Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check, Kazy, KDV, Maljava, and Medfos.A Trojans as well as Google Redirect


  • This topic is locked This topic is locked
18 replies to this topic

#1 Paul2.0

Paul2.0

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 13 April 2012 - 01:24 AM

Hi,

I have a Dell XPS8300 running Windows 7 (64b) that was protected by Dell's default McAfee Security Center, which was fully up to date.
On March 28 at 10:28PM I was browsing on the web for PSAT test scores and noticed a pop up claiming I had hard disk drive failures.
I tried to close the pop-ups, but that just caused many more pop ups. I soon realized I had been infected with the System Check virus.
I followed the instructions on http://www.bleepingcomputer.com/virus-removal/remove-system-check and did the following:

1) Rebooted in Safe Mode
2) Ran RKill
3) Ran TDSSKiller, but didn't find anything
4) Ran MBAM and found/fixed the following:
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|qeSKkLWiSNH.exe (Trojan.FakeAlert)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen)
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu)
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu)
Files Detected: 3
C:\ProgramData\qeSKkLWiSNH.exe (Trojan.FakeAlert)
C:\Users\a0187798\AppData\Local\Temp\PK7Tb1p5TnqfU6.exe.tmp (Trojan.FakeAlert)
C:\Windows\System32\grpconv.exe (Trojan.Agent.Gen)
5) Ran Unhide.exe to restore start menus

I noticed that I was having google search redirects in Firefox, but didn't know how to fix it at the time so I didn't do anything.

I then decided to switch from McAfee to Bitdefender, so I uninstalled McAfee and installed Bitdefender.
I did a safe mode full scan with Bitdefender, which found and fixed the following:
Gen:Variant.Kazy.63730
File: C:\Users\a0187798\AppData\Local\Temp\ndmus.dll
Trojan:Generic.KDV.583032
File: C:\Users\a0187798\AppData\Local\Temp\Realtek_AC97.exe
Gen:Variant.Kazy.64215
File: C:\Users\a0187798\AppData\Local\Temp\lelets.dll

When I rebooted I got a message that lelets.dll could not run, so I used http://live.sysinternals.com/autoruns.exe to search for lelets.dll and delete the autorun entry.

I was still having google redirects so I tried running a lot of other online scanners:
Eset found nothing.
F-secure found nothing.
TrendMicro House Call found nothing.
Symantec Security Check found the following:
C:\Users\a0187798\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\5127af80-48132b30 was infected with Trojan.Maljava.
The file had a time stamp of March 28 at 10:28PM, which is when I got the original infection.
Microsoft Safety Scanner found the following:
Trojan:JS/Medfos.A Removed
Exploit:Java/CVE-2012-0507.D!ldr Detected, not removed (The log identified the same Java cache file listed above)
After reading more about google redirects I checked my Firefox extensions and found one called "Translate This! 2.0" which I didn't recall installing.
I went ahead and disabled it. I also used the Java Control Panel to delete the Java Cache, which got rid of the file above.
One of these two things seemed to stop the redirects.
Pandasecurity activescan found only cookies.

I also did a search for files modified on March 28 starting a 10:28PM and found the following:
10:28 PM C:\Users\a0187798\AppData\Local\Temp\plugtmp
10:33 PM C:\Users\a0187798\AppData\Local\Temp\smtmp\*
10:37 PM C:\Users\a0187798\AppData\Local\Temp\Sonic18.tmp
10:37 PM C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7e53fa6b35c7870b60806f3d4d020486_59f1a1a4-d8f9-4bc2-9150-a3b5f9f604b8
10:38 PM C:\Users\a0187798\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ccc.exe_a78fe11feb32104aac8857b712caa67cbbd68c_14658574\Report.wer
10:39 PM C:\Users\a0187798\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check
10:39 PM C:\Users\a0187798\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check
10:39 PM C:\Users\a0187798\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check

The fact, that there are still files on my computer that were created at the time of the infection together with the fact that the more online scanners I run, the more malware I find makes me think that I will not be able to determine if my system is fully clean without help.

Moreover, I've noticed that none of the other computers on my network can see the infected computer or access its shared files or printers, so obviously I haven't fully repaired the damage. Can someone help me?

I've copied and pasted my DSS log and attached my Attach.txt file. Because the infection was more than a week ago, I also manually save my Administrative events starting from March 28 and attached it as Attach_Events_March28_to_April13.txt. I deleted tons of redundant "Computer Browser" events to get the file size down.

Sorry if I included too much information. I didn't know what was relevant and what was not.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by a0187798 at 23:47:49 on 2012-04-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16366.13166 [GMT -5:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\PNAMain.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CITRIX~1.LNK - C:\Windows\Installer\{C1CCF2E9-4851-4783-8076-D9C3F7DDD487}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tidemo2.webex.com/client/WBXclient-T27L10NSP30-13034/webex/ieatgpc1.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{65F3F1B4-A234-4190-87CD-FB36BC3B3FDF} : DhcpNameServer = 192.168.1.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\a0187798\AppData\Roaming\Mozilla\Firefox\Profiles\538fcp1g.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\a0187798\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot64.sys --> C:\Windows\system32\drivers\pavboot64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2011-11-14 90192]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\system32\DRIVERS\nm3.sys --> C:\Windows\system32\DRIVERS\nm3.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-11-9 133944]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-30 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-30 1692480]
R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-3-13 66096]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
R3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/30 20:19:01;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-3-22 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-11 17:19:48 -------- d-----w- C:\Program Files (x86)\APHistory
2012-04-10 03:28:32 33800 ----a-w- C:\Windows\System32\drivers\pavboot64.sys
2012-04-10 03:28:31 -------- d-----w- C:\Program Files (x86)\Panda Security
2012-04-10 03:28:21 -------- d--h--w- C:\Windows\AxInstSV
2012-04-08 15:01:32 -------- d-----w- C:\Users\a0187798\AppData\Roaming\f-secure
2012-04-08 15:01:27 -------- d-----w- C:\ProgramData\F-Secure
2012-04-07 16:07:36 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-07 16:07:36 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-07 16:07:35 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-07 13:33:46 -------- d-----w- C:\Users\a0187798\AppData\Local\bdch
2012-04-06 21:50:26 218309 ----a-w- C:\ProgramData\1333748842.bdinstall.bin
2012-04-06 21:49:54 -------- d-----w- C:\ProgramData\BDLogging
2012-04-06 21:49:42 -------- d-----w- C:\Users\a0187798\AppData\Roaming\Bitdefender
2012-04-06 21:49:40 -------- d-----w- C:\ProgramData\Bitdefender
2012-04-06 21:48:11 -------- d-----w- C:\Users\a0187798\AppData\Roaming\QuickScan
2012-04-06 21:47:45 -------- d-----w- C:\Program Files\Bitdefender
2012-04-06 21:47:27 442088 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys
2012-04-06 21:47:25 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys
2012-04-06 21:47:15 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2012-04-06 21:44:03 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2012-03-30 03:28:36 -------- d-----w- C:\Users\a0187798\AppData\Roaming\Malwarebytes
2012-03-30 03:28:17 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-28 14:18:38 -------- d-----w- C:\Users\a0187798\AppData\Local\{E6756FBA-78E0-11E1-826D-B8AC6F996F26}
2012-03-21 01:22:46 691896 ----a-w- C:\Windows\System32\drivers\avc3.sys
.
==================== Find3M ====================
.
2012-04-07 16:03:11 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-17 21:45:56 545064 ----a-w- C:\Windows\System32\drivers\avckf.sys
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 23:48:17.67 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:36 PM

Posted 13 April 2012 - 04:04 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Paul2.0

Paul2.0
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 13 April 2012 - 08:08 PM

Thanks so much for taking the time to help me.

I had no problems performing the steps you requested and there is no change in the state of the computer.

