Jump to content

Recommended Posts

Every time I click on the search results (pretty much any search engine), I get redirected to sites like: infomash, bestmarket store, arcresearch. I updated my McAfee and it got rid of a few trojans but problem persists. I tried to outsmart it and buy a virus protection, but my credit card company phoned me and asked me if I intended to authorize: YOUTUBESTUDIOPRO.COM in Minsk Belarus for the transaction (of course I did not; I thought I was buying a Microsoft antivirus product.) So then I downloaded free version of Malware and problem continues (and now I can't do certain things on legit sites, like login to Amazon.com.)

So I followed the next step in your directions and just hope someone can please HELP an idiot like me.

Moderator edits to place logs In-line

DDS log

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Oona at 20:33:17 on 2011-12-27

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2474 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Users\Oona\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe

c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wuauclt.exe

C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://webaccesss.aaanet.org/owa

uDefault_Page_URL = g.msn.com/USCON/1

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll

uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe,

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111224133439.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"

uRun: [MouseOnlineNotifier] rundll32.exe "C:\ProgramData\MouseOnlineNotifier.dll",DllRegisterServer

uRun: [Caphyon] rundll32.exe "C:\Users\Oona\AppData\Local\Dell Edoc Viewer\DellUpdate\Dellupdt32.DLL",DllRegisterServer

uRun: [installIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

StartupFolder: C:\Users\Oona\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\Oona\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Oona\AppData\Roaming\Dropbox\bin\Dropbox.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

Trusted Zone: aaanet.org\webaccess

Trusted Zone: excite.com\www1

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{83FDE874-69B7-4F0C-9778-7859E55CB43A} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{83FDE874-69B7-4F0C-9778-7859E55CB43A}\14141423031313 : DhcpNameServer = 64.254.224.2 216.94.180.2

TCP: Interfaces\{83FDE874-69B7-4F0C-9778-7859E55CB43A}\747584F63707964716C6 : DhcpNameServer = 4.2.2.2

TCP: Interfaces\{87201D80-68A0-46AE-B4F3-2323810DC3A9} : DhcpNameServer = 192.168.1.5 192.168.1.8

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111224133439.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll

BHO-X64: NetAssistantBHO - No File

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-2 98208]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-24 249936]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-24 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-24 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-24 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-12-24 199272]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-12-24 208536]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-11-2 1692480]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-2 2320920]

R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-12-27 02:56:43 -------- d-----w- C:\Users\Oona\AppData\Roaming\Malwarebytes

2011-12-27 02:51:08 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-27 02:51:05 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-27 02:51:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-24 18:34:52 -------- d-----w- C:\Program Files (x86)\McAfee.com

2011-12-24 18:34:39 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2011-12-24 18:34:31 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys

2011-12-24 18:34:31 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2011-12-24 18:34:31 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2011-12-24 18:34:31 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2011-12-24 18:34:31 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2011-12-24 18:34:31 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

2011-12-24 18:34:19 -------- d-----w- C:\Program Files\McAfee.com

2011-12-24 18:34:19 -------- d-----w- C:\Program Files\McAfee

2011-12-24 18:34:19 -------- d-----w- C:\Program Files\Common Files\McAfee

2011-12-24 18:08:01 161168 ----a-w- C:\Windows\System32\mfevtps.exe

2011-12-24 03:22:37 -------- d-----w- C:\Program Files (x86)\Amazon

2011-12-24 02:01:58 121344 ----a-w- C:\Windows\SysWow64\srrstr.dll

2011-12-24 02:01:57 353792 ----a-w- C:\ProgramData\MouseOnlineNotifier.dll

2011-12-23 22:13:28 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{00CA3393-240A-48FA-8A04-0B3DDEA28194}\mpengine.dll

2011-12-15 02:03:17 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-15 02:01:59 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-15 02:01:57 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-15 02:01:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-15 02:01:52 2048 ----a-w- C:\Windows\System32\tzres.dll

.

==================== Find3M ====================

.

2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys

2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec

2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-15 17:16:16 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2011-10-15 17:16:16 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 20:33:56.50 ===============

ATTACH.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/9/2010 7:21:30 PM

System Uptime: 12/27/2011 6:31:46 PM (2 hours ago)

.

Motherboard: Dell Inc. | | 021CN3

Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | U2E1 | 2266/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 406.627 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP69: 11/11/2011 6:27:04 PM - Windows Update

RP70: 11/12/2011 3:00:18 AM - Windows Update

RP71: 11/14/2011 9:39:03 PM - Installed OverDrive Media Console

RP72: 11/15/2011 4:19:12 PM - Windows Update

RP73: 11/18/2011 5:58:09 PM - Windows Update

RP74: 11/22/2011 8:50:41 PM - Windows Update

RP75: 11/25/2011 8:42:00 PM - Windows Update

RP76: 11/29/2011 8:09:12 PM - Windows Update

RP77: 12/2/2011 4:59:27 PM - Windows Update

RP78: 12/6/2011 9:25:15 PM - Windows Update

RP79: 12/8/2011 7:24:49 PM - Windows Update

RP80: 12/9/2011 7:18:13 PM - Windows Update

RP81: 12/14/2011 8:45:21 PM - Windows Update

RP82: 12/14/2011 10:25:11 PM - Windows Update

RP83: 12/16/2011 6:59:41 AM - Windows Update

RP84: 12/16/2011 10:35:05 PM - Windows Update

RP85: 12/20/2011 7:01:38 PM - Windows Update

RP86: 12/23/2011 5:13:14 PM - Windows Update

RP87: 12/23/2011 11:02:08 PM - Removed Cozi

RP88: 12/23/2011 11:02:56 PM - Removed Microsoft Silverlight

RP89: 12/24/2011 3:00:10 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.20

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.1.2

Advanced Audio FX Engine

Amazon MP3 Downloader 1.0.15

Apple Application Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Bing Bar

Consumer In-Home Service Agreement

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Dock

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Webcam Central

Dropbox

Freeze.com NetAssistant

GoToAssist 8.0.0.514

InstallIQ Updater

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Java Auto Updater

Java 6 Update 20

Junk Mail filter update

KODAK Gallery Upload Software

Live! Cam Avatar Creator

Malwarebytes' Anti-Malware version 1.51.2.1300

McAfee Internet Security

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office 2010

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

NetAssistant

OLYMPUS Master 2

OverDrive Media Console

QuickTime

RCA Digital Voice Manager 5.1.1.2

Realtek High Definition Audio Driver

Roxio Burn

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Skype Toolbars

Skype™ 5.5

Snagit 10

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

WildTangent Games

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

12/27/2011 6:33:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

12/27/2011 12:46:07 PM, Error: Service Control Manager [7034] - The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

12/25/2011 9:41:29 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Oona-PC\Oona SID (S-1-5-21-2643000203-2350800560-920910613-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

.

==== End Of File ===========================

Edited by Maurice Naggar
placing logs In-line & added highlighting
Link to post
Share on other sites

Hello. Welcome to MalwareBytes forums.

I'd highly suggest (if you did not already) you recontact the issuer of your credit card and have them put it on "watch" or better, close it and have them re issue you a new one. The Russian bad guys now have your CC info and could cause you a lot of bogus charges.

Do not do any sort of websurfing, NO online searches, definetely no online banking !!!

At this point the pc security is in question, if there's more than beyond just the search redirects.

How long have you had the McAfee antivirus program? Was it a recent install? What did you have before?

You downloaded MBAM. Have you done any scan with it? If yes, I need for you to Copy the contents of the last scan log and paste copy into a Reply.

Do NOT use the attachment feature to put your logs. Always Copy then Paste the contents into the reply box.

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

These steps are for member Oschmid only. If you are a casual viewer, do NOT try this on your system!

If you are not Oschmid and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Click the Start button , click Control Panel, next select Programs, and then select Programs and Features.

Look for Freeze.com Net assistant

Select it and then de-install it. That is a bugger. Needs removal

Step 4

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner sub-tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 5

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

  • A window may open with prompts. Accept the EULA and pay attention to prompts to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the MBAM log, and the C:\Combofix.txt log

Link to post
Share on other sites

Hello. Welcome to MalwareBytes forums.

THANK YOU FOR YOUR KIND HELP.

How long have you had the McAfee antivirus program? Was it a recent install? What did you have before?

IT CAME WITH THE COMPUTER, WHICH I JUST EXTENDED PAST THE COMPLIMENTARY PERIOD OF TIME.

You downloaded MBAM. Have you done any scan with it? If yes, I need for you to Copy the contents of the last scan log and paste copy into a Reply.

Do NOT use the attachment feature to put your logs. Always Copy then Paste the contents into the reply box.

I WILL DO THIS AND GET YOU MORE INFORMATION TOMORROW. I DISCONNNECTED THE WIFI ON MY INFECTED COMPUTER, SO I'LL TRY DOING THIS WHEN I GET HOME.

Link to post
Share on other sites

You downloaded MBAM. Have you done any scan with it? If yes, I need for you to Copy the contents of the last scan log and paste copy into a Reply.

Do NOT use the attachment feature to put your logs. Always Copy then Paste the contents into the reply box.

I DON'T THINK I DID DOWNLOAD MBAM? OR IS MBAM THE MALWARE FREEWARE VERSION WHICH I DOWNLOADED ON THE 24TH OR 25TH AND RAN TWICE. PLEASE JUST CONFIRM.

AT ANY RATE, I CAN NO LONGER ACCESS INTERNET FROM MY COMPUTER, SO I PRINTED YOUR DIRECTIONS BELOW AND HAVE PUT THE ERUNT.EXE ON A FLASHDRIVE AND WILL TRY YOUR STEPS TONIGHT OFFLINE. THANKS AGAIN!

Link to post
Share on other sites

I got through steps 1 -4. I am in step 5. Combofix has been running since yesterday 3:00 pm (about 18 hours ago). The screen saver came up, so I can't tell exactly what's going on. Of three lights on the laptop, the leftside one is and has been on steadily, the middle one is still flickering, irregularly on and off, and the rightside is now off, not flickering at all (although it was yesterday.)

Would you advise that I keep Combofix running? Or would you advise that I wake up the computer?

Thank you again for your help and patience. I really appreciate it,

Oona

Edited by Maurice Naggar
Edited for brevity - remove quote box
Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122904

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/29/2011 4:23:11 PM

mbam-log-2011-12-29 (16-23-11).txt

Scan type: Full scan (C:\|E:\|)

Objects scanned: 297478

Time elapsed: 34 minute(s), 54 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

c:\Users\Oona\AppData\Local\mjg.exe (Trojan.ExeShell.Gen) -> 3460 -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (gyD) Good: (exefile) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Oona\AppData\Local\mjg.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Oona\AppData\Local\mjg.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

c:\Users\Oona\AppData\LocalLow\Sun\Java\deployment\cache\6.0\4\764ce04-14903e6a (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Link to post
Share on other sites

ComboFix 11-12-29.05 - Oona 12/31/2011 18:48:13.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2815 [GMT -5:00]

Running from: c:\users\Oona\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\MouseOnlineNotifier.dll

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll

c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll

c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat

c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe

c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico

c:\users\Oona\AppData\Local\assembly\tmp

c:\users\Oona\AppData\Local\Dell Edoc Viewer\DellUpdate\Dellupdt32.DLL

c:\windows\system32\java.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))

.

