Author Topic: [Resolved] Search Engine redirect (Read 993 times)

ashy · « **on:** May 11, 2012, 12:40:16 PM »

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jashonai at 14:32:15 on 2012-05-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4004.2644 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingApp.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120503000847.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
uRun: [Adobe] rundll32.exe "C:\Users\Jashonai\AppData\Local\Broadcom\Adobe\eujahasl.dll",DllRegisterServer
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AB796AC8-D826-459A-B4C3-EBC897A08D2E} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AB796AC8-D826-459A-B4C3-EBC897A08D2E}\D6F6E6B65697 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DF478F26-FAAA-4D46-A506-AEB555E9F306} : DhcpNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120503000847.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-20 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-20 13336]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-1-20 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-1-20 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-20 1692480]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-20 2656280]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-10 257696]
S3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-1-20 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-11 12:18:09   --------   d-----w-   C:\Users\Jashonai\AppData\Local\Microsoft Games
2012-05-11 11:10:04   --------   d-----w-   C:\Users\Jashonai\AppData\Roaming\Malwarebytes
2012-05-11 11:07:04   --------   d-----w-   C:\ProgramData\Malwarebytes
2012-05-11 11:07:02   24904   ----a-w-   C:\windows\System32\drivers\mbam.sys
2012-05-11 11:07:01   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-10 20:19:48   --------   d-----w-   C:\Program Files\Dell Support Center
2012-05-10 20:15:40   --------   d-----w-   C:\Users\Jashonai\AppData\Roaming\PCDr
2012-05-10 20:14:54   --------   d-----w-   C:\ProgramData\PCDr
2012-05-10 18:09:48   --------   d-----w-   C:\Users\Jashonai\AppData\Roaming\Roxio Burn
2012-05-10 18:03:38   --------   d-----w-   C:\Users\Jashonai\AppData\Roaming\Macrovision
2012-05-10 17:56:10   419488   ----a-w-   C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-10 02:35:42   75120   ----a-w-   C:\windows\System32\drivers\partmgr.sys
2012-05-10 02:31:59   1918320   ----a-w-   C:\windows\System32\drivers\tcpip.sys
2012-05-10 02:30:49   936960   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 02:30:49   1732096   ----a-w-   C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 02:30:49   1402880   ----a-w-   C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 02:30:49   1393664   ----a-w-   C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-10 02:30:49   1367552   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-07 22:27:53   --------   d-----w-   C:\Users\Jashonai\My Backup Files
2012-05-07 15:57:31   --------   d-----w-   C:\Users\Jashonai\AppData\Local\Downloaded Installations
2012-05-05 21:48:17   --------   d-----w-   C:\Users\Jashonai\AppData\Local\Nero_AG
2012-05-05 21:15:14   --------   d-----w-   C:\windows\SysWow64\Wat
2012-05-05 21:15:14   --------   d-----w-   C:\windows\System32\Wat
2012-05-05 04:26:24   --------   d-----w-   C:\Program Files (x86)\MSXML 4.0
2012-05-05 04:22:52   5559152   ----a-w-   C:\windows\System32\ntoskrnl.exe
2012-05-05 04:22:52   3968368   ----a-w-   C:\windows\SysWow64\ntkrnlpa.exe
2012-05-05 04:22:52   3913072   ----a-w-   C:\windows\SysWow64\ntoskrnl.exe
2012-05-05 04:21:55   81408   ----a-w-   C:\windows\System32\imagehlp.dll
2012-05-05 04:21:55   5120   ----a-w-   C:\windows\SysWow64\wmi.dll
2012-05-05 04:21:55   5120   ----a-w-   C:\windows\System32\wmi.dll
2012-05-05 04:21:55   23408   ----a-w-   C:\windows\System32\drivers\fs_rec.sys
2012-05-05 04:21:55   220672   ----a-w-   C:\windows\System32\wintrust.dll
2012-05-05 04:21:55   172544   ----a-w-   C:\windows\SysWow64\wintrust.dll
2012-05-05 04:21:55   159232   ----a-w-   C:\windows\SysWow64\imagehlp.dll
2012-05-05 02:16:25   --------   d-----w-   C:\ProgramData\VirtualizedApplications
2012-05-04 20:33:00   --------   d-----w-   C:\Users\Jashonai\AppData\Local\Diagnostics
2012-05-03 17:33:44   --------   d-----w-   C:\Users\Jashonai\AppData\Local\SoftGrid Client
2012-05-03 17:33:43   --------   d-----w-   C:\Users\Jashonai\AppData\Roaming\SoftGrid Client
2012-05-03 17:33:09   --------   d-----w-   C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-05-03 17:32:56   --------   d-----w-   C:\Users\Jashonai\AppData\Roaming\TP
2012-05-03 17:29:23   --------   d-----w-   C:\Users\Jashonai\AppData\Local\Adobe
2012-05-03 16:49:09   886784   ----a-w-   C:\Program Files\Common Files\System\wab32.dll
2012-05-03 16:49:09   708608   ----a-w-   C:\Program Files (x86)\Common Files\System\wab32.dll
2012-05-03 16:47:56   142336   ----a-w-   C:\windows\System32\poqexec.exe
2012-05-03 16:47:56   123904   ----a-w-   C:\windows\SysWow64\poqexec.exe
2012-05-03 16:46:40   1572864   ----a-w-   C:\windows\System32\quartz.dll
2012-05-03 16:46:40   1328128   ----a-w-   C:\windows\SysWow64\quartz.dll
2012-05-03 16:46:39   514560   ----a-w-   C:\windows\SysWow64\qdvd.dll
2012-05-03 16:46:39   366592   ----a-w-   C:\windows\System32\qdvd.dll
2012-05-03 16:45:27   509952   ----a-w-   C:\windows\System32\ntshrui.dll
2012-05-03 16:45:27   442880   ----a-w-   C:\windows\SysWow64\ntshrui.dll
2012-05-03 16:42:54   3145728   ----a-w-   C:\windows\System32\win32k.sys
2012-05-03 16:41:39   43520   ----a-w-   C:\windows\System32\csrsrv.dll
2012-05-03 16:40:24   515584   ----a-w-   C:\windows\System32\timedate.cpl
2012-05-03 16:40:24   478720   ----a-w-   C:\windows\SysWow64\timedate.cpl
2012-05-03 16:39:09   1544192   ----a-w-   C:\windows\System32\DWrite.dll
2012-05-03 16:39:09   1077248   ----a-w-   C:\windows\SysWow64\DWrite.dll
2012-05-03 16:37:54   870912   ----a-w-   C:\windows\SysWow64\XpsPrint.dll
2012-05-03 16:37:54   1465344   ----a-w-   C:\windows\System32\XpsPrint.dll
2012-05-03 16:35:24   498688   ----a-w-   C:\windows\System32\drivers\afd.sys
2012-05-03 16:32:55   690688   ----a-w-   C:\windows\SysWow64\msvcrt.dll
2012-05-03 16:32:55   634880   ----a-w-   C:\windows\System32\msvcrt.dll
2012-05-03 16:31:39   90624   ----a-w-   C:\windows\System32\drivers\bowser.sys
2012-05-03 16:30:24   723456   ----a-w-   C:\windows\System32\EncDec.dll
2012-05-03 16:30:24   534528   ----a-w-   C:\windows\SysWow64\EncDec.dll
2012-05-03 16:29:34   2048   ----a-w-   C:\windows\SysWow64\tzres.dll
2012-05-03 16:29:34   2048   ----a-w-   C:\windows\System32\tzres.dll
2012-05-03 16:27:56   1731920   ----a-w-   C:\windows\System32\ntdll.dll
2012-05-03 16:27:56   1292080   ----a-w-   C:\windows\SysWow64\ntdll.dll
2012-05-03 16:26:39   77312   ----a-w-   C:\windows\System32\packager.dll
2012-05-03 16:26:39   67072   ----a-w-   C:\windows\SysWow64\packager.dll
2012-05-03 15:49:26   --------   d-----r-   C:\Program Files (x86)\Skype
2012-05-03 04:20:33   --------   d-----w-   C:\Users\Jashonai\SyncUP
2012-05-03 04:17:49   --------   d-----w-   C:\Users\Jashonai\AppData\Local\Nero
2012-05-03 04:05:56   --------   d-----w-   C:\Program Files (x86)\Dell Touch Software Suite
2012-05-03 03:57:31   --------   d-----w-   C:\Users\Jashonai\AppData\Roaming\Fingertapps
2012-05-03 03:57:31   --------   d-----w-   C:\Users\Jashonai\AppData\Roaming\Dell
2012-05-03 03:57:22   --------   d-----w-   C:\Users\Jashonai\AppData\Local\Broadcom
2012-05-03 03:57:14   --------   d-----w-   C:\Users\Jashonai\AppData\Roaming\Intel Corporation
2012-05-03 03:57:14   --------   d-----w-   C:\Users\Jashonai\AppData\Roaming\Dell Touch Zone
2012-05-03 03:57:08   --------   d-----w-   C:\Users\Jashonai\AppData\Local\Dell
2012-05-03 03:56:18   9216   ----a-w-   C:\windows\System32\rdrmemptylst.exe
2012-05-03 03:56:17   77312   ----a-w-   C:\windows\System32\rdpwsx.dll
2012-05-03 03:56:17   149504   ----a-w-   C:\windows\System32\rdpcorekmts.dll
2012-05-03 03:56:15   826880   ----a-w-   C:\windows\SysWow64\rdpcore.dll
2012-05-03 03:56:15   23552   ----a-w-   C:\windows\System32\drivers\tdtcp.sys
2012-05-03 03:56:15   210944   ----a-w-   C:\windows\System32\drivers\rdpwd.sys
2012-05-03 03:56:15   1031680   ----a-w-   C:\windows\System32\rdpcore.dll
2012-05-03 03:53:36   --------   d-----w-   C:\Users\Jashonai\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2012-05-10 19:03:57   70304   ----a-w-   C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 17:11:30   162192   ----a-w-   C:\windows\System32\mfevtps.exe
2012-02-28 06:56:48   2311168   ----a-w-   C:\windows\System32\jscript9.dll
2012-02-28 06:49:56   1390080   ----a-w-   C:\windows\System32\wininet.dll
2012-02-28 06:48:57   1493504   ----a-w-   C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55   2382848   ----a-w-   C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55   1799168   ----a-w-   C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21   1427456   ----a-w-   C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07   1127424   ----a-w-   C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16   2382848   ----a-w-   C:\windows\SysWow64\mshtml.tlb
2012-02-22 17:29:46   75936   ----a-w-   C:\windows\System32\drivers\mfenlfk.sys
2012-02-22 17:29:46   65264   ----a-w-   C:\windows\System32\drivers\cfwids.sys
2012-02-22 17:29:46   647208   ----a-w-   C:\windows\System32\drivers\mfehidk.sys
2012-02-22 17:29:46   487296   ----a-w-   C:\windows\System32\drivers\mfefirek.sys
2012-02-22 17:29:46   289664   ----a-w-   C:\windows\System32\drivers\mfewfpk.sys
2012-02-22 17:29:46   229528   ----a-w-   C:\windows\System32\drivers\mfeavfk.sys
2012-02-22 17:29:46   160792   ----a-w-   C:\windows\System32\drivers\mfeapfk.sys
2012-02-22 17:29:46   10248   ----a-w-   C:\windows\System32\drivers\mfeclnk.sys
2012-02-22 17:29:46   100912   ----a-w-   C:\windows\System32\drivers\mferkdet.sys
.
============= FINISH: 14:32:44.80 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/2/2012 11:52:42 PM
System Uptime: 5/11/2012 1:23:13 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 01HXXJ
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz | CPU 1 | 2300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 413.369 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 5/2/2012 11:56:54 PM - Windows Update
RP4: 5/3/2012 12:05:17 AM - Installed Dell Stage
RP5: 5/5/2012 12:16:19 AM - Windows Update
RP6: 5/7/2012 11:58:55 AM - Installed Dell Stage Remote.
RP7: 5/10/2012 10:34:47 AM - Windows Update
RP8: 5/10/2012 4:19:24 PM - Installed Dell Support Center
RP9: 5/10/2012 5:08:29 PM - Windows Update
RP10: 5/10/2012 6:19:43 PM - Windows Update
RP11: 5/10/2012 11:35:52 PM - Installed 7-Zip 9.20 (x64 edition)
RP12: 5/11/2012 1:15:37 PM - Restore Operation
RP13: 5/11/2012 2:02:27 PM - Windows Update
.
==== Installed Programs ======================
.
Accidental Damage Services Agreement
Adobe AIR
Adobe Reader X (10.1.3) MUI
Advanced Audio FX Engine
Banctec Service Agreement
Bing Bar
Bing Rewards Client Installer
Blio
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Digital Delivery
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Stage Remote
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
High-Definition Video Playback
IDT Audio
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 7 Update 1
Junk Mail filter update
McAfee SecurityCenter
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
PhotoShowExpress
PlayReady PC Runtime x86
Premium Service Agreement
QualxServ Service Agreement
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.9
Sonic CinePlayer Decoder Pack
SyncUP
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
5/7/2012 11:17:54 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
5/5/2012 5:16:51 PM, Error: Service Control Manager [7023] -
5/11/2012 8:54:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
5/11/2012 8:50:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
5/11/2012 8:47:51 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 8:46:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/11/2012 8:46:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/11/2012 8:46:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/11/2012 8:46:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/11/2012 8:46:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/11/2012 8:46:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/11/2012 8:46:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
5/11/2012 8:46:15 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 8:46:15 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/11/2012 8:46:15 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/11/2012 8:46:15 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 8:46:15 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 8:46:15 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/11/2012 8:46:15 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 8:46:15 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
5/11/2012 8:46:15 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 8:46:15 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 8:46:15 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 8:46:15 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 8:46:15 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/11/2012 8:46:15 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/11/2012 8:46:15 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 8:46:15 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
5/11/2012 8:35:30 AM, Error: Service Control Manager [7023] - The Roxio Hard Drive Watcher 12 service terminated with the following error: %%-2147467243
5/11/2012 8:35:17 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
5/11/2012 8:34:17 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
5/11/2012 8:33:17 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/11/2012 8:33:17 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/11/2012 8:33:17 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/11/2012 8:33:17 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/11/2012 8:33:17 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/11/2012 8:33:17 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/11/2012 8:33:17 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/11/2012 8:33:17 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/11/2012 8:33:17 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/11/2012 8:33:17 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/11/2012 1:26:07 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
5/11/2012 1:26:05 PM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
5/11/2012 1:24:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
5/11/2012 1:23:41 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
5/11/2012 1:23:41 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
5/11/2012 1:23:40 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
5/10/2012 2:24:59 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Jashonai-PC\Jashonai SID (S-1-5-21-577114929-2062696541-2715413156-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

