Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Shield 2012, Infomash, & Firewall Disabled


  • This topic is locked This topic is locked
49 replies to this topic

#1 LovesAnime411

LovesAnime411

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 19 July 2012 - 11:28 PM

Previous topic: preview.tinyurl.com/7dv6wcs

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Nicole at 21:13:06 on 2012-07-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2220 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Comcast\pcTrayApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\bin\TSVNCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Palringo\palringo.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files (x86)\Comcast\pcBrowser.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625185612.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D28482D3-F80E-43F7-9ACB-C120391A9C30} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D28482D3-F80E-43F7-9ACB-C120391A9C30}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D9327CC1-651B-4814-9D6C-C2F1CD7D9998} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625185612.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\37xg9g1c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;C:\Windows\system32\Drivers\FSPFltd.sys --> C:\Windows\system32\Drivers\FSPFltd.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
R0 TfSysMon;TfSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 655944]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-3-8 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-3-8 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-6-13 368640]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-6-13 460288]
R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2012-6-18 342016]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-8 689472]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-16 2984832]
R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
R2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2012-4-21 285152]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 136176]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-3-8 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
S4 PSMAntiSpy;PSMAntiSpy;C:\PROGRA~2\PSMKorea\ANTIKE~1\PSMAntiS.exe [2012-6-24 478720]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-16 23:23:16 -------- d-----w- C:\Users\Nicole\AppData\Local\{36166405-CF9D-11E1-8270-B8AC6F996F26}
2012-07-16 23:23:14 386048 ----a-w- C:\Users\Nicole\AppData\Roaming\croau.dll
2012-07-11 10:56:30 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 10:32:23 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 07:14:42 -------- d-----w- C:\Users\Nicole\AppData\Local\Corel PaintShop Pro
2012-07-11 07:13:51 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis
2012-07-11 07:11:19 -------- d-----w- C:\Program Files (x86)\Corel
2012-07-03 07:43:55 -------- d-----w- C:\Users\Nicole\AppData\Local\{AB4EED43-C178-45DD-9EE8-BDCD625AAB21}
2012-07-03 07:43:43 -------- d-----w- C:\Users\Nicole\AppData\Local\{83429D12-7CDC-4A33-9907-B38ED9B1044B}
2012-06-29 01:32:04 -------- d-----w- C:\Users\Nicole\AppData\Local\{D9A828EC-A3C8-4941-85EC-56C40D3447BC}
2012-06-29 01:31:50 -------- d-----w- C:\Users\Nicole\AppData\Local\{30DF97A7-DF33-42E2-9F0B-FB99B5251091}
2012-06-26 01:56:11 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-06-25 12:06:44 388096 ----a-r- C:\Users\Nicole\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-25 11:34:25 -------- d-----w- C:\Program Files (x86)\Free Registry Fix
2012-06-24 22:46:16 74824 ----a-w- C:\Windows\System32\drivers\TfSysMon.sys
2012-06-24 22:46:16 65072 ----a-w- C:\Windows\System32\drivers\TfFsMon.sys
2012-06-24 22:46:16 41888 ----a-w- C:\Windows\System32\drivers\TfNetMon.sys
2012-06-24 22:46:13 -------- d-----w- C:\Program Files (x86)\ThreatFire
2012-06-24 22:29:42 -------- d-----w- C:\Program Files (x86)\PSMKorea
2012-06-24 17:44:18 -------- d-----w- C:\Users\Nicole\AppData\Local\{2FA42E12-4231-4B59-BE34-C5B368358093}
2012-06-24 17:44:07 -------- d-----w- C:\Users\Nicole\AppData\Local\{77E86D59-B877-4541-940E-0B01C7776CC8}
2012-06-24 00:05:54 -------- d-----w- C:\Users\Nicole\AppData\Local\Macromedia
2012-06-21 07:49:14 712031 ----a-w- C:\Windows\SysWow64\~.tmp
.
==================== Find3M ====================
.
2012-07-12 20:57:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 20:57:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-24 07:46:46 3350 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2012-06-24 07:46:43 88 --sh--r- C:\Windows\SysWow64\5C53507EE1.sys
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2011-10-22 11:23:12 68272 ----a-w- C:\Program Files (x86)\fraps64.dat
2011-10-22 11:23:10 2366128 ----a-w- C:\Program Files (x86)\fraps.exe
2011-10-22 11:21:00 139776 ----a-w- C:\Program Files (x86)\frapslcd.dll
2011-10-22 11:06:32 231600 ----a-w- C:\Program Files (x86)\fraps32.dll
2011-10-22 11:06:32 185520 ----a-w- C:\Program Files (x86)\fraps64.dll
.
============= FINISH: 21:19:32.31 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-19 21:27:43
Windows 6.1.7601 Service Pack 1
Running: f3il5jz5.exe


---- Files - GMER 1.0.15 ----

File C:\Users\Nicole\AppData\Local\Temp\nsgBD98.tmp\Policies00 174 bytes
File C:\Users\Nicole\AppData\Local\Temp\nsgBD98.tmp\Policies01 174 bytes

---- EOF - GMER 1.0.15 ----

Edited by LovesAnime411, 19 July 2012 - 11:29 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 24 July 2012 - 11:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461544 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 LovesAnime411

LovesAnime411
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 26 July 2012 - 11:52 PM

Current known problems:

1) My internet browser redirects to websites randomly when I click results from a Google search.
2) McAfee won't allow me to re-enable it's firewall, it defaults to being turned off.
3) Security Shield force downloaded itself to my computer. While it appears that Security Shield specifically, is no longer installed on my computer... It does not seem that the entire infection is completely removed.

------------------
System Information
------------------

OS Name Microsoft Windows 7 Home Premium
Version 6.1.7601 Service Pack 1 Build 7601 (7601.win7sp1_gdr.120503-2030)
System Manufacturer Dell Inc.
System Model Inspiron 580
System Type x64-based PC
Processor Intel® Core™ i5 CPU 650 @ 3.20GHz, 3201 Mhz, 2 Core(s), 4 Logical Processor(s)
BIOS Version/Date Dell Inc. A07, 11/13/2010
SMBIOS Version 2.6
Hardware Abstraction Layer Version = "6.1.7601.17514"
Installed Physical Memory (RAM) 4.00 GB
Total Physical Memory 3.80 GB
Available Physical Memory 2.47 GB
Total Virtual Memory 7.61 GB
Available Virtual Memory 5.48 GB
Page File Space 3.80 GB


Memory: 4096MB RAM
Available OS Memory: 3896MB RAM

------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Nicole at 21:32:13 on 2012-07-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2730 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Comcast\pcTrayApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Comcast\pcBrowser.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\bin\TSVNCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625185612.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D28482D3-F80E-43F7-9ACB-C120391A9C30} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D28482D3-F80E-43F7-9ACB-C120391A9C30}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D9327CC1-651B-4814-9D6C-C2F1CD7D9998} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625185612.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\37xg9g1c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;C:\Windows\system32\Drivers\FSPFltd.sys --> C:\Windows\system32\Drivers\FSPFltd.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
R0 TfSysMon;TfSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 655944]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-3-8 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-3-8 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-6-13 368640]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-6-13 460288]
R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2012-6-18 342016]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-8 689472]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-16 2984832]
R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
R2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2012-4-21 285152]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 136176]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-16 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-3-8 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-16 249936]
S4 PSMAntiSpy;PSMAntiSpy;C:\PROGRA~2\PSMKorea\ANTIKE~1\PSMAntiS.exe [2012-6-24 478720]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-16 23:23:16 -------- d-----w- C:\Users\Nicole\AppData\Local\{36166405-CF9D-11E1-8270-B8AC6F996F26}
2012-07-16 23:23:14 386048 ----a-w- C:\Users\Nicole\AppData\Roaming\croau.dll
2012-07-11 10:56:30 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 10:32:23 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 07:14:42 -------- d-----w- C:\Users\Nicole\AppData\Local\Corel PaintShop Pro
2012-07-11 07:13:51 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis
2012-07-11 07:11:19 -------- d-----w- C:\Program Files (x86)\Corel
2012-07-03 07:43:55 -------- d-----w- C:\Users\Nicole\AppData\Local\{AB4EED43-C178-45DD-9EE8-BDCD625AAB21}
2012-07-03 07:43:43 -------- d-----w- C:\Users\Nicole\AppData\Local\{83429D12-7CDC-4A33-9907-B38ED9B1044B}
2012-06-29 01:32:04 -------- d-----w- C:\Users\Nicole\AppData\Local\{D9A828EC-A3C8-4941-85EC-56C40D3447BC}
2012-06-29 01:31:50 -------- d-----w- C:\Users\Nicole\AppData\Local\{30DF97A7-DF33-42E2-9F0B-FB99B5251091}
.
==================== Find3M ====================
.
2012-07-12 20:57:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 20:57:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-24 07:46:46 3350 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2012-06-24 07:46:43 88 --sh--r- C:\Windows\SysWow64\5C53507EE1.sys
2012-06-21 07:49:14 712031 ----a-w- C:\Windows\SysWow64\~.tmp
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2011-10-22 11:23:12 68272 ----a-w- C:\Program Files (x86)\fraps64.dat
2011-10-22 11:23:10 2366128 ----a-w- C:\Program Files (x86)\fraps.exe
2011-10-22 11:21:00 139776 ----a-w- C:\Program Files (x86)\frapslcd.dll
2011-10-22 11:06:32 231600 ----a-w- C:\Program Files (x86)\fraps32.dll
2011-10-22 11:06:32 185520 ----a-w- C:\Program Files (x86)\fraps64.dll
.
============= FINISH: 21:36:48.43 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/16/2011 11:52:00 AM
System Uptime: 7/25/2012 9:54:51 PM (24 hours ago)
.
Motherboard: Dell Inc. | | 0C2KJT
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz | CPU 1 | 3201/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 868.021 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP143: 7/19/2012 11:54:39 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1.2
Adobe Shockwave Player 11.6
Amnesia - The Dark Descent Demo
Apple Application Support
Apple Software Update
Cleanersoft Free Registry Fix
Consumer In-Home Service Agreement
Corel PaintShop Pro X4
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Driver Download Manager
Dell Getting Started Guide
Dell Marketplace Webslice IE8
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
DirectX 9 Runtime
EasySolve
ffdshow [rev 3154] [2009-12-09]
Fraps
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
HiJackThis
ICA
Intel® Processor Graphics
Internet Explorer
IPM_PSP_COM
iRO 13.2 VIP Full Client
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
LastPass (uninstall only)
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee SecurityCenter
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
NCsoft Launcher
NETGEAR WNA3100 wireless USB 2.0 adapter
PalaceChat version 4.1.182
Palringo
PDFCreator
PhotoShowExpress
PSM AntiKeyLogger
PSPPContent
PSPPHelp
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.93
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Setup
Sonic CinePlayer Decoder Pack
swMSM
System Requirements Lab CYRI
System Requirements Lab for Intel
TeamViewer 7
ThreatFire
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 15.5
WTFast 2.0 beta 1
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
7/26/2012 9:55:09 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/26/2012 9:55:09 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/25/2012 9:57:23 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
7/25/2012 9:55:15 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/25/2012 9:55:08 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/25/2012 9:55:08 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
.
==== End Of File ===========================