.

2011-12-29 17:00 . 2011-12-29 17:00 -------- d-----w- c:\program files (x86)\ERUNT

2011-12-27 02:56 . 2011-12-27 02:56 -------- d-----w- c:\users\Oona\AppData\Roaming\Malwarebytes

2011-12-27 02:51 . 2011-12-27 02:51 -------- d-----w- c:\programdata\Malwarebytes

2011-12-27 02:51 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-27 02:51 . 2011-12-27 02:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-24 18:34 . 2011-12-24 18:34 -------- d-----w- c:\program files (x86)\McAfee.com

2011-12-24 18:34 . 2011-10-15 17:16 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-12-24 18:34 . 2011-10-15 17:16 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-12-24 18:34 . 2011-10-15 17:16 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-12-24 18:34 . 2011-10-15 17:16 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-12-24 18:34 . 2011-10-15 17:16 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-12-24 18:34 . 2011-10-15 17:16 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-12-24 18:34 . 2011-10-15 17:16 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-12-24 18:34 . 2011-12-24 18:35 -------- d-----w- c:\program files\McAfee

2011-12-24 18:34 . 2011-12-24 18:34 -------- d-----w- c:\program files\Common Files\McAfee

2011-12-24 18:08 . 2011-11-18 21:36 161168 ----a-w- c:\windows\system32\mfevtps.exe

2011-12-24 03:22 . 2011-12-24 03:22 -------- d-----w- c:\program files (x86)\Amazon

2011-12-24 02:01 . 2011-12-23 12:23 121344 ----a-w- c:\windows\SysWow64\srrstr.dll

2011-12-23 22:13 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00CA3393-240A-48FA-8A04-0B3DDEA28194}\mpengine.dll

2011-12-15 02:03 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-15 02:01 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll

2011-12-15 02:01 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-15 02:01 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-15 02:01 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-15 17:16 . 2011-10-15 17:16 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-10-15 17:16 . 2011-10-15 17:16 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-06-04 214840]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Oona\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Oona\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Oona\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-05-15 95536]

"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-05-15 54576]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-11 559616]

.

c:\users\Oona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

Dropbox.lnk - c:\users\Oona\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 208536]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Oona\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Oona\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Oona\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Oona\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-08 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-08 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-08 413720]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://webaccesss.aaanet.org/owa

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

Trusted Zone: aaanet.org\webaccess

Trusted Zone: excite.com\www1

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-MouseOnlineNotifier - c:\programdata\MouseOnlineNotifier.dll

Wow6432Node-HKCU-Run-Caphyon - c:\users\Oona\AppData\Local\Dell Edoc Viewer\DellUpdate\Dellupdt32.DLL

Toolbar-Locked - (no file)

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-7-Zip 9.20 - c:\program files (x86)\7-Zip\Uninstall.exe

AddRemove-Dell Game Console - c:\program files (x86)\WildTangent\Dell Games\Dell Game Console\Uninstall.exe

AddRemove-WildTangent dell Master Uninstall - c:\program files (x86)\WildTangent\Dell Games\Uninstall.exe

AddRemove-WildTangentGameProvider-dell-genres - c:\program files (x86)\WildTangent\Dell Games\Game Explorer Categories - genres\Uninstall.exe

AddRemove-WildTangentGameProvider-dell-main - c:\program files (x86)\WildTangent\Dell Games\Game Explorer Categories - main\Uninstall.exe

AddRemove-WT071246 - c:\program files (x86)\WildTangent\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe

AddRemove-WT071265 - c:\program files (x86)\WildTangent\Dell Games\Chuzzle Deluxe\Uninstall.exe

AddRemove-WT071298 - c:\program files (x86)\WildTangent\Dell Games\Diner Dash\Uninstall.exe

AddRemove-WT071368 - c:\program files (x86)\WildTangent\Dell Games\Jewel Quest Solitaire 2\Uninstall.exe

AddRemove-WT071418 - c:\program files (x86)\WildTangent\Dell Games\Virtual Villagers - The Secret City\Uninstall.exe

AddRemove-WT071443 - c:\program files (x86)\WildTangent\Dell Games\Blasterball 2 Revolution\Uninstall.exe

AddRemove-WT071469 - c:\program files (x86)\WildTangent\Dell Games\Plants vs. Zombies\Uninstall.exe

AddRemove-WT071472 - c:\program files (x86)\WildTangent\Dell Games\Polar Bowler\Uninstall.exe

AddRemove-WT071475 - c:\program files (x86)\WildTangent\Dell Games\Scrabble\Uninstall.exe

AddRemove-WT071478 - c:\program files (x86)\WildTangent\Dell Games\Yahtzee\Uninstall.exe

AddRemove-WT071797 - c:\program files (x86)\WildTangent\Dell Games\FATE\Uninstall.exe

AddRemove-WT071815 - c:\program files (x86)\WildTangent\Dell Games\Monopoly\Uninstall.exe

AddRemove-WT071838 - c:\program files (x86)\WildTangent\Dell Games\Polar Golfer\Uninstall.exe

AddRemove-WT071947 - c:\program files (x86)\WildTangent\Dell Games\Virtual Families\Uninstall.exe

AddRemove-WT071952 - c:\program files (x86)\WildTangent\Dell Games\FATE Undiscovered Realms\Uninstall.exe

AddRemove-WT071953 - c:\program files (x86)\WildTangent\Dell Games\Peggle\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

c:\program files (x86)\Common Files\Java\Java Update\jusched.exe

c:\windows\SysWOW64\wscript.exe

.

**************************************************************************

.

Completion time: 2012-01-01 01:32:14 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-01 06:32

.

Pre-Run: 436,271,403,008 bytes free

Post-Run: 436,937,900,032 bytes free

.

- - End Of File - - 3E439AB78DB78389836119F061DCABFC

Link to post
Share on other sites

Hello Oona,

Doing good. MBAM and Combofix found some items. There's much more to do. I need for you to get OTL and to get some reports for my review.

BTW, until we get all done and close the case, please do not do any websurfing at all.

Download OTL by OldTimer and Save to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

  • Please RIGHT-click OTL.exe otlDesktopIcon.png and choose Run As Administratorto run it.
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of OTL.txt and Extras.txt

Link to post
Share on other sites

Hi Maurice,

I can't thank you enough for your time and patience. I have a confession. Before I read this thread, I got on line to see if I could read your response and the trojan popped up again. I hope I didn't screw anything up.

Assuming I didn't, I'll proceed with steps below. Just let me know if getting online sent me back to any prior steps?

Thanks again, Oona

Edited by Maurice Naggar
removed quoted section - for brevity
Link to post
Share on other sites

Yes, do these steps so I can review the reports. That will help for me to see what is shown.

I expect the redirects will continue until all of the "crud" is removed. Until then, just only go to this forum and only to sites I guide you to.

Thanks again for your help! Here are texts of reports. I'm posting OTL first, then Extras.

===otl start===

OTL logfile created on: 1/2/2012 6:34:50 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Oona\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 52.76% Memory free

7.60 Gb Paging File | 5.78 Gb Available in Paging File | 76.01% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.01 Gb Total Space | 406.96 Gb Free Space | 90.23% Space Free | Partition Type: NTFS

Computer Name: OONA-PC | User Name: Oona | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/02 17:48:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Oona\Desktop\OTL.exe

PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/10/11 11:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe

PRC - [2011/09/06 13:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

PRC - [2011/09/01 19:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Oona\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2011/08/01 13:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

PRC - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

PRC - [2009/09/30 23:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/05/15 17:26:02 | 000,095,536 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/13 20:19:07 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll

MOD - [2011/10/13 05:43:34 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll

MOD - [2011/10/13 05:43:05 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll

MOD - [2011/10/13 05:42:51 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll

MOD - [2011/10/13 05:42:45 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll

MOD - [2011/10/13 05:42:42 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll

MOD - [2011/10/13 05:42:30 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll

MOD - [2011/10/13 05:42:25 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll

MOD - [2011/10/13 05:42:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll

MOD - [2011/10/13 05:42:21 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll

MOD - [2011/10/13 05:42:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll

MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/06 17:16:02 | 000,208,536 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2011/12/06 17:15:46 | 000,199,272 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2011/11/18 16:36:42 | 000,161,168 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2011/10/18 17:01:08 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)

SRV - [2010/11/02 21:19:23 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/09/30 23:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/15 12:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2011/10/15 12:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2011/10/15 12:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2011/10/15 12:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2011/10/15 12:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2011/10/15 12:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2011/10/15 12:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)

DRV:64bit: - [2011/10/15 12:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/05/07 14:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/05/07 05:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/04/01 09:47:10 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/03/03 22:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/02/04 00:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2010/02/03 08:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2010/02/02 17:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)

DRV:64bit: - [2009/12/22 12:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://webaccesss.aaanet.org/owa

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/12/24 13:34:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/12/25 19:56:25 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/01/01 01:27:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111224133439.dll (McAfee, Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111224133439.dll (McAfee, Inc.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll File not found

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DellSupportCenter] c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)

O4 - HKCU..\Run: [installIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)

O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)

O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)

O4 - Startup: C:\Users\Oona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O4 - Startup: C:\Users\Oona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Oona\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: aaanet.org ([webaccess] https in Trusted sites)

O15 - HKCU\..Trusted Domains: excite.com ([www1] http in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83FDE874-69B7-4F0C-9778-7859E55CB43A}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87201D80-68A0-46AE-B4F3-2323810DC3A9}: DhcpNameServer = 192.168.1.5 192.168.1.8

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\SysWow64\srrstr.dll

[2012/01/02 18:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012/01/02 18:32:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Oona\Desktop\OTL.exe

[2012/01/01 08:33:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/01/01 01:32:17 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/12/29 17:31:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/12/29 17:31:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/12/29 17:31:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/12/29 17:29:14 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/12/29 12:01:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/12/29 12:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2011/12/29 12:00:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2011/12/26 21:56:43 | 000,000,000 | ---D | C] -- C:\Users\Oona\AppData\Roaming\Malwarebytes

[2011/12/26 21:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/12/26 21:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/12/26 21:51:05 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/12/26 21:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/12/24 13:34:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com

[2011/12/24 13:34:39 | 000,010,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys

[2011/12/24 13:34:31 | 000,481,768 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys

[2011/12/24 13:34:31 | 000,284,648 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys

[2011/12/24 13:34:31 | 000,229,528 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys

[2011/12/24 13:34:31 | 000,100,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys

[2011/12/24 13:34:31 | 000,075,808 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys

[2011/12/24 13:34:31 | 000,065,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys

[2011/12/24 13:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com

[2011/12/24 13:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee

[2011/12/24 13:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee

[2011/12/24 13:08:01 | 000,161,168 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe

[2011/12/23 22:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon

[2011/12/23 22:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon

[2011/12/14 21:03:17 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2011/12/14 21:02:47 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011/12/14 21:02:47 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011/12/14 21:02:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011/12/14 21:02:46 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2011/12/14 21:02:46 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2011/12/14 21:02:46 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2011/12/14 21:02:46 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2011/12/14 21:02:46 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011/12/14 21:02:46 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011/12/14 21:02:46 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011/12/14 21:02:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011/12/14 21:02:46 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2011/12/14 21:02:46 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2011/12/14 21:02:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2011/12/14 21:02:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2011/12/14 21:01:59 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll

[2011/12/14 21:01:57 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

========== Files - Modified Within 30 Days ==========

[2012/01/02 18:38:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/02 18:38:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/02 18:35:38 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk

[2012/01/02 18:33:44 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/01/02 18:33:44 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/01/02 18:33:44 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/01/02 18:30:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/01/02 18:30:42 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/02 17:48:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Oona\Desktop\OTL.exe

[2012/01/01 11:59:36 | 000,011,638 | -HS- | M] () -- C:\Users\Oona\AppData\Local\381kr12hk05j54204368ddqtds7r668gwt2bw13577l

[2012/01/01 11:59:36 | 000,011,638 | -HS- | M] () -- C:\ProgramData\381kr12hk05j54204368ddqtds7r668gwt2bw13577l

[2012/01/01 01:27:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/12/29 16:22:25 | 000,012,562 | -HS- | M] () -- C:\Users\Oona\AppData\Local\1oe0qqw8513nf43n4ln4wd23l210o13jt767i7vd7

[2011/12/29 16:22:25 | 000,012,562 | -HS- | M] () -- C:\ProgramData\1oe0qqw8513nf43n4ln4wd23l210o13jt767i7vd7

[2011/12/27 21:18:18 | 001,909,977 | ---- | M] () -- C:\Users\Oona\Desktop\IMG_1243.JPG

[2011/12/27 21:18:12 | 001,492,141 | ---- | M] () -- C:\Users\Oona\Desktop\IMG_1242.JPG

[2011/12/27 21:03:02 | 001,641,105 | ---- | M] () -- C:\Users\Oona\Desktop\IMG_1241.JPG

[2011/12/27 21:02:32 | 001,469,452 | ---- | M] () -- C:\Users\Oona\Desktop\IMG_1240.JPG

[2011/12/27 14:38:37 | 000,184,072 | ---- | M] () -- C:\Users\Oona\Desktop\chart.xps

[2011/12/26 21:51:09 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/12/25 20:09:34 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk

[2011/12/23 21:19:26 | 000,148,844 | ---- | M] () -- C:\Users\Oona\Desktop\elmo contest rules.xps

[2011/12/23 21:19:18 | 000,103,701 | ---- | M] () -- C:\Users\Oona\Desktop\elmo contest.xps

[2011/12/22 03:55:50 | 016,957,692 | ---- | M] () -- C:\Users\Oona\Desktop\023.AVI

[2011/12/15 07:12:57 | 000,310,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/12/08 08:17:10 | 001,381,706 | ---- | M] () -- C:\Users\Oona\Desktop\004.JPG

[2011/12/08 08:17:04 | 001,219,526 | ---- | M] () -- C:\Users\Oona\Desktop\003.JPG

[2011/12/08 08:16:48 | 001,319,160 | ---- | M] () -- C:\Users\Oona\Desktop\002.JPG

[2011/12/08 08:16:14 | 002,288,262 | ---- | M] () -- C:\Users\Oona\Desktop\001.JPG

[2011/12/07 21:20:59 | 000,454,363 | ---- | M] () -- C:\Users\Oona\Desktop\amazon.xps

========== Files Created - No Company Name ==========

[2012/01/01 12:03:56 | 001,909,977 | ---- | C] () -- C:\Users\Oona\Desktop\IMG_1243.JPG

[2012/01/01 12:03:56 | 001,641,105 | ---- | C] () -- C:\Users\Oona\Desktop\IMG_1241.JPG

[2012/01/01 12:03:56 | 001,492,141 | ---- | C] () -- C:\Users\Oona\Desktop\IMG_1242.JPG

[2012/01/01 12:03:56 | 001,469,452 | ---- | C] () -- C:\Users\Oona\Desktop\IMG_1240.JPG

[2012/01/01 10:58:45 | 000,011,638 | -HS- | C] () -- C:\Users\Oona\AppData\Local\381kr12hk05j54204368ddqtds7r668gwt2bw13577l

[2012/01/01 10:58:45 | 000,011,638 | -HS- | C] () -- C:\ProgramData\381kr12hk05j54204368ddqtds7r668gwt2bw13577l

[2011/12/29 17:31:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/12/29 17:31:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/12/29 17:31:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/12/29 17:31:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/12/29 17:31:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/12/27 22:06:26 | 000,012,562 | -HS- | C] () -- C:\Users\Oona\AppData\Local\1oe0qqw8513nf43n4ln4wd23l210o13jt767i7vd7

[2011/12/27 22:06:26 | 000,012,562 | -HS- | C] () -- C:\ProgramData\1oe0qqw8513nf43n4ln4wd23l210o13jt767i7vd7

[2011/12/27 14:38:36 | 000,184,072 | ---- | C] () -- C:\Users\Oona\Desktop\chart.xps

[2011/12/26 21:51:09 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/12/24 13:35:40 | 000,001,830 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk

[2011/12/23 22:22:38 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk

[2011/12/23 21:19:25 | 000,148,844 | ---- | C] () -- C:\Users\Oona\Desktop\elmo contest rules.xps

[2011/12/23 21:19:18 | 000,103,701 | ---- | C] () -- C:\Users\Oona\Desktop\elmo contest.xps

[2011/12/22 21:55:31 | 016,957,692 | ---- | C] () -- C:\Users\Oona\Desktop\023.AVI

[2011/12/18 22:01:11 | 002,288,262 | ---- | C] () -- C:\Users\Oona\Desktop\001.JPG

[2011/12/18 22:01:11 | 001,381,706 | ---- | C] () -- C:\Users\Oona\Desktop\004.JPG

[2011/12/18 22:01:11 | 001,319,160 | ---- | C] () -- C:\Users\Oona\Desktop\002.JPG

[2011/12/18 22:01:11 | 001,219,526 | ---- | C] () -- C:\Users\Oona\Desktop\003.JPG

[2011/12/07 21:20:58 | 000,454,363 | ---- | C] () -- C:\Users\Oona\Desktop\amazon.xps

[2011/02/27 17:41:10 | 000,004,608 | ---- | C] () -- C:\Users\Oona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/09 19:56:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/11/02 23:42:24 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2010/11/02 23:42:24 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010/11/02 23:42:24 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2010/11/02 23:42:23 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2010/11/02 23:42:22 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2010/11/02 21:39:12 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin

[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========

< HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4D36F33C-9598-4450-AD3F-EAD478747B54}\\URL: http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4D36F33C-9598-4450-AD3F-EAD478747B54}\\SuggestionsURL: http://ie.search.yahoo.com/os?command={SearchTerms}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4D36F33C-9598-4450-AD3F-EAD478747B54}\\OSDFileURL: file:///C:/Users/Oona/AppData/Local/Temp/McSiteAdvisor.xml

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4D36F33C-9598-4450-AD3F-EAD478747B54}\\FaviconURL: http://secureshopping.mcafee.com/images/favicon.ico

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F92CF821-5DCB-4FB3-AF17-4C50F96CCF36}\\URL: http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111044,6901,0,8,0

< HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< End of report >

===otl end===

===extras start===

OTL Extras logfile created on: 1/2/2012 6:34:50 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Oona\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 52.76% Memory free

7.60 Gb Paging File | 5.78 Gb Available in Paging File | 76.01% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.01 Gb Total Space | 406.96 Gb Free Space | 90.23% Space Free | Partition Type: NTFS

Computer Name: OONA-PC | User Name: Oona | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit)

"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes

"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock

"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"DW WLAN Card" = DW WLAN Card

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable

"{0815D55A-5EFF-4E1B-8C04-7035E914D90D}" = OLYMPUS Master 2

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{ED9F0309-E1B9-4A5D-4EA1-7D8B88ED5EB9}" = KODAK Gallery Upload Software

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"7-Zip 9.20" = 7-Zip 9.20

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15

"com.kodakgallery.AirUploader" = KODAK Gallery Upload Software

"Dell Dock" = Dell Dock

"Dell Webcam Central" = Dell Webcam Central

"ERUNT_is1" = ERUNT 1.1j

"GoToAssist" = GoToAssist 8.0.0.514

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"MSC" = McAfee Internet Security

"RCA Digital Voice Manager_is1" = RCA Digital Voice Manager 5.1.1.2

"WildTangent dell Master Uninstall" = WildTangent Games

"WinLiveSuite_Wave3" = Windows Live Essentials

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 12/25/2011 8:57:10 PM | Computer Name = Oona-PC | Source = Application Error | ID = 1000

Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,

time stamp: 0x4a5bc637 Faulting module name: Delldata.DLL, version: 0.3.0.0, time

stamp: 0x4375fc4a Exception code: 0xc0000005 Fault offset: 0x00002362 Faulting process

id: 0xd18 Faulting application start time: 0x01ccc36949c12f23 Faulting application

path: C:\Windows\SysWOW64\rundll32.exe Faulting module path: C:\Users\Oona\AppData\Local\Dell

Edoc Viewer\DellData\Delldata.DLL Report Id: 89cf1a4a-2f5c-11e1-8463-f04da257b3a9

Error - 12/25/2011 8:57:13 PM | Computer Name = Oona-PC | Source = Application Error | ID = 1000

Description = Faulting application name: MMonitor.exe, version: 2.0.6.1, time stamp:

0x4823f238 Faulting module name: Delldata.DLL, version: 0.3.0.0, time stamp: 0x4375fc4a

Exception

code: 0xc0000005 Fault offset: 0x00002362 Faulting process id: 0xf08 Faulting application

start time: 0x01ccc369483d2ed6 Faulting application path: C:\Program Files (x86)\OLYMPUS\OLYMPUS

Master 2\MMonitor.exe Faulting module path: C:\Users\Oona\AppData\Local\Dell Edoc

Viewer\DellData\Delldata.DLL Report Id: 8b82b61c-2f5c-11e1-8463-f04da257b3a9

Error - 12/25/2011 8:57:34 PM | Computer Name = Oona-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 8.0.7600.16912,

time stamp: 0x4eb4a5ea Faulting module name: Delldata.DLL, version: 0.3.0.0, time

stamp: 0x4375fc4a Exception code: 0xc0000005 Fault offset: 0x00002362 Faulting process

id: 0x12dc Faulting application start time: 0x01ccc36959d1213e Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Users\Oona\AppData\Local\Dell Edoc Viewer\DellData\Delldata.DLL Report Id: 984f2536-2f5c-11e1-8463-f04da257b3a9

Error - 12/25/2011 9:09:15 PM | Computer Name = Oona-PC | Source = Application Error | ID = 1000

Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,

time stamp: 0x4a5bc637 Faulting module name: Delldata.DLL, version: 0.3.0.0, time

stamp: 0x4375fc4a Exception code: 0xc0000005 Fault offset: 0x00002362 Faulting process

id: 0x10bc Faulting application start time: 0x01ccc36afb812fbb Faulting application

path: C:\Windows\SysWOW64\rundll32.exe Faulting module path: C:\Users\Oona\AppData\Local\Dell

Edoc Viewer\DellData\Delldata.DLL Report Id: 3a08b935-2f5e-11e1-8463-f04da257b3a9

Error - 12/25/2011 9:15:25 PM | Computer Name = Oona-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 8.0.7600.16912,

time stamp: 0x4eb4a5ea Faulting module name: Delldata.DLL, version: 0.3.0.0, time

stamp: 0x4375fc4a Exception code: 0xc0000005 Fault offset: 0x00002362 Faulting process

id: 0x1844 Faulting application start time: 0x01ccc36bd7a83bb6 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Users\Oona\AppData\Local\Dell Edoc Viewer\DellData\Delldata.DLL Report Id: 168efc3b-2f5f-11e1-8463-f04da257b3a9

Error - 12/25/2011 9:15:25 PM | Computer Name = Oona-PC | Source = Application Error | ID = 1000

Description = Faulting application name: WerFault.exe, version: 6.1.7600.16385,

time stamp: 0x4a5bc2d9 Faulting module name: Delldata.DLL, version: 0.3.0.0, time

stamp: 0x4375fc4a Exception code: 0xc0000005 Fault offset: 0x00002362 Faulting process

id: 0x1440 Faulting application start time: 0x01ccc36bd8e00ffa Faulting application

path: C:\Windows\SysWOW64\WerFault.exe Faulting module path: C:\Users\Oona\AppData\Local\Dell

Edoc Viewer\DellData\Delldata.DLL Report Id: 169ae31c-2f5f-11e1-8463-f04da257b3a9

Error - 12/25/2011 9:30:11 PM | Computer Name = Oona-PC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\windows

live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program

files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

Error - 12/25/2011 10:37:54 PM | Computer Name = Oona-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 8.0.7600.16912,

time stamp: 0x4eb4a5ea Faulting module name: MouseOnlineNotifier.dll, version: 0.3.0.0,

time stamp: 0x48873859 Exception code: 0xc0000005 Fault offset: 0x0000232e Faulting

process id: 0x17f8 Faulting application start time: 0x01ccc3775d36f471 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\ProgramData\MouseOnlineNotifier.dll Report Id: 9c3f0839-2f6a-11e1-8463-f04da257b3a9

Error - 12/25/2011 11:17:40 PM | Computer Name = Oona-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 12/26/2011 9:15:17 PM | Computer Name = Oona-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

[ Dell Events ]

Error - 10/7/2011 6:08:27 PM | Computer Name = Oona-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 10/14/2011 8:13:10 PM | Computer Name = Oona-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 10/14/2011 8:13:10 PM | Computer Name = Oona-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 10/21/2011 8:23:27 PM | Computer Name = Oona-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 10/21/2011 8:23:27 PM | Computer Name = Oona-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 10/28/2011 8:37:13 PM | Computer Name = Oona-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 10/28/2011 8:37:13 PM | Computer Name = Oona-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 11/4/2011 9:55:13 PM | Computer Name = Oona-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 11/4/2011 9:55:13 PM | Computer Name = Oona-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 11/11/2011 11:26:02 PM | Computer Name = Oona-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

[ System Events ]

Error - 12/29/2011 1:21:18 PM | Computer Name = Oona-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the SftService service.

Error - 12/29/2011 6:27:11 PM | Computer Name = Oona-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the SftService service.

Error - 12/29/2011 6:27:41 PM | Computer Name = Oona-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the SftService service.

Error - 12/31/2011 8:39:53 PM | Computer Name = Oona-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 1/1/2012 2:24:03 AM | Computer Name = Oona-PC | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

with this system. Please contact your software vendor for a compatible version

of the driver.

Error - 1/1/2012 2:24:54 AM | Computer Name = Oona-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 1/1/2012 2:27:54 AM | Computer Name = Oona-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the SftService service.

Error - 1/1/2012 2:28:24 AM | Computer Name = Oona-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the SftService service.

Error - 1/1/2012 9:33:48 AM | Computer Name = Oona-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the SftService service.

Error - 1/1/2012 9:34:18 AM | Computer Name = Oona-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the SftService service.

< End of report >

===extras end===

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log AND

Tell me if the search redirects are still happening, if so, provide details

Link to post
Share on other sites

Hi Maurice,

I got to this step, but wanted to check something with you.

After ESET ran, a pop up window offered the following two check off boxes and then has a "finish" button. The two options are:

_select uninstall if you want to remove ESET Online Scanner files from your computer.

_delete quarantined files (eset found 2 infected files.)

I can check off either before hitting "finish." What do you recommend?

[*]After the scan completes, the Details tab in the Results window will display what was found and removed.

  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

Look at contents of this file using Notepad or Wordpad.

Also here is the log from ESET, even though I have not clicked "finish" yet.

===eset log===

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=1a5e4b67a794794a9d0ba79d251a2538

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-05 04:44:59

# local_time=2012-01-05 11:44:59 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=5121 16777213 100 75 109032 26158604 0 0

# compatibility_mode=5893 16776574 100 94 108009 77322210 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=134273

# found=2

# cleaned=2

# scan_time=3139

C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

===eset log end===

Link to post
Share on other sites

Hi Maurice,

I got to this step, but wanted to check something with you.

After ESET ran, a pop up window offered the following two check off boxes and then has a "finish" button. The two options are:

_select uninstall if you want to remove ESET Online Scanner files from your computer.

_delete quarantined files (eset found 2 infected files.)

I can check off either before hitting "finish." What do you recommend?

If you have not exited the ESET scan, yes you can select uninstall ESET Online. That just removes the scan widget sent to your pc.

No need to worry on the 2 quarantined files. Quanrantine means they are NOT active. They have been "stuffed" away by Combofix. and will be deleted when we finish all things.

Download aswMBR.exe ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Tell me if the redirects are still present.

Link to post
Share on other sites

OK, so far so good (went to two sites via Google without any redirects.)

here is log from aswMBR.

===MBR log===

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software

Run date: 2012-01-05 15:46:25

-----------------------------

15:46:25.381 OS Version: Windows x64 6.1.7600

15:46:25.381 Number of processors: 4 586 0x2505

15:46:25.381 ComputerName: OONA-PC UserName: Oona

15:46:26.551 Initialize success

15:46:36.364 AVAST engine download error: 0

15:47:08.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

15:47:08.843 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3

15:47:08.859 Disk 0 MBR read successfully

15:47:08.859 Disk 0 MBR scan

15:47:08.859 Disk 0 Windows VISTA default MBR code

15:47:08.859 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63

15:47:08.875 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 208845

15:47:08.875 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461837 MB offset 30928845

15:47:08.890 Service scanning

15:47:13.321 Modules scanning

15:47:13.321 Scan finished successfully

15:47:49.045 Disk 0 MBR has been saved successfully to "E:\MBR.dat"

15:47:49.560 The log file has been saved successfully to "E:\aswMBR.txt"

===end log===

Link to post
Share on other sites

Please do NOT do any searches, no websurfing of any kind, no online transactions. This system has a rootkit onboard. :excl:

Just only go to this forum and the websites I guide you to for tools.

Make sure all "external" HDD drives are not connected.

Close any open programs that you started. :excl:

Please read carefully and follow these steps.

  • Download TDSSKiller and SAVE it to your Desktop.
  • RIGHT-Click on TDSSKiller.exe and select Run As Administrator to begin the application.
    You will see a screen like this one 5350-1-en.png
    :excl:
  • Next Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Again, do NOT do any websurfing, or online transactions. There is more to do.

Edited by Maurice Naggar
Link to post
Share on other sites

It didn't find anything... :( Here's the log.

===tds skiller log===

17:45:19.0982 3156 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

17:45:19.0997 3156 ============================================================

17:45:19.0997 3156 Current date / time: 2012/01/08 17:45:19.0997

17:45:19.0997 3156 SystemInfo:

17:45:19.0997 3156

17:45:19.0997 3156 OS Version: 6.1.7600 ServicePack: 0.0

17:45:19.0997 3156 Product type: Workstation

17:45:19.0997 3156 ComputerName: OONA-PC

17:45:19.0997 3156 UserName: Oona

17:45:19.0997 3156 Windows directory: C:\Windows

17:45:19.0997 3156 System windows directory: C:\Windows

17:45:19.0997 3156 Running under WOW64

17:45:19.0997 3156 Processor architecture: Intel x64

17:45:19.0997 3156 Number of processors: 4

17:45:19.0997 3156 Page size: 0x1000

17:45:19.0997 3156 Boot type: Normal boot

17:45:19.0997 3156 ============================================================

17:45:20.0387 3156 Initialize success

17:45:58.0670 6360 ============================================================

17:45:58.0670 6360 Scan started

17:45:58.0670 6360 Mode: Manual; SigCheck; TDLFS;

17:45:58.0670 6360 ============================================================

17:45:59.0216 6360 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys

17:45:59.0294 6360 1394ohci - ok

17:45:59.0356 6360 ACPI (794ff35015209b9d44f1360c42c9776d) C:\Windows\system32\DRIVERS\ACPI.sys

17:45:59.0372 6360 ACPI - ok

17:45:59.0387 6360 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

17:45:59.0403 6360 AcpiPmi - ok

17:45:59.0465 6360 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

17:45:59.0481 6360 adp94xx - ok

17:45:59.0512 6360 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

17:45:59.0543 6360 adpahci - ok

17:45:59.0606 6360 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

17:45:59.0621 6360 adpu320 - ok

17:45:59.0746 6360 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

17:45:59.0762 6360 AFD - ok

17:45:59.0871 6360 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

17:45:59.0887 6360 agp440 - ok

17:46:00.0011 6360 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

17:46:00.0027 6360 aliide - ok

17:46:00.0121 6360 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

17:46:00.0136 6360 amdide - ok

17:46:00.0230 6360 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

17:46:00.0261 6360 AmdK8 - ok

17:46:00.0370 6360 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

17:46:00.0386 6360 AmdPPM - ok

17:46:00.0542 6360 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

17:46:00.0557 6360 amdsata - ok

17:46:00.0620 6360 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

17:46:00.0651 6360 amdsbs - ok

17:46:00.0745 6360 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

17:46:00.0760 6360 amdxata - ok

17:46:00.0869 6360 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

17:46:00.0901 6360 AppID - ok

17:46:01.0057 6360 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

17:46:01.0072 6360 arc - ok

17:46:01.0119 6360 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

17:46:01.0135 6360 arcsas - ok

17:46:01.0213 6360 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:46:01.0244 6360 AsyncMac - ok

17:46:01.0337 6360 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

17:46:01.0353 6360 atapi - ok

17:46:01.0431 6360 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

17:46:01.0462 6360 b06bdrv - ok

17:46:01.0509 6360 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:46:01.0525 6360 b57nd60a - ok

