINotify - ok
17:21:03.0393 2964 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:21:03.0395 2964 Smb - ok
17:21:03.0467 2964 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:21:03.0470 2964 SNMPTRAP - ok
17:21:03.0497 2964 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:21:03.0499 2964 spldr - ok
17:21:03.0563 2964 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
17:21:03.0567 2964 Spooler - ok
17:21:03.0674 2964 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
17:21:03.0678 2964 sprtsvc_DellSupportCenter - ok
17:21:03.0734 2964 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:21:03.0740 2964 srv - ok
17:21:03.0776 2964 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:21:03.0779 2964 srv2 - ok
17:21:03.0809 2964 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:21:03.0812 2964 srvnet - ok
17:21:03.0839 2964 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:21:03.0843 2964 SSDPSRV - ok
17:21:03.0896 2964 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:21:03.0900 2964 SstpSvc - ok
17:21:03.0932 2964 STacSV (7e6dd4b34acd36af6c711d2bde91b040) C:\Windows\system32\STacSV.exe
17:21:03.0935 2964 STacSV - ok
17:21:04.0007 2964 Steam Client Service - ok
17:21:04.0081 2964 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
17:21:04.0086 2964 STHDA - ok
17:21:04.0138 2964 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
17:21:04.0146 2964 stisvc - ok
17:21:04.0235 2964 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
17:21:04.0238 2964 stllssvr - ok
17:21:04.0288 2964 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:21:04.0288 2964 swenum - ok
17:21:04.0754 2964 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
17:21:04.0884 2964 swprv - ok
17:21:04.0991 2964 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:21:04.0999 2964 Symc8xx - ok
17:21:05.0054 2964 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:21:05.0055 2964 Sym_hi - ok
17:21:05.0111 2964 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:21:05.0112 2964 Sym_u3 - ok
17:21:05.0808 2964 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
17:21:06.0049 2964 SysMain - ok
17:21:06.0176 2964 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:21:06.0190 2964 TabletInputService - ok
17:21:06.0790 2964 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
17:21:06.0799 2964 TapiSrv - ok
17:21:06.0962 2964 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:21:06.0964 2964 TBS - ok
17:21:07.0630 2964 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:21:07.0637 2964 Tcpip - ok
17:21:07.0678 2964 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:21:07.0691 2964 Tcpip6 - ok
17:21:07.0760 2964 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:21:07.0762 2964 tcpipreg - ok
17:21:07.0793 2964 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:21:07.0795 2964 TDPIPE - ok
17:21:07.0814 2964 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:21:07.0816 2964 TDTCP - ok
17:21:07.0857 2964 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:21:07.0860 2964 tdx - ok
17:21:07.0927 2964 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:21:07.0927 2964 TermDD - ok
17:21:09.0490 2964 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
17:21:09.0499 2964 TermService - ok
17:21:09.0549 2964 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
17:21:09.0552 2964 Themes - ok
17:21:09.0577 2964 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:21:09.0578 2964 THREADORDER - ok
17:21:09.0610 2964 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:21:09.0614 2964 TrkWks - ok
17:21:09.0685 2964 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
17:21:09.0686 2964 TrustedInstaller - ok
17:21:09.0760 2964 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:21:09.0761 2964 tssecsrv - ok
17:21:09.0774 2964 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:21:09.0775 2964 tunmp - ok
17:21:09.0817 2964 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:21:09.0818 2964 tunnel - ok
17:21:09.0842 2964 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:21:09.0844 2964 uagp35 - ok
17:21:09.0888 2964 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:21:09.0892 2964 udfs - ok
17:21:09.0953 2964 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:21:09.0956 2964 UI0Detect - ok
17:21:09.0974 2964 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:21:09.0989 2964 uliagpkx - ok
17:21:10.0042 2964 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:21:10.0054 2964 uliahci - ok
17:21:10.0081 2964 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:21:10.0083 2964 UlSata - ok
17:21:10.0108 2964 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:21:10.0111 2964 ulsata2 - ok
17:21:10.0137 2964 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:21:10.0138 2964 umbus - ok
17:21:10.0170 2964 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:21:10.0176 2964 upnphost - ok
17:21:10.0250 2964 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
17:21:10.0251 2964 USBAAPL - ok
17:21:10.0310 2964 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:21:10.0312 2964 usbccgp - ok
17:21:10.0349 2964 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:21:10.0351 2964 usbcir - ok
17:21:10.0388 2964 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:21:10.0389 2964 usbehci - ok
17:21:10.0434 2964 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:21:10.0438 2964 usbhub - ok
17:21:10.0486 2964 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:21:10.0488 2964 usbohci - ok
17:21:10.0516 2964 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:21:10.0517 2964 usbprint - ok
17:21:10.0534 2964 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:21:10.0535 2964 USBSTOR - ok
17:21:10.0554 2964 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:21:10.0555 2964 usbuhci - ok
17:21:10.0585 2964 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