#4 LovesAnime411

LovesAnime411
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 26 July 2012 - 11:58 PM

I'll recheck this again over the weekend. (Sat/Sun.) :busy:

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:34 AM

Posted 27 July 2012 - 12:29 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 LovesAnime411

LovesAnime411
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 28 July 2012 - 04:08 AM

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
ThreatFire
Malwarebytes Anti-Malware version 1.62.0.1300
Cleanersoft Free Registry Fix
Java™ 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
ThreatFire TFTray.exe
ThreatFire TFService.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#7 LovesAnime411

LovesAnime411
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 28 July 2012 - 04:15 AM

McAfee did a scheduled update & scan, and then reported 2 threats. When it scanned it asked for the PC to be restarted. After restarting it scanned multiple times, hanging at 98% & uncompleted. Though it eventually did complete the scan after a few attempts. Where it then reported 1 infection had been removed. I did not see the full name of the infection and could find no logs. But it reported that it as a .dll file which was found and quarantined. The firewall says its working again, but I'm not 100% sure.

#8 LovesAnime411

LovesAnime411
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 28 July 2012 - 06:41 AM

ComboFix 12-07-27.03 - Nicole 07/28/2012 3:01.4.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2959 [GMT -7:00]
Running from: c:\users\Nicole\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
c:\users\Nicole\AppData\Local\assembly\tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 10:36 . 2012-07-28 10:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-28 10:36 . 2012-07-28 10:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-16 23:23 . 2012-07-16 23:23 -------- d-----w- c:\users\Nicole\AppData\Local\{36166405-CF9D-11E1-8270-B8AC6F996F26}
2012-07-11 10:56 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 10:32 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 07:14 . 2012-07-11 07:14 -------- d-----w- c:\users\Nicole\AppData\Roaming\Ulead Systems
2012-07-11 07:14 . 2012-07-11 07:14 -------- d-----w- c:\users\Nicole\AppData\Local\Corel PaintShop Pro
2012-07-11 07:13 . 2012-07-11 07:13 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2012-07-11 07:11 . 2012-07-11 07:11 -------- d-----w- c:\program files (x86)\Corel
2012-07-11 06:55 . 2012-07-11 06:58 -------- d-----w- c:\programdata\WinZip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 14:57 . 2012-04-09 07:38 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 14:57 . 2011-12-17 00:36 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 10:53 . 2011-12-21 14:15 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 20:46 . 2011-12-17 01:34 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 12:06 . 2012-06-25 12:06 388096 ----a-r- c:\users\Nicole\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-21 07:49 . 2012-06-21 07:49 712031 ----a-w- c:\windows\SysWow64\~.tmp
2012-06-02 22:19 . 2012-06-19 11:27 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 11:27 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 11:27 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 11:27 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 11:27 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-19 11:27 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 11:27 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 11:27 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-19 11:27 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-28 14:32 . 2012-05-28 14:32 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-04 11:06 . 2012-06-14 01:30 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 01:30 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 01:30 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 01:30 209920 ----a-w- c:\windows\system32\profsvc.dll
2011-10-22 11:23 . 2011-10-22 11:23 68272 ----a-w- c:\program files (x86)\fraps64.dat
2011-10-22 11:23 . 2011-10-22 11:23 2366128 ----a-w- c:\program files (x86)\fraps.exe
2011-10-22 11:21 . 2011-10-22 11:21 139776 ----a-w- c:\program files (x86)\frapslcd.dll
2011-10-22 11:06 . 2011-10-22 11:06 231600 ----a-w- c:\program files (x86)\fraps32.dll
2011-10-22 11:06 . 2011-10-22 11:06 185520 ----a-w- c:\program files (x86)\fraps64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2012-4-21 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 136176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-27 285152]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-22 113120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-01-28 86120]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-18 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R4 PSMAntiSpy;PSMAntiSpy;c:\progra~2\PSMKorea\ANTIKE~1\PSMAntiS.exe [2003-12-09 478720]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2010-07-23 54848]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-20 25312]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-02-22 65072]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-02-22 74824]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-06-12 368640]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-06-12 460288]
S2 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [2012-06-11 342016]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-02-22 41888]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 14:57]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 00:36]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 00:36]
.
2012-07-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-01-15 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2012-04-15 13:25]
.
2012-07-28 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-06-12 2767360]
"combofix"="c:\combofix\CF29925.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
FF - ProfilePath - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\37xg9g1c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-croau - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*`^vdgt]
"0"=hex:86,00,36,00,00,00,00,00,00,00,00,00,80,00,69,00,6d,00,67,00,62,00,69,
00,73,00,68,00,68,00,38,00,75,00,2e,00,6a,70,67,00,60,5e,76,64,db,f5,67,74,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ZeK]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*ZeK\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Z;ia]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*Z;ia\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdgt]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdgt\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*EWuEWuZRe]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*EWuEWuZRe\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E?vE?vZa2;]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E?vE?vZa2;\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*EvEvZwg]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*EvEvZwg\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*`^vdgt]
"0"=hex:69,00,6d,00,67,00,62,00,69,00,73,00,68,00,68,00,38,00,75,00,2e,00,6a,
70,67,00,60,5e,76,64,db,f5,67,74,10,01,00,00,96,00,36,00,00,00,00,00,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\ThreatFire\TFService.exe
c:\program files (x86)\Common Files\Motive\pcContextHookShim.exe
.
**************************************************************************
.
Completion time: 2012-07-28 03:47:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-28 10:47
ComboFix2.txt 2012-02-05 12:02
.
Pre-Run: 931,435,397,120 bytes free
Post-Run: 931,337,269,248 bytes free
.
- - End Of File - - 704BA60C6233BB3FA92F125D52B52A27

#9 LovesAnime411

LovesAnime411
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 28 July 2012 - 06:43 AM

When I ran combo fix it said it couldn't find "NIRKMD". So I went into safe mode, completed combo fix, and saved the log. I then had no internet connection so I tried troubleshooting the connection in the network and sharing center. I even reset the router and such. But none of that worked. So I ended up having to do a system restore. And it appears its back to normal now?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:34 AM

Posted 28 July 2012 - 12:16 PM

Greetings

That is strange so lets run this for now

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 LovesAnime411

LovesAnime411
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 28 July 2012 - 12:38 PM