17:46:01.0727 6360 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys

17:46:01.0805 6360 BCM43XX - ok

17:46:01.0868 6360 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys

17:46:01.0930 6360 BcmVWL - ok

17:46:02.0024 6360 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:46:02.0071 6360 Beep - ok

17:46:02.0227 6360 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:46:02.0242 6360 blbdrive - ok

17:46:02.0320 6360 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

17:46:02.0351 6360 bowser - ok

17:46:02.0414 6360 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:46:02.0429 6360 BrFiltLo - ok

17:46:02.0445 6360 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:46:02.0476 6360 BrFiltUp - ok

17:46:02.0523 6360 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:46:02.0539 6360 Brserid - ok

17:46:02.0570 6360 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:46:02.0617 6360 BrSerWdm - ok

17:46:02.0710 6360 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:46:02.0741 6360 BrUsbMdm - ok

17:46:02.0819 6360 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:46:02.0851 6360 BrUsbSer - ok

17:46:02.0897 6360 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

17:46:02.0929 6360 BTHMODEM - ok

17:46:02.0960 6360 catchme - ok

17:46:03.0069 6360 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:46:03.0116 6360 cdfs - ok

17:46:03.0225 6360 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

17:46:03.0256 6360 cdrom - ok

17:46:03.0334 6360 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys

17:46:03.0350 6360 cfwids - ok

17:46:03.0381 6360 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

17:46:03.0412 6360 circlass - ok

17:46:03.0506 6360 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:46:03.0521 6360 CLFS - ok

17:46:03.0631 6360 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

17:46:03.0662 6360 CmBatt - ok

17:46:03.0709 6360 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

17:46:03.0724 6360 cmdide - ok

17:46:03.0802 6360 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

17:46:03.0833 6360 CNG - ok

17:46:03.0865 6360 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:46:03.0880 6360 Compbatt - ok

17:46:03.0911 6360 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

17:46:03.0943 6360 CompositeBus - ok

17:46:04.0021 6360 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

17:46:04.0036 6360 crcdisk - ok

17:46:04.0099 6360 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

17:46:04.0130 6360 CtClsFlt - ok

17:46:04.0255 6360 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

17:46:04.0301 6360 DfsC - ok

17:46:04.0333 6360 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:46:04.0379 6360 discache - ok

17:46:04.0473 6360 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

17:46:04.0489 6360 Disk - ok

17:46:04.0567 6360 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:46:04.0598 6360 drmkaud - ok

17:46:04.0645 6360 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys

17:46:04.0676 6360 DXGKrnl - ok

17:46:04.0832 6360 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

17:46:04.0972 6360 ebdrv - ok

17:46:05.0113 6360 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

17:46:05.0128 6360 elxstor - ok

17:46:05.0175 6360 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

17:46:05.0191 6360 ErrDev - ok

17:46:05.0222 6360 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:46:05.0284 6360 exfat - ok

17:46:05.0300 6360 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:46:05.0362 6360 fastfat - ok

17:46:05.0425 6360 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

17:46:05.0456 6360 fdc - ok

17:46:05.0534 6360 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:46:05.0549 6360 FileInfo - ok

17:46:05.0581 6360 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:46:05.0627 6360 Filetrace - ok

17:46:05.0659 6360 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

17:46:05.0674 6360 flpydisk - ok

17:46:05.0705 6360 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

17:46:05.0721 6360 FltMgr - ok

17:46:05.0768 6360 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:46:05.0768 6360 FsDepends - ok

17:46:05.0799 6360 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

17:46:05.0815 6360 Fs_Rec - ok

17:46:05.0861 6360 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:46:05.0877 6360 fvevol - ok

17:46:05.0908 6360 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:46:05.0924 6360 gagp30kx - ok

17:46:05.0986 6360 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:46:06.0033 6360 GEARAspiWDM - ok

17:46:06.0064 6360 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:46:06.0080 6360 hcw85cir - ok

17:46:06.0142 6360 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:46:06.0173 6360 HDAudBus - ok

17:46:06.0220 6360 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

17:46:06.0267 6360 HECIx64 - ok

17:46:06.0298 6360 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

17:46:06.0329 6360 HidBatt - ok

17:46:06.0345 6360 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

17:46:06.0392 6360 HidBth - ok

17:46:06.0423 6360 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

17:46:06.0439 6360 HidIr - ok

17:46:06.0485 6360 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

17:46:06.0501 6360 HidUsb - ok

17:46:06.0579 6360 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

17:46:06.0610 6360 HpSAMD - ok

17:46:06.0657 6360 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

17:46:06.0735 6360 HTTP - ok

17:46:06.0797 6360 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

17:46:06.0813 6360 hwpolicy - ok

17:46:06.0891 6360 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

17:46:06.0907 6360 i8042prt - ok

17:46:06.0953 6360 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

17:46:06.0969 6360 iaStor - ok

17:46:07.0047 6360 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

17:46:07.0063 6360 iaStorV - ok

17:46:07.0281 6360 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys

17:46:07.0577 6360 igfx - ok

17:46:07.0624 6360 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

17:46:07.0640 6360 iirsp - ok

17:46:07.0733 6360 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

17:46:07.0749 6360 Impcd - ok

17:46:07.0811 6360 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys

17:46:07.0874 6360 IntcAzAudAddService - ok

17:46:07.0967 6360 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys

17:46:08.0045 6360 IntcDAud - ok

17:46:08.0139 6360 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

17:46:08.0155 6360 intelide - ok

17:46:08.0201 6360 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:46:08.0233 6360 intelppm - ok

17:46:08.0326 6360 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:46:08.0389 6360 IpFilterDriver - ok

17:46:08.0404 6360 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

17:46:08.0435 6360 IPMIDRV - ok

17:46:08.0451 6360 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:46:08.0498 6360 IPNAT - ok

17:46:08.0529 6360 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:46:08.0560 6360 IRENUM - ok

17:46:08.0576 6360 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

17:46:08.0591 6360 isapnp - ok

17:46:08.0623 6360 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

17:46:08.0654 6360 iScsiPrt - ok

17:46:08.0685 6360 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

17:46:08.0701 6360 kbdclass - ok

17:46:08.0716 6360 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

17:46:08.0732 6360 kbdhid - ok

17:46:08.0763 6360 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

17:46:08.0779 6360 KSecDD - ok

17:46:08.0810 6360 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

17:46:08.0825 6360 KSecPkg - ok

17:46:08.0841 6360 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:46:08.0903 6360 ksthunk - ok

17:46:09.0028 6360 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys

17:46:09.0044 6360 L1C - ok

17:46:09.0106 6360 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:46:09.0153 6360 lltdio - ok

17:46:09.0247 6360 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:46:09.0262 6360 LSI_FC - ok

17:46:09.0309 6360 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:46:09.0325 6360 LSI_SAS - ok

17:46:09.0371 6360 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:46:09.0387 6360 LSI_SAS2 - ok

17:46:09.0434 6360 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:46:09.0449 6360 LSI_SCSI - ok

17:46:09.0496 6360 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:46:09.0559 6360 luafv - ok

17:46:09.0699 6360 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

17:46:09.0715 6360 megasas - ok

17:46:09.0761 6360 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

17:46:09.0793 6360 MegaSR - ok

17:46:09.0871 6360 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys

17:46:09.0886 6360 mfeapfk - ok

17:46:09.0933 6360 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys

17:46:09.0949 6360 mfeavfk - ok

17:46:09.0964 6360 mfeavfk01 - ok

17:46:10.0042 6360 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys

17:46:10.0105 6360 mfefirek - ok

17:46:10.0151 6360 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys

17:46:10.0198 6360 mfehidk - ok

17:46:10.0229 6360 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys

17:46:10.0245 6360 mfenlfk - ok

17:46:10.0292 6360 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys

17:46:10.0354 6360 mferkdet - ok

17:46:10.0432 6360 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys

17:46:10.0448 6360 mfewfpk - ok

17:46:10.0479 6360 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:46:10.0526 6360 Modem - ok

17:46:10.0619 6360 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:46:10.0651 6360 monitor - ok

17:46:10.0760 6360 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

17:46:10.0775 6360 mouclass - ok

17:46:10.0822 6360 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:46:10.0838 6360 mouhid - ok

17:46:10.0916 6360 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

17:46:10.0931 6360 mountmgr - ok

17:46:10.0963 6360 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

17:46:10.0978 6360 mpio - ok

17:46:11.0025 6360 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:46:11.0072 6360 mpsdrv - ok

17:46:11.0119 6360 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

17:46:11.0150 6360 MRxDAV - ok

17:46:11.0197 6360 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:46:11.0212 6360 mrxsmb - ok

17:46:11.0259 6360 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:46:11.0321 6360 mrxsmb10 - ok

17:46:11.0353 6360 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:46:11.0384 6360 mrxsmb20 - ok

17:46:11.0399 6360 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys

17:46:11.0415 6360 msahci - ok

17:46:11.0446 6360 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

17:46:11.0462 6360 msdsm - ok

17:46:11.0509 6360 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:46:11.0540 6360 Msfs - ok

17:46:11.0571 6360 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:46:11.0618 6360 mshidkmdf - ok

17:46:11.0680 6360 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

17:46:11.0680 6360 msisadrv - ok

17:46:11.0758 6360 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:46:11.0821 6360 MSKSSRV - ok

17:46:11.0852 6360 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:46:11.0899 6360 MSPCLOCK - ok

17:46:11.0914 6360 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:46:11.0961 6360 MSPQM - ok

17:46:11.0992 6360 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

17:46:12.0008 6360 MsRPC - ok

17:46:12.0039 6360 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

17:46:12.0055 6360 mssmbios - ok

17:46:12.0070 6360 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:46:12.0117 6360 MSTEE - ok

17:46:12.0133 6360 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

17:46:12.0164 6360 MTConfig - ok

17:46:12.0179 6360 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:46:12.0195 6360 Mup - ok

17:46:12.0320 6360 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:46:12.0351 6360 NativeWifiP - ok

17:46:12.0413 6360 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

17:46:12.0445 6360 NDIS - ok

17:46:12.0476 6360 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:46:12.0523 6360 NdisCap - ok

17:46:12.0585 6360 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:46:12.0647 6360 NdisTapi - ok

17:46:12.0694 6360 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

17:46:12.0725 6360 Ndisuio - ok

17:46:12.0772 6360 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

17:46:12.0835 6360 NdisWan - ok

17:46:12.0881 6360 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

17:46:12.0928 6360 NDProxy - ok

17:46:12.0959 6360 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:46:13.0022 6360 NetBIOS - ok

17:46:13.0037 6360 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

17:46:13.0100 6360 NetBT - ok

17:46:13.0225 6360 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

17:46:13.0240 6360 nfrd960 - ok

17:46:13.0271 6360 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:46:13.0334 6360 Npfs - ok

17:46:13.0365 6360 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:46:13.0396 6360 nsiproxy - ok

17:46:13.0474 6360 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

17:46:13.0537 6360 Ntfs - ok

17:46:13.0599 6360 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:46:13.0646 6360 Null - ok