17:21:10.0588 2964 UxSms - ok
17:21:10.0618 2964 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
17:21:10.0619 2964 VClone - ok
17:21:10.0662 2964 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
17:21:10.0670 2964 vds - ok
17:21:10.0697 2964 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:21:10.0699 2964 vga - ok
17:21:10.0718 2964 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:21:10.0720 2964 VgaSave - ok
17:21:10.0745 2964 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:21:10.0747 2964 viaagp - ok
17:21:10.0772 2964 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:21:10.0774 2964 ViaC7 - ok
17:21:10.0800 2964 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:21:10.0801 2964 viaide - ok
17:21:10.0819 2964 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:21:10.0821 2964 volmgr - ok
17:21:10.0863 2964 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:21:10.0868 2964 volmgrx - ok
17:21:10.0914 2964 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:21:10.0918 2964 volsnap - ok
17:21:10.0954 2964 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:21:10.0957 2964 vsmraid - ok
17:21:11.0044 2964 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
17:21:11.0061 2964 VSS - ok
17:21:11.0097 2964 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
17:21:11.0103 2964 W32Time - ok
17:21:11.0157 2964 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:21:11.0158 2964 WacomPen - ok
17:21:11.0176 2964 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:21:11.0178 2964 Wanarp - ok
17:21:11.0183 2964 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:21:11.0184 2964 Wanarpv6 - ok
17:21:11.0230 2964 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
17:21:11.0238 2964 wcncsvc - ok
17:21:11.0273 2964 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:21:11.0276 2964 WcsPlugInService - ok
17:21:11.0282 2964 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:21:11.0284 2964 Wd - ok
17:21:11.0336 2964 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
17:21:11.0337 2964 WDC_SAM - ok
17:21:11.0375 2964 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:21:11.0383 2964 Wdf01000 - ok
17:21:11.0413 2964 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:21:11.0416 2964 WdiServiceHost - ok
17:21:11.0420 2964 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:21:11.0423 2964 WdiSystemHost - ok
17:21:11.0470 2964 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
17:21:11.0474 2964 WebClient - ok
17:21:11.0502 2964 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:21:11.0507 2964 Wecsvc - ok
17:21:11.0519 2964 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:21:11.0522 2964 wercplsupport - ok
17:21:11.0547 2964 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
17:21:11.0551 2964 WerSvc - ok
17:21:11.0621 2964 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:21:11.0632 2964 winachsf - ok
17:21:11.0717 2964 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
17:21:11.0721 2964 WinDefend - ok
17:21:11.0728 2964 WinHttpAutoProxySvc - ok
17:21:11.0792 2964 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
17:21:11.0794 2964 Winmgmt - ok
17:21:11.0898 2964 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:21:11.0916 2964 WinRM - ok
17:21:11.0980 2964 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
17:21:11.0986 2964 Wlansvc - ok
17:21:11.0994 2964 wltrysvc - ok
17:21:12.0051 2964 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:21:12.0052 2964 WmiAcpi - ok
17:21:12.0129 2964 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
17:21:12.0132 2964 wmiApSrv - ok
17:21:12.0238 2964 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:21:12.0252 2964 WMPNetworkSvc - ok
17:21:12.0288 2964 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
17:21:12.0292 2964 WPCSvc - ok
17:21:12.0325 2964 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
17:21:12.0329 2964 WPDBusEnum - ok
17:21:12.0388 2964 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:21:12.0390 2964 WpdUsb - ok
17:21:12.0557 2964 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:21:12.0568 2964 WPFFontCache_v0400 - ok
17:21:12.0589 2964 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:21:12.0590 2964 ws2ifsl - ok
17:21:12.0622 2964 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
17:21:12.0625 2964 wscsvc - ok
17:21:12.0630 2964 WSearch - ok
17:21:12.0771 2964 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
17:21:12.0802 2964 wuauserv - ok
17:21:12.0954 2964 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:21:12.0956 2964 WUDFRd - ok
17:21:12.0987 2964 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:21:12.0990 2964 wudfsvc - ok
17:21:13.0018 2964 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
17:21:13.0019 2964 XAudio - ok
17:21:13.0058 2964 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
17:21:13.0065 2964 XAudioService - ok
17:21:13.0098 2964 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
17:21:13.0103 2964 yukonwlh - ok
17:21:13.0123 2964 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
17:21:13.0366 2964 \Device\Harddisk0\DR0 - ok
17:21:13.0380 2964 Boot (0x1200) (1c87bb41b794aa77b498067de1159056) \Device\Harddisk0\DR0\Partition0
17:21:13.0382 2964 \Device\Harddisk0\DR0\Partition0 - ok
17:21:13.0386 2964 Boot (0x1200) (f805fa144e726ceaa4cf9a250587b283) \Device\Harddisk0\DR0\Partition1
17:21:13.0387 2964 \Device\Harddisk0\DR0\Partition1 - ok
17:21:13.0389 2964 ============================================================
17:21:13.0389 2964 Scan finished
17:21:13.0389 2964 ============================================================
17:21:13.0403 2956 Detected object count: 1
17:21:13.0403 2956 Actual detected object count: 1
17:21:44.0790 2956 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
17:21:44.0790 2956 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