10:34:45.0371 6632 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
10:34:45.0886 6632 ============================================================
10:34:45.0886 6632 Current date / time: 2012/07/28 10:34:45.0886
10:34:45.0886 6632 SystemInfo:
10:34:45.0886 6632
10:34:45.0886 6632 OS Version: 6.1.7601 ServicePack: 1.0
10:34:45.0886 6632 Product type: Workstation
10:34:45.0886 6632 ComputerName: NICOLE-PC
10:34:45.0886 6632 UserName: Nicole
10:34:45.0886 6632 Windows directory: C:\Windows
10:34:45.0886 6632 System windows directory: C:\Windows
10:34:45.0886 6632 Running under WOW64
10:34:45.0886 6632 Processor architecture: Intel x64
10:34:45.0886 6632 Number of processors: 4
10:34:45.0886 6632 Page size: 0x1000
10:34:45.0886 6632 Boot type: Normal boot
10:34:45.0886 6632 ============================================================
10:34:52.0719 6632 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:34:52.0734 6632 ============================================================
10:34:52.0734 6632 \Device\Harddisk0\DR0:
10:34:52.0734 6632 MBR partitions:
10:34:52.0734 6632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1B9F000
10:34:52.0734 6632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BB3000, BlocksNum 0x72B53000
10:34:52.0734 6632 ============================================================
10:34:52.0750 6632 C: <-> \Device\Harddisk0\DR0\Partition1
10:34:52.0750 6632 ============================================================
10:34:52.0750 6632 Initialize success
10:34:52.0750 6632 ============================================================
10:35:19.0722 5844 ============================================================
10:35:19.0722 5844 Scan started
10:35:19.0722 5844 Mode: Manual;
10:35:19.0722 5844 ============================================================
10:35:20.0159 5844 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:35:20.0206 5844 1394ohci - ok
10:35:20.0237 5844 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:35:20.0237 5844 ACPI - ok
10:35:20.0253 5844 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:35:20.0284 5844 AcpiPmi - ok
10:35:20.0393 5844 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:35:20.0409 5844 AdobeFlashPlayerUpdateSvc - ok
10:35:20.0456 5844 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:35:20.0487 5844 adp94xx - ok
10:35:20.0502 5844 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:35:20.0518 5844 adpahci - ok
10:35:20.0534 5844 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:35:20.0534 5844 adpu320 - ok
10:35:20.0565 5844 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:35:20.0565 5844 AeLookupSvc - ok
10:35:20.0627 5844 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:35:20.0627 5844 AFD - ok
10:35:20.0643 5844 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:35:20.0643 5844 agp440 - ok
10:35:20.0658 5844 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:35:20.0674 5844 ALG - ok
10:35:20.0674 5844 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:35:20.0674 5844 aliide - ok
10:35:20.0690 5844 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:35:20.0690 5844 amdide - ok
10:35:20.0705 5844 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:35:20.0721 5844 AmdK8 - ok
10:35:20.0736 5844 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:35:20.0736 5844 AmdPPM - ok
10:35:20.0752 5844 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:35:20.0783 5844 amdsata - ok
10:35:20.0799 5844 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:35:20.0814 5844 amdsbs - ok
10:35:20.0814 5844 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:35:20.0814 5844 amdxata - ok
10:35:20.0830 5844 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:35:20.0877 5844 AppID - ok
10:35:20.0877 5844 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:35:20.0877 5844 AppIDSvc - ok
10:35:20.0892 5844 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:35:20.0924 5844 Appinfo - ok
10:35:20.0939 5844 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:35:20.0939 5844 arc - ok
10:35:20.0986 5844 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:35:20.0986 5844 arcsas - ok
10:35:21.0002 5844 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:35:21.0017 5844 AsyncMac - ok
10:35:21.0017 5844 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:35:21.0017 5844 atapi - ok
10:35:21.0064 5844 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:35:21.0095 5844 AudioEndpointBuilder - ok
10:35:21.0095 5844 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:35:21.0095 5844 AudioSrv - ok
10:35:21.0142 5844 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:35:21.0189 5844 AxInstSV - ok
10:35:21.0220 5844 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:35:21.0220 5844 b06bdrv - ok
10:35:21.0267 5844 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:35:21.0267 5844 b57nd60a - ok
10:35:21.0345 5844 BCMH43XX (e49110a58a32e9450356686a95dd7763) C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
10:35:21.0407 5844 BCMH43XX - ok
10:35:21.0423 5844 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:35:21.0438 5844 BDESVC - ok
10:35:21.0470 5844 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:35:21.0470 5844 Beep - ok
10:35:21.0516 5844 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:35:21.0563 5844 BITS - ok
10:35:21.0579 5844 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:35:21.0579 5844 blbdrive - ok
10:35:21.0610 5844 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:35:21.0610 5844 bowser - ok
10:35:21.0626 5844 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:35:21.0626 5844 BrFiltLo - ok
10:35:21.0641 5844 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:35:21.0657 5844 BrFiltUp - ok
10:35:21.0672 5844 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:35:21.0672 5844 BridgeMP - ok
10:35:21.0704 5844 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:35:21.0735 5844 Browser - ok
10:35:21.0750 5844 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:35:21.0766 5844 Brserid - ok
10:35:21.0782 5844 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:35:21.0782 5844 BrSerWdm - ok
10:35:21.0797 5844 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:35:21.0797 5844 BrUsbMdm - ok
10:35:21.0797 5844 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:35:21.0813 5844 BrUsbSer - ok
10:35:21.0828 5844 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:35:21.0828 5844 BTHMODEM - ok
10:35:21.0844 5844 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:35:21.0860 5844 bthserv - ok
10:35:21.0875 5844 catchme - ok
10:35:21.0891 5844 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:35:21.0906 5844 cdfs - ok
10:35:21.0922 5844 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:35:21.0953 5844 cdrom - ok
10:35:21.0969 5844 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:35:22.0000 5844 CertPropSvc - ok
10:35:22.0016 5844 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
10:35:22.0047 5844 cfwids - ok
10:35:22.0062 5844 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:35:22.0062 5844 circlass - ok
10:35:22.0094 5844 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:35:22.0094 5844 CLFS - ok
10:35:22.0140 5844 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:35:22.0140 5844 clr_optimization_v2.0.50727_32 - ok
10:35:22.0172 5844 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:35:22.0187 5844 clr_optimization_v2.0.50727_64 - ok
10:35:22.0265 5844 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:35:22.0296 5844 clr_optimization_v4.0.30319_32 - ok
10:35:22.0328 5844 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:35:22.0390 5844 clr_optimization_v4.0.30319_64 - ok
10:35:22.0406 5844 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:35:22.0406 5844 CmBatt - ok
10:35:22.0421 5844 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:35:22.0437 5844 cmdide - ok
10:35:22.0452 5844 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
10:35:22.0468 5844 CNG - ok
10:35:22.0468 5844 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:35:22.0468 5844 Compbatt - ok
10:35:22.0499 5844 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:35:22.0530 5844 CompositeBus - ok
10:35:22.0546 5844 COMSysApp - ok
10:35:22.0593 5844 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
10:35:22.0624 5844 cpudrv64 - ok
10:35:22.0640 5844 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:35:22.0640 5844 crcdisk - ok
10:35:22.0655 5844 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:35:22.0686 5844 CryptSvc - ok
10:35:22.0733 5844 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:35:22.0733 5844 DcomLaunch - ok
10:35:22.0764 5844 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:35:22.0780 5844 defragsvc - ok
10:35:22.0796 5844 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:35:22.0796 5844 DfsC - ok
10:35:22.0827 5844 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:35:22.0842 5844 Dhcp - ok
10:35:22.0858 5844 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:35:22.0858 5844 discache - ok
10:35:22.0858 5844 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:35:22.0858 5844 Disk - ok
10:35:22.0889 5844 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:35:22.0905 5844 Dnscache - ok
10:35:22.0936 5844 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:35:22.0967 5844 dot3svc - ok
10:35:22.0998 5844 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:35:22.0998 5844 DPS - ok
10:35:23.0014 5844 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:35:23.0030 5844 drmkaud - ok
10:35:23.0061 5844 dump_wmimmc - ok
10:35:23.0108 5844 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:35:23.0108 5844 DXGKrnl - ok
10:35:23.0139 5844 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:35:23.0139 5844 EapHost - ok
10:35:23.0248 5844 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:35:23.0310 5844 ebdrv - ok
10:35:23.0373 5844 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:35:23.0373 5844 EFS - ok
10:35:23.0420 5844 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:35:23.0451 5844 ehRecvr - ok
10:35:23.0466 5844 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:35:23.0482 5844 ehSched - ok
10:35:23.0529 5844 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:35:23.0544 5844 elxstor - ok
10:35:23.0560 5844 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:35:23.0576 5844 ErrDev - ok
10:35:23.0607 5844 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:35:23.0607 5844 EventSystem - ok
10:35:23.0654 5844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:35:23.0654 5844 exfat - ok
10:35:23.0669 5844 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:35:23.0669 5844 fastfat - ok
10:35:23.0747 5844 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:35:23.0794 5844 Fax - ok
10:35:23.0810 5844 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:35:23.0810 5844 fdc - ok
10:35:23.0810 5844 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:35:23.0810 5844 fdPHost - ok
10:35:23.0825 5844 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:35:23.0825 5844 FDResPub - ok
10:35:23.0841 5844 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:35:23.0841 5844 FileInfo - ok
10:35:23.0841 5844 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:35:23.0841 5844 Filetrace - ok
10:35:23.0856 5844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:35:23.0856 5844 flpydisk - ok
10:35:23.0888 5844 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:35:23.0888 5844 FltMgr - ok
10:35:23.0966 5844 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:35:23.0997 5844 FontCache - ok
10:35:24.0028 5844 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:35:24.0028 5844 FontCache3.0.0.0 - ok
10:35:24.0044 5844 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:35:24.0044 5844 FsDepends - ok
10:35:24.0090 5844 FSProFilter (8197c85348a33bccfe80dd6e2db53903) C:\Windows\system32\Drivers\FSPFltd.sys