Hoov · « **Reply #1 on:** May 11, 2012, 02:16:16 PM »

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot''s Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes'' Anti-Malware
Launch Malwarebytes'' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click ''Show Results'' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM''s database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

ashy · « **Reply #2 on:** May 11, 2012, 03:35:48 PM »

First of all, Let me say thanks for the assistance.......

The redirect first started Thur evening. I ran McAfee, found nothing. Then ran MBAM, found two instances of Happili Trojan, which I removed. Redirect was still present. Tried a system restore back to earlier in the day, still no difference. PC is only a week old, which adds to my frustration.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.11.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jashonai :: JASHONAI-PC [administrator]

Protection: Disabled

5/11/2012 5:24:15 PM
mbam-log-2012-05-11 (17-24-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210508
Time elapsed: 2 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Jashonai\AppData\Local\Broadcom\Adobe\eujahasl.dll (Trojan.Happili.XGen) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Users\Jashonai\AppData\Local\Broadcom\Adobe\eujahasl.dll",DllRegisterServer -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Jashonai\AppData\Local\Broadcom\Adobe\eujahasl.dll (Trojan.Happili.XGen) -> Delete on reboot.
C:\Users\Jashonai\AppData\Local\Temp\nsd3277.tmp\eujahasl.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.
C:\Users\Jashonai\AppData\Local\Temp\nsd3277.tmp\preyg.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

(end)

Hoov · « **Reply #3 on:** May 11, 2012, 05:31:21 PM »

I understand your frustration, especially with a new computer. But for now, don't do a system restore unless you run a tool and you just cannot boot your computer at all.

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on click on the change parameters option.
Once you are in there, check all four boxes and then click on the OK button.
Now click the Start Scan button.
This is what you will see during the scan,

and this is what you will see when the scan is done if any threats are found. Don't change any of the recommended actions. Click the continue button.
Once the fix is done you might see this,

or it may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

ashy · « **Reply #4 on:** May 11, 2012, 07:08:01 PM »

Get an error message when trying to post copy of tdsskiller log, any sugestions??

ashy · « **Reply #5 on:** May 11, 2012, 07:35:19 PM »

