Hello there:
I wish I had found your site a year ago, I've been at this for a long time.
Over a year ago, I found that my computers were waking up at night and running wildly all night long. I wouldn't be doing anything on the computer and there would be hundreds of processes running and my hard drive was running so hot all the time, It was slowly dying, I knew something was up. So I purchased a virus/malware program and it found several trojans and a rootkit. I remember looking at the rootkit description in the virus software program and it looked like a roadmap thoughout my system. I hired a professional computer consultant to get this stuff out of my computer. We ran several virus programs/malware programs - he said my system was clean. It didn't work... my computer ran all day and night, there were suspicious programs that I had never seen running and I could not shut them down. Remote Connections were running in and out of my computer and I could not disable the remote settings. My computer was hooked into some domain.... and all the permissions were changed so that I could not stop any processes and could not stop any programs from running. Anyway, that's how it started. I purchased a new computer and hired a "professional" to set up the new computer and safety transfer all of my files over to the new computer. Big Mistake here... Whatever had hacked into my original computer.. installed many many programs - when the guy set up the new computer he copied the old hard drive to the new hard drive and just transferred everything over to the new computer. I thought I was ok, my daughter purchased a new computer... Onward we went... then the new computer slowly started the same behavior. Network logons, browser redirects, multiple users found in permissions- hundreds of users in file folder permission settings.. anyway.. it looks like they were logging into my computer... using my computer to log into others... Now, computers 2 & 3 are infected.... or being hacked.... My virus programs.. I had many over this period of time... Avast/PC Doctor/Trend Micro .. I would run a scan.. the results of the scan would pop up immediately..with no infections... however..when I would click on the status pages.. like on McAfee's status page... I would get a quick flash at a page that would say warning.. firewall disabled.. your computer is at risk... the flash on that page would last a milisecond... then another page would pop up and it would say... your computer is safe... no problems.. Really very scary.. Anyway, I took both of those computers to a place in Chicago called Microcenter.... I told them about all of the services and all of the software... how I could not delete anything... how all of the management pages were hidden, how I would get up every morning and in the taskbar you would see how all these programs that I knew nothing about had been opened and run.... the remote settings... I could not disable them... I gave it again to professional and well, they said they cleaned the computers, I asked them to do a complete format of the hard drive... they said they did it... but alas... my computers still were funky.. it's hard to describe.. truly, my computers were being used by someone else.. Terminal services were running.. console sessions... i hope I'm making my point here... Needless to say, I have another computer.. the one I'm on now.. and its got this same thing in here again..... Now I'm posting the log that you requested... I can only do the first two because I'm running a 64bit system...let me just mention... all the software that you see listed on the first log... I don't know where any of those programs are.. this computer I'm on is brand new... but has been hit... I have already brought it back to factory settings once... Tasks are running... system settings are changing... programs are being downloaded... There should be nothing on here.. so, here's the log... I'm at the point now where I am considering throwing everything away and starting fresh...again.. please help. Thanks. Theresa
DDS File
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Callahan at 3:50:24 on 2012-08-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2106 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\StikyNot.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Users\Callahan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Callahan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Callahan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Callahan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Callahan\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\Callahan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Callahan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Callahan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120826194713.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [RESTART_STICKY_NOTES] C:\windows\system32\StikyNot.exe
uRun: [Speech Recognition] "C:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather
\start.umj" --startup
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{C9C54574-EF02-42E7-8888-4FF10BEBB45F} : DhcpNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{C9C54574-EF02-42E7-8888-4FF10BEBB45F}\25963686162746023416C6C6168616E6 : DhcpNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{C9C54574-EF02-42E7-8888-4FF10BEBB45F}\45865627563716023416C6C6168616E602940586F6E656 : DhcpNameServer = 172.26.38.1 172.26.38.2
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120826194713.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live
\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather
\start.umj" --startup
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Callahan\AppData\Roaming\Mozilla\Firefox\Profiles\7fe326e8.default\
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Callahan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\windows\system32\DRIVERS\BrSerIb.sys --> C:\windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\windows\system32\DRIVERS\BrUsbSIb.sys --> C:\windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center
\pcdsrvc_x64.pkms [2011-3-18 25072]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
.