10:35:24.0090 5844 FSProFilter - ok
10:35:24.0106 5844 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:35:24.0137 5844 Fs_Rec - ok
10:35:24.0200 5844 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:35:24.0200 5844 fvevol - ok
10:35:24.0215 5844 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:35:24.0215 5844 gagp30kx - ok
10:35:24.0293 5844 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
10:35:24.0340 5844 GameConsoleService - ok
10:35:24.0402 5844 GoToAssist (8f6ae606eb0cc884ee12c41948424422) C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
10:35:24.0434 5844 GoToAssist - ok
10:35:24.0480 5844 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:35:24.0512 5844 gpsvc - ok
10:35:24.0558 5844 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:35:24.0558 5844 gupdate - ok
10:35:24.0574 5844 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:35:24.0574 5844 gupdatem - ok
10:35:24.0590 5844 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:35:24.0636 5844 gusvc - ok
10:35:24.0652 5844 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:35:24.0652 5844 hcw85cir - ok
10:35:24.0699 5844 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:35:24.0699 5844 HDAudBus - ok
10:35:24.0714 5844 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
10:35:24.0761 5844 HECIx64 - ok
10:35:24.0777 5844 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:35:24.0777 5844 HidBatt - ok
10:35:24.0792 5844 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:35:24.0792 5844 HidBth - ok
10:35:24.0808 5844 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:35:24.0824 5844 HidIr - ok
10:35:24.0839 5844 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:35:24.0839 5844 hidserv - ok
10:35:24.0870 5844 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:35:24.0902 5844 HidUsb - ok
10:35:24.0917 5844 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:35:24.0948 5844 hkmsvc - ok
10:35:24.0980 5844 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:35:25.0011 5844 HomeGroupListener - ok
10:35:25.0042 5844 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:35:25.0042 5844 HomeGroupProvider - ok
10:35:25.0058 5844 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:35:25.0089 5844 HpSAMD - ok
10:35:25.0136 5844 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:35:25.0151 5844 HTTP - ok
10:35:25.0151 5844 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:35:25.0151 5844 hwpolicy - ok
10:35:25.0182 5844 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:35:25.0198 5844 i8042prt - ok
10:35:25.0245 5844 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:35:25.0276 5844 iaStorV - ok
10:35:25.0354 5844 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:35:25.0401 5844 idsvc - ok
10:35:25.0744 5844 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:35:25.0962 5844 igfx - ok
10:35:26.0040 5844 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:35:26.0040 5844 iirsp - ok
10:35:26.0118 5844 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:35:26.0150 5844 IKEEXT - ok
10:35:26.0181 5844 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
10:35:26.0212 5844 Impcd - ok
10:35:26.0337 5844 IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\Windows\system32\drivers\RTKVHD64.sys
10:35:26.0384 5844 IntcAzAudAddService - ok
10:35:26.0462 5844 IntcDAud (ae594cc17c33ac146739494615e14851) C:\Windows\system32\DRIVERS\IntcDAud.sys
10:35:26.0508 5844 IntcDAud - ok
10:35:26.0524 5844 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:35:26.0524 5844 intelide - ok
10:35:26.0555 5844 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:35:26.0555 5844 intelppm - ok
10:35:26.0586 5844 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:35:26.0586 5844 IPBusEnum - ok
10:35:26.0618 5844 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:35:26.0649 5844 IpFilterDriver - ok
10:35:26.0664 5844 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:35:26.0696 5844 IPMIDRV - ok
10:35:26.0711 5844 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:35:26.0711 5844 IPNAT - ok
10:35:26.0742 5844 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:35:26.0742 5844 IRENUM - ok
10:35:26.0758 5844 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:35:26.0758 5844 isapnp - ok
10:35:26.0789 5844 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:35:26.0820 5844 iScsiPrt - ok
10:35:26.0867 5844 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
10:35:26.0898 5844 k57nd60a - ok
10:35:26.0930 5844 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:35:26.0930 5844 kbdclass - ok
10:35:26.0945 5844 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:35:26.0976 5844 kbdhid - ok
10:35:27.0008 5844 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:35:27.0008 5844 KeyIso - ok
10:35:27.0023 5844 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
10:35:27.0023 5844 KSecDD - ok
10:35:27.0054 5844 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
10:35:27.0054 5844 KSecPkg - ok
10:35:27.0054 5844 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:35:27.0070 5844 ksthunk - ok
10:35:27.0101 5844 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:35:27.0117 5844 KtmRm - ok
10:35:27.0164 5844 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:35:27.0195 5844 LanmanServer - ok
10:35:27.0210 5844 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:35:27.0242 5844 LanmanWorkstation - ok
10:35:27.0273 5844 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:35:27.0273 5844 lltdio - ok
10:35:27.0304 5844 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:35:27.0320 5844 lltdsvc - ok
10:35:27.0335 5844 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:35:27.0351 5844 lmhosts - ok
10:35:27.0382 5844 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:35:27.0382 5844 LSI_FC - ok
10:35:27.0398 5844 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:35:27.0398 5844 LSI_SAS - ok
10:35:27.0413 5844 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:35:27.0413 5844 LSI_SAS2 - ok
10:35:27.0429 5844 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:35:27.0429 5844 LSI_SCSI - ok
10:35:27.0476 5844 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:35:27.0476 5844 luafv - ok
10:35:27.0522 5844 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
10:35:27.0522 5844 MBAMProtector - ok
10:35:27.0600 5844 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:35:27.0647 5844 MBAMService - ok
10:35:27.0725 5844 McAWFwk (b6bd99c3e23507a732c474caa620c0d7) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
10:35:27.0756 5844 McAWFwk - ok
10:35:27.0803 5844 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:35:27.0834 5844 McMPFSvc - ok
10:35:27.0834 5844 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:35:27.0834 5844 mcmscsvc - ok
10:35:27.0850 5844 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:35:27.0850 5844 McNaiAnn - ok
10:35:27.0866 5844 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:35:27.0866 5844 McNASvc - ok
10:35:27.0928 5844 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\mcafee\VirusScan\mcods.exe
10:35:27.0928 5844 McODS - ok
10:35:27.0928 5844 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:35:27.0928 5844 McOobeSv - ok
10:35:27.0928 5844 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
10:35:27.0928 5844 McProxy - ok
10:35:27.0959 5844 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
10:35:27.0990 5844 McShield - ok
10:35:28.0053 5844 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:35:28.0084 5844 Mcx2Svc - ok
10:35:28.0100 5844 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:35:28.0115 5844 megasas - ok
10:35:28.0131 5844 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:35:28.0146 5844 MegaSR - ok
10:35:28.0178 5844 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
10:35:28.0209 5844 mfeapfk - ok
10:35:28.0224 5844 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
10:35:28.0256 5844 mfeavfk - ok
10:35:28.0271 5844 mfeavfk01 - ok
10:35:28.0302 5844 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
10:35:28.0334 5844 mfefire - ok
10:35:28.0365 5844 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
10:35:28.0412 5844 mfefirek - ok
10:35:28.0490 5844 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
10:35:28.0490 5844 mfehidk - ok
10:35:28.0521 5844 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
10:35:28.0552 5844 mfenlfk - ok
10:35:28.0599 5844 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
10:35:28.0599 5844 mferkdet - ok
10:35:28.0630 5844 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
10:35:28.0661 5844 mfevtp - ok
10:35:28.0880 5844 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
10:35:28.0880 5844 mfewfpk - ok
10:35:28.0911 5844 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:35:28.0911 5844 MMCSS - ok
10:35:28.0926 5844 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:35:28.0926 5844 Modem - ok
10:35:28.0958 5844 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:35:28.0958 5844 monitor - ok
10:35:28.0989 5844 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:35:28.0989 5844 mouclass - ok
10:35:29.0020 5844 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:35:29.0020 5844 mouhid - ok
10:35:29.0051 5844 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:35:29.0051 5844 mountmgr - ok
10:35:29.0098 5844 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:35:29.0145 5844 MozillaMaintenance - ok
10:35:29.0176 5844 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:35:29.0207 5844 mpio - ok
10:35:29.0223 5844 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:35:29.0223 5844 mpsdrv - ok
10:35:29.0270 5844 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
10:35:29.0301 5844 MREMP50 - ok
10:35:29.0363 5844 MREMP50a64 (c2758df79c83a0d12a5599a040ca1818) C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
10:35:29.0394 5844 MREMP50a64 - ok
10:35:29.0410 5844 MREMPR5 - ok
10:35:29.0410 5844 MRENDIS5 - ok
10:35:29.0426 5844 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
10:35:29.0457 5844 MRESP50 - ok
10:35:29.0472 5844 MRESP50a64 (38bd5b32e0722752be8465d2a6da43d9) C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
10:35:29.0504 5844 MRESP50a64 - ok
10:35:29.0535 5844 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:35:29.0566 5844 MRxDAV - ok
10:35:29.0597 5844 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:35:29.0597 5844 mrxsmb - ok
10:35:29.0628 5844 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:35:29.0628 5844 mrxsmb10 - ok
10:35:29.0644 5844 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:35:29.0660 5844 mrxsmb20 - ok
10:35:29.0660 5844 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:35:29.0706 5844 msahci - ok
10:35:29.0722 5844 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:35:29.0753 5844 msdsm - ok
10:35:29.0769 5844 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:35:29.0784 5844 MSDTC - ok
10:35:29.0800 5844 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:35:29.0800 5844 Msfs - ok
10:35:29.0816 5844 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:35:29.0816 5844 mshidkmdf - ok
10:35:29.0816 5844 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:35:29.0816 5844 msisadrv - ok
10:35:29.0862 5844 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:35:29.0862 5844 MSiSCSI - ok
10:35:29.0862 5844 msiserver - ok
10:35:29.0925 5844 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:35:29.0925 5844 MSK80Service - ok
10:35:29.0940 5844 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:35:29.0956 5844 MSKSSRV - ok
10:35:29.0972 5844 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:35:29.0987 5844 MSPCLOCK - ok
10:35:29.0987 5844 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:35:29.0987 5844 MSPQM - ok
10:35:30.0018 5844 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:35:30.0034 5844 MsRPC - ok