20:56:37.0142 6384   TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
20:56:37.0470 6384   ============================================================
20:56:37.0470 6384   Current date / time: 2012/05/11 20:56:37.0470
20:56:37.0470 6384   SystemInfo:
20:56:37.0470 6384
20:56:37.0470 6384   OS Version: 6.1.7601 ServicePack: 1.0
20:56:37.0470 6384   Product type: Workstation
20:56:37.0485 6384   ComputerName: JASHONAI-PC
20:56:37.0485 6384   UserName: Jashonai
20:56:37.0485 6384   Windows directory: C:\windows
20:56:37.0485 6384   System windows directory: C:\windows
20:56:37.0485 6384   Running under WOW64
20:56:37.0485 6384   Processor architecture: Intel x64
20:56:37.0485 6384   Number of processors: 4
20:56:37.0485 6384   Page size: 0x1000
20:56:37.0485 6384   Boot type: Normal boot
20:56:37.0485 6384   ============================================================
20:56:37.0891 6384   Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:56:37.0891 6384   ============================================================
20:56:37.0891 6384   \Device\Harddisk0\DR0:
20:56:37.0891 6384   MBR partitions:
20:56:37.0891 6384   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
20:56:37.0891 6384   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
20:56:37.0891 6384   ============================================================
20:56:37.0938 6384   C: <-> \Device\Harddisk0\DR0\Partition1
20:56:37.0938 6384   ============================================================
20:56:37.0938 6384   Initialize success
20:56:37.0938 6384   ============================================================
20:57:25.0643 4708   ============================================================
20:57:25.0643 4708   Scan started
20:57:25.0643 4708   Mode: Manual; SigCheck; TDLFS;
20:57:25.0643 4708   ============================================================
20:57:26.0438 4708   1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
20:57:26.0563 4708   1394ohci - ok
20:57:26.0625 4708   ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
20:57:26.0657 4708   ACPI - ok
20:57:26.0703 4708   AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
20:57:26.0813 4708   AcpiPmi - ok
20:57:26.0922 4708   AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:57:26.0937 4708   AdobeARMservice - ok
20:57:27.0078 4708   AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:57:27.0125 4708   AdobeFlashPlayerUpdateSvc - ok
20:57:27.0171 4708   adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
20:57:27.0218 4708   adp94xx - ok
20:57:27.0281 4708   adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
20:57:27.0296 4708   adpahci - ok
20:57:27.0312 4708   adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
20:57:27.0327 4708   adpu320 - ok
20:57:27.0374 4708   AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
20:57:27.0468 4708   AeLookupSvc - ok
20:57:27.0561 4708   AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
20:57:27.0624 4708   AESTFilters - ok
20:57:27.0671 4708   AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
20:57:27.0733 4708   AFD - ok
20:57:27.0780 4708   agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
20:57:27.0811 4708   agp440 - ok
20:57:27.0842 4708   ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
20:57:27.0889 4708   ALG - ok
20:57:27.0920 4708   aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
20:57:27.0951 4708   aliide - ok
20:57:27.0967 4708   amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
20:57:27.0983 4708   amdide - ok
20:57:27.0983 4708   AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
20:57:27.0998 4708   AmdK8 - ok
20:57:27.0998 4708   AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
20:57:28.0014 4708   AmdPPM - ok
20:57:28.0029 4708   amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
20:57:28.0045 4708   amdsata - ok
20:57:28.0045 4708   amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
20:57:28.0061 4708   amdsbs - ok
20:57:28.0092 4708   amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
20:57:28.0107 4708   amdxata - ok
20:57:28.0185 4708   ApfiltrService (6690e42ced5d067233abad42da141213) C:\windows\system32\DRIVERS\Apfiltr.sys
20:57:28.0248 4708   ApfiltrService - ok
20:57:28.0295 4708   AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
20:57:28.0341 4708   AppID - ok
20:57:28.0373 4708   AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
20:57:28.0451 4708   AppIDSvc - ok
20:57:28.0497 4708   Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
20:57:28.0591 4708   Appinfo - ok
20:57:28.0638 4708   arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
20:57:28.0653 4708   arc - ok
20:57:28.0685 4708   arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
20:57:28.0685 4708   arcsas - ok
20:57:28.0794 4708   aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:57:28.0856 4708   aspnet_state - ok
20:57:28.0872 4708   AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:57:28.0934 4708   AsyncMac - ok
20:57:28.0997 4708   atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
20:57:29.0028 4708   atapi - ok
20:57:29.0090 4708   AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:57:29.0168 4708   AudioEndpointBuilder - ok
20:57:29.0184 4708   AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:57:29.0231 4708   AudioSrv - ok
20:57:29.0262 4708   AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
20:57:29.0309 4708   AxInstSV - ok
20:57:29.0371 4708   b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
20:57:29.0465 4708   b06bdrv - ok
20:57:29.0511 4708   b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:57:29.0558 4708   b57nd60a - ok
20:57:29.0699 4708   BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
20:57:29.0730 4708   BBSvc - ok
20:57:29.0761 4708   BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
20:57:29.0792 4708   BBUpdate - ok
20:57:29.0995 4708   BCM43XX (783f1c7ed6b39454a8d1028d4f30768d) C:\windows\system32\DRIVERS\bcmwl664.sys
20:57:30.0182 4708   BCM43XX - ok
20:57:30.0291 4708   BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
20:57:30.0385 4708   BDESVC - ok
20:57:30.0447 4708   Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:57:30.0525 4708   Beep - ok
20:57:30.0588 4708   BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
20:57:30.0635 4708   BITS - ok
20:57:30.0650 4708   blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:57:30.0666 4708   blbdrive - ok
20:57:30.0697 4708   bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
20:57:30.0759 4708   bowser - ok
20:57:30.0775 4708   BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
20:57:30.0791 4708   BrFiltLo - ok
20:57:30.0791 4708   BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
20:57:30.0806 4708   BrFiltUp - ok
20:57:30.0853 4708   Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
20:57:30.0962 4708   Browser - ok
20:57:30.0993 4708   Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:57:31.0071 4708   Brserid - ok
20:57:31.0071 4708   BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:57:31.0103 4708   BrSerWdm - ok
20:57:31.0103 4708   BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:57:31.0118 4708   BrUsbMdm - ok
20:57:31.0118 4708   BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:57:31.0149 4708   BrUsbSer - ok
20:57:31.0196 4708   BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
20:57:31.0259 4708   BthEnum - ok
20:57:31.0274 4708   BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
20:57:31.0337 4708   BTHMODEM - ok
20:57:31.0399 4708   BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
20:57:31.0461 4708   BthPan - ok
20:57:31.0524 4708   BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
20:57:31.0555 4708   BTHPORT - ok
20:57:31.0602 4708   bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
20:57:31.0633 4708   bthserv - ok
20:57:31.0664 4708   BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
20:57:31.0695 4708   BTHUSB - ok
20:57:31.0758 4708   BTWAMPFL (a0dfb69ade3444c78b17636fcf28e898) C:\windows\system32\DRIVERS\btwampfl.sys
20:57:31.0789 4708   BTWAMPFL - ok
20:57:31.0836 4708   btwaudio (f6135859a582a7294ba7a3336e08baa1) C:\windows\system32\drivers\btwaudio.sys
20:57:31.0867 4708   btwaudio - ok
20:57:31.0883 4708   btwavdt (3def2370e414b4e299673558ba171a51) C:\windows\system32\DRIVERS\btwavdt.sys
20:57:31.0914 4708   btwavdt - ok
20:57:32.0039 4708   btwdins (b7dea77ee893806859072274ee8ec8fc) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:57:32.0085 4708   btwdins - ok
20:57:32.0101 4708   btwl2cap (9ad0fa253ed531d39fb2d74fe12a5fa9) C:\windows\system32\DRIVERS\btwl2cap.sys
20:57:32.0117 4708   btwl2cap - ok
20:57:32.0163 4708   btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\windows\system32\DRIVERS\btwrchid.sys
20:57:32.0179 4708   btwrchid - ok
20:57:32.0226 4708   cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:57:32.0288 4708   cdfs - ok
20:57:32.0335 4708   cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
20:57:32.0397 4708   cdrom - ok
20:57:32.0444 4708   CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:57:32.0538 4708   CertPropSvc - ok
20:57:32.0569 4708   cfwids (274ce03459896006f7a5069266e0469e) C:\windows\system32\drivers\cfwids.sys
20:57:32.0585 4708   cfwids - ok
20:57:32.0600 4708   circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
20:57:32.0663 4708   circlass - ok
20:57:32.0709 4708   CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:57:32.0741 4708   CLFS - ok
20:57:32.0834 4708   clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:57:32.0865 4708   clr_optimization_v2.0.50727_32 - ok
20:57:32.0897 4708   clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:57:32.0928 4708   clr_optimization_v2.0.50727_64 - ok
20:57:33.0006 4708   clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:57:33.0084 4708   clr_optimization_v4.0.30319_32 - ok
20:57:33.0146 4708   clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:57:33.0177 4708   clr_optimization_v4.0.30319_64 - ok
20:57:33.0209 4708   CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:57:33.0255 4708   CmBatt - ok
20:57:33.0287 4708   cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
20:57:33.0287 4708   cmdide - ok
20:57:33.0349 4708   CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
20:57:33.0396 4708   CNG - ok
20:57:33.0427 4708   Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
20:57:33.0443 4708   Compbatt - ok
20:57:33.0474 4708   CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
20:57:33.0536 4708   CompositeBus - ok
20:57:33.0552 4708   COMSysApp - ok
20:57:33.0583 4708   crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
20:57:33.0599 4708   crcdisk - ok
20:57:33.0630 4708   CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
20:57:33.0677 4708   CryptSvc - ok
20:57:33.0739 4708   CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys
20:57:33.0817 4708   CtClsFlt - ok
20:57:33.0957 4708   cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:57:33.0989 4708   cvhsvc - ok
20:57:34.0067 4708   DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:57:34.0113 4708   DcomLaunch - ok
20:57:34.0160 4708   defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
20:57:34.0223 4708   defragsvc - ok
20:57:34.0316 4708   DellDigitalDelivery (2050309bab03dfcee455dbf913bf91b1) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
20:57:34.0332 4708   DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning
20:57:34.0332 4708   DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1)
20:57:34.0394 4708   DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
20:57:34.0457 4708   DfsC - ok
20:57:34.0519 4708   Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
20:57:34.0581 4708   Dhcp - ok
20:57:34.0628 4708   discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:57:34.0691 4708   discache - ok
20:57:34.0737 4708   Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
20:57:34.0769 4708   Disk - ok
20:57:34.0815 4708   Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
20:57:34.0862 4708   Dnscache - ok
20:57:34.0878 4708   dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
20:57:34.0940 4708   dot3svc - ok
20:57:34.0956 4708   DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
20:57:35.0034 4708   DPS - ok