And the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-17 17:25:20
-----------------------------
17:25:20.899 OS Version: Windows 6.0.6002 Service Pack 2
17:25:20.899 Number of processors: 2 586 0xF0D
17:25:20.900 ComputerName: PAC-PC UserName: Pac
17:25:21.621 Initialize success
17:25:26.698 AVAST engine defs: 12051701
17:25:27.957 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:25:27.960 Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
17:25:27.989 Disk 0 MBR read successfully
17:25:27.996 Disk 0 MBR scan
17:25:28.011 Disk 0 Windows VISTA default MBR code
17:25:28.015 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
17:25:28.035 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
17:25:28.059 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 225874 MB offset 20561920
17:25:28.074 Disk 0 Partition - 00 0F Extended LBA 2559 MB offset 483153920
17:25:28.123 Disk 0 Partition 4 00 DD MSDOS5.0 2558 MB offset 483155968
17:25:28.142 Disk 0 scanning sectors +488394752
17:25:28.322 Disk 0 scanning C:\Windows\system32\drivers
17:25:39.921 Service scanning
17:26:11.727 Modules scanning
17:26:17.851 Disk 0 trace - called modules:
17:26:17.885 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
17:26:17.892 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863a38a0]
17:26:17.899 3 CLASSPNP.SYS[8abbe8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85930028]
17:26:19.160 AVAST engine scan C:\Windows
17:26:22.826 AVAST engine scan C:\Windows\system32
17:29:43.031 AVAST engine scan C:\Windows\system32\drivers
17:29:56.700 AVAST engine scan C:\Users\Pac
17:34:25.538 Disk 0 MBR has been saved successfully to "C:\Users\Pac\Desktop\MBR.dat"
17:34:25.564 The log file has been saved successfully to "C:\Users\Pac\Desktop\aswMBR.txt"