17:46:13.0677 6360 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

17:46:13.0693 6360 nvraid - ok

17:46:13.0724 6360 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

17:46:13.0739 6360 nvstor - ok

17:46:13.0786 6360 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

17:46:13.0802 6360 nv_agp - ok

17:46:13.0833 6360 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

17:46:13.0849 6360 ohci1394 - ok

17:46:13.0864 6360 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

17:46:13.0880 6360 Parport - ok

17:46:13.0911 6360 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

17:46:13.0927 6360 partmgr - ok

17:46:13.0958 6360 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

17:46:13.0973 6360 pci - ok

17:46:14.0005 6360 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

17:46:14.0020 6360 pciide - ok

17:46:14.0051 6360 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

17:46:14.0067 6360 pcmcia - ok

17:46:14.0098 6360 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:46:14.0098 6360 pcw - ok

17:46:14.0129 6360 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:46:14.0176 6360 PEAUTH - ok

17:46:14.0285 6360 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

17:46:14.0332 6360 PptpMiniport - ok

17:46:14.0363 6360 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

17:46:14.0395 6360 Processor - ok

17:46:14.0441 6360 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

17:46:14.0504 6360 Psched - ok

17:46:14.0551 6360 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

17:46:14.0566 6360 PxHlpa64 - ok

17:46:14.0613 6360 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

17:46:14.0691 6360 ql2300 - ok

17:46:14.0785 6360 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

17:46:14.0800 6360 ql40xx - ok

17:46:14.0847 6360 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:46:14.0878 6360 QWAVEdrv - ok

17:46:14.0894 6360 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:46:14.0941 6360 RasAcd - ok

17:46:15.0003 6360 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:46:15.0050 6360 RasAgileVpn - ok

17:46:15.0081 6360 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:46:15.0128 6360 Rasl2tp - ok

17:46:15.0159 6360 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:46:15.0206 6360 RasPppoe - ok

17:46:15.0221 6360 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:46:15.0268 6360 RasSstp - ok

17:46:15.0299 6360 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

17:46:15.0346 6360 rdbss - ok

17:46:15.0362 6360 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

17:46:15.0393 6360 rdpbus - ok

17:46:15.0424 6360 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:46:15.0487 6360 RDPCDD - ok

17:46:15.0580 6360 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:46:15.0611 6360 RDPENCDD - ok

17:46:15.0627 6360 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:46:15.0689 6360 RDPREFMP - ok

17:46:15.0721 6360 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

17:46:15.0767 6360 RDPWD - ok

17:46:15.0877 6360 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

17:46:15.0892 6360 rdyboost - ok

17:46:15.0955 6360 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:46:16.0001 6360 rspndr - ok

17:46:16.0048 6360 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys

17:46:16.0064 6360 RSUSBSTOR - ok

17:46:16.0095 6360 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

17:46:16.0111 6360 sbp2port - ok

17:46:16.0142 6360 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

17:46:16.0189 6360 scfilter - ok

17:46:16.0235 6360 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:46:16.0282 6360 secdrv - ok

17:46:16.0313 6360 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

17:46:16.0329 6360 Serenum - ok

17:46:16.0345 6360 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

17:46:16.0376 6360 Serial - ok

17:46:16.0391 6360 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

17:46:16.0407 6360 sermouse - ok

17:46:16.0454 6360 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

17:46:16.0469 6360 sffdisk - ok

17:46:16.0501 6360 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

17:46:16.0516 6360 sffp_mmc - ok

17:46:16.0516 6360 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

17:46:16.0594 6360 sffp_sd - ok

17:46:16.0641 6360 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

17:46:16.0672 6360 sfloppy - ok

17:46:16.0797 6360 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:46:16.0813 6360 SiSRaid2 - ok

17:46:16.0828 6360 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

17:46:16.0844 6360 SiSRaid4 - ok

17:46:16.0875 6360 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:46:16.0922 6360 Smb - ok

17:46:17.0047 6360 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:46:17.0062 6360 spldr - ok

17:46:17.0125 6360 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

17:46:17.0156 6360 srv - ok

17:46:17.0203 6360 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

17:46:17.0234 6360 srv2 - ok

17:46:17.0296 6360 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

17:46:17.0312 6360 srvnet - ok

17:46:17.0359 6360 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

17:46:17.0374 6360 stexstor - ok

17:46:17.0483 6360 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

17:46:17.0499 6360 swenum - ok

17:46:17.0530 6360 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys

17:46:17.0546 6360 SynTP - ok

17:46:17.0686 6360 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

17:46:17.0733 6360 Tcpip - ok

17:46:17.0811 6360 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

17:46:17.0858 6360 TCPIP6 - ok

17:46:17.0936 6360 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

17:46:17.0983 6360 tcpipreg - ok

17:46:18.0014 6360 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:46:18.0061 6360 TDPIPE - ok

17:46:18.0076 6360 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

17:46:18.0123 6360 TDTCP - ok

17:46:18.0139 6360 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

17:46:18.0185 6360 tdx - ok

17:46:18.0201 6360 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

17:46:18.0217 6360 TermDD - ok

17:46:18.0263 6360 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:46:18.0310 6360 tssecsrv - ok

17:46:18.0419 6360 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

17:46:18.0466 6360 tunnel - ok

17:46:18.0482 6360 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

17:46:18.0497 6360 uagp35 - ok

17:46:18.0529 6360 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys

17:46:18.0575 6360 udfs - ok

17:46:18.0622 6360 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

17:46:18.0638 6360 uliagpkx - ok

17:46:18.0778 6360 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

17:46:18.0794 6360 umbus - ok

17:46:18.0825 6360 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

17:46:18.0856 6360 UmPass - ok

17:46:18.0965 6360 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

17:46:19.0012 6360 USBAAPL64 - ok

17:46:19.0059 6360 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

17:46:19.0075 6360 usbccgp - ok

17:46:19.0106 6360 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

17:46:19.0137 6360 usbcir - ok

17:46:19.0184 6360 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys

17:46:19.0199 6360 usbehci - ok

17:46:19.0262 6360 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

17:46:19.0293 6360 usbhub - ok

17:46:19.0309 6360 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys

17:46:19.0324 6360 usbohci - ok

17:46:19.0355 6360 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:46:19.0371 6360 usbprint - ok

17:46:19.0418 6360 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:46:19.0433 6360 USBSTOR - ok

17:46:19.0480 6360 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys

17:46:19.0543 6360 usbuhci - ok

17:46:19.0589 6360 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys

17:46:19.0621 6360 usbvideo - ok

17:46:19.0699 6360 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

17:46:19.0714 6360 vdrvroot - ok

17:46:19.0761 6360 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:46:19.0777 6360 vga - ok

17:46:19.0808 6360 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:46:19.0870 6360 VgaSave - ok

17:46:19.0901 6360 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

17:46:19.0917 6360 vhdmp - ok

17:46:19.0964 6360 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

17:46:19.0979 6360 viaide - ok

17:46:20.0011 6360 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

17:46:20.0011 6360 volmgr - ok

17:46:20.0042 6360 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

17:46:20.0057 6360 volmgrx - ok

17:46:20.0089 6360 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

17:46:20.0104 6360 volsnap - ok

17:46:20.0135 6360 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

17:46:20.0151 6360 vsmraid - ok

17:46:20.0182 6360 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

17:46:20.0198 6360 vwifibus - ok

17:46:20.0213 6360 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

17:46:20.0229 6360 vwififlt - ok

17:46:20.0260 6360 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

17:46:20.0276 6360 WacomPen - ok

17:46:20.0307 6360 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:46:20.0354 6360 WANARP - ok

17:46:20.0369 6360 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:46:20.0416 6360 Wanarpv6 - ok

17:46:20.0447 6360 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

17:46:20.0447 6360 Wd - ok

17:46:20.0479 6360 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:46:20.0510 6360 Wdf01000 - ok

17:46:20.0557 6360 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:46:20.0603 6360 WfpLwf - ok

17:46:20.0635 6360 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

17:46:20.0697 6360 WimFltr - ok

17:46:20.0744 6360 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:46:20.0759 6360 WIMMount - ok

17:46:20.0853 6360 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys

17:46:20.0869 6360 WinUsb - ok

17:46:20.0900 6360 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:46:20.0931 6360 WmiAcpi - ok

17:46:21.0009 6360 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:46:21.0071 6360 ws2ifsl - ok

17:46:21.0118 6360 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys

17:46:21.0149 6360 WudfPf - ok

17:46:21.0181 6360 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:46:21.0212 6360 WUDFRd - ok

17:46:21.0259 6360 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

17:46:21.0477 6360 \Device\Harddisk0\DR0 - ok

17:46:21.0477 6360 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR2

17:46:21.0742 6360 \Device\Harddisk1\DR2 - ok

17:46:21.0742 6360 Boot (0x1200) (32191fab5f51222dbf317e32fa909990) \Device\Harddisk0\DR0\Partition0

17:46:21.0742 6360 \Device\Harddisk0\DR0\Partition0 - ok

17:46:21.0758 6360 Boot (0x1200) (2340c985aa75654c7597e3a6ea3097d0) \Device\Harddisk0\DR0\Partition1

17:46:21.0773 6360 \Device\Harddisk0\DR0\Partition1 - ok

17:46:21.0773 6360 Boot (0x1200) (5ffb15ccf26d2ad996f0380561c3c4a7) \Device\Harddisk1\DR2\Partition0

17:46:21.0773 6360 \Device\Harddisk1\DR2\Partition0 - ok

17:46:21.0773 6360 ============================================================

17:46:21.0773 6360 Scan finished

17:46:21.0773 6360 ============================================================

17:46:21.0773 6352 Detected object count: 0

17:46:21.0773 6352 Actual detected object count: 0

17:54:17.0079 3444 ============================================================

17:54:17.0079 3444 Scan started

17:54:17.0079 3444 Mode: Manual; SigCheck; TDLFS;

17:54:17.0079 3444 ============================================================

17:54:17.0329 3444 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys

17:54:17.0360 3444 1394ohci - ok

17:54:17.0407 3444 ACPI (794ff35015209b9d44f1360c42c9776d) C:\Windows\system32\DRIVERS\ACPI.sys

17:54:17.0422 3444 ACPI - ok

17:54:17.0438 3444 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

17:54:17.0469 3444 AcpiPmi - ok

17:54:17.0500 3444 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

17:54:17.0516 3444 adp94xx - ok

17:54:17.0531 3444 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

17:54:17.0547 3444 adpahci - ok

17:54:17.0563 3444 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

17:54:17.0578 3444 adpu320 - ok

17:54:17.0625 3444 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

17:54:17.0641 3444 AFD - ok

17:54:17.0672 3444 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

17:54:17.0687 3444 agp440 - ok

17:54:17.0719 3444 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

17:54:17.0734 3444 aliide - ok

17:54:17.0765 3444 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

17:54:17.0781 3444 amdide - ok

17:54:17.0797 3444 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

17:54:17.0812 3444 AmdK8 - ok

17:54:17.0875 3444 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

17:54:17.0890 3444 AmdPPM - ok

17:54:17.0921 3444 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

17:54:17.0937 3444 amdsata - ok

17:54:17.0968 3444 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

17:54:17.0984 3444 amdsbs - ok

17:54:18.0015 3444 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

17:54:18.0031 3444 amdxata - ok

17:54:18.0046 3444 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

17:54:18.0077 3444 AppID - ok

17:54:18.0109 3444 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

17:54:18.0109 3444 arc - ok

17:54:18.0124 3444 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

17:54:18.0140 3444 arcsas - ok

17:54:18.0171 3444 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:54:18.0218 3444 AsyncMac - ok