=============== Created Last 30 ================
.
2012-08-27 01:38:14 -------- d-----r- C:\Program Files (x86)\Skype
2012-08-26 23:47:13 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-08-26 05:47:57 772592 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-08-25 19:02:04 -------- d-----w- C:\Users\Callahan\AppData\Roaming\McAfee
2012-08-25 17:49:52 -------- d-----w- C:\Users\Callahan\AppData\Roaming\McAFee TechCheck
2012-08-25 17:44:34 244416 ----a-w- C:\windows\SysWow64\Msflxgrd.ocx
2012-08-25 17:44:34 209192 ----a-w- C:\windows\SysWow64\TABCTL32.OCX
2012-08-25 17:44:34 203976 ----a-w- C:\windows\SysWow64\RICHTX32.OCX
2012-08-25 17:44:34 140288 ----a-w- C:\windows\SysWow64\comdlg32.ocx
2012-08-25 17:44:34 1077336 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2012-08-25 17:44:21 -------- d-----w- C:\Users\Callahan\AppData\Roaming\TechCheck
2012-08-25 04:31:44 7062 ----a-w- C:\windows\SysWow64\audiopid.vxd
2012-08-24 19:30:33 -------- d-----w- C:\ProgramData\Brother
2012-08-24 19:08:08 45056 ----a-w- C:\windows\SysWow64\BRTCPCON.DLL
2012-08-24 19:08:05 77824 ----a-w- C:\windows\SysWow64\BRLMW03A.DLL
2012-08-24 19:08:05 25299 ----a-w- C:\windows\SysWow64\BRLM03A.DLL
2012-08-24 19:08:05 180224 ----a-w- C:\windows\SysWow64\BROSNMP.DLL
2012-08-24 19:08:05 103736 ----a-w- C:\windows\SysWow64\BRRBTOOL.EXE
2012-08-24 19:08:02 87552 ----a-w- C:\windows\System32\drivers\BrSerIb.sys
2012-08-24 19:08:02 50688 ----a-w- C:\windows\System32\BrUsi09d.dll
2012-08-24 19:08:02 278528 ----a-w- C:\windows\System32\BrJDec.dll
2012-08-24 19:08:02 14592 ----a-w- C:\windows\System32\drivers\BrUsbSib.sys
2012-08-24 19:08:02 1439744 ----a-w- C:\windows\System32\BrWi209d.dll
2012-08-24 17:47:53 -------- d-----w- C:\Users\Callahan\AppData\Local\ElevatedDiagnostics
2012-08-24 07:36:41 -------- d-s---w- C:\Users\Callahan\Google Drive
2012-08-24 06:52:51 -------- d-----w- C:\Users\Callahan\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2012-08-24 06:52:34 -------- d-----w- C:\ProgramData\Virtualized Applications
2012-08-24 06:45:07 -------- d-----w- C:\Users\Callahan\AppData\Local\Microsoft Help
2012-08-24 05:53:35 -------- d-----w- C:\windows\ShellNew
2012-08-24 05:53:35 -------- d-----w- C:\Program Files\Windows Journal
2012-08-24 05:33:10 -------- d-----w- C:\Users\Callahan\AppData\Local\Adobe
2012-08-23 17:46:56 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-08-23 17:46:56 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-08-23 16:38:32 -------- d-----w- C:\windows\SysWow64\FxsTmp
2012-08-23 16:38:32 -------- d-----w- C:\windows\ehome
2012-08-23 16:38:31 -------- d-----w- C:\windows\System32\FxsTmp
2012-08-23 16:38:31 -------- d-----w- C:\windows\addins
2012-08-23 16:38:25 -------- d-----w- C:\windows\SysWow64\Wat
2012-08-23 16:38:25 -------- d-----w- C:\windows\System32\Wat
2012-08-23 15:43:27 -------- d-----w- C:\Users\Callahan\AppData\Roaming\IDT
2012-08-23 13:41:41 552960 ----a-w- C:\windows\System32\drivers\bthport.sys
2012-08-23 06:21:15 -------- d-----w- C:\Users\Callahan\AppData\Roaming\Malwarebytes
2012-08-23 06:20:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-23 06:20:57 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-08-23 06:20:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-23 01:41:28 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-08-22 21:42:52 -------- d-----w- C:\Users\Callahan\AppData\Local\SoftGrid Client
2012-08-22 21:42:51 -------- d-----w- C:\Users\Callahan\AppData\Roaming\SoftGrid Client
2012-08-22 21:42:08 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-08-22 21:41:54 -------- d-----w- C:\Users\Callahan\AppData\Roaming\TP