--------------------------------------------------------------------------------------------------------------------------
Here are the contents of checkup.txt:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Adobe Reader X (10.1.2)
Mozilla Firefox (7.0.1)
Mozilla Thunderbird (7.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Bitdefender Bitdefender 2012 vsserv.exe
Bitdefender Bitdefender 2012 updatesrv.exe
Bitdefender Bitdefender 2012 bdagent.exe
``````````End of Log````````````


--------------------------------------------------------------------------------------------------------------------------
Here are the contents of ComboFix.txt:

ComboFix 12-04-13.01 - a0187798 04/13/2012 19:25:33.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16366.12570 [GMT -5:00]
Running from: c:\users\a0187798\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\a0187798\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\a0187798\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\a0187798\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\a0187798\Documents\Education\_desktop.ini
c:\users\a0187798\Documents\Education\ITBS\_desktop.ini
c:\users\a0187798\Documents\Education\Math\_desktop.ini
c:\users\a0187798\Documents\Education\PSAT\_desktop.ini
c:\users\a0187798\Documents\Education\PTA03-04\_desktop.ini
c:\users\a0187798\Documents\Education\PTA04-05\_desktop.ini
c:\users\a0187798\Documents\Education\PTA05-06\_desktop.ini
c:\users\a0187798\Documents\Education\PTA06-07\_desktop.ini
c:\users\a0187798\Documents\Education\PTA07-08\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 4\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 4\Red Fox Report\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 4\Red Fox Report\redfox_files\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 5\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 5\Science Fair\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 5\Science Fair\Final Pictures\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 5\Science Fair\Original Pictures\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 6\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 6\Earthquakes\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 6\Fruit Battery\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 6\Fruit Battery\Pictures\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 6\Mountains\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 6\Science Fair\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 6\Science Fair\Final Pictures Miniboard\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 6\Science Fair\Final Pictures\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 6\Science Fair\Original Pictures\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 7\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 8\_desktop.ini
c:\users\a0187798\Documents\Education\Rachel Grade 8\Me Gusta\_desktop.ini
c:\users\a0187798\Documents\Education\Rebecca Grade 3\_desktop.ini
c:\users\a0187798\Documents\Education\Rebecca Grade 3\Mathletes\_desktop.ini
c:\users\a0187798\Documents\Education\Rebecca Grade 4\_desktop.ini
c:\users\a0187798\Documents\Education\Rebecca Grade 5\_desktop.ini
c:\users\a0187798\Documents\Education\Rebecca Grade 5\Science Fair\_desktop.ini
c:\users\a0187798\Documents\Education\Rebecca Grade 5\Science Fair\Final Pictures\_desktop.ini
c:\users\a0187798\Documents\Education\Rebecca Grade 5\Science Fair\Original Pictures\_desktop.ini
c:\users\a0187798\Documents\Education\Rebecca Grade 5\Twilight Camp\_desktop.ini
c:\users\a0187798\Documents\Education\Rebecca Grade 6\_desktop.ini
c:\users\a0187798\Documents\Education\Rebecca Grade 6\Science Fair\_desktop.ini
c:\users\a0187798\Documents\Education\Rebecca Grade 6\Science Fair\Final Pictures Miniboard\_desktop.ini
c:\users\a0187798\Documents\Education\Rebecca Grade 6\Science Fair\Final Pictures\_desktop.ini
c:\users\a0187798\Documents\Education\Rebecca Grade 6\Science Fair\Original Pictures\_desktop.ini
c:\users\a0187798\Documents\Education\TAKS\_desktop.ini
c:\users\a0187798\Documents\Education\TAKS\2003\_desktop.ini
c:\users\a0187798\Documents\Education\TAKS\2004\_desktop.ini
c:\users\a0187798\Documents\Education\TAKS\2005\_desktop.ini
c:\users\a0187798\Documents\Education\TAKS\2006\_desktop.ini
c:\users\a0187798\Documents\Finance\_desktop.ini
c:\users\a0187798\Documents\Finance\457b\_desktop.ini
c:\users\a0187798\Documents\Finance\457b\SiteNavTemplateRa.aspx_files\_desktop.ini
c:\users\a0187798\Documents\Finance\529 Plans\_desktop.ini
c:\users\a0187798\Documents\Finance\Budget\_desktop.ini
c:\users\a0187798\Documents\Finance\Budget\Excel\_desktop.ini
c:\users\a0187798\Documents\Finance\Citibank\_desktop.ini
c:\users\a0187798\Documents\Finance\Citibank\Karen\_desktop.ini
c:\users\a0187798\Documents\Finance\Citibank\Karen\2000\_desktop.ini
c:\users\a0187798\Documents\Finance\Citibank\Karen\2001\_desktop.ini
c:\users\a0187798\Documents\Finance\Citibank\Karen\2001_ExcelCats\_desktop.ini
c:\users\a0187798\Documents\Finance\Citibank\Karen\2002\_desktop.ini
c:\users\a0187798\Documents\Finance\Citibank\Karen\2003\_desktop.ini
c:\users\a0187798\Documents\Finance\Citibank\Karen\2004\_desktop.ini
c:\users\a0187798\Documents\Finance\Citibank\Karen\2005\_desktop.ini
c:\users\a0187798\Documents\Finance\Citibank\Karen\2006\_desktop.ini
c:\users\a0187798\Documents\Finance\Citibank\Karen\2007\_desktop.ini
c:\users\a0187798\Documents\Finance\Citibank\Karen\2008\_desktop.ini
c:\users\a0187798\Documents\Finance\Citibank\Paul\_desktop.ini
c:\users\a0187798\Documents\Finance\Citibank\Paul\2006\_desktop.ini
c:\users\a0187798\Documents\Finance\Citibank\Paul\2007\_desktop.ini
c:\users\a0187798\Documents\Finance\Citibank\Paul\2008\_desktop.ini
c:\users\a0187798\Documents\Finance\Money Market\_desktop.ini
c:\users\a0187798\Documents\Finance\Money2000\_desktop.ini
c:\users\a0187798\Documents\Finance\Quicken\_desktop.ini
c:\users\a0187798\Documents\Finance\Quicken\QIF\_desktop.ini
c:\users\a0187798\Documents\Finance\Quicken\QIF\OFX2.0.3\_desktop.ini
c:\users\a0187798\Documents\Finance\Quicken\Quicken_Backup\_desktop.ini
c:\users\a0187798\Documents\Finance\Rachel\_desktop.ini
c:\users\a0187798\Documents\Finance\Record Keeping\_desktop.ini
c:\users\a0187798\Documents\Finance\Schwab\_desktop.ini
c:\users\a0187798\Documents\Finance\Tax\_desktop.ini
c:\users\a0187798\Documents\Finance\Tax\1999\_desktop.ini
c:\users\a0187798\Documents\Finance\Tax\2000\_desktop.ini
c:\users\a0187798\Documents\Finance\Tax\2001\_desktop.ini
c:\users\a0187798\Documents\Finance\Tax\2002\_desktop.ini
c:\users\a0187798\Documents\Finance\Tax\2003\_desktop.ini
c:\users\a0187798\Documents\Finance\Tax\2004\_desktop.ini
c:\users\a0187798\Documents\Finance\Tax\2005\_desktop.ini
c:\users\a0187798\Documents\Finance\Tax\2006\_desktop.ini
c:\users\a0187798\Documents\Finance\Tax\2007\_desktop.ini
c:\users\a0187798\Documents\Finance\Texans\_desktop.ini
c:\users\a0187798\Documents\Finance\TI 401k\_desktop.ini
c:\users\a0187798\Documents\Finance\TI Compensation\_desktop.ini
c:\users\a0187798\Documents\Finance\TI ESPP\_desktop.ini
c:\users\a0187798\Documents\Finance\TI NQSO\_desktop.ini
c:\users\a0187798\Documents\Finance\UBS\_desktop.ini
c:\users\a0187798\Documents\Geocaching\_desktop.ini
c:\users\a0187798\Documents\Geocaching\Caches\_desktop.ini
c:\users\a0187798\Documents\Geocaching\Waypoints\_desktop.ini
c:\users\a0187798\Documents\Health\_desktop.ini
c:\users\a0187798\Documents\Housing\_desktop.ini
c:\users\a0187798\Documents\Housing\Kitchen\_desktop.ini
c:\users\a0187798\Documents\ItsDeductible2006\_desktop.ini
c:\users\a0187798\Documents\Misc\_desktop.ini
c:\users\a0187798\Documents\Misc\Gifts Given\_desktop.ini
c:\users\a0187798\Documents\Misc\Pets\_desktop.ini
c:\users\a0187798\Documents\My Programs\Linksys\_desktop.ini
c:\users\a0187798\Documents\My Programs\Linksys\befsr-fw1402\_desktop.ini
c:\users\a0187798\Documents\My Programs\Linksys\wrt54g\_desktop.ini
c:\users\a0187798\Documents\Professional\Substitute Teaching\_desktop.ini
c:\users\a0187798\Pictures\Freising 2004\_desktop.ini
c:\users\a0187798\Pictures\Freising 2004\Paul\_desktop.ini
c:\users\a0187798\Pictures\Freising 2004\Ulvi\_desktop.ini
c:\users\a0187798\Pictures\Freising 2004\Ulvi\ulvi2\_desktop.ini
c:\users\a0187798\Pictures\Freising 2004\Wai\_desktop.ini
c:\users\a0187798\Pictures\Freising 2004\Wai\091704\_desktop.ini
c:\users\a0187798\Pictures\Freising 2004\Wai\091804\_desktop.ini
c:\users\a0187798\Pictures\Freising 2004\Wai\091904\_desktop.ini
c:\users\a0187798\Pictures\Freising 2004\Wai\092204\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2000\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2000\2000_06_13\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2000\2000_06_15\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2000\2000_06_17\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2000\2000_06_18\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2000\2000_12_25\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2001\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2001\2001_08_28\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2001\2001_08_31\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2001\2001_10_29\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2002\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2002\2002_07\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2002\2002_08\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2002\2002_09\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2002\2002_10\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2002\2002_11\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2002\2002_12\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2003\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2003\2003_01\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2003\2003_02\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2003\2003_03\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2003\2003_04\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2003\2003_05\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2003\2003_06\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2003\2003_07\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2003\2003_08\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2003\2003_09\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2003\2003_10\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2003\2003_11\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2003\2003_12\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2004\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2004\2004_01\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2004\2004_02\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2004\2004_03\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2004\2004_04\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2004\2004_05\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2004\2004_06\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2004\2004_07\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2004\2004_08\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2004\2004_09\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2004\2004_10\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2004\2004_11\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2004\2004_12\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2005\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2005\2005_01\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2005\2005_02\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2005\2005_03\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2005\2005_04\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2005\2005_05\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2005\2005_06\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2005\2005_07\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2005\2005_08\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2005\2005_09\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2005\2005_10\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2005\2005_11\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2005\2005_12\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2006\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2006\2006_01\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2006\2006_02\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2006\2006_03\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2006\2006_04\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2006\2006_05\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2006\2006_06\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2006\2006_07\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2006\2006_08\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2006\2006_09\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2006\2006_10\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2006\2006_11\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2006\2006_12\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2007\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2007\2007_01\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2007\2007_02\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2007\2007_03\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2007\2007_04\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2007\2007_05\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2007\2007_06\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2007\2007_07\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2007\2007_08\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2007\2007_09\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2007\2007_10\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2007\2007_11\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2007\2007_12\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2008\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2008\2008_01\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2008\2008_02\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2008\2008_03\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2008\2008_04\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2008\2008_05\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2008\2008_06\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2008\2008_07\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2008\2008_08\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2008\2008_09\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2008\2008_10\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2008\2008_11\_desktop.ini