17:54:18.0233 3444 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

17:54:18.0249 3444 atapi - ok

17:54:18.0296 3444 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

17:54:18.0311 3444 b06bdrv - ok

17:54:18.0343 3444 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:54:18.0358 3444 b57nd60a - ok

17:54:18.0452 3444 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys

17:54:18.0530 3444 BCM43XX - ok

17:54:18.0545 3444 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys

17:54:18.0608 3444 BcmVWL - ok

17:54:18.0639 3444 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:54:18.0670 3444 Beep - ok

17:54:18.0701 3444 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:54:18.0717 3444 blbdrive - ok

17:54:18.0748 3444 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

17:54:18.0764 3444 bowser - ok

17:54:18.0795 3444 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:54:18.0826 3444 BrFiltLo - ok

17:54:18.0842 3444 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:54:18.0857 3444 BrFiltUp - ok

17:54:18.0889 3444 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:54:18.0904 3444 Brserid - ok

17:54:18.0920 3444 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:54:18.0935 3444 BrSerWdm - ok

17:54:19.0045 3444 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:54:19.0060 3444 BrUsbMdm - ok

17:54:19.0076 3444 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:54:19.0091 3444 BrUsbSer - ok

17:54:19.0107 3444 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

17:54:19.0123 3444 BTHMODEM - ok

17:54:19.0138 3444 catchme - ok

17:54:19.0154 3444 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:54:19.0185 3444 cdfs - ok

17:54:19.0247 3444 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

17:54:19.0263 3444 cdrom - ok

17:54:19.0325 3444 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys

17:54:19.0341 3444 cfwids - ok

17:54:19.0357 3444 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

17:54:19.0372 3444 circlass - ok

17:54:19.0419 3444 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:54:19.0435 3444 CLFS - ok

17:54:19.0466 3444 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

17:54:19.0481 3444 CmBatt - ok

17:54:19.0497 3444 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

17:54:19.0513 3444 cmdide - ok

17:54:19.0544 3444 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

17:54:19.0559 3444 CNG - ok

17:54:19.0575 3444 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:54:19.0591 3444 Compbatt - ok

17:54:19.0606 3444 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

17:54:19.0622 3444 CompositeBus - ok

17:54:19.0653 3444 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

17:54:19.0669 3444 crcdisk - ok

17:54:19.0700 3444 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

17:54:19.0715 3444 CtClsFlt - ok

17:54:19.0762 3444 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

17:54:19.0778 3444 DfsC - ok

17:54:19.0825 3444 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:54:19.0871 3444 discache - ok

17:54:19.0887 3444 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

17:54:19.0887 3444 Disk - ok

17:54:19.0934 3444 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:54:19.0949 3444 drmkaud - ok

17:54:19.0996 3444 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys

17:54:20.0027 3444 DXGKrnl - ok

17:54:20.0121 3444 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

17:54:20.0168 3444 ebdrv - ok

17:54:20.0215 3444 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

17:54:20.0230 3444 elxstor - ok

17:54:20.0261 3444 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

17:54:20.0277 3444 ErrDev - ok

17:54:20.0308 3444 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:54:20.0355 3444 exfat - ok

17:54:20.0371 3444 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:54:20.0417 3444 fastfat - ok

17:54:20.0449 3444 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

17:54:20.0464 3444 fdc - ok

17:54:20.0495 3444 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:54:20.0511 3444 FileInfo - ok

17:54:20.0527 3444 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:54:20.0573 3444 Filetrace - ok

17:54:20.0605 3444 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

17:54:20.0620 3444 flpydisk - ok

17:54:20.0651 3444 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

17:54:20.0667 3444 FltMgr - ok

17:54:20.0683 3444 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:54:20.0698 3444 FsDepends - ok

17:54:20.0729 3444 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

17:54:20.0729 3444 Fs_Rec - ok

17:54:20.0776 3444 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:54:20.0792 3444 fvevol - ok

17:54:20.0823 3444 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:54:20.0839 3444 gagp30kx - ok

17:54:20.0854 3444 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:54:20.0917 3444 GEARAspiWDM - ok

17:54:20.0932 3444 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:54:20.0948 3444 hcw85cir - ok

17:54:20.0979 3444 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:54:20.0995 3444 HDAudBus - ok

17:54:21.0026 3444 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

17:54:21.0073 3444 HECIx64 - ok

17:54:21.0104 3444 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

17:54:21.0119 3444 HidBatt - ok

17:54:21.0135 3444 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

17:54:21.0151 3444 HidBth - ok

17:54:21.0182 3444 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

17:54:21.0197 3444 HidIr - ok

17:54:21.0229 3444 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

17:54:21.0229 3444 HidUsb - ok

17:54:21.0260 3444 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

17:54:21.0275 3444 HpSAMD - ok

17:54:21.0307 3444 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

17:54:21.0353 3444 HTTP - ok

17:54:21.0369 3444 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

17:54:21.0385 3444 hwpolicy - ok

17:54:21.0416 3444 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

17:54:21.0431 3444 i8042prt - ok

17:54:21.0463 3444 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

17:54:21.0478 3444 iaStor - ok

17:54:21.0525 3444 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

17:54:21.0541 3444 iaStorV - ok

17:54:21.0759 3444 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys

17:54:21.0884 3444 igfx - ok

17:54:21.0915 3444 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

17:54:21.0931 3444 iirsp - ok

17:54:21.0977 3444 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

17:54:21.0993 3444 Impcd - ok

17:54:22.0071 3444 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys

17:54:22.0118 3444 IntcAzAudAddService - ok

17:54:22.0149 3444 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys

17:54:22.0211 3444 IntcDAud - ok

17:54:22.0227 3444 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

17:54:22.0243 3444 intelide - ok

17:54:22.0258 3444 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:54:22.0274 3444 intelppm - ok

17:54:22.0305 3444 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:54:22.0352 3444 IpFilterDriver - ok

17:54:22.0367 3444 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

17:54:22.0383 3444 IPMIDRV - ok

17:54:22.0399 3444 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:54:22.0445 3444 IPNAT - ok

17:54:22.0477 3444 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:54:22.0492 3444 IRENUM - ok

17:54:22.0523 3444 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

17:54:22.0523 3444 isapnp - ok

17:54:22.0570 3444 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

17:54:22.0586 3444 iScsiPrt - ok

17:54:22.0601 3444 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

17:54:22.0601 3444 kbdclass - ok

17:54:22.0633 3444 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

17:54:22.0648 3444 kbdhid - ok

17:54:22.0679 3444 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

17:54:22.0695 3444 KSecDD - ok

17:54:22.0726 3444 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

17:54:22.0742 3444 KSecPkg - ok

17:54:22.0757 3444 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:54:22.0804 3444 ksthunk - ok

17:54:22.0835 3444 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys

17:54:22.0851 3444 L1C - ok

17:54:22.0867 3444 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:54:22.0913 3444 lltdio - ok

17:54:22.0945 3444 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:54:22.0960 3444 LSI_FC - ok

17:54:23.0007 3444 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:54:23.0023 3444 LSI_SAS - ok

17:54:23.0038 3444 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:54:23.0054 3444 LSI_SAS2 - ok

17:54:23.0069 3444 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:54:23.0085 3444 LSI_SCSI - ok

17:54:23.0101 3444 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:54:23.0147 3444 luafv - ok

17:54:23.0194 3444 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

17:54:23.0210 3444 megasas - ok

17:54:23.0241 3444 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

17:54:23.0257 3444 MegaSR - ok

17:54:23.0288 3444 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys

17:54:23.0319 3444 mfeapfk - ok

17:54:23.0350 3444 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys

17:54:23.0381 3444 mfeavfk - ok

17:54:23.0381 3444 mfeavfk01 - ok

17:54:23.0428 3444 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys

17:54:23.0506 3444 mfefirek - ok

17:54:23.0553 3444 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys

17:54:23.0569 3444 mfehidk - ok

17:54:23.0631 3444 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys

17:54:23.0647 3444 mfenlfk - ok

17:54:23.0709 3444 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys

17:54:23.0771 3444 mferkdet - ok

17:54:23.0818 3444 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys

17:54:23.0834 3444 mfewfpk - ok

17:54:23.0865 3444 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:54:23.0912 3444 Modem - ok

17:54:23.0927 3444 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:54:23.0959 3444 monitor - ok

17:54:23.0974 3444 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

17:54:23.0974 3444 mouclass - ok

17:54:24.0005 3444 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:54:24.0021 3444 mouhid - ok

17:54:24.0037 3444 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

17:54:24.0052 3444 mountmgr - ok

17:54:24.0099 3444 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

17:54:24.0115 3444 mpio - ok

17:54:24.0130 3444 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:54:24.0177 3444 mpsdrv - ok

17:54:24.0255 3444 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

17:54:24.0286 3444 MRxDAV - ok

17:54:24.0317 3444 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:54:24.0333 3444 mrxsmb - ok

17:54:24.0380 3444 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:54:24.0442 3444 mrxsmb10 - ok

17:54:24.0458 3444 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:54:24.0473 3444 mrxsmb20 - ok

17:54:24.0505 3444 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys

17:54:24.0520 3444 msahci - ok

17:54:24.0551 3444 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

17:54:24.0567 3444 msdsm - ok

17:54:24.0598 3444 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:54:24.0629 3444 Msfs - ok

17:54:24.0645 3444 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:54:24.0692 3444 mshidkmdf - ok

17:54:24.0785 3444 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

17:54:24.0801 3444 msisadrv - ok

17:54:24.0832 3444 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:54:24.0879 3444 MSKSSRV - ok

17:54:24.0895 3444 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:54:24.0941 3444 MSPCLOCK - ok

17:54:24.0957 3444 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:54:25.0004 3444 MSPQM - ok

17:54:25.0019 3444 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

17:54:25.0051 3444 MsRPC - ok

17:54:25.0066 3444 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

17:54:25.0066 3444 mssmbios - ok

17:54:25.0097 3444 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:54:25.0144 3444 MSTEE - ok

17:54:25.0160 3444 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

17:54:25.0175 3444 MTConfig - ok

17:54:25.0191 3444 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:54:25.0207 3444 Mup - ok

17:54:25.0253 3444 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:54:25.0269 3444 NativeWifiP - ok

17:54:25.0316 3444 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

17:54:25.0331 3444 NDIS - ok

17:54:25.0363 3444 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:54:25.0409 3444 NdisCap - ok

17:54:25.0425 3444 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:54:25.0472 3444 NdisTapi - ok