Thanks again.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 AM

Posted 17 May 2012 - 09:53 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\Ask.com

File::
c:\programdata\BYPGXhjaRabNfa.exe
c:\programdata\JiKJGqSIsOjjAl.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 zpobric

zpobric
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 18 May 2012 - 11:11 PM

Hi Gringo --

I'm having some trouble with this. I've tried to run it several times, restarting the computer between each run and making sure all my antivirus software is off, and for some reason, each time I run it, something different happens. Sometimes I get error messages that say "Error opening file for writing" with the options of "ignore," "abort," or "retry" and other times it doesn't give me the message. Either way, I get no log to give you. Any ideas?

Best,
Pac

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 AM

Posted 19 May 2012 - 12:18 AM

Hello

Ok lets try this, I want you to run the combofix script in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 zpobric

zpobric
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 19 May 2012 - 06:53 PM

OK. log is below.

I'm running into a bit of trouble overall. After the can was finished, I tried to open my FireFox but got this warning: "Illegal operation attempted on a registry key that has been marked for deletion." I've gotten it before, since beginning this process. Rebooting the computer fixes the problem, but I figured it was worth a mention anyway.

Computer is still running a bit slowly, with my FireFox sometimes ceasing to respond, although it comes back to life after a few seconds. But none of that is news at all. I suppose that could be owing to any of issues I had before the virus.

Thanks.

--

ComboFix 12-05-17.08 - Pac 05/19/2012 12:35:40.3.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3061.2493 [GMT -4:00]
Running from: c:\users\Pac\Desktop\ComboFix.exe
Command switches used :: c:\users\Pac\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\BYPGXhjaRabNfa.exe"
"c:\programdata\JiKJGqSIsOjjAl.exe"
.
/wow section - STAGE 48
SED: can't read CuRun.dmp: No such file or directory
SED: can't read CuRun.dmp: No such file or directory
SED: can't read CuRun.dmp: No such file or directory
SED: can't read CuRun.dmp: No such file or directory
.
/wow section - STAGE 50
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 17:39 . 2012-05-19 17:46 -------- d-----w- c:\users\Pac\AppData\Local\temp
2012-05-19 17:39 . 2012-05-19 17:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-19 17:39 . 2012-05-19 17:39 -------- d-----w- c:\users\Default\AppData\Local\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 17:11 . 2011-06-16 18:45 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-02-22 17:29 . 2011-09-21 01:14 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 17:29 . 2011-06-16 18:58 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 17:29 . 2011-06-16 18:57 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 17:29 . 2011-06-16 18:57 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 17:29 . 2011-06-16 18:57 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 17:29 . 2011-06-16 18:57 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 17:29 . 2011-06-16 18:57 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 17:29 . 2011-06-16 18:57 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 17:29 . 2011-03-13 15:20 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 17:29 . 2011-03-13 15:20 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-19 05:40 . 2011-03-24 04:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Pac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Pac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Pac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Pac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-09 39408]
"Akamai NetSession Interface"="c:\users\Pac\AppData\Local\Akamai\netsession_win.exe" [2011-11-08 3295320]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
c:\users\Pac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-9 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 0082501337191463mcinstcleanup;McAfee Application Installer Cleanup (0082501337191463);c:\windows\TEMP\008250~1.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 07:40]
.
2012-04-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-09 18:34]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 21:05]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 21:05]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2976853594-588204126-2646710848-1000Core.job
- c:\users\Pac\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-26 03:47]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2976853594-588204126-2646710848-1000UA.job
- c:\users\Pac\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-26 03:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: nhlnetwork.com\www
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
FF - ProfilePath - c:\users\Pac\AppData\Roaming\Mozilla\Firefox\Profiles\z8323q06.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - www.nytimes.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64323
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
scanning hidden processes ...
.
[0] 0x4C004C00
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4424)
c:\users\Pac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Lavasoft\Ad-Aware\AAWService.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\windows\system32\mfevtps.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\McAfee Online Backup\MOBKbackup.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\McAfee Online Backup\MOBKbackup.exe
c:\windows\system32\vssvc.exe
c:\program files\McAfee Online Backup\MOBKbackup.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2012-05-19 13:53:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-19 17:53
ComboFix2.txt 2012-05-18 03:51
ComboFix3.txt 2012-05-16 19:51
.
Pre-Run: 55,514,959,872 bytes free
Post-Run: 55,524,958,208 bytes free
.
- - End Of File - - 53E749F3BD062843C48764A650FD4807