c:\users\a0187798\Pictures\Image Library 2008\2008_12\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2002\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2002\2002_07_30\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2003\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2003\2003_01_02\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2003\2003_01_03\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2003\2003_01_04\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2003\2003_04_23\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2003\2003_08_22\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2003\2003_08_23\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2003\2003_08_23\Upload\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2003\2003_12_06\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2004\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2004\2004_03_17\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2004\2004_04_20\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2004\2004_12_04\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2005\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2005\2005_01_18\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2005\2005_03_26\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2005\2005_04_23\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2005\2005_06_01\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2005\2005_10_04\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2005\2005_10_30\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2005\2005_12_10\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2006\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2006\2006_07_13\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2006\2006_12_13\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2006\2006_12_13\Upload1\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2007\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2007\2007_11_18\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2007\2007_11_18\Upload1\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2008\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2008\2008_06_14\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2008\2008_06_14\Upload1\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2008\2008_12_07\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2008\2008_12_07\Upload1\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2008\2008_12_07\Upload2\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2008\2008_12_07\Upload3\_desktop.ini
c:\users\a0187798\Pictures\Prints Library 2008\2008_12_07\Upload4\_desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 00:29 . 2012-04-14 00:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 17:19 . 2012-04-11 17:19 -------- d-----w- c:\program files (x86)\APHistory
2012-04-10 03:28 . 2009-06-30 15:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys
2012-04-10 03:28 . 2012-04-10 03:28 -------- d-----w- c:\program files (x86)\Panda Security
2012-04-10 03:28 . 2012-04-10 03:28 -------- d--h--w- c:\windows\AxInstSV
2012-04-08 15:01 . 2012-04-08 15:01 -------- d-----w- c:\users\a0187798\AppData\Roaming\f-secure
2012-04-08 15:01 . 2012-04-08 15:01 -------- d-----w- c:\programdata\F-Secure
2012-04-07 16:07 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-07 16:07 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-07 16:07 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-07 16:03 . 2012-04-07 16:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-07 13:33 . 2012-04-07 13:33 -------- d-----w- c:\users\a0187798\AppData\Local\bdch
2012-04-06 21:50 . 2012-04-06 21:50 218309 ----a-w- c:\programdata\1333748842.bdinstall.bin
2012-04-06 21:49 . 2012-04-06 21:49 -------- d-----w- c:\programdata\BDLogging
2012-04-06 21:49 . 2012-04-06 21:49 -------- d-----w- c:\users\a0187798\AppData\Roaming\Bitdefender
2012-04-06 21:49 . 2012-04-06 21:49 -------- d-----w- c:\programdata\Bitdefender
2012-04-06 21:48 . 2012-04-06 21:48 -------- d-----w- c:\users\a0187798\AppData\Roaming\QuickScan
2012-04-06 21:47 . 2012-04-06 21:47 -------- d-----w- c:\program files\Bitdefender
2012-04-06 21:47 . 2011-08-16 19:59 442088 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-04-06 21:47 . 2011-10-27 20:07 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-04-06 21:47 . 2012-04-06 21:47 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-04-06 21:44 . 2012-04-06 21:44 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2012-03-30 03:28 . 2012-03-30 03:28 -------- d-----w- c:\users\a0187798\AppData\Roaming\Malwarebytes
2012-03-30 03:28 . 2012-03-30 03:28 -------- d-----w- c:\programdata\Malwarebytes
2012-03-28 14:18 . 2012-03-28 14:18 -------- d-----w- c:\users\a0187798\AppData\Local\{E6756FBA-78E0-11E1-826D-B8AC6F996F26}
2012-03-21 01:22 . 2012-03-21 01:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-07 16:03 . 2011-10-01 01:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 21:45 . 2012-02-17 21:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-27 75048]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-07 75064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Citrix XenApp.lnk - c:\windows\Installer\{C1CCF2E9-4851-4783-8076-D9C3F7DDD487}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2011-10-22 73728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/30 20:19;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-03-22 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-15 466736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-15 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2011-11-09 133944]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-13 66096]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
2012-04-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1067256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\a0187798\AppData\Roaming\Mozilla\Firefox\Profiles\538fcp1g.default\
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Completion time: 2012-04-13 20:03:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-14 01:03
.
Pre-Run: 1,877,365,268,480 bytes free
Post-Run: 1,878,272,716,800 bytes free
.
- - End Of File - - B60862CE0DE3A0490B742D5617967100

--------------------------------------------------------------------------------------------------------------------------

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:36 PM

Posted 13 April 2012 - 08:43 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Paul2.0

Paul2.0
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 13 April 2012 - 10:38 PM

Thanks for the rapid response. I completed the next steps...

---------------------------------------------------------------------------------------------------------------------------------
Here's the TDSSKiller log file:

22:22:44.0520 7364 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
22:22:46.0532 7364 ============================================================
22:22:46.0532 7364 Current date / time: 2012/04/13 22:22:46.0532
22:22:46.0532 7364 SystemInfo:
22:22:46.0532 7364
22:22:46.0532 7364 OS Version: 6.1.7601 ServicePack: 1.0
22:22:46.0532 7364 Product type: Workstation
22:22:46.0532 7364 ComputerName: CNA0187798A
22:22:46.0532 7364 UserName: a0187798
22:22:46.0532 7364 Windows directory: C:\Windows
22:22:46.0532 7364 System windows directory: C:\Windows
22:22:46.0532 7364 Running under WOW64
22:22:46.0532 7364 Processor architecture: Intel x64
22:22:46.0532 7364 Number of processors: 8
22:22:46.0532 7364 Page size: 0x1000
22:22:46.0532 7364 Boot type: Normal boot
22:22:46.0532 7364 ============================================================
22:22:46.0860 7364 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:22:46.0875 7364 \Device\Harddisk0\DR0:
22:22:46.0875 7364 MBR used
22:22:46.0875 7364 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x207F000
22:22:46.0875 7364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2093000, BlocksNum 0xE6D75000
22:22:46.0907 7364 Initialize success
22:22:46.0907 7364 ============================================================
22:23:09.0917 8064 ============================================================
22:23:09.0917 8064 Scan started
22:23:09.0917 8064 Mode: Manual;
22:23:09.0917 8064 ============================================================
22:23:10.0213 8064 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:23:10.0213 8064 1394ohci - ok
22:23:10.0291 8064 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
22:23:10.0322 8064 ACDaemon - ok
22:23:10.0353 8064 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:23:10.0353 8064 ACPI - ok
22:23:10.0369 8064 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:23:10.0369 8064 AcpiPmi - ok
22:23:10.0447 8064 AdobeActiveFileMonitor5.0 (63ab43534cbf5d7f3eb81dfdc8161490) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
22:23:10.0463 8064 AdobeActiveFileMonitor5.0 - ok
22:23:10.0556 8064 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:23:10.0556 8064 AdobeARMservice - ok
22:23:10.0572 8064 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
22:23:10.0587 8064 adp94xx - ok
22:23:10.0587 8064 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
22:23:10.0603 8064 adpahci - ok
22:23:10.0603 8064 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
22:23:10.0619 8064 adpu320 - ok
22:23:10.0634 8064 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:23:10.0634 8064 AeLookupSvc - ok
22:23:10.0681 8064 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:23:10.0681 8064 AFD - ok
22:23:10.0697 8064 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:23:10.0697 8064 agp440 - ok
22:23:10.0712 8064 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:23:10.0728 8064 ALG - ok
22:23:10.0728 8064 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:23:10.0728 8064 aliide - ok
22:23:10.0759 8064 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
22:23:10.0759 8064 AMD External Events Utility - ok
22:23:10.0775 8064 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:23:10.0775 8064 amdide - ok
22:23:10.0775 8064 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
22:23:10.0775 8064 AmdK8 - ok
22:23:10.0915 8064 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
22:23:11.0087 8064 amdkmdag - ok
22:23:11.0133 8064 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
22:23:11.0133 8064 amdkmdap - ok
22:23:11.0149 8064 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
22:23:11.0149 8064 AmdPPM - ok
22:23:11.0180 8064 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:23:11.0180 8064 amdsata - ok
22:23:11.0211 8064 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
22:23:11.0211 8064 amdsbs - ok
22:23:11.0227 8064 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:23:11.0227 8064 amdxata - ok
22:23:11.0243 8064 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:23:11.0243 8064 AppID - ok
22:23:11.0274 8064 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:23:11.0274 8064 AppIDSvc - ok
22:23:11.0274 8064 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:23:11.0289 8064 Appinfo - ok
22:23:11.0352 8064 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:23:11.0352 8064 Apple Mobile Device - ok
22:23:11.0383 8064 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:23:11.0383 8064 AppMgmt - ok
22:23:11.0399 8064 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
22:23:11.0399 8064 arc - ok
22:23:11.0399 8064 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
22:23:11.0399 8064 arcsas - ok
22:23:11.0461 8064 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:23:11.0461 8064 aspnet_state - ok
22:23:11.0477 8064 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:23:11.0477 8064 AsyncMac - ok
22:23:11.0508 8064 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:23:11.0508 8064 atapi - ok
22:23:11.0586 8064 atashost (6a995b27fbbfb2514238343474bcff7d) C:\Windows\SysWOW64\atashost.exe
22:23:11.0601 8064 atashost - ok
22:23:11.0648 8064 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
22:23:11.0648 8064 AtiHDAudioService - ok
22:23:11.0695 8064 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:23:11.0695 8064 AudioEndpointBuilder - ok
22:23:11.0711 8064 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:23:11.0711 8064 AudioSrv - ok
22:23:11.0757 8064 avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
22:23:11.0757 8064 avc3 - ok
22:23:11.0804 8064 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
22:23:11.0804 8064 avchv - ok
22:23:11.0835 8064 avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
22:23:11.0835 8064 avckf - ok
22:23:11.0851 8064 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:23:11.0851 8064 AxInstSV - ok
22:23:11.0867 8064 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
22:23:11.0867 8064 b06bdrv - ok
22:23:11.0898 8064 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:23:11.0898 8064 b57nd60a - ok
22:23:11.0960 8064 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:23:11.0976 8064 BCM43XX - ok
22:23:12.0007 8064 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:23:12.0007 8064 BDESVC - ok
22:23:12.0069 8064 BdfNdisf (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
22:23:12.0069 8064 BdfNdisf - ok
22:23:12.0101 8064 bdfsfltr (ea195950fa5dd4a8f7bc00822213a363) C:\Windows\system32\DRIVERS\bdfsfltr.sys
22:23:12.0116 8064 bdfsfltr - ok
22:23:12.0147 8064 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
22:23:12.0147 8064 bdfwfpf - ok
22:23:12.0163 8064 bdsandbox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys
22:23:12.0163 8064 bdsandbox - ok
22:23:12.0194 8064 BDVEDISK (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
22:23:12.0210 8064 BDVEDISK - ok
22:23:12.0210 8064 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:23:12.0210 8064 Beep - ok
22:23:12.0257 8064 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:23:12.0272 8064 BFE - ok