2012-08-22 20:26:46 870912 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2012-08-22 20:26:46 1465344 ----a-w- C:\windows\System32\XpsPrint.dll
2012-08-22 20:19:39 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-08-22 20:19:38 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-08-22 20:19:37 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-08-22 20:14:58 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-08-22 20:14:56 498688 ----a-w- C:\windows\System32\drivers\afd.sys
2012-08-22 20:14:39 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-08-22 20:14:03 3216384 ----a-w- C:\windows\System32\msi.dll
2012-08-22 20:14:01 2342400 ----a-w- C:\windows\SysWow64\msi.dll
2012-08-22 20:09:42 -------- d-----w- C:\Users\Callahan\AppData\Local\Google
2012-08-22 20:08:37 -------- d-----w- C:\Users\Callahan\AppData\Local\Apps
2012-08-22 20:08:35 -------- d-----w- C:\Users\Callahan\AppData\Local\Deployment
2012-08-22 16:16:40 -------- d-----w- C:\windows\pss
2012-08-22 07:14:10 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-08-22 07:14:08 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-08-22 07:14:08 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-08-22 07:14:08 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-08-22 07:14:06 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-08-22 07:14:06 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-08-22 07:13:01 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-08-22 07:13:00 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-08-22 07:10:48 2048 ----a-w- C:\windows\System32\tzres.dll
2012-08-22 06:25:16 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2012-08-22 03:05:21 -------- d-----w- C:\Users\Callahan\AppData\Local\Nero
2012-08-21 21:42:33 -------- d-----w- C:\Users\Callahan\AppData\Local\Nero_AG
2012-08-21 21:41:00 -------- d-----w- C:\Users\Callahan\My Backup Files
2012-08-21 21:31:46 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-08-21 21:31:46 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-08-21 21:31:46 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-08-21 21:24:44 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-08-21 21:24:38 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-08-21 21:24:29 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-08-21 21:24:29 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-08-21 21:22:17 -------- d-----w- C:\Users\Callahan\AppData\Local\Diagnostics
2012-08-21 21:00:36 -------- d-----w- C:\Users\Callahan\AppData\Roaming\PCDr
2012-08-21 21:00:04 -------- d-----w- C:\ProgramData\PCDr
2012-08-21 20:48:01 -------- d-----w- C:\Users\Callahan\AppData\Roaming\Fingertapps
2012-08-21 20:48:00 -------- d-----w- C:\Users\Callahan\AppData\Roaming\Dell
2012-08-21 20:47:57 -------- d-----w- C:\Users\Callahan\AppData\Roaming\Intel Corporation
2012-08-21 20:47:54 -------- d-----w- C:\Users\Callahan\AppData\Roaming\Dell Touch Zone
2012-08-21 20:47:52 -------- d-----w- C:\Users\Callahan\AppData\Local\Dell
2012-08-21 20:47:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-21 20:47:18 -------- d-----w- C:\Users\Callahan\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2012-08-26 05:47:35 687600 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
.
============= FINISH: 3:51:35.77 ===============
I do not have a boot disk... I do have a thumbdrive that I got from Dell, they sent it to me... it is supposed to bring this back to factory settings... I've already tried it once... but... alas.. you see what's up there... thanks.. Theresa
I wish I had found your site a year ago, I've been at this for a long time.