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 AM

Posted 19 May 2012 - 08:14 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 zpobric

zpobric
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 19 May 2012 - 11:49 PM

OK, here are the logs:

OTL Extras logfile created on: 5/20/2012 12:42:23 AM - Run 5
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Pac\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 73.56% Memory free
6.17 Gb Paging File | 5.64 Gb Available in Paging File | 91.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.58 Gb Total Space | 50.88 Gb Free Space | 23.07% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.83 Gb Free Space | 49.48% Space Free | Partition Type: NTFS

Computer Name: PAC-PC | User Name: Pac | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2976853594-588204126-2646710848-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.chm [@ = chm.file] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13B3A38C-CBC3-4FA3-AA4E-4481D6822E0B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{1EB7B0D9-BFBB-4131-881B-2A559CA68599}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3C04809D-6F61-4F38-AB9E-7E1F69CB4188}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4DD52BA0-C24C-4712-BF7C-891925BAED66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{59936863-D184-4E10-9867-F50ACF3F531E}" = lport=137 | protocol=17 | dir=in | app=system |
"{61DC2634-BE84-43C0-8C7E-C452DBF8AC9A}" = rport=138 | protocol=17 | dir=out | app=system |
"{658C6787-7F83-4D84-8735-FDFF0D08EAE3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6A3B8CBA-ADBF-48E1-A0F8-6B9720764AAE}" = lport=445 | protocol=6 | dir=in | app=system |
"{6C2379AA-3F80-4700-8AC1-6E7FBB5FE2B4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6EDA790C-10EB-43E4-91D4-E0DE1868A2F0}" = lport=138 | protocol=17 | dir=in | app=system |
"{7B954540-90B4-484A-8A2A-75EC5142D914}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{88533DD5-6EF6-4DE0-BE0B-5441AD36683A}" = rport=445 | protocol=6 | dir=out | app=system |
"{A1CB521C-E534-4F51-A253-2F4C6631FA03}" = lport=139 | protocol=6 | dir=in | app=system |
"{A950D2F2-3553-4B0B-8753-1632B4F951F4}" = rport=139 | protocol=6 | dir=out | app=system |
"{CA240090-161D-4808-A24E-36F701C126E1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CCCC44A3-565A-442E-8341-8E869D2C3B7E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D03E44A9-D227-4639-8B95-745D7C7AE648}" = rport=137 | protocol=17 | dir=out | app=system |
"{D38DED0A-03C2-465D-84BB-CD308EA3315C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DFE8B6F2-A2E6-4E6A-8567-34027C2B5485}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F7C15DE0-1E4A-4574-BECB-828AD1FC9DEE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066E286D-9825-43B5-B9FC-7DB4D259F3A8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{0750EF4E-9F5D-4288-8905-0397A35E5AF6}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{0787CFF1-013C-4318-8BD7-0BBAC31AC01D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\zpobric\day of defeat\hl.exe |
"{07B1A047-7745-4B31-A73B-06918605F777}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{10B6FE2E-1615-4A8E-ABCC-B1865240F7C6}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{1A0893C5-6E54-42B3-9943-ED0451A1A9F3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1FA5180B-4247-4870-BD0A-8DE7291D8B2D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{226C716B-06A5-4A78-B7EE-FFB8AA037B92}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{22D1D268-5868-48D7-A1A6-887A74FA39B7}" = protocol=17 | dir=in | app=c:\users\pac\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{237816FF-C364-4D30-9968-1A120C970C02}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{26FA70DC-9FC6-483C-B13F-845D5E81B2A6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{27822FE1-47A6-4E72-844D-95496DC4D8DD}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{2CAC950A-2DC2-41D3-A32E-9C0E11F05242}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{2CC1942D-804C-403D-94F9-43955EE9D0CB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\zpobric\team fortress classic\hl.exe |
"{3E073BB4-A8E4-4910-BE7F-E8EA3753B064}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4A39D6FC-67D6-4781-9C45-4A0C43CFC3AE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4C140C82-750D-4F29-BAF7-3251DB31864A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{4E546C56-2126-4FE6-A79D-81BC939A82BF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{51CDC821-61B6-4902-B11A-299622E02204}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{5205E30F-52FA-4D4A-9547-AF38318EE3EE}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{52368DB1-5547-4866-97CC-1E00AEB42820}" = protocol=17 | dir=in | app=c:\users\pac\appdata\local\akamai\netsession_win.exe |
"{59513488-5ED6-4BC5-B27E-52065DBA4701}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\zpobric\day of defeat\hl.exe |
"{5E83D52E-250D-4AD3-9103-73FEC3F1A218}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{61AD5D76-14B2-439E-9B44-E07B1B56F769}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{6241CB4C-B2B7-475E-B153-225B9E48C17E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{630545B5-9E0A-4149-9B59-B103D553206A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6DAC62E6-015C-4E58-86F6-E1377084E1F4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{752F0941-17D5-4BB8-B342-56CBC11B65C4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{77B55B9B-79DF-435E-AB5A-394589B08422}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{7C9FAD48-C945-4071-92F3-A189F6A58D9A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\zpobric\team fortress classic\hl.exe |
"{83B9C7F5-D38E-487D-A0C5-0A88BC83686E}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{853995EB-9CB4-44AE-9FB3-DB0F682C9380}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{8E5FF82C-C726-49A6-9735-F57B01D0D07A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{906BC004-49C9-46B6-BAFB-1EA198857448}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9FBE1FD2-BE33-4B7E-BADA-4C38CF4617CB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A4A082D2-84A1-4202-A307-F7DD7234224A}" = protocol=6 | dir=in | app=c:\users\pac\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A77A4EDC-908A-43B5-AFC7-69F35BEE6F35}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\zpobric\day of defeat\hl.exe |
"{AC1B92DB-4569-4EE8-98DB-37A0DA8AAC09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BE0FC79D-0677-4AD9-9963-FF98EE8BCDAC}" = protocol=6 | dir=in | app=c:\users\pac\appdata\local\akamai\netsession_win.exe |
"{C6C920C9-D26C-46DE-9BD9-7B26D406B8D4}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D37BF0F5-6755-4D55-9EA4-E2760FCEC489}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{D4C5E251-89E8-42B6-8C21-B8D93517BB42}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D8A1B5BD-0A4D-428D-858F-ABE088EB8444}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{DA54231A-71DF-45CF-BB48-EF5D0BFADA2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DAB17E14-77B6-4983-9AEC-46185DAF22BB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DF06282B-0B4C-46F4-8371-221C84B33A13}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{EA075A89-C71F-4C23-A22C-F690CE8C2034}" = protocol=17 | dir=in | app=c:\users\pac\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F07781A5-1D78-4F6F-B94E-A4E59891EF66}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\zpobric\day of defeat\hl.exe |
"{F3A51679-97D2-47CF-959F-36F6307E116E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F98CC04E-C405-40F0-8079-B5B9B2586F6D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{FA3A23C8-9C8A-418F-B70B-E82D38CD5A5F}" = protocol=6 | dir=in | app=c:\users\pac\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{FA54A6BC-3153-4BA1-B359-447171826DF4}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"TCP Query User{0350A0CD-8416-4AAF-9D47-55B97DD39F04}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{17CFB2BA-0F26-4321-B824-3F55E9E97C4D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C3BD4193-02D2-48D1-9BEF-3A5DD0C5EE5C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B2A8B4F6-CFCB-4E9D-8DBD-7B5628A8E801}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{B84CD1CF-B99B-4A57-B2D4-EFE435F70597}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CB13F662-4E2F-4FA1-81F4-53239E7E19BB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{2767CB8D-5023-4856-925C-BD1985428EED}" = Brother HL-2040
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{614F6133-1897-3CB9-859A-F2A19FBE8D4A}" = Google Talk Plugin
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{85195381-0426-4715-8D25-E21B9457FC00}" = Ad-Aware
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F5DBA0C-5923-49ED-B868-BA0AAB7FABE2}" = ALEKS Plugin 3.9
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"7-Zip" = 7-Zip 4.64
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Akamai" = Akamai NetSession Interface Service
"BN_DesktopReader" = NOOK for PC
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"FL Studio_is1" = FL Studio v7.0
"Foxit Reader" = Foxit Reader
"Google Updater" = Google Updater
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MSC" = McAfee Total Protection
"NeuLion Adaptive Plugin" = NeuLion Adaptive Plugin
"PROPLUS" = Microsoft Office Professional Plus 2007
"Steam App 20" = Team Fortress Classic
"Steam App 30" = Day of Defeat
"Veetle TV" = Veetle TV 0.9.18
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2976853594-588204126-2646710848-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.5.0.457
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2011 10:45:14 PM | Computer Name = Pac-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3692 (0xe6c) Thread address : 0x77075CA4 Thread message : Build VSCORE.14.4.0.353
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\Common
Files\McAfee\SystemCore\mfebopa.dll by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 10/10/2011 10:45:14 PM | Computer Name = Pac-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3556 (0xde4) Thread address : 0x77075CA4 Thread message : Build VSCORE.14.4.0.353
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files\Common
Files\McAfee\SystemCore\mfebopa.dll by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 10/11/2011 1:07:30 AM | Computer Name = Pac-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/11/2011 6:12:09 PM | Computer Name = Pac-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 7.0.1.4288 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1770 Start Time: 01cc87d732bece8e Termination Time: 2609