20:57:35.0065 4708   drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:57:35.0127 4708   drmkaud - ok
20:57:35.0190 4708   DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
20:57:35.0252 4708   DXGKrnl - ok
20:57:35.0283 4708   EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
20:57:35.0361 4708   EapHost - ok
20:57:35.0502 4708   ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
20:57:35.0689 4708   ebdrv - ok
20:57:35.0798 4708   EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
20:57:35.0876 4708   EFS - ok
20:57:35.0954 4708   ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
20:57:36.0017 4708   ehRecvr - ok
20:57:36.0032 4708   ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
20:57:36.0048 4708   ehSched - ok
20:57:36.0141 4708   elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
20:57:36.0188 4708   elxstor - ok
20:57:36.0188 4708   ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
20:57:36.0219 4708   ErrDev - ok
20:57:36.0282 4708   EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
20:57:36.0375 4708   EventSystem - ok
20:57:36.0422 4708   exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:57:36.0500 4708   exfat - ok
20:57:36.0531 4708   fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:57:36.0563 4708   fastfat - ok
20:57:36.0734 4708   Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
20:57:36.0843 4708   Fax - ok
20:57:36.0875 4708   fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
20:57:36.0906 4708   fdc - ok
20:57:37.0015 4708   fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
20:57:37.0109 4708   fdPHost - ok
20:57:37.0155 4708   FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
20:57:37.0249 4708   FDResPub - ok
20:57:37.0280 4708   FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:57:37.0311 4708   FileInfo - ok
20:57:37.0343 4708   Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:57:37.0421 4708   Filetrace - ok
20:57:37.0421 4708   flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
20:57:37.0436 4708   flpydisk - ok
20:57:37.0467 4708   FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
20:57:37.0483 4708   FltMgr - ok
20:57:37.0545 4708   FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
20:57:37.0655 4708   FontCache - ok
20:57:37.0748 4708   FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:57:37.0764 4708   FontCache3.0.0.0 - ok
20:57:37.0826 4708   FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:57:37.0857 4708   FsDepends - ok
20:57:37.0904 4708   Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
20:57:37.0935 4708   Fs_Rec - ok
20:57:37.0967 4708   fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
20:57:37.0982 4708   fvevol - ok
20:57:38.0029 4708   gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
20:57:38.0045 4708   gagp30kx - ok
20:57:38.0123 4708   gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
20:57:38.0169 4708   gpsvc - ok
20:57:38.0201 4708   hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:57:38.0263 4708   hcw85cir - ok
20:57:38.0294 4708   HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
20:57:38.0341 4708   HdAudAddService - ok
20:57:38.0357 4708   HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
20:57:38.0403 4708   HDAudBus - ok
20:57:38.0403 4708   HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
20:57:38.0450 4708   HidBatt - ok
20:57:38.0497 4708   HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
20:57:38.0528 4708   HidBth - ok
20:57:38.0544 4708   HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
20:57:38.0606 4708   HidIr - ok
20:57:38.0637 4708   hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
20:57:38.0684 4708   hidserv - ok
20:57:38.0731 4708   HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
20:57:38.0762 4708   HidUsb - ok
20:57:38.0809 4708   hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
20:57:38.0887 4708   hkmsvc - ok
20:57:38.0903 4708   HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
20:57:38.0949 4708   HomeGroupListener - ok
20:57:38.0981 4708   HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
20:57:39.0027 4708   HomeGroupProvider - ok
20:57:39.0074 4708   HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
20:57:39.0105 4708   HpSAMD - ok
20:57:39.0168 4708   HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
20:57:39.0215 4708   HTTP - ok
20:57:39.0246 4708   hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
20:57:39.0277 4708   hwpolicy - ok
20:57:39.0293 4708   i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
20:57:39.0324 4708   i8042prt - ok
20:57:39.0355 4708   iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
20:57:39.0386 4708   iaStor - ok
20:57:39.0495 4708   IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:57:39.0511 4708   IAStorDataMgrSvc - ok
20:57:39.0542 4708   iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
20:57:39.0573 4708   iaStorV - ok
20:57:39.0683 4708   idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:57:39.0714 4708   idsvc - ok
20:57:40.0119 4708   igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\windows\system32\DRIVERS\igdkmd64.sys
20:57:40.0463 4708   igfx - ok
20:57:40.0587 4708   iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
20:57:40.0619 4708   iirsp - ok
20:57:40.0697 4708   IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
20:57:40.0790 4708   IKEEXT - ok
20:57:40.0853 4708   IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
20:57:40.0884 4708   IntcDAud - ok
20:57:40.0884 4708   intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
20:57:40.0899 4708   intelide - ok
20:57:40.0931 4708   intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:57:40.0977 4708   intelppm - ok
20:57:41.0024 4708   IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
20:57:41.0071 4708   IPBusEnum - ok
20:57:41.0087 4708   IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:57:41.0149 4708   IpFilterDriver - ok
20:57:41.0149 4708   IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
20:57:41.0180 4708   IPMIDRV - ok
20:57:41.0211 4708   IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:57:41.0321 4708   IPNAT - ok
20:57:41.0336 4708   IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:57:41.0399 4708   IRENUM - ok
20:57:41.0414 4708   isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
20:57:41.0445 4708   isapnp - ok
20:57:41.0461 4708   iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
20:57:41.0477 4708   iScsiPrt - ok
20:57:41.0508 4708   kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
20:57:41.0539 4708   kbdclass - ok
20:57:41.0570 4708   kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
20:57:41.0586 4708   kbdhid - ok
20:57:41.0633 4708   KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:57:41.0664 4708   KeyIso - ok
20:57:41.0679 4708   KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
20:57:41.0726 4708   KSecDD - ok
20:57:41.0757 4708   KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
20:57:41.0789 4708   KSecPkg - ok
20:57:41.0820 4708   ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:57:41.0898 4708   ksthunk - ok
20:57:41.0945 4708   KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
20:57:42.0054 4708   KtmRm - ok
20:57:42.0101 4708   LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
20:57:42.0194 4708   LanmanServer - ok
20:57:42.0225 4708   LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
20:57:42.0303 4708   LanmanWorkstation - ok
20:57:42.0350 4708   lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:57:42.0444 4708   lltdio - ok
20:57:42.0506 4708   lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
20:57:42.0553 4708   lltdsvc - ok
20:57:42.0584 4708   lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
20:57:42.0631 4708   lmhosts - ok
20:57:42.0756 4708   LMS (98b16e756243bea9410e32025b19c06f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:57:42.0787 4708   LMS - ok
20:57:42.0818 4708   LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
20:57:42.0849 4708   LSI_FC - ok
20:57:42.0881 4708   LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
20:57:42.0896 4708   LSI_SAS - ok
20:57:42.0896 4708   LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
20:57:42.0912 4708   LSI_SAS2 - ok
20:57:42.0912 4708   LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
20:57:42.0927 4708   LSI_SCSI - ok
20:57:42.0959 4708   luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:57:43.0021 4708   luafv - ok
20:57:43.0068 4708   MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
20:57:43.0083 4708   MBAMProtector - ok
20:57:43.0146 4708   MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:57:43.0161 4708   MBAMService - ok
20:57:43.0271 4708   McAWFwk (9504f1dda1b67fb8d526fd4f8cc882f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
20:57:43.0317 4708   McAWFwk - ok
20:57:43.0364 4708   McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:57:43.0395 4708   McMPFSvc - ok
20:57:43.0395 4708   mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:57:43.0411 4708   mcmscsvc - ok
20:57:43.0427 4708   McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:57:43.0442 4708   McNaiAnn - ok
20:57:43.0458 4708   McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:57:43.0473 4708   McNASvc - ok
20:57:43.0536 4708   McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\mcafee\VirusScan\mcods.exe
20:57:43.0567 4708   McODS - ok
20:57:43.0567 4708   McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:57:43.0583 4708   McOobeSv - ok
20:57:43.0583 4708   McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
20:57:43.0598 4708   McProxy - ok
20:57:43.0676 4708   McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:57:43.0692 4708   McShield - ok
20:57:43.0801 4708   Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
20:57:43.0832 4708   Mcx2Svc - ok
20:57:43.0863 4708   megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
20:57:43.0895 4708   megasas - ok
20:57:43.0926 4708   MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
20:57:43.0941 4708   MegaSR - ok
20:57:43.0957 4708   MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
20:57:43.0973 4708   MEIx64 - ok
20:57:44.0019 4708   mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\windows\system32\drivers\mfeapfk.sys
20:57:44.0051 4708   mfeapfk - ok
20:57:44.0097 4708   mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\windows\system32\drivers\mfeavfk.sys
20:57:44.0129 4708   mfeavfk - ok
20:57:44.0144 4708   mfeavfk01 - ok
20:57:44.0175 4708   mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:57:44.0191 4708   mfefire - ok
20:57:44.0222 4708   mfefirek (ce9a3680675c0907ade16404ca967b49) C:\windows\system32\drivers\mfefirek.sys
20:57:44.0238 4708   mfefirek - ok
20:57:44.0300 4708   mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\windows\system32\drivers\mfehidk.sys
20:57:44.0347 4708   mfehidk - ok
20:57:44.0363 4708   mfenlfk (a8129cfb919347f8533c934b365e9202) C:\windows\system32\DRIVERS\mfenlfk.sys
20:57:44.0363 4708   mfenlfk - ok
20:57:44.0394 4708   mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\windows\system32\drivers\mferkdet.sys
20:57:44.0425 4708   mferkdet - ok
20:57:44.0441 4708   mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
20:57:44.0456 4708   mfevtp - ok
20:57:44.0487 4708   mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\windows\system32\drivers\mfewfpk.sys
20:57:44.0503 4708   mfewfpk - ok
20:57:44.0519 4708   MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:57:44.0597 4708   MMCSS - ok
20:57:44.0628 4708   Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:57:44.0690 4708   Modem - ok
20:57:44.0721 4708   monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:57:44.0768 4708   monitor - ok
20:57:44.0799 4708   mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:57:44.0831 4708   mouclass - ok
20:57:44.0862 4708   mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
20:57:44.0893 4708   mouhid - ok
20:57:44.0924 4708   mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
20:57:44.0940 4708   mountmgr - ok
20:57:44.0955 4708   mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
20:57:45.0002 4708   mpio - ok
20:57:45.0018 4708   mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:57:45.0049 4708   mpsdrv - ok