22:23:12.0303 8064 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:23:12.0303 8064 BITS - ok
22:23:12.0335 8064 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:23:12.0335 8064 blbdrive - ok
22:23:12.0381 8064 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:23:12.0381 8064 Bonjour Service - ok
22:23:12.0413 8064 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:23:12.0413 8064 bowser - ok
22:23:12.0428 8064 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
22:23:12.0428 8064 BrFiltLo - ok
22:23:12.0444 8064 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
22:23:12.0444 8064 BrFiltUp - ok
22:23:12.0475 8064 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:23:12.0475 8064 BridgeMP - ok
22:23:12.0491 8064 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:23:12.0491 8064 Browser - ok
22:23:12.0506 8064 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:23:12.0506 8064 Brserid - ok
22:23:12.0522 8064 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:23:12.0522 8064 BrSerWdm - ok
22:23:12.0537 8064 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:23:12.0537 8064 BrUsbMdm - ok
22:23:12.0537 8064 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:23:12.0537 8064 BrUsbSer - ok
22:23:12.0553 8064 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
22:23:12.0553 8064 BTHMODEM - ok
22:23:12.0569 8064 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:23:12.0569 8064 bthserv - ok
22:23:12.0584 8064 catchme - ok
22:23:12.0600 8064 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:23:12.0600 8064 cdfs - ok
22:23:12.0631 8064 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:23:12.0631 8064 cdrom - ok
22:23:12.0662 8064 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:23:12.0662 8064 CertPropSvc - ok
22:23:12.0678 8064 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
22:23:12.0678 8064 circlass - ok
22:23:12.0693 8064 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:23:12.0693 8064 CLFS - ok
22:23:12.0740 8064 CLKMSVC10_9EC60124 (730bf325e4cc1e3935b81943ac6da216) C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe
22:23:12.0771 8064 CLKMSVC10_9EC60124 - ok
22:23:12.0834 8064 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:23:12.0834 8064 clr_optimization_v2.0.50727_32 - ok
22:23:12.0865 8064 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:23:12.0865 8064 clr_optimization_v2.0.50727_64 - ok
22:23:12.0896 8064 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:23:12.0896 8064 clr_optimization_v4.0.30319_32 - ok
22:23:12.0927 8064 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:23:12.0927 8064 clr_optimization_v4.0.30319_64 - ok
22:23:12.0943 8064 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
22:23:12.0943 8064 CmBatt - ok
22:23:12.0959 8064 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:23:12.0959 8064 cmdide - ok
22:23:12.0990 8064 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:23:12.0990 8064 CNG - ok
22:23:13.0005 8064 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
22:23:13.0005 8064 Compbatt - ok
22:23:13.0037 8064 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:23:13.0037 8064 CompositeBus - ok
22:23:13.0037 8064 COMSysApp - ok
22:23:13.0068 8064 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
22:23:13.0068 8064 crcdisk - ok
22:23:13.0083 8064 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:23:13.0099 8064 CryptSvc - ok
22:23:13.0115 8064 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:23:13.0130 8064 CSC - ok
22:23:13.0146 8064 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
22:23:13.0161 8064 CscService - ok
22:23:13.0193 8064 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
22:23:13.0193 8064 CVirtA - ok
22:23:13.0271 8064 CVPND (98c413e1a2fb6e5a4c101c25b3d0b275) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
22:23:13.0271 8064 CVPND - ok
22:23:13.0317 8064 CVPNDRVA (79af0e203d089af442a3f70ed00a37fb) C:\Windows\system32\Drivers\CVPNDRVA.sys
22:23:13.0317 8064 CVPNDRVA - ok
22:23:13.0349 8064 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:23:13.0349 8064 DcomLaunch - ok
22:23:13.0380 8064 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:23:13.0380 8064 defragsvc - ok
22:23:13.0411 8064 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:23:13.0411 8064 DfsC - ok
22:23:13.0427 8064 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:23:13.0427 8064 Dhcp - ok
22:23:13.0442 8064 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:23:13.0442 8064 discache - ok
22:23:13.0489 8064 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
22:23:13.0489 8064 Disk - ok
22:23:13.0520 8064 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
22:23:13.0520 8064 dmvsc - ok
22:23:13.0551 8064 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
22:23:13.0567 8064 DNE - ok
22:23:13.0598 8064 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:23:13.0598 8064 Dnscache - ok
22:23:13.0614 8064 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:23:13.0629 8064 dot3svc - ok
22:23:13.0676 8064 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
22:23:13.0676 8064 dot4 - ok
22:23:13.0692 8064 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:23:13.0707 8064 Dot4Print - ok
22:23:13.0723 8064 Dot4Scan (488669cd1cd3bdcfdd9a5fda72209069) C:\Windows\system32\DRIVERS\Dot4Scan.sys
22:23:13.0723 8064 Dot4Scan - ok
22:23:13.0754 8064 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
22:23:13.0754 8064 dot4usb - ok
22:23:13.0770 8064 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:23:13.0770 8064 DPS - ok
22:23:13.0801 8064 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:23:13.0801 8064 drmkaud - ok
22:23:13.0832 8064 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:23:13.0848 8064 DXGKrnl - ok
22:23:13.0879 8064 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:23:13.0879 8064 EapHost - ok
22:23:13.0941 8064 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:23:14.0004 8064 ebdrv - ok
22:23:14.0035 8064 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:23:14.0035 8064 EFS - ok
22:23:14.0082 8064 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:23:14.0082 8064 ehRecvr - ok
22:23:14.0097 8064 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:23:14.0097 8064 ehSched - ok
22:23:14.0113 8064 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:23:14.0129 8064 elxstor - ok
22:23:14.0129 8064 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:23:14.0144 8064 ErrDev - ok
22:23:14.0160 8064 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:23:14.0175 8064 EventSystem - ok
22:23:14.0191 8064 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:23:14.0191 8064 exfat - ok
22:23:14.0207 8064 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:23:14.0222 8064 fastfat - ok
22:23:14.0253 8064 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:23:14.0253 8064 Fax - ok
22:23:14.0269 8064 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:23:14.0269 8064 fdc - ok
22:23:14.0285 8064 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:23:14.0285 8064 fdPHost - ok
22:23:14.0300 8064 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:23:14.0300 8064 FDResPub - ok
22:23:14.0316 8064 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:23:14.0316 8064 FileInfo - ok
22:23:14.0331 8064 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:23:14.0347 8064 Filetrace - ok
22:23:14.0394 8064 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:23:14.0441 8064 FLEXnet Licensing Service - ok
22:23:14.0441 8064 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:23:14.0441 8064 flpydisk - ok
22:23:14.0487 8064 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:23:14.0487 8064 FltMgr - ok
22:23:14.0519 8064 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:23:14.0550 8064 FontCache - ok
22:23:14.0597 8064 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:23:14.0597 8064 FontCache3.0.0.0 - ok
22:23:14.0612 8064 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:23:14.0612 8064 FsDepends - ok
22:23:14.0628 8064 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:23:14.0628 8064 Fs_Rec - ok
22:23:14.0643 8064 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:23:14.0643 8064 fvevol - ok
22:23:14.0675 8064 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:23:14.0675 8064 gagp30kx - ok
22:23:14.0706 8064 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:23:14.0706 8064 GEARAspiWDM - ok
22:23:14.0737 8064 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:23:14.0753 8064 gpsvc - ok
22:23:14.0768 8064 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:23:14.0768 8064 hcw85cir - ok
22:23:14.0815 8064 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:23:14.0815 8064 HdAudAddService - ok
22:23:14.0846 8064 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:23:14.0862 8064 HDAudBus - ok
22:23:14.0877 8064 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:23:14.0877 8064 HidBatt - ok
22:23:14.0877 8064 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
22:23:14.0877 8064 HidBth - ok
22:23:14.0924 8064 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:23:14.0924 8064 HidIr - ok
22:23:14.0940 8064 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:23:14.0940 8064 hidserv - ok
22:23:14.0955 8064 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:23:14.0955 8064 HidUsb - ok
22:23:14.0987 8064 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:23:14.0987 8064 hkmsvc - ok
22:23:15.0002 8064 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:23:15.0002 8064 HomeGroupListener - ok
22:23:15.0018 8064 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:23:15.0033 8064 HomeGroupProvider - ok
22:23:15.0049 8064 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:23:15.0049 8064 HpSAMD - ok
22:23:15.0080 8064 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:23:15.0080 8064 HTTP - ok
22:23:15.0096 8064 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:23:15.0096 8064 hwpolicy - ok
22:23:15.0111 8064 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:23:15.0111 8064 i8042prt - ok
22:23:15.0143 8064 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
22:23:15.0143 8064 iaStor - ok
22:23:15.0205 8064 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:23:15.0205 8064 IAStorDataMgrSvc - ok
22:23:15.0236 8064 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:23:15.0252 8064 iaStorV - ok
22:23:15.0314 8064 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:23:15.0330 8064 IDriverT - ok
22:23:15.0392 8064 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:23:15.0392 8064 idsvc - ok
22:23:15.0408 8064 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:23:15.0423 8064 iirsp - ok
22:23:15.0439 8064 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:23:15.0455 8064 IKEEXT - ok
22:23:15.0470 8064 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
22:23:15.0486 8064 Impcd - ok
22:23:15.0548 8064 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
22:23:15.0579 8064 IntcAzAudAddService - ok
22:23:15.0595 8064 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
22:23:15.0595 8064 IntcDAud - ok
22:23:15.0626 8064 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:23:15.0626 8064 intelide - ok
22:23:15.0657 8064 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:23:15.0657 8064 intelppm - ok
22:23:15.0751 8064 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
22:23:15.0767 8064 IntuitUpdateService - ok
22:23:15.0813 8064 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
22:23:15.0829 8064 IntuitUpdateServiceV4 - ok
22:23:15.0845 8064 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:23:15.0860 8064 IPBusEnum - ok
22:23:15.0876 8064 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:23:15.0876 8064 IpFilterDriver - ok
22:23:15.0907 8064 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:23:15.0907 8064 iphlpsvc - ok
22:23:15.0923 8064 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:23:15.0923 8064 IPMIDRV - ok
22:23:15.0938 8064 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:23:15.0938 8064 IPNAT - ok
22:23:15.0985 8064 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
22:23:15.0985 8064 iPod Service - ok
22:23:16.0016 8064 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:23:16.0016 8064 IRENUM - ok
22:23:16.0032 8064 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:23:16.0032 8064 isapnp - ok
22:23:16.0047 8064 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:23:16.0047 8064 iScsiPrt - ok
22:23:16.0079 8064 k57nd60a (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
22:23:16.0079 8064 k57nd60a - ok
22:23:16.0094 8064 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:23:16.0094 8064 kbdclass - ok
22:23:16.0110 8064 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:23:16.0110 8064 kbdhid - ok
22:23:16.0125 8064 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:23:16.0125 8064 KeyIso - ok
22:23:16.0141 8064 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:23:16.0141 8064 KSecDD - ok
22:23:16.0157 8064 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:23:16.0157 8064 KSecPkg - ok
22:23:16.0188 8064 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:23:16.0188 8064 ksthunk - ok
22:23:16.0203 8064 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:23:16.0219 8064 KtmRm - ok
22:23:16.0235 8064 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:23:16.0250 8064 LanmanServer - ok
22:23:16.0266 8064 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:23:16.0281 8064 LanmanWorkstation - ok
22:23:16.0297 8064 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:23:16.0297 8064 lltdio - ok
22:23:16.0313 8064 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:23:16.0328 8064 lltdsvc - ok
22:23:16.0344 8064 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:23:16.0344 8064 lmhosts - ok
22:23:16.0359 8064 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:23:16.0359 8064 LSI_FC - ok
22:23:16.0375 8064 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:23:16.0375 8064 LSI_SAS - ok
22:23:16.0391 8064 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:23:16.0391 8064 LSI_SAS2 - ok
22:23:16.0406 8064 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:23:16.0406 8064 LSI_SCSI - ok
22:23:16.0422 8064 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:23:16.0422 8064 luafv - ok