Error - 10/12/2011 3:34:27 AM | Computer Name = Pac-PC | Source = Bonjour Service | ID = 100
Description = 376: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/12/2011 3:34:27 AM | Computer Name = Pac-PC | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/12/2011 3:34:27 AM | Computer Name = Pac-PC | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/12/2011 3:34:27 AM | Computer Name = Pac-PC | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/12/2011 3:40:38 AM | Computer Name = Pac-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2011 3:43:17 AM | Computer Name = Pac-PC | Source = VSS | ID = 8194
Description =

[ Broadcom Wireless LAN Events ]
Error - 7/15/2011 9:12:55 AM | Computer Name = Pac-PC | Source = WLAN-Tray | ID = 0
Description = 09:12:55, Fri, Jul 15, 11 Error - User "" does not have administrative
privileges on this system

Error - 7/15/2011 9:12:55 AM | Computer Name = Pac-PC | Source = WLAN-Tray | ID = 0
Description = 09:12:55, Fri, Jul 15, 11 Error - User "" does not have administrative
privileges on this system

Error - 8/1/2011 7:47:19 PM | Computer Name = Pac-PC | Source = WLAN-Tray | ID = 0
Description = 19:47:19, Mon, Aug 01, 11 Error - User "" does not have administrative
privileges on this system

Error - 8/2/2011 1:21:20 PM | Computer Name = Pac-PC | Source = WLAN-Tray | ID = 0
Description = 13:21:20, Tue, Aug 02, 11 Error - User "" does not have administrative
privileges on this system

Error - 8/11/2011 5:33:47 PM | Computer Name = Pac-PC | Source = WLAN-Tray | ID = 0
Description = 17:33:47, Thu, Aug 11, 11 Error - User "" does not have administrative
privileges on this system

Error - 10/4/2011 10:45:21 PM | Computer Name = Pac-PC | Source = WLAN-Tray | ID = 0
Description = 22:45:21, Tue, Oct 04, 11 Error - Unable to decrypt string

Error - 10/22/2011 2:28:21 PM | Computer Name = Pac-PC | Source = WLAN-Tray | ID = 0
Description = 14:28:21, Sat, Oct 22, 11 Error - User "" does not have administrative
privileges on this system

Error - 10/27/2011 8:32:17 AM | Computer Name = Pac-PC | Source = WLAN-Tray | ID = 0
Description = 08:32:17, Thu, Oct 27, 11 Error - User "" does not have administrative
privileges on this system

Error - 5/19/2012 1:42:06 PM | Computer Name = Pac-PC | Source = WLAN-Tray | ID = 0
Description = 13:42:05, Sat, May 19, 12 Error - Unable to gain access to user store


Error - 5/20/2012 12:23:58 AM | Computer Name = Pac-PC | Source = WLAN-Tray | ID = 0
Description = 00:23:58, Sun, May 20, 12 Error - User "" does not have administrative
privileges on this system

[ OSession Events ]
Error - 1/14/2010 11:37:18 PM | Computer Name = Pac-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8758
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/19/2012 7:46:42 PM | Computer Name = Pac-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.10
on the Network Card with network address 0023AE0B3C54.

Error - 5/20/2012 12:23:50 AM | Computer Name = Pac-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 74.89.123.180 for the Network Card with network
address 0023AE0B3C54 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/20/2012 12:25:57 AM | Computer Name = Pac-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 5/20/2012 12:26:19 AM | Computer Name = Pac-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/20/2012 12:26:19 AM | Computer Name = Pac-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 5/20/2012 12:30:19 AM | Computer Name = Pac-PC | Source = DCOM | ID = 10005
Description =

Error - 5/20/2012 12:31:51 AM | Computer Name = Pac-PC | Source = DCOM | ID = 10005
Description =

Error - 5/20/2012 12:31:58 AM | Computer Name = Pac-PC | Source = DCOM | ID = 10005
Description =

Error - 5/20/2012 12:32:03 AM | Computer Name = Pac-PC | Source = DCOM | ID = 10005
Description =

Error - 5/20/2012 12:35:11 AM | Computer Name = Pac-PC | Source = DCOM | ID = 10005
Description =


< End of report >

--

OTL logfile created on: 5/20/2012 12:42:23 AM - Run 5
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Pac\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 73.56% Memory free
6.17 Gb Paging File | 5.64 Gb Available in Paging File | 91.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.58 Gb Total Space | 50.88 Gb Free Space | 23.07% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.83 Gb Free Space | 49.48% Space Free | Partition Type: NTFS

Computer Name: PAC-PC | User Name: Pac | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Pac\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe ()
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()


========== Win32 Services (SafeList) ==========

SRV - (0082501337191463mcinstcleanup) McAfee Application Installer Cleanup (0082501337191463) -- C:\Windows\TEMP\008250~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini File not found
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_6c825ce.dll ()
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\system32\drivers\mbamswissarmy.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (adfs) -- File not found
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (McPvDrv) -- C:\Windows\System32\drivers\McPvDrv.sys (McAfee, Inc.)
DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS


IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2976853594-588204126-2646710848-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2976853594-588204126-2646710848-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-2976853594-588204126-2646710848-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2976853594-588204126-2646710848-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2976853594-588204126-2646710848-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DKUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2976853594-588204126-2646710848-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-2976853594-588204126-2646710848-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2976853594-588204126-2646710848-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "YouTube Video Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.nytimes.com"
FF - prefs.js..extensions.enabledItems: {86009AEF-9162-4EBC-B698-FF71D7B6B049}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.google.com/search?hl=en-GB&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 64323
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@neulion.com/npadaptiveplugin: C:\Users\Pac\AppData\Roaming\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll ( )
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Pac\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@neulion.com/npadaptiveplugin: C:\Users\Pac\AppData\Roaming\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Pac\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Pac\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pac\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pac\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Pac\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/29 20:57:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/05/19 19:43:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/25 23:52:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/06 16:20:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4AA8A5B8-CE6B-4E0B-AE51-AB78D849ED19}: C:\Users\Pac\AppData\Local\{4AA8A5B8-CE6B-4E0B-AE51-AB78D849ED19}\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D20835EB-35D3-4736-9A15-E7AF57889C37}: C:\Users\Pac\AppData\Local\{D20835EB-35D3-4736-9A15-E7AF57889C37} [2012/03/25 23:52:16 | 000,000,000 | ---D | M]