20:57:45.0065 4708   MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
20:57:45.0080 4708   MRxDAV - ok
20:57:45.0111 4708   mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
20:57:45.0189 4708   mrxsmb - ok
20:57:45.0205 4708   mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:57:45.0221 4708   mrxsmb10 - ok
20:57:45.0236 4708   mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:57:45.0252 4708   mrxsmb20 - ok
20:57:45.0267 4708   msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
20:57:45.0283 4708   msahci - ok
20:57:45.0314 4708   msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
20:57:45.0314 4708   msdsm - ok
20:57:45.0361 4708   MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
20:57:45.0392 4708   MSDTC - ok
20:57:45.0423 4708   Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:57:45.0470 4708   Msfs - ok
20:57:45.0486 4708   mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:57:45.0564 4708   mshidkmdf - ok
20:57:45.0579 4708   msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
20:57:45.0595 4708   msisadrv - ok
20:57:45.0611 4708   MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
20:57:45.0673 4708   MSiSCSI - ok
20:57:45.0673 4708   msiserver - ok
20:57:45.0751 4708   MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:57:45.0782 4708   MSK80Service - ok
20:57:45.0813 4708   MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:57:45.0891 4708   MSKSSRV - ok
20:57:45.0891 4708   MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:57:45.0923 4708   MSPCLOCK - ok
20:57:45.0954 4708   MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:57:46.0032 4708   MSPQM - ok
20:57:46.0063 4708   MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
20:57:46.0094 4708   MsRPC - ok
20:57:46.0110 4708   mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
20:57:46.0125 4708   mssmbios - ok
20:57:46.0141 4708   MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:57:46.0219 4708   MSTEE - ok
20:57:46.0235 4708   MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
20:57:46.0281 4708   MTConfig - ok
20:57:46.0313 4708   Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:57:46.0344 4708   Mup - ok
20:57:46.0391 4708   napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
20:57:46.0469 4708   napagent - ok
20:57:46.0547 4708   NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:57:46.0625 4708   NativeWifiP - ok
20:57:46.0765 4708   NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
20:57:46.0812 4708   NAUpdate - ok
20:57:46.0890 4708   NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
20:57:46.0952 4708   NDIS - ok
20:57:46.0983 4708   NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:57:47.0093 4708   NdisCap - ok
20:57:47.0139 4708   NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:57:47.0202 4708   NdisTapi - ok
20:57:47.0217 4708   Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
20:57:47.0311 4708   Ndisuio - ok
20:57:47.0342 4708   NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
20:57:47.0420 4708   NdisWan - ok
20:57:47.0451 4708   NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
20:57:47.0514 4708   NDProxy - ok
20:57:47.0529 4708   NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:57:47.0561 4708   NetBIOS - ok
20:57:47.0607 4708   NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
20:57:47.0717 4708   NetBT - ok
20:57:47.0763 4708   Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:57:47.0795 4708   Netlogon - ok
20:57:47.0841 4708   Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
20:57:47.0888 4708   Netman - ok
20:57:47.0982 4708   NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:57:48.0013 4708   NetMsmqActivator - ok
20:57:48.0029 4708   NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:57:48.0044 4708   NetPipeActivator - ok
20:57:48.0091 4708   netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
20:57:48.0138 4708   netprofm - ok
20:57:48.0153 4708   NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:57:48.0153 4708   NetTcpActivator - ok
20:57:48.0153 4708   NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:57:48.0169 4708   NetTcpPortSharing - ok
20:57:48.0247 4708   nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
20:57:48.0278 4708   nfrd960 - ok
20:57:48.0325 4708   NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
20:57:48.0419 4708   NlaSvc - ok
20:57:48.0606 4708   NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
20:57:48.0653 4708   NOBU - ok
20:57:48.0762 4708   Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:57:48.0824 4708   Npfs - ok
20:57:48.0855 4708   nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
20:57:48.0902 4708   nsi - ok
20:57:48.0933 4708   nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:57:48.0965 4708   nsiproxy - ok
20:57:49.0043 4708   Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
20:57:49.0089 4708   Ntfs - ok
20:57:49.0183 4708   Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:57:49.0277 4708   Null - ok
20:57:49.0308 4708   nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
20:57:49.0339 4708   nvraid - ok
20:57:49.0355 4708   nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
20:57:49.0370 4708   nvstor - ok
20:57:49.0386 4708   nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
20:57:49.0386 4708   nv_agp - ok
20:57:49.0401 4708   ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
20:57:49.0433 4708   ohci1394 - ok
20:57:49.0526 4708   ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:57:49.0557 4708   ose - ok
20:57:49.0776 4708   osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:57:49.0947 4708   osppsvc - ok
20:57:50.0057 4708   p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:57:50.0119 4708   p2pimsvc - ok
20:57:50.0166 4708   p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
20:57:50.0181 4708   p2psvc - ok
20:57:50.0244 4708   Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
20:57:50.0275 4708   Parport - ok
20:57:50.0306 4708   partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
20:57:50.0337 4708   partmgr - ok
20:57:50.0369 4708   PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
20:57:50.0400 4708   PcaSvc - ok
20:57:50.0431 4708   pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
20:57:50.0447 4708   pci - ok
20:57:50.0462 4708   pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
20:57:50.0478 4708   pciide - ok
20:57:50.0493 4708   pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
20:57:50.0509 4708   pcmcia - ok
20:57:50.0525 4708   pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:57:50.0525 4708   pcw - ok
20:57:50.0571 4708   PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:57:50.0649 4708   PEAUTH - ok
20:57:50.0727 4708   PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
20:57:50.0790 4708   PerfHost - ok
20:57:50.0868 4708   pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
20:57:50.0915 4708   pla - ok
20:57:50.0977 4708   PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
20:57:51.0055 4708   PlugPlay - ok
20:57:51.0086 4708   PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
20:57:51.0102 4708   PNRPAutoReg - ok
20:57:51.0117 4708   PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:57:51.0149 4708   PNRPsvc - ok
20:57:51.0180 4708   PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
20:57:51.0258 4708   PolicyAgent - ok
20:57:51.0289 4708   Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\windows\system32\umpo.dll
20:57:51.0367 4708   Power - ok
20:57:51.0445 4708   PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
20:57:51.0539 4708   PptpMiniport - ok
20:57:51.0554 4708   Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
20:57:51.0570 4708   Processor - ok
20:57:51.0617 4708   ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
20:57:51.0663 4708   ProfSvc - ok
20:57:51.0695 4708   ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:57:51.0710 4708   ProtectedStorage - ok
20:57:51.0757 4708   Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
20:57:51.0819 4708   Psched - ok
20:57:51.0851 4708   PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
20:57:51.0882 4708   PxHlpa64 - ok
20:57:51.0975 4708   ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
20:57:52.0038 4708   ql2300 - ok
20:57:52.0147 4708   ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
20:57:52.0178 4708   ql40xx - ok
20:57:52.0209 4708   QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
20:57:52.0256 4708   QWAVE - ok
20:57:52.0287 4708   QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:57:52.0365 4708   QWAVEdrv - ok
20:57:52.0365 4708   RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:57:52.0412 4708   RasAcd - ok
20:57:52.0443 4708   RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:57:52.0506 4708   RasAgileVpn - ok
20:57:52.0553 4708   RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
20:57:52.0631 4708   RasAuto - ok
20:57:52.0677 4708   Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
20:57:52.0740 4708   Rasl2tp - ok
20:57:52.0802 4708   RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
20:57:52.0865 4708   RasMan - ok
20:57:52.0880 4708   RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:57:52.0943 4708   RasPppoe - ok
20:57:52.0958 4708   RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:57:53.0036 4708   RasSstp - ok
20:57:53.0052 4708   rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
20:57:53.0099 4708   rdbss - ok
20:57:53.0130 4708   rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
20:57:53.0145 4708   rdpbus - ok
20:57:53.0161 4708   RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:57:53.0192 4708   RDPCDD - ok
20:57:53.0208 4708   RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:57:53.0255 4708   RDPENCDD - ok
20:57:53.0255 4708   RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:57:53.0286 4708   RDPREFMP - ok
20:57:53.0317 4708   RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
20:57:53.0348 4708   RDPWD - ok
20:57:53.0379 4708   rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
20:57:53.0426 4708   rdyboost - ok
20:57:53.0457 4708   RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
20:57:53.0551 4708   RemoteAccess - ok
20:57:53.0598 4708   RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
20:57:53.0691 4708   RemoteRegistry - ok
20:57:53.0723 4708   RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
20:57:53.0754 4708   RFCOMM - ok
20:57:53.0941 4708   RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
20:57:53.0972 4708   RoxMediaDB12OEM - ok
20:57:54.0019 4708   RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
20:57:54.0035 4708   RoxWatch12 - ok
20:57:54.0144 4708   RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
20:57:54.0222 4708   RpcEptMapper - ok
20:57:54.0253 4708   RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
20:57:54.0284 4708   RpcLocator - ok
20:57:54.0315 4708   RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:57:54.0378 4708   RpcSs - ok
20:57:54.0456 4708   rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:57:54.0503 4708   rspndr - ok
20:57:54.0565 4708   RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
20:57:54.0596 4708   RSUSBSTOR - ok
20:57:54.0643 4708   RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
20:57:54.0659 4708   RTL8167 - ok
20:57:54.0690 4708   SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:57:54.0706 4708   SamSs - ok
20:57:54.0737 4708   sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
20:57:54.0768 4708   sbp2port - ok
20:57:54.0799 4708   SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
20:57:54.0862 4708   SCardSvr - ok
20:57:54.0862 4708   scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
20:57:54.0908 4708   scfilter - ok
20:57:54.0940 4708   Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
20:57:55.0064 4708   Schedule - ok
20:57:55.0111 4708   SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:57:55.0158 4708   SCPolicySvc - ok
20:57:55.0189 4708   SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
20:57:55.0252 4708   SDRSVC - ok
20:57:55.0314 4708   secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:57:55.0376 4708   secdrv - ok