10:35:30.0050 5844 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:35:30.0050 5844 mssmbios - ok
10:35:30.0065 5844 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:35:30.0065 5844 MSTEE - ok
10:35:30.0081 5844 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:35:30.0081 5844 MTConfig - ok
10:35:30.0112 5844 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:35:30.0112 5844 Mup - ok
10:35:30.0159 5844 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:35:30.0190 5844 napagent - ok
10:35:30.0237 5844 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:35:30.0252 5844 NativeWifiP - ok
10:35:30.0315 5844 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:35:30.0315 5844 NDIS - ok
10:35:30.0362 5844 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:35:30.0362 5844 NdisCap - ok
10:35:30.0377 5844 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:35:30.0393 5844 NdisTapi - ok
10:35:30.0424 5844 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:35:30.0455 5844 Ndisuio - ok
10:35:30.0486 5844 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:35:30.0518 5844 NdisWan - ok
10:35:30.0564 5844 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:35:30.0596 5844 NDProxy - ok
10:35:30.0611 5844 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:35:30.0611 5844 NetBIOS - ok
10:35:30.0642 5844 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:35:30.0674 5844 NetBT - ok
10:35:30.0689 5844 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:35:30.0689 5844 Netlogon - ok
10:35:30.0736 5844 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:35:30.0752 5844 Netman - ok
10:35:30.0798 5844 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:35:30.0798 5844 netprofm - ok
10:35:30.0845 5844 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:35:30.0861 5844 NetTcpPortSharing - ok
10:35:30.0861 5844 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:35:30.0861 5844 nfrd960 - ok
10:35:30.0908 5844 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:35:30.0923 5844 NlaSvc - ok
10:35:31.0095 5844 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
10:35:31.0142 5844 NOBU - ok
10:35:31.0220 5844 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\DRIVERS\npf.sys
10:35:31.0251 5844 NPF - ok
10:35:31.0266 5844 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:35:31.0266 5844 Npfs - ok
10:35:31.0266 5844 npggsvc - ok
10:35:31.0266 5844 NPPTNT2 - ok
10:35:31.0282 5844 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:35:31.0282 5844 nsi - ok
10:35:31.0298 5844 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:35:31.0298 5844 nsiproxy - ok
10:35:31.0376 5844 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:35:31.0376 5844 Ntfs - ok
10:35:31.0422 5844 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:35:31.0422 5844 Null - ok
10:35:31.0454 5844 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
10:35:31.0485 5844 NVHDA - ok
10:35:31.0828 5844 nvlddmkm (a5d0603cae6c334b1386204d94393c04) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:35:32.0062 5844 nvlddmkm - ok
10:35:32.0140 5844 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:35:32.0171 5844 nvraid - ok
10:35:32.0202 5844 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:35:32.0234 5844 nvstor - ok
10:35:32.0265 5844 nvsvc (268d382fcc6a8a568aab7c6dc8c71bb3) C:\Windows\system32\nvvsvc.exe
10:35:32.0296 5844 nvsvc - ok
10:35:32.0327 5844 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:35:32.0327 5844 nv_agp - ok
10:35:32.0358 5844 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:35:32.0358 5844 ohci1394 - ok
10:35:32.0390 5844 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:35:32.0390 5844 p2pimsvc - ok
10:35:32.0421 5844 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:35:32.0436 5844 p2psvc - ok
10:35:32.0452 5844 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:35:32.0452 5844 Parport - ok
10:35:32.0483 5844 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:35:32.0483 5844 partmgr - ok
10:35:32.0499 5844 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:35:32.0499 5844 PcaSvc - ok
10:35:32.0577 5844 pcCMService (3e73b088f57666a8f0f15496f0a602ee) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
10:35:32.0577 5844 pcCMService - ok
10:35:32.0655 5844 pcCMService64 (7551e3d275082c73b63ae484f72caef5) C:\Program Files\Common Files\Motive\pcCMService.exe
10:35:32.0655 5844 pcCMService64 - ok
10:35:32.0670 5844 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:35:32.0670 5844 pci - ok
10:35:32.0686 5844 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:35:32.0686 5844 pciide - ok
10:35:32.0717 5844 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:35:32.0717 5844 pcmcia - ok
10:35:32.0780 5844 pcServiceHost (a4d6449cebb5931685ae310dc2d7966d) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
10:35:32.0780 5844 pcServiceHost - ok
10:35:32.0795 5844 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:35:32.0795 5844 pcw - ok
10:35:32.0826 5844 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:35:32.0842 5844 PEAUTH - ok
10:35:32.0920 5844 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:35:32.0920 5844 PerfHost - ok
10:35:33.0014 5844 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:35:33.0060 5844 pla - ok
10:35:33.0092 5844 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:35:33.0123 5844 PlugPlay - ok
10:35:33.0138 5844 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:35:33.0138 5844 PNRPAutoReg - ok
10:35:33.0170 5844 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:35:33.0170 5844 PNRPsvc - ok
10:35:33.0201 5844 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:35:33.0232 5844 PolicyAgent - ok
10:35:33.0248 5844 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:35:33.0263 5844 Power - ok
10:35:33.0294 5844 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:35:33.0326 5844 PptpMiniport - ok
10:35:33.0341 5844 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:35:33.0341 5844 Processor - ok
10:35:33.0388 5844 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:35:33.0404 5844 ProfSvc - ok
10:35:33.0419 5844 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:35:33.0419 5844 ProtectedStorage - ok
10:35:33.0466 5844 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:35:33.0466 5844 Psched - ok
10:35:33.0482 5844 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
10:35:33.0528 5844 PSI_SVC_2 - ok
10:35:33.0606 5844 PSMAntiSpy (8ed258f25c9fe7b17c93421ad1c9a3f4) C:\PROGRA~2\PSMKorea\ANTIKE~1\PSMAntiS.exe
10:35:33.0840 5844 PSMAntiSpy - ok
10:35:33.0887 5844 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:35:33.0887 5844 PxHlpa64 - ok
10:35:34.0106 5844 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:35:34.0152 5844 ql2300 - ok
10:35:34.0199 5844 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:35:34.0199 5844 ql40xx - ok
10:35:34.0230 5844 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:35:34.0230 5844 QWAVE - ok
10:35:34.0246 5844 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:35:34.0246 5844 QWAVEdrv - ok
10:35:34.0246 5844 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:35:34.0262 5844 RasAcd - ok
10:35:34.0277 5844 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:35:34.0277 5844 RasAgileVpn - ok
10:35:34.0293 5844 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:35:34.0308 5844 RasAuto - ok
10:35:34.0324 5844 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:35:34.0355 5844 Rasl2tp - ok
10:35:34.0386 5844 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:35:34.0418 5844 RasMan - ok
10:35:34.0433 5844 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:35:34.0449 5844 RasPppoe - ok
10:35:34.0464 5844 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:35:34.0464 5844 RasSstp - ok
10:35:34.0480 5844 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:35:34.0480 5844 rdbss - ok
10:35:34.0496 5844 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:35:34.0511 5844 rdpbus - ok
10:35:34.0527 5844 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:35:34.0527 5844 RDPCDD - ok
10:35:34.0558 5844 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:35:34.0558 5844 RDPENCDD - ok
10:35:34.0558 5844 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:35:34.0574 5844 RDPREFMP - ok
10:35:34.0589 5844 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:35:34.0620 5844 RDPWD - ok
10:35:34.0667 5844 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:35:34.0683 5844 rdyboost - ok
10:35:34.0714 5844 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:35:34.0714 5844 RemoteAccess - ok
10:35:34.0730 5844 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:35:34.0745 5844 RemoteRegistry - ok
10:35:34.0823 5844 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
10:35:34.0886 5844 RoxMediaDB12OEM - ok
10:35:34.0917 5844 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
10:35:34.0948 5844 RoxWatch12 - ok
10:35:34.0995 5844 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:35:34.0995 5844 RpcEptMapper - ok
10:35:35.0026 5844 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:35:35.0026 5844 RpcLocator - ok
10:35:35.0057 5844 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:35:35.0057 5844 RpcSs - ok
10:35:35.0088 5844 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:35:35.0104 5844 rspndr - ok
10:35:35.0120 5844 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:35:35.0120 5844 SamSs - ok
10:35:35.0151 5844 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:35:35.0182 5844 sbp2port - ok
10:35:35.0198 5844 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:35:35.0213 5844 SCardSvr - ok
10:35:35.0229 5844 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:35:35.0260 5844 scfilter - ok
10:35:35.0322 5844 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:35:35.0354 5844 Schedule - ok
10:35:35.0400 5844 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
10:35:35.0400 5844 SCMNdisP - ok
10:35:35.0416 5844 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:35:35.0416 5844 SCPolicySvc - ok
10:35:35.0447 5844 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:35:35.0463 5844 SDRSVC - ok
10:35:35.0478 5844 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:35:35.0478 5844 secdrv - ok
10:35:35.0494 5844 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:35:35.0510 5844 seclogon - ok
10:35:35.0525 5844 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:35:35.0525 5844 SENS - ok
10:35:35.0525 5844 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:35:35.0541 5844 SensrSvc - ok
10:35:35.0556 5844 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:35:35.0556 5844 Serenum - ok
10:35:35.0572 5844 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:35:35.0572 5844 Serial - ok
10:35:35.0603 5844 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:35:35.0619 5844 sermouse - ok
10:35:35.0634 5844 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:35:35.0666 5844 SessionEnv - ok
10:35:35.0681 5844 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:35:35.0681 5844 sffdisk - ok
10:35:35.0697 5844 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:35:35.0697 5844 sffp_mmc - ok
10:35:35.0712 5844 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:35:35.0744 5844 sffp_sd - ok
10:35:35.0744 5844 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:35:35.0744 5844 sfloppy - ok
10:35:35.0853 5844 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
10:35:35.0915 5844 SftService - ok
10:35:35.0946 5844 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:35:35.0946 5844 ShellHWDetection - ok
10:35:35.0962 5844 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:35:35.0978 5844 SiSRaid2 - ok
10:35:35.0993 5844 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:35:35.0993 5844 SiSRaid4 - ok
10:35:36.0024 5844 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:35:36.0024 5844 Smb - ok