[2010/05/31 18:31:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pac\AppData\Roaming\Mozilla\Extensions
[2012/05/15 13:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pac\AppData\Roaming\Mozilla\Firefox\Profiles\z8323q06.default\extensions
[2012/03/25 23:52:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pac\AppData\Roaming\Mozilla\Firefox\Profiles\z8323q06.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/25 23:52:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Pac\AppData\Roaming\Mozilla\Firefox\Profiles\z8323q06.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/03/26 11:26:09 | 000,001,963 | ---- | M] () -- C:\Users\Pac\AppData\Roaming\Mozilla\Firefox\Profiles\z8323q06.default\searchplugins\de-en-beolingus-1.xml
[2011/04/19 14:22:12 | 000,001,963 | ---- | M] () -- C:\Users\Pac\AppData\Roaming\Mozilla\Firefox\Profiles\z8323q06.default\searchplugins\de-en-beolingus.xml
[2010/06/01 19:32:08 | 000,002,043 | ---- | M] () -- C:\Users\Pac\AppData\Roaming\Mozilla\Firefox\Profiles\z8323q06.default\searchplugins\the-free-dictionary.xml
[2010/06/01 19:31:38 | 000,001,539 | ---- | M] () -- C:\Users\Pac\AppData\Roaming\Mozilla\Firefox\Profiles\z8323q06.default\searchplugins\thesaurus---referencecom.xml
[2011/09/30 01:02:33 | 000,000,911 | ---- | M] () -- C:\Users\Pac\AppData\Roaming\Mozilla\Firefox\Profiles\z8323q06.default\searchplugins\thesauruscom.xml
[2010/06/01 19:30:56 | 000,001,632 | ---- | M] () -- C:\Users\Pac\AppData\Roaming\Mozilla\Firefox\Profiles\z8323q06.default\searchplugins\weathercom.xml
[2012/03/28 22:35:54 | 000,002,057 | ---- | M] () -- C:\Users\Pac\AppData\Roaming\Mozilla\Firefox\Profiles\z8323q06.default\searchplugins\youtube-video-search-1.xml
[2010/06/01 23:50:45 | 000,002,057 | ---- | M] () -- C:\Users\Pac\AppData\Roaming\Mozilla\Firefox\Profiles\z8323q06.default\searchplugins\youtube-video-search.xml
[2011/11/13 21:23:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/19 19:43:22 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/02/29 20:57:34 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012/03/25 23:52:16 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\PAC\APPDATA\LOCAL\{D20835EB-35D3-4736-9A15-E7AF57889C37}
[2012/01/26 14:51:28 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\PAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z8323Q06.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/19 01:40:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2012/02/10 20:43:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/06/16 17:28:35 | 000,001,949 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/10 20:43:27 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/19 13:45:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120516140414.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McPvTray_exe] C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKU\S-1-5-21-2976853594-588204126-2646710848-1000..\Run: [Akamai NetSession Interface] C:\Users\Pac\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Pac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2976853594-588204126-2646710848-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2976853594-588204126-2646710848-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2976853594-588204126-2646710848-1000\..Trusted Domains: nhlnetwork.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AAA7793-6359-4CA1-BDE9-DEEA5E75A942}: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Pac\AppData\Roaming\Mozilla\Firefox\Desktop Backgrounds\ARTONFILE_DB_10310489668.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pac\AppData\Roaming\Mozilla\Firefox\Desktop Backgrounds\ARTONFILE_DB_10310489668.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2976853594-588204126-2646710848-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/20 00:36:47 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Pac\Desktop\OTL.exe
[2012/05/19 19:38:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/19 13:53:39 | 000,000,000 | ---D | C] -- C:\Users\Pac\AppData\Local\temp
[2012/05/19 13:51:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/19 12:33:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/17 17:23:28 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Pac\Desktop\aswMBR.exe
[2012/05/17 17:20:28 | 002,126,424 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pac\Desktop\tdsskiller.exe
[2012/05/16 15:27:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/16 15:27:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/16 15:27:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/16 13:52:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/16 13:51:49 | 004,496,857 | R--- | C] (Swearware) -- C:\Users\Pac\Desktop\ComboFix.exe
[2012/05/15 14:03:11 | 000,000,000 | ---D | C] -- C:\Users\Pac\Desktop\gmer
[2012/05/15 13:58:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Pac\Desktop\dds.scr

========== Files - Modified Within 30 Days ==========

[2012/05/20 00:36:48 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Pac\Desktop\OTL.exe
[2012/05/20 00:36:41 | 000,000,680 | ---- | M] () -- C:\Users\Pac\AppData\Local\d3d9caps.dat
[2012/05/20 00:26:20 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/05/20 00:25:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/20 00:24:15 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/20 00:24:15 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/20 00:04:11 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2976853594-588204126-2646710848-1000UA.job
[2012/05/19 23:56:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/19 23:56:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/19 23:04:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2976853594-588204126-2646710848-1000Core.job
[2012/05/19 13:45:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/18 22:37:24 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/18 22:37:24 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/18 16:59:55 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/05/18 16:59:55 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/05/17 23:37:10 | 004,496,857 | R--- | M] (Swearware) -- C:\Users\Pac\Desktop\ComboFix.exe
[2012/05/17 17:34:25 | 000,000,512 | ---- | M] () -- C:\Users\Pac\Desktop\MBR.dat
[2012/05/17 17:23:29 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Pac\Desktop\aswMBR.exe
[2012/05/17 17:20:28 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pac\Desktop\tdsskiller.exe
[2012/05/16 13:47:59 | 000,879,714 | ---- | M] () -- C:\Users\Pac\Desktop\SecurityCheck.exe
[2012/05/15 14:02:37 | 000,294,216 | ---- | M] () -- C:\Users\Pac\Desktop\gmer.zip
[2012/05/15 13:58:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Pac\Desktop\dds.scr
[2012/05/15 13:56:47 | 000,050,477 | ---- | M] () -- C:\Users\Pac\Desktop\Defogger.exe