Cont'd

ashy · « **Reply #6 on:** May 11, 2012, 07:38:17 PM »

0:57:55.0392 4708   seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
20:57:55.0423 4708   seclogon - ok
20:57:55.0470 4708   SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
20:57:55.0548 4708   SENS - ok
20:57:55.0579 4708   SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
20:57:55.0657 4708   SensrSvc - ok
20:57:55.0688 4708   Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
20:57:55.0704 4708   Serenum - ok
20:57:55.0720 4708   Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
20:57:55.0766 4708   Serial - ok
20:57:55.0798 4708   sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
20:57:55.0829 4708   sermouse - ok
20:57:55.0860 4708   SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
20:57:55.0954 4708   SessionEnv - ok
20:57:55.0954 4708   sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
20:57:55.0985 4708   sffdisk - ok
20:57:55.0985 4708   sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
20:57:56.0000 4708   sffp_mmc - ok
20:57:56.0000 4708   sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
20:57:56.0016 4708   sffp_sd - ok
20:57:56.0032 4708   sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
20:57:56.0047 4708   sfloppy - ok
20:57:56.0110 4708   Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
20:57:56.0141 4708   Sftfs - ok
20:57:56.0219 4708   sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:57:56.0250 4708   sftlist - ok
20:57:56.0281 4708   Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
20:57:56.0312 4708   Sftplay - ok
20:57:56.0344 4708   Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
20:57:56.0375 4708   Sftredir - ok
20:57:56.0484 4708   SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:57:56.0515 4708   SftService - ok
20:57:56.0624 4708   Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
20:57:56.0656 4708   Sftvol - ok
20:57:56.0749 4708   sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:57:56.0765 4708   sftvsa - ok
20:57:56.0812 4708   SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
20:57:56.0874 4708   SharedAccess - ok
20:57:56.0905 4708   ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
20:57:56.0952 4708   ShellHWDetection - ok
20:57:56.0968 4708   SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
20:57:56.0983 4708   SiSRaid2 - ok
20:57:56.0999 4708   SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
20:57:56.0999 4708   SiSRaid4 - ok
20:57:57.0046 4708   SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:57:57.0077 4708   SkypeUpdate - ok
20:57:57.0108 4708   Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:57:57.0186 4708   Smb - ok
20:57:57.0248 4708   SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
20:57:57.0280 4708   SNMPTRAP - ok
20:57:57.0295 4708   spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:57:57.0311 4708   spldr - ok
20:57:57.0358 4708   Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
20:57:57.0436 4708   Spooler - ok
20:57:57.0560 4708   sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
20:57:57.0716 4708   sppsvc - ok
20:57:57.0810 4708   sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
20:57:57.0904 4708   sppuinotify - ok
20:57:57.0950 4708   srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
20:57:58.0060 4708   srv - ok
20:57:58.0075 4708   srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
20:57:58.0122 4708   srv2 - ok
20:57:58.0153 4708   srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
20:57:58.0200 4708   srvnet - ok
20:57:58.0262 4708   SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
20:57:58.0340 4708   SSDPSRV - ok
20:57:58.0356 4708   SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
20:57:58.0403 4708   SstpSvc - ok
20:57:58.0496 4708   STacSV (a6b2ec3a2b6ad7c3f7b2f3495cade4c0) C:\Program Files\IDT\WDM\STacSV64.exe
20:57:58.0543 4708   STacSV - ok
20:57:58.0574 4708   stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
20:57:58.0590 4708   stexstor - ok
20:57:58.0668 4708   STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\windows\system32\DRIVERS\stwrt64.sys
20:57:58.0715 4708   STHDA - ok
20:57:58.0793 4708   stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
20:57:58.0824 4708   stisvc - ok
20:57:58.0902 4708   stllssvr (7731f46ec0d687a931cba063e8f90ef0) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:57:58.0933 4708   stllssvr - ok
20:57:58.0949 4708   swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
20:57:58.0964 4708   swenum - ok
20:57:59.0011 4708   swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
20:57:59.0058 4708   swprv - ok
20:57:59.0152 4708   SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
20:57:59.0214 4708   SysMain - ok
20:57:59.0308 4708   TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
20:57:59.0370 4708   TabletInputService - ok
20:57:59.0401 4708   TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
20:57:59.0448 4708   TapiSrv - ok
20:57:59.0479 4708   TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
20:57:59.0542 4708   TBS - ok
20:57:59.0682 4708   Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
20:57:59.0744 4708   Tcpip - ok
20:57:59.0932 4708   TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
20:57:59.0978 4708   TCPIP6 - ok
20:58:00.0072 4708   tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
20:58:00.0166 4708   tcpipreg - ok
20:58:00.0181 4708   TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:58:00.0228 4708   TDPIPE - ok
20:58:00.0275 4708   TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
20:58:00.0322 4708   TDTCP - ok
20:58:00.0353 4708   tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
20:58:00.0400 4708   tdx - ok
20:58:00.0431 4708   TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
20:58:00.0431 4708   TermDD - ok
20:58:00.0493 4708   TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
20:58:00.0587 4708   TermService - ok
20:58:00.0602 4708   Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
20:58:00.0634 4708   Themes - ok
20:58:00.0649 4708   THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:58:00.0712 4708   THREADORDER - ok
20:58:00.0743 4708   TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
20:58:00.0790 4708   TrkWks - ok
20:58:00.0836 4708   TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
20:58:00.0914 4708   TrustedInstaller - ok
20:58:00.0946 4708   tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
20:58:01.0008 4708   tssecsrv - ok
20:58:01.0039 4708   TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
20:58:01.0102 4708   TsUsbFlt - ok
20:58:01.0117 4708   TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
20:58:01.0133 4708   TsUsbGD - ok
20:58:01.0164 4708   tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
20:58:01.0211 4708   tunnel - ok
20:58:01.0226 4708   uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
20:58:01.0242 4708   uagp35 - ok
20:58:01.0258 4708   udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
20:58:01.0336 4708   udfs - ok
20:58:01.0367 4708   UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
20:58:01.0382 4708   UI0Detect - ok
20:58:01.0414 4708   uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
20:58:01.0445 4708   uliagpkx - ok
20:58:01.0476 4708   umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
20:58:01.0523 4708   umbus - ok
20:58:01.0554 4708   UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
20:58:01.0585 4708   UmPass - ok
20:58:01.0772 4708   UNS (7a78ed1088890114dfde2c4ab038d6b6) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:58:01.0819 4708   UNS - ok
20:58:01.0928 4708   upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
20:58:01.0975 4708   upnphost - ok
20:58:02.0006 4708   usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
20:58:02.0084 4708   usbccgp - ok
20:58:02.0100 4708   usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
20:58:02.0116 4708   usbcir - ok
20:58:02.0147 4708   usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
20:58:02.0178 4708   usbehci - ok
20:58:02.0225 4708   usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
20:58:02.0272 4708   usbhub - ok
20:58:02.0318 4708   usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
20:58:02.0334 4708   usbohci - ok
20:58:02.0334 4708   usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
20:58:02.0381 4708   usbprint - ok
20:58:02.0412 4708   USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:58:02.0474 4708   USBSTOR - ok
20:58:02.0490 4708   usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
20:58:02.0490 4708   usbuhci - ok
20:58:02.0537 4708   usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
20:58:02.0568 4708   usbvideo - ok
20:58:02.0599 4708   UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
20:58:02.0662 4708   UxSms - ok
20:58:02.0708 4708   VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:58:02.0724 4708   VaultSvc - ok
20:58:02.0755 4708   vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
20:58:02.0771 4708   vdrvroot - ok
20:58:02.0802 4708   vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
20:58:02.0880 4708   vds - ok
20:58:02.0911 4708   vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:58:02.0927 4708   vga - ok
20:58:02.0958 4708   VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:58:03.0005 4708   VgaSave - ok
20:58:03.0020 4708   vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
20:58:03.0036 4708   vhdmp - ok
20:58:03.0036 4708   viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
20:58:03.0052 4708   viaide - ok
20:58:03.0067 4708   volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
20:58:03.0067 4708   volmgr - ok
20:58:03.0083 4708   volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
20:58:03.0098 4708   volmgrx - ok
20:58:03.0145 4708   volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
20:58:03.0176 4708   volsnap - ok
20:58:03.0192 4708   vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
20:58:03.0239 4708   vsmraid - ok
20:58:03.0317 4708   VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
20:58:03.0395 4708   VSS - ok
20:58:03.0488 4708   vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:58:03.0535 4708   vwifibus - ok
20:58:03.0566 4708   vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:58:03.0629 4708   vwififlt - ok
20:58:03.0676 4708   W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
20:58:03.0738 4708   W32Time - ok
20:58:03.0769 4708   WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
20:58:03.0832 4708   WacomPen - ok
20:58:03.0878 4708   WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:58:03.0925 4708   WANARP - ok
20:58:03.0925 4708   Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:58:03.0956 4708   Wanarpv6 - ok
20:58:04.0050 4708   WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
20:58:04.0097 4708   WatAdminSvc - ok
20:58:04.0175 4708   wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
20:58:04.0253 4708   wbengine - ok
20:58:04.0362 4708   WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
20:58:04.0409 4708   WbioSrvc - ok
20:58:04.0440 4708   wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
20:58:04.0471 4708   wcncsvc - ok
20:58:04.0487 4708   WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
20:58:04.0580 4708   WcsPlugInService - ok
20:58:04.0643 4708   Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
20:58:04.0658 4708   Wd - ok
20:58:04.0690 4708   Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:58:04.0736 4708   Wdf01000 - ok
20:58:04.0768 4708   WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:58:04.0908 4708   WdiServiceHost - ok
20:58:04.0908 4708   WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:58:04.0939 4708   WdiSystemHost - ok
20:58:04.0955 4708   WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
20:58:05.0002 4708   WebClient - ok
20:58:05.0033 4708   Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
20:58:05.0111 4708   Wecsvc - ok
20:58:05.0142 4708   wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
20:58:05.0173 4708   wercplsupport - ok
20:58:05.0204 4708   WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
20:58:05.0236 4708   WerSvc - ok
20:58:05.0314 4708   WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:58:05.0407 4708   WfpLwf - ok
20:58:05.0438 4708   WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
20:58:05.0470 4708   WimFltr - ok
20:58:05.0485 4708   WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:58:05.0501 4708   WIMMount - ok
20:58:05.0516 4708   WinHttpAutoProxySvc - ok
20:58:05.0579 4708   Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
20:58:05.0657 4708   Winmgmt - ok
20:58:05.0750 4708   WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
20:58:05.0828 4708   WinRM - ok
20:58:05.0984 4708   Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
20:58:06.0078 4708   Wlansvc - ok
20:58:06.0172 4708   wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:58:06.0203 4708   wlcrasvc - ok
20:58:06.0343 4708   wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:58:06.0406 4708   wlidsvc - ok
20:58:06.0499 4708   WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
20:58:06.0546 4708   WmiAcpi - ok
20:58:06.0593 4708   wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
20:58:06.0655 4708   wmiApSrv - ok
20:58:06.0702 4708   WMPNetworkSvc - ok
20:58:06.0749 4708   WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
20:58:06.0764 4708   WPCSvc - ok
20:58:06.0796 4708   WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
20:58:06.0842 4708   WPDBusEnum - ok
20:58:06.0874 4708   ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:58:06.0952 4708   ws2ifsl - ok
20:58:06.0952 4708   WSearch - ok
20:58:07.0076 4708   wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
20:58:07.0139 4708   wuauserv - ok
20:58:07.0248 4708   WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
20:58:07.0310 4708   WudfPf - ok
20:58:07.0342 4708   WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
20:58:07.0404 4708   WUDFRd - ok
20:58:07.0451 4708   wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
20:58:07.0513 4708   wudfsvc - ok
20:58:07.0529 4708   WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
20:58:07.0607 4708   WwanSvc - ok
20:58:07.0669 4708   MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:58:07.0872 4708   \Device\Harddisk0\DR0 - ok
20:58:07.0888 4708   Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
20:58:07.0888 4708   \Device\Harddisk0\DR0\Partition0 - ok
20:58:07.0934 4708   Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1
20:58:07.0934 4708   \Device\Harddisk0\DR0\Partition1 - ok
20:58:07.0934 4708   ============================================================
20:58:07.0934 4708   Scan finished
20:58:07.0934 4708   ============================================================
20:58:07.0966 2360   Detected object count: 1
20:58:07.0966 2360   Actual detected object count: 1
20:58:14.0143 2360   DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:14.0143 2360   DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:01:10.0626 3940   Deinitialize success