17:54:25.0487 3444 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

17:54:25.0534 3444 Ndisuio - ok

17:54:25.0550 3444 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

17:54:25.0597 3444 NdisWan - ok

17:54:25.0612 3444 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

17:54:25.0659 3444 NDProxy - ok

17:54:25.0675 3444 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:54:25.0721 3444 NetBIOS - ok

17:54:25.0753 3444 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

17:54:25.0799 3444 NetBT - ok

17:54:25.0831 3444 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

17:54:25.0831 3444 nfrd960 - ok

17:54:25.0862 3444 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:54:25.0909 3444 Npfs - ok

17:54:25.0924 3444 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:54:25.0971 3444 nsiproxy - ok

17:54:26.0080 3444 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

17:54:26.0127 3444 Ntfs - ok

17:54:26.0143 3444 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:54:26.0189 3444 Null - ok

17:54:26.0221 3444 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

17:54:26.0236 3444 nvraid - ok

17:54:26.0252 3444 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

17:54:26.0267 3444 nvstor - ok

17:54:26.0314 3444 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

17:54:26.0330 3444 nv_agp - ok

17:54:26.0361 3444 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

17:54:26.0377 3444 ohci1394 - ok

17:54:26.0392 3444 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

17:54:26.0408 3444 Parport - ok

17:54:26.0439 3444 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

17:54:26.0455 3444 partmgr - ok

17:54:26.0486 3444 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

17:54:26.0501 3444 pci - ok

17:54:26.0517 3444 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

17:54:26.0533 3444 pciide - ok

17:54:26.0564 3444 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

17:54:26.0579 3444 pcmcia - ok

17:54:26.0611 3444 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:54:26.0626 3444 pcw - ok

17:54:26.0642 3444 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:54:26.0689 3444 PEAUTH - ok

17:54:26.0751 3444 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

17:54:26.0782 3444 PptpMiniport - ok

17:54:26.0813 3444 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

17:54:26.0829 3444 Processor - ok

17:54:26.0845 3444 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

17:54:26.0891 3444 Psched - ok

17:54:26.0923 3444 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

17:54:26.0938 3444 PxHlpa64 - ok

17:54:26.0985 3444 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

17:54:27.0016 3444 ql2300 - ok

17:54:27.0047 3444 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

17:54:27.0063 3444 ql40xx - ok

17:54:27.0079 3444 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:54:27.0110 3444 QWAVEdrv - ok

17:54:27.0125 3444 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:54:27.0172 3444 RasAcd - ok

17:54:27.0219 3444 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:54:27.0266 3444 RasAgileVpn - ok

17:54:27.0313 3444 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:54:27.0344 3444 Rasl2tp - ok

17:54:27.0375 3444 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:54:27.0422 3444 RasPppoe - ok

17:54:27.0437 3444 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:54:27.0484 3444 RasSstp - ok

17:54:27.0500 3444 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

17:54:27.0547 3444 rdbss - ok

17:54:27.0562 3444 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

17:54:27.0593 3444 rdpbus - ok

17:54:27.0609 3444 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:54:27.0656 3444 RDPCDD - ok

17:54:27.0671 3444 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:54:27.0718 3444 RDPENCDD - ok

17:54:27.0734 3444 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:54:27.0765 3444 RDPREFMP - ok

17:54:27.0796 3444 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

17:54:27.0827 3444 RDPWD - ok

17:54:27.0859 3444 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

17:54:27.0874 3444 rdyboost - ok

17:54:27.0905 3444 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:54:27.0937 3444 rspndr - ok

17:54:27.0983 3444 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys

17:54:27.0999 3444 RSUSBSTOR - ok

17:54:28.0030 3444 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

17:54:28.0046 3444 sbp2port - ok

17:54:28.0077 3444 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

17:54:28.0108 3444 scfilter - ok

17:54:28.0139 3444 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:54:28.0171 3444 secdrv - ok

17:54:28.0202 3444 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

17:54:28.0217 3444 Serenum - ok

17:54:28.0233 3444 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

17:54:28.0249 3444 Serial - ok

17:54:28.0280 3444 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

17:54:28.0295 3444 sermouse - ok

17:54:28.0342 3444 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

17:54:28.0373 3444 sffdisk - ok

17:54:28.0389 3444 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

17:54:28.0405 3444 sffp_mmc - ok

17:54:28.0405 3444 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

17:54:28.0467 3444 sffp_sd - ok

17:54:28.0498 3444 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

17:54:28.0514 3444 sfloppy - ok

17:54:28.0529 3444 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:54:28.0545 3444 SiSRaid2 - ok

17:54:28.0576 3444 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

17:54:28.0592 3444 SiSRaid4 - ok

17:54:28.0623 3444 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:54:28.0670 3444 Smb - ok

17:54:28.0685 3444 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:54:28.0701 3444 spldr - ok

17:54:28.0748 3444 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

17:54:28.0763 3444 srv - ok

17:54:28.0795 3444 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

17:54:28.0810 3444 srv2 - ok

17:54:28.0841 3444 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

17:54:28.0857 3444 srvnet - ok

17:54:28.0888 3444 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

17:54:28.0904 3444 stexstor - ok

17:54:28.0935 3444 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

17:54:28.0935 3444 swenum - ok

17:54:28.0982 3444 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys

17:54:28.0997 3444 SynTP - ok

17:54:29.0075 3444 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

17:54:29.0107 3444 Tcpip - ok

17:54:29.0169 3444 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

17:54:29.0216 3444 TCPIP6 - ok

17:54:29.0247 3444 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

17:54:29.0294 3444 tcpipreg - ok

17:54:29.0309 3444 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:54:29.0341 3444 TDPIPE - ok

17:54:29.0372 3444 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

17:54:29.0419 3444 TDTCP - ok

17:54:29.0434 3444 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

17:54:29.0481 3444 tdx - ok

17:54:29.0497 3444 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

17:54:29.0512 3444 TermDD - ok

17:54:29.0543 3444 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:54:29.0590 3444 tssecsrv - ok

17:54:29.0606 3444 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

17:54:29.0653 3444 tunnel - ok

17:54:29.0684 3444 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

17:54:29.0684 3444 uagp35 - ok

17:54:29.0715 3444 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys

17:54:29.0731 3444 udfs - ok

17:54:29.0762 3444 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

17:54:29.0777 3444 uliagpkx - ok

17:54:29.0793 3444 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

17:54:29.0809 3444 umbus - ok

17:54:29.0824 3444 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

17:54:29.0855 3444 UmPass - ok

17:54:29.0887 3444 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

17:54:29.0887 3444 USBAAPL64 - ok

17:54:29.0933 3444 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

17:54:29.0949 3444 usbccgp - ok

17:54:29.0980 3444 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

17:54:29.0996 3444 usbcir - ok

17:54:30.0043 3444 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys

17:54:30.0058 3444 usbehci - ok

17:54:30.0105 3444 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

17:54:30.0121 3444 usbhub - ok

17:54:30.0167 3444 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys

17:54:30.0183 3444 usbohci - ok

17:54:30.0214 3444 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:54:30.0230 3444 usbprint - ok

17:54:30.0277 3444 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:54:30.0292 3444 USBSTOR - ok

17:54:30.0323 3444 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys

17:54:30.0386 3444 usbuhci - ok

17:54:30.0433 3444 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys

17:54:30.0448 3444 usbvideo - ok

17:54:30.0479 3444 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

17:54:30.0479 3444 vdrvroot - ok

17:54:30.0511 3444 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:54:30.0526 3444 vga - ok

17:54:30.0542 3444 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:54:30.0589 3444 VgaSave - ok

17:54:30.0604 3444 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

17:54:30.0635 3444 vhdmp - ok

17:54:30.0667 3444 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

17:54:30.0682 3444 viaide - ok

17:54:30.0698 3444 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

17:54:30.0713 3444 volmgr - ok

17:54:30.0729 3444 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

17:54:30.0745 3444 volmgrx - ok

17:54:30.0776 3444 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

17:54:30.0791 3444 volsnap - ok

17:54:30.0823 3444 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

17:54:30.0838 3444 vsmraid - ok

17:54:30.0869 3444 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

17:54:30.0885 3444 vwifibus - ok

17:54:30.0916 3444 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

17:54:30.0947 3444 vwififlt - ok

17:54:30.0963 3444 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

17:54:30.0979 3444 WacomPen - ok

17:54:31.0010 3444 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:54:31.0057 3444 WANARP - ok

17:54:31.0072 3444 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:54:31.0103 3444 Wanarpv6 - ok

17:54:31.0150 3444 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

17:54:31.0150 3444 Wd - ok

17:54:31.0181 3444 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:54:31.0213 3444 Wdf01000 - ok

17:54:31.0244 3444 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:54:31.0275 3444 WfpLwf - ok

17:54:31.0306 3444 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

17:54:31.0322 3444 WimFltr - ok

17:54:31.0353 3444 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:54:31.0369 3444 WIMMount - ok

17:54:31.0400 3444 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys

17:54:31.0415 3444 WinUsb - ok

17:54:31.0447 3444 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:54:31.0462 3444 WmiAcpi - ok

17:54:31.0493 3444 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:54:31.0540 3444 ws2ifsl - ok

17:54:31.0587 3444 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys

17:54:31.0603 3444 WudfPf - ok

17:54:31.0618 3444 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:54:31.0634 3444 WUDFRd - ok

17:54:31.0665 3444 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

17:54:31.0868 3444 \Device\Harddisk0\DR0 - ok

17:54:31.0883 3444 Boot (0x1200) (32191fab5f51222dbf317e32fa909990) \Device\Harddisk0\DR0\Partition0

17:54:31.0883 3444 \Device\Harddisk0\DR0\Partition0 - ok

17:54:31.0915 3444 Boot (0x1200) (2340c985aa75654c7597e3a6ea3097d0) \Device\Harddisk0\DR0\Partition1

17:54:31.0915 3444 \Device\Harddisk0\DR0\Partition1 - ok

17:54:31.0930 3444 ============================================================

17:54:31.0930 3444 Scan finished

17:54:31.0930 3444 ============================================================

17:54:31.0930 6344 Detected object count: 0

17:54:31.0930 6344 Actual detected object count: 0

===end log==

Link to post
Share on other sites

Your system has the hallmark-signs of the Alureon bootkit infection.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Link to post
Share on other sites

Your system has the hallmark-signs of the Alureon bootkit infection.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Wow! You have been incredibly helpful and I really appreciate it. The computer is disconnected from the web, save for the two times I connected in our discussions above. But I did do banking on it, just not in the time since the virus.

I will take it to a computer cleaner.

Thanks kindly for your help and time.

Best, Oona

Link to post
Share on other sites

Hello Oona,

Do you have your documents and files and etc saved / backed up to OFFLINE media such as CD or DVD or external USB drive or possibly to an internet-based backup service? That is very important to do before you go to any repair shop.

Do you know that the "computer cleaner is reliable"? Have you dealt with them before?

BTW, You are very much strongly advised that your financial information, online transactions and such have more than likely been "put at risk". Please do what I suggested about notifying your bank and CC companies about the need to put a watch on accounts AND be sure you change ALL online accounts passwords using A CLEAN pc, not this one here.

Edited by Maurice Naggar
Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.