22:23:16.0437 8064 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:23:16.0453 8064 Mcx2Svc - ok
22:23:16.0469 8064 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:23:16.0469 8064 megasas - ok
22:23:16.0484 8064 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:23:16.0484 8064 MegaSR - ok
22:23:16.0515 8064 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
22:23:16.0515 8064 MEIx64 - ok
22:23:16.0531 8064 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:23:16.0531 8064 MMCSS - ok
22:23:16.0531 8064 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:23:16.0547 8064 Modem - ok
22:23:16.0562 8064 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:23:16.0562 8064 monitor - ok
22:23:16.0578 8064 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:23:16.0578 8064 mouclass - ok
22:23:16.0593 8064 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:23:16.0593 8064 mouhid - ok
22:23:16.0609 8064 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:23:16.0609 8064 mountmgr - ok
22:23:16.0609 8064 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:23:16.0625 8064 mpio - ok
22:23:16.0656 8064 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:23:16.0656 8064 mpsdrv - ok
22:23:16.0671 8064 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:23:16.0687 8064 MpsSvc - ok
22:23:16.0703 8064 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:23:16.0718 8064 MRxDAV - ok
22:23:16.0734 8064 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:23:16.0734 8064 mrxsmb - ok
22:23:16.0781 8064 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:23:16.0781 8064 mrxsmb10 - ok
22:23:16.0796 8064 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:23:16.0796 8064 mrxsmb20 - ok
22:23:16.0812 8064 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:23:16.0812 8064 msahci - ok
22:23:16.0843 8064 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:23:16.0843 8064 msdsm - ok
22:23:16.0859 8064 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:23:16.0859 8064 MSDTC - ok
22:23:16.0874 8064 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:23:16.0874 8064 Msfs - ok
22:23:16.0890 8064 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:23:16.0905 8064 mshidkmdf - ok
22:23:16.0905 8064 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:23:16.0905 8064 msisadrv - ok
22:23:16.0921 8064 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:23:16.0937 8064 MSiSCSI - ok
22:23:16.0937 8064 msiserver - ok
22:23:16.0968 8064 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:23:16.0968 8064 MSKSSRV - ok
22:23:16.0968 8064 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:23:16.0968 8064 MSPCLOCK - ok
22:23:16.0983 8064 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:23:16.0983 8064 MSPQM - ok
22:23:17.0015 8064 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:23:17.0030 8064 MsRPC - ok
22:23:17.0046 8064 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:23:17.0046 8064 mssmbios - ok
22:23:17.0061 8064 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:23:17.0061 8064 MSTEE - ok
22:23:17.0077 8064 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:23:17.0077 8064 MTConfig - ok
22:23:17.0093 8064 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:23:17.0093 8064 Mup - ok
22:23:17.0108 8064 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:23:17.0124 8064 napagent - ok
22:23:17.0139 8064 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:23:17.0155 8064 NativeWifiP - ok
22:23:17.0217 8064 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
22:23:17.0217 8064 NAUpdate - ok
22:23:17.0264 8064 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
22:23:17.0264 8064 NDIS - ok
22:23:17.0280 8064 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:23:17.0295 8064 NdisCap - ok
22:23:17.0311 8064 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:23:17.0311 8064 NdisTapi - ok
22:23:17.0327 8064 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:23:17.0327 8064 Ndisuio - ok
22:23:17.0342 8064 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:23:17.0342 8064 NdisWan - ok
22:23:17.0358 8064 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:23:17.0358 8064 NDProxy - ok
22:23:17.0373 8064 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:23:17.0373 8064 NetBIOS - ok
22:23:17.0389 8064 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:23:17.0389 8064 NetBT - ok
22:23:17.0405 8064 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:23:17.0420 8064 Netlogon - ok
22:23:17.0451 8064 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:23:17.0451 8064 Netman - ok
22:23:17.0498 8064 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:23:17.0498 8064 NetMsmqActivator - ok
22:23:17.0498 8064 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:23:17.0514 8064 NetPipeActivator - ok
22:23:17.0545 8064 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:23:17.0545 8064 netprofm - ok
22:23:17.0561 8064 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:23:17.0561 8064 NetTcpActivator - ok
22:23:17.0561 8064 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:23:17.0561 8064 NetTcpPortSharing - ok
22:23:17.0592 8064 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
22:23:17.0592 8064 netvsc - ok
22:23:17.0607 8064 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:23:17.0623 8064 nfrd960 - ok
22:23:17.0639 8064 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:23:17.0639 8064 NlaSvc - ok
22:23:17.0685 8064 nm3 (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys
22:23:17.0701 8064 nm3 - ok
22:23:17.0763 8064 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
22:23:17.0826 8064 NOBU - ok
22:23:17.0841 8064 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:23:17.0841 8064 Npfs - ok
22:23:17.0873 8064 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:23:17.0873 8064 nsi - ok
22:23:17.0888 8064 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:23:17.0888 8064 nsiproxy - ok
22:23:17.0935 8064 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:23:17.0951 8064 Ntfs - ok
22:23:17.0966 8064 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:23:17.0966 8064 Null - ok
22:23:17.0997 8064 nusb3hub (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys
22:23:17.0997 8064 nusb3hub - ok
22:23:18.0029 8064 nusb3xhc (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:23:18.0029 8064 nusb3xhc - ok
22:23:18.0060 8064 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:23:18.0060 8064 nvraid - ok
22:23:18.0075 8064 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:23:18.0075 8064 nvstor - ok
22:23:18.0091 8064 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:23:18.0091 8064 nv_agp - ok
22:23:18.0169 8064 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:23:18.0185 8064 odserv - ok
22:23:18.0200 8064 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:23:18.0216 8064 ohci1394 - ok
22:23:18.0231 8064 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:23:18.0247 8064 ose - ok
22:23:18.0278 8064 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:23:18.0278 8064 p2pimsvc - ok
22:23:18.0309 8064 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:23:18.0309 8064 p2psvc - ok
22:23:18.0325 8064 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:23:18.0325 8064 Parport - ok
22:23:18.0341 8064 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:23:18.0341 8064 partmgr - ok
22:23:18.0387 8064 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
22:23:18.0387 8064 pavboot - ok
22:23:18.0403 8064 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:23:18.0403 8064 PcaSvc - ok
22:23:18.0434 8064 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
22:23:18.0450 8064 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
22:23:18.0465 8064 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:23:18.0465 8064 pci - ok
22:23:18.0481 8064 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:23:18.0481 8064 pciide - ok
22:23:18.0497 8064 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:23:18.0512 8064 pcmcia - ok
22:23:18.0528 8064 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:23:18.0528 8064 pcw - ok
22:23:18.0543 8064 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:23:18.0559 8064 PEAUTH - ok
22:23:18.0590 8064 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:23:18.0621 8064 PeerDistSvc - ok
22:23:18.0653 8064 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:23:18.0653 8064 PerfHost - ok
22:23:18.0699 8064 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:23:18.0731 8064 pla - ok
22:23:18.0762 8064 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:23:18.0762 8064 PlugPlay - ok
22:23:18.0777 8064 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:23:18.0777 8064 PNRPAutoReg - ok
22:23:18.0793 8064 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:23:18.0809 8064 PNRPsvc - ok
22:23:18.0840 8064 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:23:18.0840 8064 PolicyAgent - ok
22:23:18.0871 8064 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:23:18.0871 8064 Power - ok
22:23:18.0918 8064 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:23:18.0918 8064 PptpMiniport - ok
22:23:18.0949 8064 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:23:18.0949 8064 Processor - ok
22:23:18.0965 8064 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:23:18.0965 8064 ProfSvc - ok
22:23:18.0980 8064 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:23:18.0980 8064 ProtectedStorage - ok
22:23:18.0996 8064 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:23:19.0011 8064 Psched - ok
22:23:19.0043 8064 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
22:23:19.0043 8064 PxHlpa64 - ok
22:23:19.0074 8064 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:23:19.0121 8064 ql2300 - ok
22:23:19.0121 8064 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:23:19.0136 8064 ql40xx - ok
22:23:19.0152 8064 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:23:19.0152 8064 QWAVE - ok
22:23:19.0167 8064 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:23:19.0167 8064 QWAVEdrv - ok
22:23:19.0183 8064 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:23:19.0183 8064 RasAcd - ok
22:23:19.0199 8064 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:23:19.0199 8064 RasAgileVpn - ok
22:23:19.0214 8064 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:23:19.0214 8064 RasAuto - ok
22:23:19.0230 8064 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:23:19.0230 8064 Rasl2tp - ok
22:23:19.0245 8064 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:23:19.0261 8064 RasMan - ok
22:23:19.0277 8064 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:23:19.0277 8064 RasPppoe - ok
22:23:19.0292 8064 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:23:19.0292 8064 RasSstp - ok
22:23:19.0308 8064 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:23:19.0308 8064 rdbss - ok
22:23:19.0323 8064 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:23:19.0339 8064 rdpbus - ok
22:23:19.0355 8064 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:23:19.0370 8064 RDPCDD - ok
22:23:19.0386 8064 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:23:19.0386 8064 RDPDR - ok
22:23:19.0401 8064 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:23:19.0401 8064 RDPENCDD - ok
22:23:19.0433 8064 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:23:19.0433 8064 RDPREFMP - ok
22:23:19.0448 8064 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:23:19.0448 8064 RDPWD - ok
22:23:19.0479 8064 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:23:19.0479 8064 rdyboost - ok
22:23:19.0495 8064 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:23:19.0495 8064 RemoteAccess - ok
22:23:19.0511 8064 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:23:19.0511 8064 RemoteRegistry - ok
22:23:19.0604 8064 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
22:23:19.0651 8064 RoxMediaDB12OEM - ok
22:23:19.0698 8064 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
22:23:19.0713 8064 RoxWatch12 - ok
22:23:19.0729 8064 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:23:19.0745 8064 RpcEptMapper - ok
22:23:19.0760 8064 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:23:19.0760 8064 RpcLocator - ok
22:23:19.0776 8064 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:23:19.0776 8064 RpcSs - ok
22:23:19.0791 8064 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:23:19.0807 8064 rspndr - ok
22:23:19.0838 8064 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:23:19.0838 8064 s3cap - ok
22:23:19.0854 8064 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:23:19.0854 8064 SamSs - ok
22:23:19.0869 8064 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:23:19.0885 8064 sbp2port - ok
22:23:19.0901 8064 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:23:19.0901 8064 SCardSvr - ok
22:23:19.0901 8064 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:23:19.0916 8064 scfilter - ok
22:23:19.0932 8064 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:23:19.0947 8064 Schedule - ok
22:23:19.0979 8064 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:23:19.0979 8064 SCPolicySvc - ok
22:23:19.0994 8064 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:23:19.0994 8064 SDRSVC - ok
22:23:20.0041 8064 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:23:20.0057 8064 SeaPort - ok
22:23:20.0088 8064 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:23:20.0088 8064 secdrv - ok
22:23:20.0088 8064 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:23:20.0088 8064 seclogon - ok
22:23:20.0119 8064 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:23:20.0119 8064 SENS - ok
22:23:20.0135 8064 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:23:20.0150 8064 SensrSvc - ok
22:23:20.0166 8064 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
22:23:20.0181 8064 Serenum - ok
22:23:20.0181 8064 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
22:23:20.0181 8064 Serial - ok
22:23:20.0197 8064 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:23:20.0197 8064 sermouse - ok
22:23:20.0213 8064 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:23:20.0213 8064 SessionEnv - ok
22:23:20.0228 8064 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:23:20.0228 8064 sffdisk - ok