Hoov · « **Reply #7 on:** May 11, 2012, 08:43:04 PM »

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix''s window while it''s running. That may cause it to stall

Test out your browser and let me know if you are still being redirected.

ashy · « **Reply #8 on:** May 12, 2012, 09:40:22 AM »

Redirects have seemed to stop.....

ComboFix 12-05-12.01 - Jashonai 05/12/2012 11:17:03.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4004.2818 [GMT -4:00]
Running from: c:\users\Jashonai\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\WindowsUpdate.log
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-12 15:21 . 2012-05-12 15:21   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-05-12 02:19 . 2012-05-12 02:19   --------   d-----w-   c:\program files\CCleaner
2012-05-12 00:37 . 2012-05-12 00:37   --------   d-----w-   c:\programdata\Virtualized Applications
2012-05-11 11:07 . 2012-05-11 11:07   --------   d-----w-   c:\programdata\Malwarebytes
2012-05-11 11:07 . 2012-04-04 19:56   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-05-11 11:07 . 2012-05-11 21:23   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-11 03:36 . 2012-05-11 17:21   --------   d-----w-   c:\program files\7-Zip
2012-05-10 22:20 . 2012-05-11 17:21   --------   d-----w-   c:\program files\Microsoft Silverlight
2012-05-10 20:19 . 2012-05-11 17:21   --------   d-----w-   c:\program files\Dell Support Center
2012-05-10 20:14 . 2012-05-10 21:02   --------   d-----w-   c:\programdata\PCDr
2012-05-10 17:56 . 2012-05-10 19:03   419488   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-10 02:35 . 2012-03-17 07:58   75120   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-05-10 02:31 . 2012-03-30 11:35   1918320   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-05-10 02:30 . 2012-03-31 05:42   1732096   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 02:30 . 2012-03-31 05:40   1402880   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 02:30 . 2012-03-31 05:40   1367552   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 02:30 . 2012-03-31 05:40   1393664   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 02:30 . 2012-03-31 04:29   936960   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-05 21:15 . 2012-05-05 21:15   --------   d-----w-   c:\windows\SysWow64\Wat
2012-05-05 21:15 . 2012-05-05 21:15   --------   d-----w-   c:\windows\system32\Wat
2012-05-05 04:26 . 2012-05-05 04:26   --------   d-----w-   c:\program files (x86)\MSXML 4.0
2012-05-05 04:22 . 2012-03-06 06:53   5559152   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-05 04:22 . 2012-03-06 05:59   3968368   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-05-05 04:22 . 2012-03-06 05:59   3913072   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-05-05 04:21 . 2012-03-01 06:46   23408   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-05-05 04:21 . 2012-03-01 06:38   220672   ----a-w-   c:\windows\system32\wintrust.dll
2012-05-05 04:21 . 2012-03-01 06:33   81408   ----a-w-   c:\windows\system32\imagehlp.dll
2012-05-05 04:21 . 2012-03-01 06:28   5120   ----a-w-   c:\windows\system32\wmi.dll
2012-05-05 04:21 . 2012-03-01 05:37   172544   ----a-w-   c:\windows\SysWow64\wintrust.dll
2012-05-05 04:21 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\SysWow64\imagehlp.dll
2012-05-05 04:21 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
2012-05-05 03:44 . 2012-05-05 03:44   --------   d-----r-   C:\MSOCache
2012-05-05 02:16 . 2012-05-11 14:05   --------   d-----w-   c:\programdata\VirtualizedApplications
2012-05-03 17:33 . 2012-05-05 04:25   --------   d-----w-   c:\program files (x86)\Microsoft Application Virtualization Client
2012-05-03 16:49 . 2011-10-01 05:45   886784   ----a-w-   c:\program files\Common Files\System\wab32.dll
2012-05-03 16:49 . 2011-10-01 04:37   708608   ----a-w-   c:\program files (x86)\Common Files\System\wab32.dll
2012-05-03 16:47 . 2011-04-09 06:58   142336   ----a-w-   c:\windows\system32\poqexec.exe
2012-05-03 16:47 . 2011-04-09 05:56   123904   ----a-w-   c:\windows\SysWow64\poqexec.exe
2012-05-03 16:46 . 2011-10-26 05:25   1572864   ----a-w-   c:\windows\system32\quartz.dll
2012-05-03 16:46 . 2011-10-26 04:32   1328128   ----a-w-   c:\windows\SysWow64\quartz.dll
2012-05-03 16:46 . 2011-10-26 05:25   366592   ----a-w-   c:\windows\system32\qdvd.dll
2012-05-03 16:46 . 2011-10-26 04:32   514560   ----a-w-   c:\windows\SysWow64\qdvd.dll
2012-05-03 16:45 . 2012-01-04 10:44   509952   ----a-w-   c:\windows\system32\ntshrui.dll
2012-05-03 16:45 . 2012-01-04 08:58   442880   ----a-w-   c:\windows\SysWow64\ntshrui.dll
2012-05-03 16:42 . 2012-02-03 04:34   3145728   ----a-w-   c:\windows\system32\win32k.sys
2012-05-03 16:41 . 2011-10-26 05:21   43520   ----a-w-   c:\windows\system32\csrsrv.dll
2012-05-03 16:40 . 2011-12-30 06:26   515584   ----a-w-   c:\windows\system32\timedate.cpl
2012-05-03 16:40 . 2011-12-30 05:27   478720   ----a-w-   c:\windows\SysWow64\timedate.cpl
2012-05-03 16:39 . 2012-02-10 06:36   1544192   ----a-w-   c:\windows\system32\DWrite.dll
2012-05-03 16:39 . 2012-02-10 05:38   1077248   ----a-w-   c:\windows\SysWow64\DWrite.dll
2012-05-03 16:37 . 2011-03-12 12:08   1465344   ----a-w-   c:\windows\system32\XpsPrint.dll
2012-05-03 16:37 . 2011-03-12 11:23   870912   ----a-w-   c:\windows\SysWow64\XpsPrint.dll
2012-05-03 16:35 . 2011-12-28 03:59   498688   ----a-w-   c:\windows\system32\drivers\afd.sys
2012-05-03 16:32 . 2011-12-16 08:46   634880   ----a-w-   c:\windows\system32\msvcrt.dll
2012-05-03 16:32 . 2011-12-16 07:52   690688   ----a-w-   c:\windows\SysWow64\msvcrt.dll
2012-05-03 16:31 . 2011-02-23 04:55   90624   ----a-w-   c:\windows\system32\drivers\bowser.sys
2012-05-03 16:30 . 2011-10-15 06:31   723456   ----a-w-   c:\windows\system32\EncDec.dll
2012-05-03 16:30 . 2011-10-15 05:38   534528   ----a-w-   c:\windows\SysWow64\EncDec.dll
2012-05-03 16:29 . 2011-11-05 05:32   2048   ----a-w-   c:\windows\system32\tzres.dll
2012-05-03 16:29 . 2011-11-05 04:26   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2012-05-03 16:27 . 2011-11-17 06:41   1731920   ----a-w-   c:\windows\system32\ntdll.dll
2012-05-03 16:27 . 2011-11-17 05:38   1292080   ----a-w-   c:\windows\SysWow64\ntdll.dll
2012-05-03 16:26 . 2011-11-19 14:58   77312   ----a-w-   c:\windows\system32\packager.dll
2012-05-03 16:26 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\SysWow64\packager.dll
2012-05-03 15:49 . 2012-05-03 15:49   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2012-05-03 15:49 . 2012-05-03 15:49   --------   d-----r-   c:\program files (x86)\Skype
2012-05-03 15:49 . 2012-05-03 15:49   --------   d-----w-   c:\programdata\Skype
2012-05-03 04:05 . 2012-05-03 04:05   --------   d-----w-   c:\program files (x86)\Dell Touch Software Suite
2012-05-03 03:56 . 2012-01-25 06:33   9216   ----a-w-   c:\windows\system32\rdrmemptylst.exe
2012-05-03 03:56 . 2012-01-25 06:38   77312   ----a-w-   c:\windows\system32\rdpwsx.dll
2012-05-03 03:56 . 2012-01-25 06:38   149504   ----a-w-   c:\windows\system32\rdpcorekmts.dll
2012-05-03 03:56 . 2012-02-17 06:38   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-05-03 03:56 . 2012-02-17 05:34   826880   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-05-03 03:56 . 2012-02-17 04:58   210944   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-05-03 03:56 . 2012-02-17 04:57   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2012-05-03 03:52 . 2012-05-11 17:23   --------   d-----w-   c:\users\Jashonai
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 19:03 . 2012-01-20 16:50   70304   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-03 03:54 . 2010-06-24 17:33   19352   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 0261191336835698mcinstcleanup;McAfee Application Installer Cleanup (0261191336835698);c:\users\Jashonai\AppData\Local\Temp\026119~1.EXE

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 257696]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 19:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-24 3668336]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-08-08 2034752]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-05-12 11:25:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-12 15:25
.
Pre-Run: 443,893,014,528 bytes free
Post-Run: 443,588,640,768 bytes free
.
- - End Of File - - 9629065ED4DB7BFB1D5519949E6A5B44

Hoov · « **Reply #9 on:** May 12, 2012, 10:32:09 AM »

Are you having any other problems, or do you have any concerns about how something is running?