Over a year ago, I found that my computers were waking up at night and running wildly all night long. I wouldn't be doing anything on the computer and there would be hundreds of processes running and my hard drive was running so hot all the time, It was slowly dying, I knew something was up. So I purchased a virus/malware program and it found several trojans and a rootkit. I remember looking at the rootkit description in the virus software program and it looked like a roadmap thoughout my system. I hired a professional computer consultant to get this stuff out of my computer. We ran several virus programs/malware programs - he said my system was clean. It didn't work... my computer ran all day and night, there were suspicious programs that I had never seen running and I could not shut them down. Remote Connections were running in and out of my computer and I could not disable the remote settings. My computer was hooked into some domain.... and all the permissions were changed so that I could not stop any processes and could not stop any programs from running. Anyway, that's how it started. I purchased a new computer and hired a "professional" to set up the new computer and safety transfer all of my files over to the new computer. Big Mistake here... Whatever had hacked into my original computer.. installed many many programs - when the guy set up the new computer he copied the old hard drive to the new hard drive and just transferred everything over to the new computer. I thought I was ok, my daughter purchased a new computer... Onward we went... then the new computer slowly started the same behavior. Network logons, browser redirects, multiple users found in permissions- hundreds of users in file folder permission settings.. anyway.. it looks like they were logging into my computer... using my computer to log into others... Now, computers 2 & 3 are infected.... or being hacked.... My virus programs.. I had many over this period of time... Avast/PC Doctor/Trend Micro .. I would run a scan.. the results of the scan would pop up immediately..with no infections... however..when I would click on the status pages.. like on McAfee's status page... I would get a quick flash at a page that would say warning.. firewall disabled.. your computer is at risk... the flash on that page would last a milisecond... then another page would pop up and it would say... your computer is safe... no problems.. Really very scary.. Anyway, I took both of those computers to a place in Chicago called Microcenter.... I told them about all of the services and all of the software... how I could not delete anything... how all of the management pages were hidden, how I would get up every morning and in the taskbar you would see how all these programs that I knew nothing about had been opened and run.... the remote settings... I could not disable them... I gave it again to professional and well, they said they cleaned the computers, I asked them to do a complete format of the hard drive... they said they did it... but alas... my computers still were funky.. it's hard to describe.. truly, my computers were being used by someone else.. Terminal services were running.. console sessions... i hope I'm making my point here... Needless to say, I have another computer.. the one I'm on now.. and its got this same thing in here again..... Now I'm posting the log that you requested... I can only do the first two because I'm running a 64bit system...let me just mention... all the software that you see listed on the first log... I don't know where any of those programs are.. this computer I'm on is brand new... but has been hit... I have already brought it back to factory settings once... Tasks are running... system settings are changing... programs are being downloaded... There should be nothing on here.. so, here's the log... I'm at the point now where I am considering throwing everything away and starting fresh...again.. please help. Thanks. Theresa
DDS File
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Callahan at 3:50:24 on 2012-08-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2106 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\StikyNot.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Users\Callahan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Callahan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Callahan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Callahan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Callahan\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\Callahan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Callahan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Callahan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120826194713.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [RESTART_STICKY_NOTES] C:\windows\system32\StikyNot.exe
uRun: [Speech Recognition] "C:\windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather
\start.umj" --startup
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{C9C54574-EF02-42E7-8888-4FF10BEBB45F} : DhcpNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{C9C54574-EF02-42E7-8888-4FF10BEBB45F}\25963686162746023416C6C6168616E6 : DhcpNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{C9C54574-EF02-42E7-8888-4FF10BEBB45F}\45865627563716023416C6C6168616E602940586F6E656 : DhcpNameServer = 172.26.38.1 172.26.38.2
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120826194713.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live
\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather
\start.umj" --startup
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Callahan\AppData\Roaming\Mozilla\Firefox\Profiles\7fe326e8.default\
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Callahan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\windows\system32\DRIVERS\BrSerIb.sys --> C:\windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\windows\system32\DRIVERS\BrUsbSIb.sys --> C:\windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center
\pcdsrvc_x64.pkms [2011-3-18 25072]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
.