10:35:36.0056 5844 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:35:36.0056 5844 SNMPTRAP - ok
10:35:36.0087 5844 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:35:36.0087 5844 spldr - ok
10:35:36.0118 5844 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:35:36.0149 5844 Spooler - ok
10:35:36.0290 5844 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:35:36.0305 5844 sppsvc - ok
10:35:36.0368 5844 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:35:36.0368 5844 sppuinotify - ok
10:35:36.0430 5844 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:35:36.0430 5844 srv - ok
10:35:36.0446 5844 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:35:36.0461 5844 srv2 - ok
10:35:36.0477 5844 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:35:36.0477 5844 srvnet - ok
10:35:36.0508 5844 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:35:36.0524 5844 SSDPSRV - ok
10:35:36.0524 5844 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:35:36.0524 5844 SstpSvc - ok
10:35:36.0539 5844 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:35:36.0539 5844 stexstor - ok
10:35:36.0602 5844 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:35:36.0648 5844 stisvc - ok
10:35:36.0680 5844 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
10:35:36.0726 5844 stllssvr - ok
10:35:36.0742 5844 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:35:36.0742 5844 swenum - ok
10:35:36.0804 5844 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:35:36.0804 5844 swprv - ok
10:35:36.0898 5844 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:35:36.0898 5844 SysMain - ok
10:35:36.0945 5844 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:35:36.0976 5844 TabletInputService - ok
10:35:37.0007 5844 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:35:37.0038 5844 TapiSrv - ok
10:35:37.0038 5844 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:35:37.0038 5844 TBS - ok
10:35:37.0148 5844 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:35:37.0148 5844 Tcpip - ok
10:35:37.0272 5844 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:35:37.0288 5844 TCPIP6 - ok
10:35:37.0319 5844 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:35:37.0350 5844 tcpipreg - ok
10:35:37.0366 5844 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:35:37.0366 5844 TDPIPE - ok
10:35:37.0397 5844 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:35:37.0428 5844 TDTCP - ok
10:35:37.0444 5844 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:35:37.0475 5844 tdx - ok
10:35:37.0631 5844 TeamViewer7 (33966a658ff37e0c65d46e59f37e2380) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
10:35:37.0694 5844 TeamViewer7 - ok
10:35:37.0725 5844 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:35:37.0756 5844 TermDD - ok
10:35:37.0787 5844 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:35:37.0818 5844 TermService - ok
10:35:37.0834 5844 TfFsMon (fa5bfb71e561d279edae7e118435c1c9) C:\Windows\system32\drivers\TfFsMon.sys
10:35:37.0834 5844 TfFsMon - ok
10:35:37.0850 5844 TfNetMon (fa8400d74345ec4bf10e476ca0aaa2df) C:\Windows\system32\drivers\TfNetMon.sys
10:35:37.0881 5844 TfNetMon - ok
10:35:37.0912 5844 TfSysMon (f11aa1a704a4c027e5e8e0f355523834) C:\Windows\system32\drivers\TfSysMon.sys
10:35:37.0912 5844 TfSysMon - ok
10:35:37.0928 5844 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:35:37.0928 5844 Themes - ok
10:35:37.0959 5844 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:35:37.0959 5844 THREADORDER - ok
10:35:37.0974 5844 ThreatFire - ok
10:35:37.0990 5844 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:35:38.0006 5844 TrkWks - ok
10:35:38.0021 5844 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:35:38.0021 5844 TrustedInstaller - ok
10:35:38.0052 5844 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:35:38.0084 5844 tssecsrv - ok
10:35:38.0115 5844 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:35:38.0146 5844 TsUsbFlt - ok
10:35:38.0193 5844 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:35:38.0224 5844 tunnel - ok
10:35:38.0240 5844 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:35:38.0240 5844 uagp35 - ok
10:35:38.0271 5844 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:35:38.0302 5844 udfs - ok
10:35:38.0318 5844 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:35:38.0318 5844 UI0Detect - ok
10:35:38.0333 5844 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:35:38.0349 5844 uliagpkx - ok
10:35:38.0364 5844 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:35:38.0396 5844 umbus - ok
10:35:38.0396 5844 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:35:38.0411 5844 UmPass - ok
10:35:38.0427 5844 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:35:38.0442 5844 upnphost - ok
10:35:38.0442 5844 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:35:38.0474 5844 usbccgp - ok
10:35:38.0505 5844 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:35:38.0505 5844 usbcir - ok
10:35:38.0520 5844 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:35:38.0552 5844 usbehci - ok
10:35:38.0567 5844 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:35:38.0598 5844 usbhub - ok
10:35:38.0614 5844 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:35:38.0645 5844 usbohci - ok
10:35:38.0661 5844 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:35:38.0661 5844 usbprint - ok
10:35:38.0676 5844 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
10:35:38.0708 5844 USBSTOR - ok
10:35:38.0723 5844 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:35:38.0754 5844 usbuhci - ok
10:35:38.0754 5844 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:35:38.0770 5844 UxSms - ok
10:35:38.0786 5844 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:35:38.0786 5844 VaultSvc - ok
10:35:38.0801 5844 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:35:38.0801 5844 vdrvroot - ok
10:35:38.0848 5844 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:35:38.0895 5844 vds - ok
10:35:38.0910 5844 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:35:38.0910 5844 vga - ok
10:35:38.0910 5844 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:35:38.0910 5844 VgaSave - ok
10:35:38.0926 5844 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:35:38.0973 5844 vhdmp - ok
10:35:38.0988 5844 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:35:38.0988 5844 viaide - ok
10:35:39.0020 5844 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:35:39.0020 5844 volmgr - ok
10:35:39.0051 5844 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:35:39.0051 5844 volmgrx - ok
10:35:39.0082 5844 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:35:39.0082 5844 volsnap - ok
10:35:39.0113 5844 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:35:39.0113 5844 vsmraid - ok
10:35:39.0207 5844 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:35:39.0207 5844 VSS - ok
10:35:39.0285 5844 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:35:39.0285 5844 vwifibus - ok
10:35:39.0285 5844 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:35:39.0285 5844 vwififlt - ok
10:35:39.0300 5844 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:35:39.0316 5844 vwifimp - ok
10:35:39.0347 5844 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:35:39.0347 5844 W32Time - ok
10:35:39.0363 5844 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:35:39.0378 5844 WacomPen - ok
10:35:39.0410 5844 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:35:39.0441 5844 WANARP - ok
10:35:39.0456 5844 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:35:39.0456 5844 Wanarpv6 - ok
10:35:39.0534 5844 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:35:39.0581 5844 WatAdminSvc - ok
10:35:39.0659 5844 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:35:39.0690 5844 wbengine - ok
10:35:39.0737 5844 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:35:39.0753 5844 WbioSrvc - ok
10:35:39.0784 5844 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:35:39.0815 5844 wcncsvc - ok
10:35:39.0831 5844 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:35:39.0831 5844 WcsPlugInService - ok
10:35:39.0846 5844 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:35:39.0862 5844 Wd - ok
10:35:39.0893 5844 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:35:39.0909 5844 Wdf01000 - ok
10:35:39.0924 5844 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:35:39.0924 5844 WdiServiceHost - ok
10:35:39.0924 5844 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:35:39.0924 5844 WdiSystemHost - ok
10:35:39.0940 5844 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:35:39.0971 5844 WebClient - ok
10:35:40.0002 5844 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:35:40.0002 5844 Wecsvc - ok
10:35:40.0018 5844 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:35:40.0018 5844 wercplsupport - ok
10:35:40.0049 5844 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:35:40.0049 5844 WerSvc - ok
10:35:40.0065 5844 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:35:40.0065 5844 WfpLwf - ok
10:35:40.0096 5844 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
10:35:40.0143 5844 WimFltr - ok
10:35:40.0143 5844 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:35:40.0158 5844 WIMMount - ok
10:35:40.0158 5844 WinHttpAutoProxySvc - ok
10:35:40.0205 5844 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:35:40.0205 5844 Winmgmt - ok
10:35:40.0236 5844 WinRing0_1_2_0 - ok
10:35:40.0330 5844 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:35:40.0377 5844 WinRM - ok
10:35:40.0455 5844 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:35:40.0486 5844 WinUsb - ok
10:35:40.0533 5844 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:35:40.0548 5844 Wlansvc - ok
10:35:40.0580 5844 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:35:40.0626 5844 wlcrasvc - ok
10:35:40.0782 5844 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:35:40.0814 5844 wlidsvc - ok
10:35:40.0860 5844 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:35:40.0860 5844 WmiAcpi - ok
10:35:40.0892 5844 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:35:40.0892 5844 wmiApSrv - ok
10:35:40.0907 5844 WMPNetworkSvc - ok
10:35:40.0907 5844 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:35:40.0923 5844 WPCSvc - ok
10:35:40.0954 5844 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:35:40.0970 5844 WPDBusEnum - ok
10:35:41.0001 5844 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:35:41.0001 5844 ws2ifsl - ok
10:35:41.0001 5844 WSearch - ok
10:35:41.0048 5844 WSWNA3100 (d0697918519a4cf059c2c7e3b9e93a53) C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
10:35:41.0110 5844 WSWNA3100 - ok
10:35:41.0219 5844 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:35:41.0297 5844 wuauserv - ok
10:35:41.0360 5844 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:35:41.0391 5844 WudfPf - ok
10:35:41.0422 5844 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:35:41.0453 5844 WUDFRd - ok
10:35:41.0484 5844 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:35:41.0516 5844 wudfsvc - ok
10:35:41.0531 5844 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:35:41.0531 5844 WwanSvc - ok
10:35:41.0562 5844 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
10:35:41.0750 5844 \Device\Harddisk0\DR0 - ok
10:35:41.0750 5844 Boot (0x1200) (3a0b8f44e50745664564ec5b8100b7cb) \Device\Harddisk0\DR0\Partition0
10:35:41.0750 5844 \Device\Harddisk0\DR0\Partition0 - ok
10:35:41.0765 5844 Boot (0x1200) (11a750171f8a9481b7e8d63ad6819bc1) \Device\Harddisk0\DR0\Partition1
10:35:41.0765 5844 \Device\Harddisk0\DR0\Partition1 - ok
10:35:41.0765 5844 ============================================================
10:35:41.0765 5844 Scan finished
10:35:41.0765 5844 ============================================================
10:35:41.0765 6480 Detected object count: 0
10:35:41.0765 6480 Actual detected object count: 0