========== Files Created - No Company Name ==========

[2012/05/20 00:26:20 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/05/17 17:34:25 | 000,000,512 | ---- | C] () -- C:\Users\Pac\Desktop\MBR.dat
[2012/05/16 15:27:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/16 15:27:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/16 15:27:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/16 15:27:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/16 13:47:59 | 000,879,714 | ---- | C] () -- C:\Users\Pac\Desktop\SecurityCheck.exe
[2012/05/15 14:02:36 | 000,294,216 | ---- | C] () -- C:\Users\Pac\Desktop\gmer.zip
[2012/05/15 13:56:46 | 000,050,477 | ---- | C] () -- C:\Users\Pac\Desktop\Defogger.exe
[2012/03/31 01:22:08 | 000,000,256 | ---- | C] () -- C:\ProgramData\BYPGXhjaRabNfa
[2011/07/10 07:48:14 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/07/08 20:43:26 | 000,000,000 | ---- | C] () -- C:\Users\Pac\AppData\Local\Ewobofivutamux.bin
[2011/07/08 20:43:25 | 000,000,120 | ---- | C] () -- C:\Users\Pac\AppData\Local\Jfuwipokidupap.dat
[2011/05/01 04:52:03 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/01 04:52:03 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/11/28 17:50:36 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/11/28 17:50:36 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/11/28 17:50:35 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2040.INI
[2010/11/28 17:50:35 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2010/11/28 17:47:07 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/11/28 17:46:30 | 000,000,054 | ---- | C] () -- C:\Windows\System32\bd2040.dat
[2010/11/28 17:46:02 | 000,000,310 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/10/25 13:53:12 | 000,075,776 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 AM

Posted 20 May 2012 - 12:03 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - prefs.js..extensions.enabledItems: {86009AEF-9162-4EBC-B698-FF71D7B6B049}:1.0
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 64323
    FF - prefs.js..network.proxy.type: 4
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4AA8A5B8-CE6B-4E0B-AE51-AB78D849ED19}: C:\Users\Pac\AppData\Local\{4AA8A5B8-CE6B-4E0B-AE51-AB78D849ED19}\
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D20835EB-35D3-4736-9A15-E7AF57889C37}: C:\Users\Pac\AppData\Local\{D20835EB-35D3-4736-9A15-E7AF57889C37} [2012/03/25 23:52:16 | 000,000,000 | ---D | M]
    [2012/03/25 23:52:16 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\PAC\APPDATA\LOCAL\{D20835EB-35D3-4736-9A15-E7AF57889C37}
    [2012/03/31 01:22:08 | 000,000,256 | ---- | C] () -- C:\ProgramData\BYPGXhjaRabNfa
    [2011/07/08 20:43:26 | 000,000,000 | ---- | C] () -- C:\Users\Pac\AppData\Local\Ewobofivutamux.bin
    [2011/07/08 20:43:25 | 000,000,120 | ---- | C] () -- C:\Users\Pac\AppData\Local\Jfuwipokidupap.dat
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 zpobric

zpobric
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 20 May 2012 - 01:21 PM

Hi Gringo --

Things seems to be running much more smoothly. Again, my computer is slow at times (not always), but I think that's due to many other factors aside from the malware. OTL did not ask me to restart, so I am going to do so now and see if there are any additional problems. I will post again in just a few minutes with any additional information.

Here is the log below:

========== OTL ==========
Prefs.js: {86009AEF-9162-4EBC-B698-FF71D7B6B049}:1.0 removed from extensions.enabledItems
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 64323 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.type
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4AA8A5B8-CE6B-4E0B-AE51-AB78D849ED19}: C:\Users\Pac\AppData\Local\{4AA8A5B8-CE6B-4E0B-AE51-AB78D849ED19} not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D20835EB-35D3-4736-9A15-E7AF57889C37}: C:\Users\Pac\AppData\Local\{D20835EB-35D3-4736-9A15-E7AF57889C37} not found.
C:\USERS\PAC\APPDATA\LOCAL\{D20835EB-35D3-4736-9A15-E7AF57889C37}\chrome\content folder moved successfully.
C:\USERS\PAC\APPDATA\LOCAL\{D20835EB-35D3-4736-9A15-E7AF57889C37}\chrome folder moved successfully.
C:\USERS\PAC\APPDATA\LOCAL\{D20835EB-35D3-4736-9A15-E7AF57889C37} folder moved successfully.
C:\ProgramData\BYPGXhjaRabNfa moved successfully.
C:\Users\Pac\AppData\Local\Ewobofivutamux.bin moved successfully.
C:\Users\Pac\AppData\Local\Jfuwipokidupap.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Pac\Desktop\cmd.bat deleted successfully.
C:\Users\Pac\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Pac
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Pac
->Flash cache emptied: 3049605 bytes

User: Public

Total Flash Files Cleaned = 3.00 mb


OTL by OldTimer - Version 3.2.43.0 log created on 05202012_140602




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users