22:23:20.0228 8064 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:23:20.0244 8064 sffp_mmc - ok
22:23:20.0244 8064 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:23:20.0244 8064 sffp_sd - ok
22:23:20.0259 8064 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:23:20.0259 8064 sfloppy - ok
22:23:20.0306 8064 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:23:20.0384 8064 SftService - ok
22:23:20.0415 8064 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:23:20.0431 8064 SharedAccess - ok
22:23:20.0447 8064 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:23:20.0447 8064 ShellHWDetection - ok
22:23:20.0462 8064 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:23:20.0462 8064 SiSRaid2 - ok
22:23:20.0478 8064 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:23:20.0478 8064 SiSRaid4 - ok
22:23:20.0478 8064 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:23:20.0478 8064 Smb - ok
22:23:20.0493 8064 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:23:20.0493 8064 SNMPTRAP - ok
22:23:20.0509 8064 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:23:20.0509 8064 spldr - ok
22:23:20.0525 8064 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:23:20.0525 8064 Spooler - ok
22:23:20.0587 8064 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:23:20.0649 8064 sppsvc - ok
22:23:20.0649 8064 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:23:20.0665 8064 sppuinotify - ok
22:23:20.0696 8064 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:23:20.0696 8064 srv - ok
22:23:20.0712 8064 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:23:20.0712 8064 srv2 - ok
22:23:20.0727 8064 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:23:20.0727 8064 srvnet - ok
22:23:20.0743 8064 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:23:20.0743 8064 SSDPSRV - ok
22:23:20.0759 8064 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:23:20.0759 8064 SstpSvc - ok
22:23:20.0774 8064 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:23:20.0774 8064 stexstor - ok
22:23:20.0805 8064 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:23:20.0821 8064 stisvc - ok
22:23:20.0868 8064 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
22:23:20.0868 8064 stllssvr - ok
22:23:20.0899 8064 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
22:23:20.0915 8064 StorSvc - ok
22:23:20.0930 8064 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:23:20.0930 8064 storvsc - ok
22:23:20.0946 8064 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:23:20.0946 8064 swenum - ok
22:23:20.0977 8064 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:23:20.0977 8064 swprv - ok
22:23:20.0993 8064 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
22:23:20.0993 8064 SynthVid - ok
22:23:21.0039 8064 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:23:21.0071 8064 SysMain - ok
22:23:21.0086 8064 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:23:21.0086 8064 TabletInputService - ok
22:23:21.0102 8064 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:23:21.0117 8064 TapiSrv - ok
22:23:21.0133 8064 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:23:21.0133 8064 TBS - ok
22:23:21.0195 8064 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:23:21.0211 8064 Tcpip - ok
22:23:21.0258 8064 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:23:21.0273 8064 TCPIP6 - ok
22:23:21.0289 8064 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:23:21.0289 8064 tcpipreg - ok
22:23:21.0305 8064 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:23:21.0305 8064 TDPIPE - ok
22:23:21.0336 8064 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:23:21.0336 8064 TDTCP - ok
22:23:21.0351 8064 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:23:21.0367 8064 tdx - ok
22:23:21.0367 8064 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
22:23:21.0367 8064 TermDD - ok
22:23:21.0398 8064 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:23:21.0398 8064 TermService - ok
22:23:21.0414 8064 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:23:21.0429 8064 Themes - ok
22:23:21.0445 8064 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:23:21.0445 8064 THREADORDER - ok
22:23:21.0461 8064 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:23:21.0461 8064 TrkWks - ok
22:23:21.0507 8064 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
22:23:21.0507 8064 trufos - ok
22:23:21.0539 8064 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:23:21.0554 8064 TrustedInstaller - ok
22:23:21.0570 8064 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:23:21.0570 8064 tssecsrv - ok
22:23:21.0585 8064 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:23:21.0585 8064 TsUsbFlt - ok
22:23:21.0617 8064 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:23:21.0617 8064 TsUsbGD - ok
22:23:21.0632 8064 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:23:21.0632 8064 tunnel - ok
22:23:21.0648 8064 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:23:21.0648 8064 uagp35 - ok
22:23:21.0679 8064 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:23:21.0695 8064 udfs - ok
22:23:21.0710 8064 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:23:21.0710 8064 UI0Detect - ok
22:23:21.0741 8064 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:23:21.0741 8064 uliagpkx - ok
22:23:21.0773 8064 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:23:21.0773 8064 umbus - ok
22:23:21.0773 8064 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:23:21.0773 8064 UmPass - ok
22:23:21.0804 8064 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
22:23:21.0804 8064 UmRdpService - ok
22:23:21.0882 8064 Update Server (7de3f30967cf77bd1fc440c2b847629a) C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
22:23:21.0882 8064 Update Server - ok
22:23:21.0929 8064 UPDATESRV (6fa5ffc3765c9c444d82faf1d46c1cae) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
22:23:21.0929 8064 UPDATESRV - ok
22:23:21.0960 8064 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:23:21.0960 8064 upnphost - ok
22:23:21.0991 8064 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
22:23:21.0991 8064 usbccgp - ok
22:23:21.0991 8064 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:23:22.0007 8064 usbcir - ok
22:23:22.0022 8064 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:23:22.0022 8064 usbehci - ok
22:23:22.0038 8064 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
22:23:22.0053 8064 usbhub - ok
22:23:22.0069 8064 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:23:22.0069 8064 usbohci - ok
22:23:22.0085 8064 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
22:23:22.0085 8064 usbprint - ok
22:23:22.0116 8064 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:23:22.0116 8064 USBSTOR - ok
22:23:22.0131 8064 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:23:22.0131 8064 usbuhci - ok
22:23:22.0147 8064 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:23:22.0147 8064 UxSms - ok
22:23:22.0163 8064 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:23:22.0163 8064 VaultSvc - ok
22:23:22.0178 8064 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:23:22.0178 8064 vdrvroot - ok
22:23:22.0194 8064 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:23:22.0209 8064 vds - ok
22:23:22.0225 8064 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:23:22.0225 8064 vga - ok
22:23:22.0241 8064 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:23:22.0241 8064 VgaSave - ok
22:23:22.0272 8064 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:23:22.0272 8064 vhdmp - ok
22:23:22.0287 8064 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:23:22.0287 8064 viaide - ok
22:23:22.0303 8064 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:23:22.0303 8064 VMBusHID - ok
22:23:22.0319 8064 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:23:22.0334 8064 volmgr - ok
22:23:22.0350 8064 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:23:22.0350 8064 volmgrx - ok
22:23:22.0365 8064 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:23:22.0365 8064 volsnap - ok
22:23:22.0397 8064 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
22:23:22.0397 8064 vpcbus - ok
22:23:22.0428 8064 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
22:23:22.0428 8064 vpcnfltr - ok
22:23:22.0459 8064 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
22:23:22.0459 8064 vpcusb - ok
22:23:22.0490 8064 vpcvmm (30d4243726a15a14f5c5e45898d14394) C:\Windows\system32\drivers\vpcvmm.sys
22:23:22.0490 8064 vpcvmm - ok
22:23:22.0522 8064 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:23:22.0522 8064 vsmraid - ok
22:23:22.0553 8064 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:23:22.0600 8064 VSS - ok
22:23:22.0631 8064 VSSERV - ok
22:23:22.0646 8064 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:23:22.0646 8064 vwifibus - ok
22:23:22.0678 8064 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:23:22.0678 8064 vwififlt - ok
22:23:22.0693 8064 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:23:22.0709 8064 W32Time - ok
22:23:22.0724 8064 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:23:22.0724 8064 WacomPen - ok
22:23:22.0756 8064 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:23:22.0756 8064 WANARP - ok
22:23:22.0756 8064 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:23:22.0756 8064 Wanarpv6 - ok
22:23:22.0818 8064 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:23:22.0834 8064 WatAdminSvc - ok
22:23:22.0880 8064 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:23:22.0912 8064 wbengine - ok
22:23:22.0927 8064 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:23:22.0927 8064 WbioSrvc - ok
22:23:22.0943 8064 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:23:22.0943 8064 wcncsvc - ok
22:23:22.0958 8064 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:23:22.0958 8064 WcsPlugInService - ok
22:23:22.0974 8064 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:23:22.0974 8064 Wd - ok
22:23:23.0005 8064 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:23:23.0005 8064 Wdf01000 - ok
22:23:23.0021 8064 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:23:23.0036 8064 WdiServiceHost - ok
22:23:23.0036 8064 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:23:23.0036 8064 WdiSystemHost - ok
22:23:23.0052 8064 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:23:23.0068 8064 WebClient - ok
22:23:23.0083 8064 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:23:23.0083 8064 Wecsvc - ok
22:23:23.0099 8064 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:23:23.0099 8064 wercplsupport - ok
22:23:23.0114 8064 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:23:23.0130 8064 WerSvc - ok
22:23:23.0146 8064 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:23:23.0146 8064 WfpLwf - ok
22:23:23.0177 8064 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
22:23:23.0192 8064 WimFltr - ok
22:23:23.0208 8064 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:23:23.0208 8064 WIMMount - ok
22:23:23.0224 8064 WinDefend - ok
22:23:23.0224 8064 WinHttpAutoProxySvc - ok
22:23:23.0270 8064 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:23:23.0270 8064 Winmgmt - ok
22:23:23.0333 8064 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:23:23.0364 8064 WinRM - ok
22:23:23.0411 8064 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:23:23.0426 8064 WinUsb - ok
22:23:23.0442 8064 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:23:23.0458 8064 Wlansvc - ok
22:23:23.0504 8064 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:23:23.0504 8064 wlcrasvc - ok
22:23:23.0551 8064 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:23:23.0567 8064 wlidsvc - ok
22:23:23.0582 8064 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:23:23.0582 8064 WmiAcpi - ok
22:23:23.0598 8064 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:23:23.0598 8064 wmiApSrv - ok
22:23:23.0614 8064 WMPNetworkSvc - ok
22:23:23.0629 8064 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:23:23.0629 8064 WPCSvc - ok
22:23:23.0645 8064 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:23:23.0660 8064 WPDBusEnum - ok
22:23:23.0660 8064 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:23:23.0676 8064 ws2ifsl - ok
22:23:23.0692 8064 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:23:23.0692 8064 wscsvc - ok
22:23:23.0692 8064 WSearch - ok
22:23:23.0738 8064 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:23:23.0785 8064 wuauserv - ok
22:23:23.0801 8064 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:23:23.0801 8064 WudfPf - ok
22:23:23.0816 8064 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:23:23.0816 8064 WUDFRd - ok
22:23:23.0832 8064 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:23:23.0848 8064 wudfsvc - ok
22:23:23.0863 8064 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:23:23.0879 8064 WwanSvc - ok
22:23:23.0894 8064 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:23:23.0972 8064 \Device\Harddisk0\DR0 - ok
22:23:23.0972 8064 Boot (0x1200) (60d005f7927d9ad443afd337eab7b9ce) \Device\Harddisk0\DR0\Partition0
22:23:23.0972 8064 \Device\Harddisk0\DR0\Partition0 - ok
22:23:23.0988 8064 Boot (0x1200) (5f9ea4ad63c4b418b56141027d0630cd) \Device\Harddisk0\DR0\Partition1
22:23:23.0988 8064 \Device\Harddisk0\DR0\Partition1 - ok
22:23:23.0988 8064 ============================================================
22:23:23.0988 8064 Scan finished
22:23:23.0988 8064 ============================================================
22:23:24.0004 0220 Detected object count: 0
22:23:24.0004 0220 Actual detected object count: 0



---------------------------------------------------------------------------------------------------------------------------------
Here's the aswMBR log file:



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-13 22:26:16
-----------------------------
22:26:16.337 OS Version: Windows x64 6.1.7601 Service Pack 1
22:26:16.337 Number of processors: 8 586 0x2A07
22:26:16.337 ComputerName: CNA0187798A UserName: a0187798
22:26:17.928 Initialize success
22:26:56.118 AVAST engine defs: 12041301
22:27:32.529 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
22:27:32.529 Disk 0 Vendor: ST320006 CC44 Size: 1907729MB BusType: 3
22:27:32.544 Disk 0 MBR read successfully