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:34 AM

Posted 28 July 2012 - 01:43 PM

Greetings


That looks very good, did you get to run the aswMBR scan?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 LovesAnime411

LovesAnime411
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 28 July 2012 - 03:28 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-16 18:47:55
-----------------------------
18:47:55.685 OS Version: Windows x64 6.1.7601 Service Pack 1
18:47:55.685 Number of processors: 4 586 0x2505
18:47:55.685 ComputerName: NICOLE-PC UserName: Nicole
18:47:58.743 Initialize success
19:06:17.629 AVAST engine defs: 12071601
19:13:16.490 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:13:16.490 Disk 0 Vendor: WDC_WD1001FAES-75W7A0 05.01D05 Size: 953869MB BusType: 3
19:13:16.537 Disk 0 MBR read successfully
19:13:16.537 Disk 0 MBR scan
19:13:16.552 Disk 0 Windows VISTA default MBR code
19:13:16.552 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:13:16.583 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 14142 MB offset 81920
19:13:16.615 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 939686 MB offset 29044736
19:13:16.677 Disk 0 scanning C:\Windows\system32\drivers
19:13:26.739 Service scanning
19:13:41.231 Modules scanning
19:13:41.231 Disk 0 trace - called modules:
19:13:41.247 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:13:41.247 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bd5790]
19:13:41.247 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8004903520]
19:13:41.263 5 ACPI.sys[fffff88000f007a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004905060]
19:13:43.462 AVAST engine scan C:\Windows
19:13:45.802 AVAST engine scan C:\Windows\system32
19:17:09.024 AVAST engine scan C:\Windows\system32\drivers
19:17:18.477 AVAST engine scan C:\Users\Nicole
19:19:21.686 File: C:\Users\Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\767992e2-16da1bfe **INFECTED** Win32:Karagany-IK [Trj]
19:20:19.297 AVAST engine scan C:\ProgramData
19:23:03.222 Scan finished successfully
19:39:39.737 Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Desktop\MBR.dat"
19:39:39.737 The log file has been saved successfully to "C:\Users\Nicole\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-28 10:36:56
-----------------------------
10:36:56.147 OS Version: Windows x64 6.1.7601 Service Pack 1
10:36:56.147 Number of processors: 4 586 0x2505
10:36:56.148 ComputerName: NICOLE-PC UserName: Nicole
10:36:57.683 Initialize success
10:39:26.707 AVAST engine defs: 12072800
10:40:06.066 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:40:06.068 Disk 0 Vendor: WDC_WD1001FAES-75W7A0 05.01D05 Size: 953869MB BusType: 3
10:40:06.086 Disk 0 MBR read successfully
10:40:06.087 Disk 0 MBR scan
10:40:06.092 Disk 0 Windows VISTA default MBR code
10:40:06.094 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
10:40:06.107 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 14142 MB offset 81920
10:40:06.112 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 939686 MB offset 29044736
10:40:06.127 Disk 0 scanning C:\Windows\system32\drivers
10:40:13.040 Service scanning
10:40:27.036 Modules scanning
10:40:27.045 Disk 0 trace - called modules:
10:40:27.059 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:40:27.064 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bdc790]
10:40:27.066 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004900890]
10:40:27.069 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004906060]
10:40:28.824 AVAST engine scan C:\Windows
10:40:34.129 AVAST engine scan C:\Windows\system32
10:43:41.784 AVAST engine scan C:\Windows\system32\drivers
10:43:51.018 AVAST engine scan C:\Users\Nicole
10:46:26.773 AVAST engine scan C:\ProgramData
10:49:00.463 Scan finished successfully
12:42:28.540 Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Desktop\MBR.dat"
12:42:28.585 The log file has been saved successfully to "C:\Users\Nicole\Desktop\aswMBR.txt"

I'm still getting redirected to websites.

Edited by LovesAnime411, 28 July 2012 - 03:28 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:34 AM

Posted 28 July 2012 - 04:25 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 LovesAnime411

LovesAnime411
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 28 July 2012 - 07:37 PM

OTL logfile created on: 7/28/2012 5:18:25 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Nicole\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 70.08% Memory free
7.61 Gb Paging File | 5.86 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.66 Gb Total Space | 866.66 Gb Free Space | 94.44% Space Free | Partition Type: NTFS

Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nicole\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent)
PRC - C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe (Alcatel-Lucent)
PRC - C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe (Alcatel-Lucent)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe ()
PRC - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\37xg9g1c.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ()
MOD - C:\Program Files (x86)\bin\libsasl32.dll ()
MOD - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
MOD - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (pcCMService64) -- C:\Program Files\Common Files\Motive\pcCMService.exe (Alcatel-Lucent)
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\WINDOWS\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (pcCMService) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent)
SRV - (pcServiceHost) -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe (Alcatel-Lucent)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (npggsvc) -- C:\WINDOWS\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (WSWNA3100) -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe ()
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (PSMAntiSpy) -- C:\Program Files (x86)\PSMKorea\AntiKeyLogger\PSMAntiS.exe (PSMKorea - http://www.psmkorea.co.kr)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\WINDOWS\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (MREMP50a64) -- C:\Program Files\Common Files\Motive\MREMP50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (MRESP50a64) -- C:\Program Files\Common Files\Motive\MRESP50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\WINDOWS\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\WINDOWS\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\WINDOWS\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\WINDOWS\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\WINDOWS\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\WINDOWS\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\WINDOWS\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\WINDOWS\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (igfx) -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (amdsata) -- C:\WINDOWS\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\WINDOWS\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TfSysMon) -- C:\WINDOWS\SysNative\drivers\TfSysMon.sys (PC Tools)
DRV:64bit: - (TfNetMon) -- C:\WINDOWS\SysNative\drivers\TfNetMon.sys (PC Tools)
DRV:64bit: - (TfFsMon) -- C:\WINDOWS\SysNative\drivers\TfFsMon.sys (PC Tools)
DRV:64bit: - (HpSAMD) -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (FSProFilter) -- C:\WINDOWS\SysNative\drivers\FSPFltd.sys (FSPro Labs)
DRV:64bit: - (PxHlpa64) -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\WINDOWS\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (NPF) -- C:\WINDOWS\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (NVHDA) -- C:\WINDOWS\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (BCMH43XX) -- C:\WINDOWS\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) -- C:\WINDOWS\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\WINDOWS\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\WINDOWS\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SCMNdisP) -- C:\WINDOWS\SysNative\drivers\SCMNdisP.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (WimFltr) -- C:\WINDOWS\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (WIMMount) -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\WINDOWS\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3244020198-3975211899-363119154-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3244020198-3975211899-363119154-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-3244020198-3975211899-363119154-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-3244020198-3975211899-363119154-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3244020198-3975211899-363119154-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3244020198-3975211899-363119154-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS462
IE - HKU\S-1-5-21-3244020198-3975211899-363119154-1001\..\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z129&form=ZGAIDF&install_date=20111216&iesrc={referrer:source}
IE - HKU\S-1-5-21-3244020198-3975211899-363119154-1001\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=d2675942-ec9c-49f2-b3d9-f70c86818fdb&query={searchTerms}
IE - HKU\S-1-5-21-3244020198-3975211899-363119154-1001\..\SearchScopes\{D9002D0B-CFEA-4D27-82AC-BAA9E25FD5EA}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000TRUS&apn_uid=0E4397F2-18F8-4723-9C67-8422E8F03792&apn_sauid=8567EFCF-4E02-4D38-BD4E-2F5622B7CCC9&
IE - HKU\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/25 23:02:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/22 02:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{36166405-CF9D-11E1-8270-B8AC6F996F26}: C:\Users\Nicole\AppData\Local\{36166405-CF9D-11E1-8270-B8AC6F996F26}\ [2012/07/16 16:23:16 | 000,000,000 | ---D | M]