=============== Created Last 30 ================
.
2012-08-27 01:38:14 -------- d-----r- C:\Program Files (x86)\Skype
2012-08-26 23:47:13 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-08-26 05:47:57 772592 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-08-25 19:02:04 -------- d-----w- C:\Users\Callahan\AppData\Roaming\McAfee
2012-08-25 17:49:52 -------- d-----w- C:\Users\Callahan\AppData\Roaming\McAFee TechCheck
2012-08-25 17:44:34 244416 ----a-w- C:\windows\SysWow64\Msflxgrd.ocx
2012-08-25 17:44:34 209192 ----a-w- C:\windows\SysWow64\TABCTL32.OCX
2012-08-25 17:44:34 203976 ----a-w- C:\windows\SysWow64\RICHTX32.OCX
2012-08-25 17:44:34 140288 ----a-w- C:\windows\SysWow64\comdlg32.ocx
2012-08-25 17:44:34 1077336 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2012-08-25 17:44:21 -------- d-----w- C:\Users\Callahan\AppData\Roaming\TechCheck
2012-08-25 04:31:44 7062 ----a-w- C:\windows\SysWow64\audiopid.vxd
2012-08-24 19:30:33 -------- d-----w- C:\ProgramData\Brother
2012-08-24 19:08:08 45056 ----a-w- C:\windows\SysWow64\BRTCPCON.DLL
2012-08-24 19:08:05 77824 ----a-w- C:\windows\SysWow64\BRLMW03A.DLL
2012-08-24 19:08:05 25299 ----a-w- C:\windows\SysWow64\BRLM03A.DLL
2012-08-24 19:08:05 180224 ----a-w- C:\windows\SysWow64\BROSNMP.DLL
2012-08-24 19:08:05 103736 ----a-w- C:\windows\SysWow64\BRRBTOOL.EXE
2012-08-24 19:08:02 87552 ----a-w- C:\windows\System32\drivers\BrSerIb.sys
2012-08-24 19:08:02 50688 ----a-w- C:\windows\System32\BrUsi09d.dll
2012-08-24 19:08:02 278528 ----a-w- C:\windows\System32\BrJDec.dll
2012-08-24 19:08:02 14592 ----a-w- C:\windows\System32\drivers\BrUsbSib.sys
2012-08-24 19:08:02 1439744 ----a-w- C:\windows\System32\BrWi209d.dll
2012-08-24 17:47:53 -------- d-----w- C:\Users\Callahan\AppData\Local\ElevatedDiagnostics
2012-08-24 07:36:41 -------- d-s---w- C:\Users\Callahan\Google Drive
2012-08-24 06:52:51 -------- d-----w- C:\Users\Callahan\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2012-08-24 06:52:34 -------- d-----w- C:\ProgramData\Virtualized Applications
2012-08-24 06:45:07 -------- d-----w- C:\Users\Callahan\AppData\Local\Microsoft Help
2012-08-24 05:53:35 -------- d-----w- C:\windows\ShellNew
2012-08-24 05:53:35 -------- d-----w- C:\Program Files\Windows Journal
2012-08-24 05:33:10 -------- d-----w- C:\Users\Callahan\AppData\Local\Adobe
2012-08-23 17:46:56 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-08-23 17:46:56 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-08-23 16:38:32 -------- d-----w- C:\windows\SysWow64\FxsTmp
2012-08-23 16:38:32 -------- d-----w- C:\windows\ehome
2012-08-23 16:38:31 -------- d-----w- C:\windows\System32\FxsTmp
2012-08-23 16:38:31 -------- d-----w- C:\windows\addins
2012-08-23 16:38:25 -------- d-----w- C:\windows\SysWow64\Wat
2012-08-23 16:38:25 -------- d-----w- C:\windows\System32\Wat
2012-08-23 15:43:27 -------- d-----w- C:\Users\Callahan\AppData\Roaming\IDT
2012-08-23 13:41:41 552960 ----a-w- C:\windows\System32\drivers\bthport.sys
2012-08-23 06:21:15 -------- d-----w- C:\Users\Callahan\AppData\Roaming\Malwarebytes
2012-08-23 06:20:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-23 06:20:57 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-08-23 06:20:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-23 01:41:28 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-08-22 21:42:52 -------- d-----w- C:\Users\Callahan\AppData\Local\SoftGrid Client
2012-08-22 21:42:51 -------- d-----w- C:\Users\Callahan\AppData\Roaming\SoftGrid Client
2012-08-22 21:42:08 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-08-22 21:41:54 -------- d-----w- C:\Users\Callahan\AppData\Roaming\TP