22:27:32.544 Disk 0 MBR scan
22:27:32.576 Disk 0 Windows VISTA default MBR code
22:27:32.576 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
22:27:32.607 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 16638 MB offset 81920
22:27:32.622 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1891050 MB offset 34156544
22:27:32.638 Disk 0 scanning C:\Windows\system32\drivers
22:27:40.625 Service scanning
22:27:54.010 Modules scanning
22:27:54.010 Disk 0 trace - called modules:
22:27:54.041 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:27:54.041 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800f414790]
22:27:54.041 3 CLASSPNP.SYS[fffff88001d6e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800d8e3050]
22:28:02.637 AVAST engine scan C:\Windows
22:28:05.741 Disk 0 MBR has been saved successfully to "C:\Users\a0187798\Desktop\MBR.dat"
22:28:05.741 The log file has been saved successfully to "C:\Users\a0187798\Desktop\aswMBR.txt"
22:28:06.146 AVAST engine scan C:\Windows\system32
22:30:37.600 AVAST engine scan C:\Windows\system32\drivers
22:30:49.362 AVAST engine scan C:\Users\a0187798
22:34:17.420 Disk 0 MBR has been saved successfully to "C:\Users\a0187798\Desktop\MBR.dat"
22:34:17.420 The log file has been saved successfully to "C:\Users\a0187798\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:36 PM

Posted 13 April 2012 - 10:43 PM

Greetings Paul

OK give me a brief rundown on what is still wrong with the computer


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Paul2.0

Paul2.0
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 14 April 2012 - 01:12 AM

Hi,

The other computers on my network can now access the shared files and printer from the infected machine, so that problem is fixed.
I haven't noticed google redirects lately. I'm still getting quite a few errors in my event log, but maybe that's normal. I've posted the event log below.

If it's not too much trouble, could you tell me what malware was on my computer when you and I started?

Do you think my computer is clean now?

-----------------------------------------------------------------------------------------------------------------------------------
Here's my Administrative event log:

Level Date and Time Source Event ID Task Category
Warning 4/14/2012 12:36:01 AM Microsoft-Windows-Bits-Client 16393 None BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x80040500.
Warning 4/14/2012 12:35:19 AM Microsoft-Windows-Bits-Client 16393 None BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x80040500.
Error 4/14/2012 12:21:05 AM Microsoft-Windows-Dhcp-Client 1001 Address Configuration State Event Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x9439E5589FE9. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Error 4/14/2012 12:20:43 AM Microsoft-Windows-WMI 10 None "Event filter with query ""SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA ""Win32_Processor"" AND TargetInstance.LoadPercentage > 99"" could not be reactivated in namespace ""//./root/CIMV2"" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected."
Warning 4/14/2012 12:20:25 AM Microsoft-Windows-Bits-Client 16393 None BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x80040500.
Error 4/14/2012 12:20:14 AM Microsoft-Windows-Kernel-EventTracing 2 Session "Session ""Homegroup Log"" failed to start with the following error: 0xC0000035"
Warning 4/14/2012 12:20:04 AM Microsoft-Windows-Kernel-EventTracing 4 Logging "The maximum file size for session ""ReadyBoot"" has been reached. As a result, events might be lost (not logged) to file ""C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl"". The maximum files size is currently set to 20971520 bytes."
Error 4/14/2012 12:19:50 AM Service Control Manager 7011 None A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Warning 4/14/2012 12:19:05 AM Microsoft-Windows-Dhcp-Client 1003 Address Configuration State Event Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0x180373D21DAC. The following error occurred: 0x490. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Error 4/14/2012 12:19:05 AM Microsoft-Windows-Dhcp-Client 50034 Address Configuration State Event An error has occurred in initializing the adapter 11. Error Code is 0x490
Error 4/14/2012 12:19:03 AM Service Control Manager 7023 None "The Windows Defender service terminated with the following error:
The specified module could not be found."
Error 4/14/2012 12:19:01 AM NetBT 4311 None "Initialization failed because the driver device could not be created. Use the string ""9439E5589FE9"" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. "
Error 4/14/2012 12:19:01 AM NetBT 4311 None "Initialization failed because the driver device could not be created. Use the string ""9439E5589FE9"" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. "
Warning 4/14/2012 12:18:21 AM Microsoft-Windows-WLAN-AutoConfig 4001 None "WLAN AutoConfig service has successfully stopped.
"
Warning 4/14/2012 12:18:21 AM Microsoft-Windows-WLAN-AutoConfig 10002 None "WLAN Extensibility Module has stopped.

Module Path: C:\Windows\System32\bcmihvsrv64.dll
"
Error 4/14/2012 12:18:17 AM Microsoft-Windows-DistributedCOM 10010 None The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Error 4/14/2012 12:18:16 AM Service Control Manager 7030 None The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error 4/14/2012 12:16:40 AM Service Control Manager 7030 None The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error 4/14/2012 12:13:06 AM Windows Backup 4104 None The backup was not successful. The error is: Windows Backup encountered an error when accessing the remote shared folder. (0x81000039).


-----------------------------------------------------------------------------------------------------------------------------------
Here's the log from ComboFix:


ComboFix 12-04-13.01 - a0187798 04/14/2012 0:15.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16366.13615 [GMT -5:00]
Running from: c:\users\a0187798\Desktop\ComboFix.exe
Command switches used :: c:\users\a0187798\Desktop\CFScript.txt
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 05:18 . 2012-04-14 05:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 17:19 . 2012-04-11 17:19 -------- d-----w- c:\program files (x86)\APHistory
2012-04-10 03:28 . 2009-06-30 15:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys
2012-04-10 03:28 . 2012-04-10 03:28 -------- d-----w- c:\program files (x86)\Panda Security
2012-04-10 03:28 . 2012-04-10 03:28 -------- d--h--w- c:\windows\AxInstSV
2012-04-08 15:01 . 2012-04-08 15:01 -------- d-----w- c:\users\a0187798\AppData\Roaming\f-secure
2012-04-08 15:01 . 2012-04-08 15:01 -------- d-----w- c:\programdata\F-Secure
2012-04-07 16:07 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-07 16:07 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-07 16:07 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-07 16:03 . 2012-04-07 16:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-07 13:33 . 2012-04-07 13:33 -------- d-----w- c:\users\a0187798\AppData\Local\bdch
2012-04-06 21:50 . 2012-04-06 21:50 218309 ----a-w- c:\programdata\1333748842.bdinstall.bin
2012-04-06 21:49 . 2012-04-06 21:49 -------- d-----w- c:\programdata\BDLogging
2012-04-06 21:49 . 2012-04-06 21:49 -------- d-----w- c:\users\a0187798\AppData\Roaming\Bitdefender
2012-04-06 21:49 . 2012-04-06 21:49 -------- d-----w- c:\programdata\Bitdefender
2012-04-06 21:48 . 2012-04-06 21:48 -------- d-----w- c:\users\a0187798\AppData\Roaming\QuickScan
2012-04-06 21:47 . 2012-04-06 21:47 -------- d-----w- c:\program files\Bitdefender
2012-04-06 21:47 . 2011-08-16 19:59 442088 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-04-06 21:47 . 2011-10-27 20:07 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-04-06 21:47 . 2012-04-06 21:47 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-04-06 21:44 . 2012-04-06 21:44 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2012-03-30 03:28 . 2012-03-30 03:28 -------- d-----w- c:\users\a0187798\AppData\Roaming\Malwarebytes
2012-03-30 03:28 . 2012-03-30 03:28 -------- d-----w- c:\programdata\Malwarebytes
2012-03-28 14:18 . 2012-03-28 14:18 -------- d-----w- c:\users\a0187798\AppData\Local\{E6756FBA-78E0-11E1-826D-B8AC6F996F26}
2012-03-21 01:22 . 2012-03-21 01:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-07 16:03 . 2011-10-01 01:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 21:45 . 2012-02-17 21:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-14_01.01.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-04-14 01:02 47388 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-14 01:03 39484 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-09 22:22 . 2012-04-14 01:03 6608 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2362829402-3712456972-3690666296-1000_UserData.bin
- 2012-04-14 00:30 . 2012-04-14 00:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-14 05:19 . 2012-04-14 05:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-14 00:30 . 2012-04-14 00:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-14 05:19 . 2012-04-14 05:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-04-14 00:29 320904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-14 05:18 320904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-10-01 01:53 . 2012-04-14 00:29 2732072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-01 01:53 . 2012-04-14 05:18 2732072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-09 22:19 . 2012-04-14 05:18 14243704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2362829402-3712456972-3690666296-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-27 75048]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-07 75064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Citrix XenApp.lnk - c:\windows\Installer\{C1CCF2E9-4851-4783-8076-D9C3F7DDD487}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2011-10-22 73728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/30 20:19;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-03-22 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-15 466736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-15 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2011-11-09 133944]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-13 66096]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
2012-04-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1067256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\a0187798\AppData\Roaming\Mozilla\Firefox\Profiles\538fcp1g.default\
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Citrix\ICA Client\PNAMain.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-04-14 00:22:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-14 05:22
ComboFix2.txt 2012-04-14 01:03
.
Pre-Run: 1,878,023,806,976 bytes free
Post-Run: 1,877,747,646,464 bytes free
.
- - End Of File - - 9F031D5D81D9ED03A095A01AE2AA7AF2

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:36 PM

Posted 14 April 2012 - 02:12 AM

Greetings

the only thing identifiable in the reports were System Check



These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Paul2.0

Paul2.0
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 15 April 2012 - 12:46 AM

Hi,

I uninstalled Bing Bar, but Bing Bar Platform and Bing Rewards Client Installer were not present on my computer.
When I tried to install Java, it said that I already had the latest version installed, so I did not reinstall it.
The MBAM log is posted below. The HijackThis log is posted below.

As for the current computer behavior, I believe I mentioned earlier that prior to the System Check infection, all the computers on my network used to be able to access the shared files/printers on the infected computer. After the infection, the other computers could no longer access the files/printers on the infected computer. At the time of my last post I said that access from the other computers to the infected computer had been restored. I spoke to soon, however, as I lost network access again within half a day. Right now, the other computers cannot even "see" the infected computer and cannot print to the shared printer. When I look at the event log of one of these "other" computers I see some potentially relevant entries:

Error 4/14/2012 10:05:38 AM Server 2505 None The server could not bind to the transport \Device\NetBT_Tcpip_{A5B38AB3-755B-4FB2-B9BA-148EBFE29CCA} because another computer on the network has the same name. The server could not start.

Error 4/14/2012 7:34:36 PM bowser 8003 None The master browser has received a server announcement from the computer CNA0187798A that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A5B38AB3-755B-4FB2-B9BA-148EBFE29CCA}. The master browser is stopping or an election is being forced.

I includes the event logs for both this "other" computer and the infected (CNA0187798A) computer below in case they are relevant.

I'm only bringing this issue up because it never happened to me before I got the System Check virus.

Thanks for your continued help!

----------------------------------------------------------------------------------------------------------------------------------
Here's the Administrative event log on the "other" computer that cannot access the files/printers of the infected (CNA0187798A) computer:

Level Date and Time Source Event ID Task Category
Error 4/14/2012 7:34:36 PM bowser 8003 None The master browser has received a server announcement from the computer CNA0187798A that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A5B38AB3-755B-4FB2-B9BA-148EBFE29CCA}. The master browser is stopping or an election is being forced.
Error 4/14/2012 3:29:56 PM Microsoft-Windows-PrintService 372 Printing a document "The document Flash, owned by Rachel, failed to print on printer HP OfficeJet G85. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 81180. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\RACHEL-PC. Win32 error code returned by the print processor: 53. The network path was not found.
"
Error 4/14/2012 3:29:46 PM Microsoft-Windows-PrintService 372 Printing a document "The document https://mail.google.com/mail/?ui=2&view=bsp&ver=ohhl4rw8mbn4, owned by Rachel, failed to print on printer HP OfficeJet G85. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 720896. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\RACHEL-PC. Win32 error code returned by the print processor: 53. The network path was not found.