There are a few files that showed up in the combofix log that I have some small concerns about them. So I would like you to run the virus scan below. Make sure you use IE to run the scan with.

Please perform this online scan: F-Secure Online Scanner
Follow the directions in the F-Secure page for proper Installation.
* You may receive an alert on the address bar at this point to install the ActiveX control.
* Click on that alert and then click "Install ActiveX component".
* Read the license agreement and click "Accept".
* Click "Full System Scan" to download the scanning components and begin scan and cleaning.
* When the scan completes, click the "I want to decide item by item" button.
* For each item found, Select "Disinfect" and click "Next".
* When done, click the "Show Report" button, then copy and paste the entire report into your next reply.

ashy · « **Reply #10 on:** May 12, 2012, 02:08:02 PM »

Still no redirects....

Scanning Report
Saturday, May 12, 2012 15:44:35 - 16:02:55
Computer name: JASHONAI-PC
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ Q:\

--------------------------------------------------------------------------------

No malware found

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 60603
System: 5543
Not scanned: 36
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\USERS\JASHONAI\APPDATA\LOCAL\TEMP\~DF097BBF92E8B4E88E.TMP
C:\USERS\JASHONAI\APPDATA\LOCAL\TEMP\~DF117EB9775829F167.TMP
C:\USERS\JASHONAI\APPDATA\LOCAL\TEMP\~DF146BEBE71207D48D.TMP
C:\USERS\JASHONAI\APPDATA\LOCAL\TEMP\~DFB9352E1F264E757D.TMP
C:\USERS\JASHONAI\APPDATA\LOCAL\TEMP\HSPERFDATA_JASHONAI\2248
C:\USERS\JASHONAI\APPDATA\LOCAL\TEMP\HSPERFDATA_JASHONAI\5872
C:\USERS\JASHONAI\APPDATA\LOCAL\SOFTGRID CLIENT\140066.ENU-90140011-66-409\USRVOL_SFTFS_V1.TMP
C:\SYSTEM VOLUME INFORMATION\{1E601A74-9AC9-11E1-BE08-E4D53DEEB44A}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{1E601AA6-9AC9-11E1-BE08-E4D53DEEB44A}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{322C6FBF-9B0B-11E1-80CA-E4D53DEEB44A}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{B7A1B3E6-9627-11E1-8211-E4D53DEEB44A}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{BD2A4D44-9AAC-11E1-AA43-E4D53DEEB44A}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{F0CEAC43-9B70-11E1-847B-E4D53DEEB44A}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{8DDCDE62-9AE5-11E1-82D6-E4D53DEEB44A}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{8C5D5EBC-985C-11E1-B0A2-E4D53DEEB44A}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{FD12D004-9B8D-11E1-8058-E4D53DEEB44A}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\QOOBOX\BACKENV\SETPATH.BAT
C:\QOOBOX\BACKENV\VIKPEV00
C:\PROGRAMDATA\MICROSOFT\APPLICATION VIRTUALIZATION CLIENT\SOFTGRID CLIENT\APPFS STORAGE\140066.ENU-90140011-66-409\GLBLVOL_SFTFS_V1_S-1-5-20.TMP
C:\PROGRAMDATA\MICROSOFT\APPLICATION VIRTUALIZATION CLIENT\SOFTGRID CLIENT\APPFS STORAGE\140066.ENU-90140011-66-409\GLBLVOL_SFTFS_V1_S-1-5-21-577114929-2062696541-2715413156-1000.TMP
C:\PROGRAMDATA\MICROSOFT\APPLICATION VIRTUALIZATION CLIENT\SOFTGRID CLIENT\APPFS STORAGE\140066.ENU-90140011-66-409\USRVOL_SFTFS_V1.TMP

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TMP
Use advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Hoov · « **Reply #11 on:** May 12, 2012, 03:21:03 PM »

Do you have any problems, questions or concerns? If not we can do some cleanup and call this done.

ashy · « **Reply #12 on:** May 12, 2012, 09:05:03 PM »

Everything seems to be running great. Cannot Thank You enough.......

Just purchased Bitdefender Internet security, so hopefully I won't have anymoe issues. Do have any suggestions of software that might help to make my internet life any easier??

Hoov · « **Reply #13 on:** May 12, 2012, 09:08:13 PM »

Now there are a few thing's you need to do to fully clean your system and keep it secure. I recommend that you purchase the pro version of Malwarebytes' Anti-Malware if you can afford it. It dovetails nicely with Antivirus scanners and helps protect you if you try to go to an infected site, or a known malware distribution site.

Run OTC
Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Cleaning out Temporary Files etc. There are several different products that you can use for this. You can go thru the Internet Options in the windows Control Panel. There are several programs that also do the job better than windows does it, in my opinion. There is System Security Suite, EasyCleaner, Ccleaner. Also sometimes other program sometimes do it as well as what you originally got it for like ZoneAlarm Security Suite. Just make sure to keep them updated and use them regularly.

Disable and Enable System Restore.
I recommend you turn off System restore, and then turn it back on so that you will not be able to restore your problems to a clean computer.
For Vista use these instructions, Windows Vista Restore Guide
For XP use these instructions, Windows XP System Restore Guide
Reboot
Re-enable system restore with instructions from tutorial above
Create a System Restore Point
Go to all programs, then to accessories, then to system tools, then to system restore. Check the box for create restore point (not select a restore point), then click next and follow the instructions.

Make your Internet Explorer more secure - This can be done by following these simple instructions: (unless you are using ZoneAlarm Security Suite or something similar, then you would secure the browser thru the firewall). There are some good basic instructions for that here.

Use a different browser other than IE (most exploits are pointed towards IE). One of them is
Firefox.
It is also worth trying Thunderbird for controlling spam in your e-mail.

Always use an UPDATED anti-virus program Make sure you update this at least weekly, if not more often. This is one thing that may save you more than anything else.

Run malware scanners. Three free ones are Spybot Search and Destroy, and AdAware and Malwarebytes' Anti-Malware

Always use a firewall.
Any firewall is better than none, and you should pick a firewall that you will use, as even the best firewall is worthless if you turn it off.

Learn how to use your firewall Only programs that need it should have access to the net. But these are specific to the firewall you use, so you will need to learn how. Several firewalls have support forums here. My page will help you with ZoneAlarm if that is what you choose.

Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems. Some people swear that more protection is provided, but the reverse is true. They tend to argue amongst themselves and end up leaving holes. Now I have more than 1 AV installed on my computer, and I keep them up to date. I only run one at a time, but each program has weakness's, so I keep a backup in case my computer starts acting up.

MOST IMPORTANT : Windows and IE, and whatever other software that you have that connects to the net, needs to be kept updated. The reason is, these programs connect to the net, and if there is an internal security problem, you have already told your firewall to allow the communication, and thus you will have allowed a hole. UPDATES are important. I suggest that you make sure that Windows Updates and the updates for your antivirus and antimalware programs are set for automatic updates. I also suggest running Secunia PSI. It will monitor the software you have installed and let you know when something needs to be updated.

Don't ever use P2P or filesharing software Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

Before using any malware detection / removal software Check with Rogue/Suspect Spyware List That way you will know if the program you are looking at is on the up and up. If you want to know how it stacks up against other programs check out SpywareWarrior

We have a good guide here at Spyware Hammer on how to prevent Malware in the Future. You might want to peruse this and follow the recommendations in there.
PLEASE READ IT AND FOLLOW THE RECOMMENDATIONS TO PROTECT YOURSELF.

Let us know if you have any more problems, either new or old.
Have a good time surfing the net, but stay safe.
If you have no more problems, let me know and I will mark this as resolved. Or if you have more questions, ask away, that is why I am here.

News:

Author Topic: [Resolved] Search Engine redirect (Read 993 times)

ashy

[Resolved] Search Engine redirect

Hoov

Re: [In Progress] Search Engine redirect

ashy

Re: [In Progress] Search Engine redirect

Hoov

Re: [In Progress] Search Engine redirect

ashy

Re: [In Progress] Search Engine redirect

ashy

Re: [In Progress] Search Engine redirect

ashy

Re: [In Progress] Search Engine redirect

Hoov

Re: [In Progress] Search Engine redirect

ashy

Re: [In Progress] Search Engine redirect

Hoov

Re: [In Progress] Search Engine redirect

ashy

Re: [In Progress] Search Engine redirect

Hoov

Re: [In Progress] Search Engine redirect

ashy

Re: [In Progress] Search Engine redirect

Hoov

Re: [In Progress] Search Engine redirect