2012-08-22 20:26:46 870912 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2012-08-22 20:26:46 1465344 ----a-w- C:\windows\System32\XpsPrint.dll
2012-08-22 20:19:39 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-08-22 20:19:38 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-08-22 20:19:37 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-08-22 20:14:58 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-08-22 20:14:56 498688 ----a-w- C:\windows\System32\drivers\afd.sys
2012-08-22 20:14:39 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-08-22 20:14:03 3216384 ----a-w- C:\windows\System32\msi.dll
2012-08-22 20:14:01 2342400 ----a-w- C:\windows\SysWow64\msi.dll
2012-08-22 20:09:42 -------- d-----w- C:\Users\Callahan\AppData\Local\Google
2012-08-22 20:08:37 -------- d-----w- C:\Users\Callahan\AppData\Local\Apps
2012-08-22 20:08:35 -------- d-----w- C:\Users\Callahan\AppData\Local\Deployment
2012-08-22 16:16:40 -------- d-----w- C:\windows\pss
2012-08-22 07:14:10 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-08-22 07:14:08 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-08-22 07:14:08 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-08-22 07:14:08 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-08-22 07:14:06 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-08-22 07:14:06 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-08-22 07:13:01 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-08-22 07:13:00 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-08-22 07:10:48 2048 ----a-w- C:\windows\System32\tzres.dll
2012-08-22 06:25:16 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2012-08-22 03:05:21 -------- d-----w- C:\Users\Callahan\AppData\Local\Nero
2012-08-21 21:42:33 -------- d-----w- C:\Users\Callahan\AppData\Local\Nero_AG
2012-08-21 21:41:00 -------- d-----w- C:\Users\Callahan\My Backup Files
2012-08-21 21:31:46 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-08-21 21:31:46 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-08-21 21:31:46 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-08-21 21:24:44 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-08-21 21:24:38 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-08-21 21:24:29 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-08-21 21:24:29 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-08-21 21:22:17 -------- d-----w- C:\Users\Callahan\AppData\Local\Diagnostics
2012-08-21 21:00:36 -------- d-----w- C:\Users\Callahan\AppData\Roaming\PCDr
2012-08-21 21:00:04 -------- d-----w- C:\ProgramData\PCDr
2012-08-21 20:48:01 -------- d-----w- C:\Users\Callahan\AppData\Roaming\Fingertapps
2012-08-21 20:48:00 -------- d-----w- C:\Users\Callahan\AppData\Roaming\Dell
2012-08-21 20:47:57 -------- d-----w- C:\Users\Callahan\AppData\Roaming\Intel Corporation
2012-08-21 20:47:54 -------- d-----w- C:\Users\Callahan\AppData\Roaming\Dell Touch Zone
2012-08-21 20:47:52 -------- d-----w- C:\Users\Callahan\AppData\Local\Dell
2012-08-21 20:47:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-21 20:47:18 -------- d-----w- C:\Users\Callahan\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2012-08-26 05:47:35 687600 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
.
============= FINISH: 3:51:35.77 ===============
I do not have a boot disk... I do have a thumbdrive that I got from Dell, they sent it to me... it is supposed to bring this back to factory settings... I've already tried it once... but... alas.. you see what's up there... thanks.. Theresa