"
Error 4/14/2012 1:40:02 PM Microsoft-Windows-PrintService 372 Printing a document "The document https://mail.google.com/mail/?ui=2&view=bsp&ver=ohhl4rw8mbn4, owned by Rachel, failed to print on printer HP OfficeJet G85. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 720896. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\RACHEL-PC. Win32 error code returned by the print processor: 53. The network path was not found.
"
Error 4/14/2012 1:15:27 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 1:15:27 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 1:15:07 PM Microsoft-Windows-PrintService 372 Printing a document "The document Microsoft Word - Confirmation&Payment2012, owned by Rachel, failed to print on printer HP OfficeJet G85. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 327680. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\RACHEL-PC. Win32 error code returned by the print processor: 53. The network path was not found.
"
Error 4/14/2012 1:14:23 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 1:14:23 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 1:14:16 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 1:14:16 PM Microsoft-Windows-PrintService 808 Initializing The print spooler failed to load a plug-in module C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRVUI.DLL, error code 0xc1. See the event user data for context information.
Error 4/14/2012 10:05:38 AM Server 2505 None The server could not bind to the transport \Device\NetBT_Tcpip_{A5B38AB3-755B-4FB2-B9BA-148EBFE29CCA} because another computer on the network has the same name. The server could not start.
Error 4/14/2012 1:25:21 AM SideBySide 80 None "Activation context generation failed for ""C:\Program Files (x86)\Cozi Express\CoziExpress.exe"".Error in manifest or policy file """" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest."

----------------------------------------------------------------------------------------------------------------------------------
Here's the Administrative event log on the infected (CNA0187798A) computer:

Level Date and Time Source Event ID Task Category
Error 4/14/2012 8:58:37 PM Service Control Manager 7011 None A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error 4/14/2012 8:58:15 PM Microsoft-Windows-Kernel-EventTracing 2 Session "Session ""Homegroup Log"" failed to start with the following error: 0xC0000035"
Warning 4/14/2012 7:44:43 PM .NET Runtime Optimization Service 1130 None .NET Runtime Optimization Service (4.0.30319.261) - Version or flavor did not match with repository: Microsoft.VisualBasic.Compatibility.Data
Error 4/14/2012 7:37:38 PM Microsoft-Windows-Dhcp-Client 1001 Address Configuration State Event Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x9439E5589FE9. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Error 4/14/2012 7:37:13 PM Microsoft-Windows-WMI 10 None "Event filter with query ""SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA ""Win32_Processor"" AND TargetInstance.LoadPercentage > 99"" could not be reactivated in namespace ""//./root/CIMV2"" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected."
Error 4/14/2012 7:35:36 PM NetBT 4311 None "Initialization failed because the driver device could not be created. Use the string ""9439E5589FE9"" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. "
Error 4/14/2012 7:35:36 PM NetBT 4311 None "Initialization failed because the driver device could not be created. Use the string ""9439E5589FE9"" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. "
Warning 4/14/2012 7:34:51 PM Microsoft-Windows-WLAN-AutoConfig 4001 None "WLAN AutoConfig service has successfully stopped.
"
Warning 4/14/2012 7:34:51 PM Microsoft-Windows-WLAN-AutoConfig 10002 None "WLAN Extensibility Module has stopped.

Module Path: C:\Windows\System32\bcmihvsrv64.dll
"
Error 4/14/2012 7:34:37 PM Microsoft-Windows-DistributedCOM 10010 None The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Error 4/14/2012 11:39:48 AM Microsoft-Windows-PrintService 372 Printing a document "The document Study Plan.xls, owned by a0187798, failed to print on printer HP OfficeJet G85. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 49008. Total number of pages in the document: 6. Number of pages printed: 2. Client computer: \\CNA0187798A. Win32 error code returned by the print processor: 2147500037. Unspecified error
"
Error 4/14/2012 1:31:46 AM SideBySide 80 None "Activation context generation failed for ""c:\Program Files (x86)\Cozi Express\CoziExpress.exe"".Error in manifest or policy file """" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest."
Warning 4/14/2012 12:36:01 AM Microsoft-Windows-Bits-Client 16393 None BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x80040500.
Warning 4/14/2012 12:35:19 AM Microsoft-Windows-Bits-Client 16393 None BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x80040500.
Error 4/14/2012 12:21:05 AM Microsoft-Windows-Dhcp-Client 1001 Address Configuration State Event Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x9439E5589FE9. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Error 4/14/2012 12:20:43 AM Microsoft-Windows-WMI 10 None "Event filter with query ""SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA ""Win32_Processor"" AND TargetInstance.LoadPercentage > 99"" could not be reactivated in namespace ""//./root/CIMV2"" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected."
Warning 4/14/2012 12:20:25 AM Microsoft-Windows-Bits-Client 16393 None BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x80040500.
Error 4/14/2012 12:20:14 AM Microsoft-Windows-Kernel-EventTracing 2 Session "Session ""Homegroup Log"" failed to start with the following error: 0xC0000035"
Warning 4/14/2012 12:20:04 AM Microsoft-Windows-Kernel-EventTracing 4 Logging "The maximum file size for session ""ReadyBoot"" has been reached. As a result, events might be lost (not logged) to file ""C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl"". The maximum files size is currently set to 20971520 bytes."
Error 4/14/2012 12:19:50 AM Service Control Manager 7011 None A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Warning 4/14/2012 12:19:05 AM Microsoft-Windows-Dhcp-Client 1003 Address Configuration State Event Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0x180373D21DAC. The following error occurred: 0x490. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Error 4/14/2012 12:19:05 AM Microsoft-Windows-Dhcp-Client 50034 Address Configuration State Event An error has occurred in initializing the adapter 11. Error Code is 0x490
Error 4/14/2012 12:19:03 AM Service Control Manager 7023 None "The Windows Defender service terminated with the following error:
The specified module could not be found."
Error 4/14/2012 12:19:01 AM NetBT 4311 None "Initialization failed because the driver device could not be created. Use the string ""9439E5589FE9"" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. "
Error 4/14/2012 12:19:01 AM NetBT 4311 None "Initialization failed because the driver device could not be created. Use the string ""9439E5589FE9"" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. "
Warning 4/14/2012 12:18:21 AM Microsoft-Windows-WLAN-AutoConfig 4001 None "WLAN AutoConfig service has successfully stopped.
"
Warning 4/14/2012 12:18:21 AM Microsoft-Windows-WLAN-AutoConfig 10002 None "WLAN Extensibility Module has stopped.

Module Path: C:\Windows\System32\bcmihvsrv64.dll
"
Error 4/14/2012 12:18:17 AM Microsoft-Windows-DistributedCOM 10010 None The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
Error 4/14/2012 12:18:16 AM Service Control Manager 7030 None The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error 4/14/2012 12:16:40 AM Service Control Manager 7030 None The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error 4/14/2012 12:13:06 AM Windows Backup 4104 None The backup was not successful. The error is: Windows Backup encountered an error when accessing the remote shared folder. (0x81000039).


----------------------------------------------------------------------------------------------------------------------------------
Here is the MBAM log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.14.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
a0187798 :: CNA0187798A [administrator]

4/14/2012 11:50:54 PM
mbam-log-2012-04-14 (23-50-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204950
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------------------------------------------------------------------------------------------------------------------------------
Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:16:49 AM, on 4/15/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Citrix\ICA Client\PNAMain.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: Citrix XenApp.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://tidemo2.webex.com/client/WBXclient-T27L10NSP30-13034/webex/ieatgpc1.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ent.ti.com,itg.ti.com,corp.ti.com,sc.ti.com,dal.design.ti.com,am.dhcp.ti.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ent.ti.com,itg.ti.com,corp.ti.com,sc.ti.com,dal.design.ti.com,am.dhcp.ti.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ent.ti.com,itg.ti.com,corp.ti.com,sc.ti.com,dal.design.ti.com,am.dhcp.ti.com
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\SysWOW64\atashost.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Product - 2011/09/30 20:19:01 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14396 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:36 PM

Posted 15 April 2012 - 12:57 AM

Greetings

if by the time we are done and your network problem has not been fixed then you may need to go to the network forum


:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
      O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
      O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
      O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
      O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
      O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
      O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
      O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
      O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - Global Startup: Citrix XenApp.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Paul2.0

Paul2.0
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 15 April 2012 - 11:19 AM

Hi,

Here are the results from ESET Online Scanner:

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

Is this malware or Dell-ware?

Regards,
Paul

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:36 PM

Posted 15 April 2012 - 12:57 PM

Hello

The Online scan looks very good!!

These are false Positives - (Dell-ware) :lol:


C:\Program Files (x86)\Dell DataSafe Local Backup\<-- Dell backup program

[/list]

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Paul2.0

Paul2.0
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 15 April 2012 - 02:59 PM

Hi,

Thanks so much for your help!

The procedure you gave me deleted my system restore point, but I also use the Windows 7 backup software to backup all my documents to an external network drive. Do I need to now wipe out all my backups because the System Check virus may have been backed up?

I have a couple more questions if you don't mind for my own future reference.

The https://community.mcafee.com/docs/DOC-2168 web site says that the first thing to try when removing malware is system restore; however, elsewhere I read that once you are infected you have to assume the restore points might also be infected. What is your opinion about using system restore when you get an infection?

I'm also a bit puzzled as to how I got the virus. I am always careful to click on the "X" button to close pop ups rather than on any button in the pop up window. That's what I did this time as well. I read somewhere that clicking on the "X" button is not totally safe and that instead you should always kill the pop-up from the task manager. That would seem to be a real pain. Is that what you recommend as well?

Regards,
Paul

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:36 PM

Posted 15 April 2012 - 04:52 PM

Hello

The procedure you gave me deleted my system restore point, but I also use the Windows 7 backup software to backup all my documents to an external network drive. Do I need to now wipe out all my backups because the System Check virus may have been backed up?

I would and make new ones

The https://community.mcafee.com/docs/DOC-2168 web site says that the first thing to try when removing malware is system restore; however, elsewhere I read that once you are infected you have to assume the restore points might also be infected. What is your opinion about using system restore when you get an infection?

It would be a place to start to keep things from getting worse or to relieve the symptoms but it is by no means the only thing that needs to be done - I would still get checked out

There is also allot of virus that system restore would not even slow down

I'm also a bit puzzled as to how I got the virus. I am always careful to click on the "X" button to close pop ups rather than on any button in the pop up window. That's what I did this time as well. I read somewhere that clicking on the "X" button is not totally safe and that instead you should always kill the pop-up from the task manager. That would seem to be a real pain. Is that what you recommend as well?

virus change everyday and what was true today would not be tru in two days

but the safest thing to do in that case would be to hit "Ctrl+F4" that will close the active window without needing to hit any x or anything

Try it!!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Paul2.0

Paul2.0
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 15 April 2012 - 07:33 PM

Sounds good.

I also posted on the Networking forum to get help with the file/printer sharing problem as you suggested and "The Coolest BC Computer" is helping me.

Thanks again for your help!

Paul




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users