[2011/12/16 15:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Extensions
[2012/07/10 22:27:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\37xg9g1c.default\extensions
[2012/03/29 14:54:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\37xg9g1c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/21 21:45:47 | 000,000,000 | ---D | M] (CSHelper) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\37xg9g1c.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
[2012/06/18 13:17:53 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\37xg9g1c.default\extensions\support@lastpass.com
[2012/06/18 19:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/16 16:23:16 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\NICOLE\APPDATA\LOCAL\{36166405-CF9D-11E1-8270-B8AC6F996F26}
[2012/07/10 22:27:11 | 000,340,684 | ---- | M] () (No name found) -- C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\37XG9G1C.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/07/22 02:56:44 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/12 14:39:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/12 14:39:55 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/08 23:39:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120625185611.dll (McAfee, Inc.)
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120625185612.dll (McAfee, Inc.)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3244020198-3975211899-363119154-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Comcast_McciTrayApp] C:\Program Files\Comcast\pcTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [croau] ",FLOAT32TO16ARRAY File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3244020198-3975211899-363119154-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3244020198-3975211899-363119154-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D28482D3-F80E-43F7-9ACB-C120391A9C30}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9327CC1-651B-4814-9D6C-C2F1CD7D9998}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/28 17:17:15 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe
[2012/07/28 10:36:12 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Nicole\Desktop\aswMBR(1).exe
[2012/07/28 10:34:25 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nicole\Desktop\tdsskiller.exe
[2012/07/28 05:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/28 03:47:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/16 18:46:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/07/16 16:23:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{36166405-CF9D-11E1-8270-B8AC6F996F26}
[2012/07/11 22:15:06 | 000,000,000 | R--D | C] -- C:\Users\Nicole\Desktop\Images
[2012/07/11 22:08:32 | 000,000,000 | R--D | C] -- C:\Users\Nicole\Desktop\Software
[2012/07/11 03:52:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 03:52:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 03:52:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 03:52:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 03:52:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 03:52:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 03:52:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 03:52:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 03:52:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 03:52:48 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 03:52:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 03:52:48 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 03:52:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 03:32:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 03:32:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 03:32:13 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 03:32:05 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 03:32:01 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 00:14:43 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Ulead Systems
[2012/07/11 00:14:42 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Documents\Corel PaintShop Pro
[2012/07/11 00:14:42 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Corel PaintShop Pro
[2012/07/11 00:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
[2012/07/11 00:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X4
[2012/07/11 00:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2012/07/10 23:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012/07/10 23:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012/07/10 23:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2012/07/10 23:46:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/03 00:43:55 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{AB4EED43-C178-45DD-9EE8-BDCD625AAB21}
[2012/07/03 00:43:43 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{83429D12-7CDC-4A33-9907-B38ED9B1044B}
[2012/06/28 18:32:04 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{D9A828EC-A3C8-4941-85EC-56C40D3447BC}
[2012/06/28 18:31:50 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{30DF97A7-DF33-42E2-9F0B-FB99B5251091}
[2011/10/22 04:23:12 | 000,068,272 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dat
[2011/10/22 04:23:10 | 002,366,128 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps.exe
[2011/10/22 04:21:00 | 000,139,776 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\frapslcd.dll
[2011/10/22 04:06:32 | 000,231,600 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps32.dll
[2011/10/22 04:06:32 | 000,185,520 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\SysNative\
[2012/07/28 17:17:16 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe
[2012/07/28 17:03:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/28 16:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/28 14:03:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/28 12:42:28 | 000,000,512 | ---- | M] () -- C:\Users\Nicole\Desktop\MBR.dat
[2012/07/28 11:00:05 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/07/28 10:36:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Nicole\Desktop\aswMBR(1).exe
[2012/07/28 10:34:29 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nicole\Desktop\tdsskiller.exe
[2012/07/28 04:47:04 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 04:47:04 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 04:39:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/28 04:39:46 | 3063,242,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/27 07:57:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 07:57:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/16 19:43:59 | 000,009,117 | ---- | M] () -- C:\Users\Nicole\Desktop\bleepinglogfiles.zip
[2012/07/16 18:46:28 | 263,248,515 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/16 18:34:49 | 000,869,194 | ---- | M] () -- C:\Users\Nicole\Desktop\SecurityCheck.exe
[2012/07/15 02:15:34 | 000,100,545 | ---- | M] () -- C:\Users\Nicole\Desktop\PAL73AF.jpg
[2012/07/11 04:20:58 | 000,331,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/10 22:25:56 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Windows\SysNative\
[2012/07/16 19:43:59 | 000,009,117 | ---- | C] () -- C:\Users\Nicole\Desktop\bleepinglogfiles.zip
[2012/07/16 19:39:39 | 000,000,512 | ---- | C] () -- C:\Users\Nicole\Desktop\MBR.dat
[2012/07/16 18:34:43 | 000,869,194 | ---- | C] () -- C:\Users\Nicole\Desktop\SecurityCheck.exe
[2012/07/16 17:33:20 | 263,248,515 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/15 02:15:34 | 000,100,545 | ---- | C] () -- C:\Users\Nicole\Desktop\PAL73AF.jpg
[2012/06/11 21:57:33 | 000,002,872 | ---- | C] () -- C:\Windows\SysWow64\LOWERP.ini
[2012/06/11 21:57:33 | 000,001,544 | ---- | C] () -- C:\Windows\SysWow64\LPOff.ini
[2012/06/11 21:52:44 | 000,000,600 | ---- | C] () -- C:\Users\Nicole\AppData\Local\PUTTY.RND
[2012/05/22 13:49:29 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/05/12 02:55:00 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\5C53507EE1.sys
[2012/05/12 02:50:36 | 000,003,350 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/04/21 21:26:27 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2012/02/05 04:25:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/05 04:25:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/05 04:25:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/05 04:25:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/05 04:25:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/19 21:40:40 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\defogger_reenable
[2012/01/10 14:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 14:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 14:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 13:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/01/07 19:55:29 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Local\{ABDCD697-4D7D-4867-9267-959E9DDD3563}
[2012/01/06 02:22:00 | 000,003,314 | -HS- | C] () -- C:\Users\Nicole\AppData\Local\mi5403eg5jmx17x87g888hp7y5h7bhlqb325plkh4t42ob
[2012/01/06 02:22:00 | 000,003,314 | -HS- | C] () -- C:\ProgramData\mi5403eg5jmx17x87g888hp7y5h7bhlqb325plkh4t42ob
[2011/12/21 23:51:42 | 000,000,408 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\CamShapes.ini
[2011/12/21 23:51:42 | 000,000,408 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\CamLayout.ini
[2011/12/21 23:51:42 | 000,000,069 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\Camdata.ini
[2011/12/21 23:31:11 | 000,004,416 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\CamStudio.cfg
[2011/12/17 02:50:27 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Local\{B69DE229-622B-490B-AA45-6ADD5BC00BB9}
[2011/12/16 20:11:33 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Local\{35A0E6AA-D98C-4845-910A-B757F929CB35}
[2011/12/16 18:59:43 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/16 17:46:40 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/22 03:48:54 | 000,001,905 | ---- | C] () -- C:\Program Files (x86)\README.HTM

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:8893D792
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

OTL Extras logfile created on: 7/28/2012 5:18:25 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Nicole\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 70.08% Memory free
7.61 Gb Paging File | 5.86 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.66 Gb Total Space | 866.66 Gb Free Space | 94.44% Space Free | Partition Type: NTFS

Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0015DE8E-8D9F-403E-8E5A-4098410E6125}" = PSPPro64
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java™ 7 Update 3 (64-bit)
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java™ SE Development Kit 7 Update 3 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7095F86C-BB1A-4254-96A0-7C63A1F8D403}" = TortoiseSVN 1.7.3.22386 (64 bit)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"My Lockbox_is1" = My Lockbox 2.7 Christmas Edition
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA
"{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent
"{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4
"{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM
"{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup
"{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1" = WTFast 2.0 beta 1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39D06E77-8921-4056-8901-36D0035BAECA}" = Dell Stage
"{3E8A1ADF-B72C-47FE-85F6-F7A73C487F6C}" = Dell MusicStage
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{576CA494-F771-4B10-9AF0-8ED4A7AFB0CC}_is1" = Amnesia - The Dark Descent Demo
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}" = Dell Marketplace Webslice IE8
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Cleanersoft Free Registry Fix" = Cleanersoft Free Registry Fix
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Comcast" = EasySolve
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Fraps" = Fraps
"GoToAssist" = GoToAssist Corporate
"InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"iRO 13.2 VIP Full Client" = iRO 13.2 VIP Full Client
"LastPass" = LastPass (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"PalaceChat_is1" = PalaceChat version 4.1.182
"Palringo" = Palringo
"PSM AntiKeyLogger" = PSM AntiKeyLogger
"Revo Uninstaller" = Revo Uninstaller 1.93
"TeamViewer 7" = TeamViewer 7
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/11/2012 6:37:02 PM | Computer Name = Nicole-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/11/2012 7:09:58 PM | Computer Name = Nicole-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/12/2012 2:27:35 PM | Computer Name = Nicole-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/13/2012 8:39:54 AM | Computer Name = Nicole-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/13/2012 9:22:45 AM | Computer Name = Nicole-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/14/2012 4:09:08 AM | Computer Name = Nicole-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/14/2012 11:21:21 PM | Computer Name = Nicole-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/15/2012 6:37:16 PM | Computer Name = Nicole-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/16/2012 1:57:21 PM | Computer Name = Nicole-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/16/2012 7:22:47 PM | Computer Name = Nicole-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vmwlwyk.exe, version: 0.0.0.0, time stamp:
0x50047627 Faulting module name: vmwlwyk.exe, version: 0.0.0.0, time stamp: 0x50047627
Exception
code: 0xc0000005 Fault offset: 0x000515e8 Faulting process id: 0x43e8 Faulting application
start time: 0x01cd63a9c32e15ed Faulting application path: C:\Users\Nicole\AppData\Local\vmwlwyk.exe
Faulting
module path: C:\Users\Nicole\AppData\Local\vmwlwyk.exe Report Id: 26b30f50-cf9d-11e1-9d03-782bcb89e5f8

Error - 7/16/2012 7:23:10 PM | Computer Name = Nicole-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vmwlwyk.exe, version: 0.0.0.0, time stamp:
0x50047627 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x43e8 Faulting application
start time: 0x01cd63a9c32e15ed Faulting application path: C:\Users\Nicole\AppData\Local\vmwlwyk.exe
Faulting
module path: unknown Report Id: 349ecd1f-cf9d-11e1-9d03-782bcb89e5f8

[ Media Center Events ]
Error - 2/23/2012 12:46:42 PM | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0
Description = 8:46:38 AM - Error connecting to the internet. 8:46:38 AM - Unable
to contact server..

Error - 2/27/2012 12:50:58 PM | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0
Description = 8:50:58 AM - Failed to retrieve Directory (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 3/7/2012 12:43:36 PM | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0
Description = 8:43:36 AM - Error connecting to the internet. 8:43:36 AM - Unable
to contact server..

Error - 3/7/2012 12:43:47 PM | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0
Description = 8:43:41 AM - Error connecting to the internet. 8:43:41 AM - Unable
to contact server..

Error - 3/7/2012 1:43:52 PM | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0
Description = 9:43:52 AM - Error connecting to the internet. 9:43:52 AM - Unable
to contact server..

Error - 3/7/2012 1:43:59 PM | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0
Description = 9:43:57 AM - Error connecting to the internet. 9:43:57 AM - Unable
to contact server..

Error - 3/7/2012 2:44:04 PM | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0
Description = 10:44:04 AM - Error connecting to the internet. 10:44:04 AM - Unable
to contact server..

Error - 3/7/2012 2:44:10 PM | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0
Description = 10:44:09 AM - Error connecting to the internet. 10:44:09 AM - Unable
to contact server..

Error - 3/7/2012 3:44:14 PM | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0
Description = 11:44:14 AM - Error connecting to the internet. 11:44:14 AM - Unable
to contact server..

Error - 3/7/2012 3:44:20 PM | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0
Description = 11:44:19 AM - Error connecting to the internet. 11:44:19 AM - Unable
to contact server..

[ System Events ]
Error - 7/28/2012 7:30:03 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 7/28/2012 7:30:03 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 7/28/2012 7:39:50 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 7/28/2012 7:39:50 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 7/28/2012 7:39:52 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 7/28/2012 7:39:53 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/28/2012 7:40:26 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/28/2012 7:40:26 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/28/2012 7:42:06 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.

Error - 7/28/2012 7:42:06 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MpsSvc. This service might not be installed.


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users