Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Keeps Redirecting


  • This topic is locked This topic is locked
20 replies to this topic

#1 achisri

achisri

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 24 June 2012 - 03:54 PM

Hi,

My laptop is having google redirect issue. as per request from Naren. I am reopening this new thread.
I had given DDS log file & Attached "attach" log.

http://www.bleepingcomputer.com/forums/topic458153.html/page__st__15__gopid__2741427#entry2741427


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by achisreeni at 16:35:40 on 2012-06-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.5998 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\dleacoms.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\achisreeni\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Users\achisreeni\Desktop\aswMBR.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\TextPad 5\TextPad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Octoshape Streaming Services] "C:\Users\achisreeni\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [Octoshape] rundll32.exe "C:\Users\achisreeni\AppData\Local\TVU Networks\Octoshape\htngacy.dll",CreateInstance
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\ACHISR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEM~1.LNK - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
Trusted Zone: icicibank.co.in\infinity
Trusted Zone: toolwire.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D333B2B-E3D0-4F24-A6B4-1C7C427E3319} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6D333B2B-E3D0-4F24-A6B4-1C7C427E3319}\2375942554737353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6D333B2B-E3D0-4F24-A6B4-1C7C427E3319}\2756464697 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{6D333B2B-E3D0-4F24-A6B4-1C7C427E3319}\73735384F4D454 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{91C7A7DC-80A8-414A-9815-617550BB2D96} : DhcpNameServer = 192.168.10.1
Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
Filter: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\achisreeni\AppData\Roaming\Mozilla\Firefox\Profiles\uxyxuqp6.default\
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\achisreeni\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\achisreeni\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\achisreeni\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\achisreeni\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\system32\DRIVERS\ctxusbm.sys --> C:\windows\system32\DRIVERS\ctxusbm.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-6-14 89600]
R2 dlea_device;dlea_device;C:\windows\system32\dleacoms.exe -service --> C:\windows\system32\dleacoms.exe -service [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-14 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-17 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-6-14 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-6-14 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-14 1692480]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-8 2984832]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys --> C:\windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-14 2655768]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\system32\DRIVERS\btmaux.sys --> C:\windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\windows\system32\DRIVERS\btmhsf.sys --> C:\windows\system32\DRIVERS\btmhsf.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\windows\system32\DRIVERS\iBtFltCoex.sys --> C:\windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-9 116648]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 250056]
S3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-9 116648]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-6-14 220528]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-24 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-9 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-24 13:25:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-24 03:22:32 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-24 03:13:58 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-06-24 03:13:56 3216384 ----a-w- C:\windows\System32\msi.dll
2012-06-24 03:13:56 2342400 ----a-w- C:\windows\SysWow64\msi.dll
2012-06-24 03:12:23 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-06-24 03:12:22 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-06-24 03:12:22 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-06-24 03:12:21 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-06-24 03:12:21 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-06-24 03:12:20 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-06-24 01:44:06 -------- d-----w- C:\Users\achisreeni\AppData\Local\Macromedia
2012-06-20 01:26:46 116016 ----a-w- C:\windows\System32\drivers\19654497.sys
2012-06-18 01:00:01 -------- d-----w- C:\ProgramData\HitmanPro
2012-06-17 14:13:48 -------- d-----w- C:\Users\achisreeni\AppData\Roaming\Babylon
2012-06-17 14:13:48 -------- d-----w- C:\ProgramData\Babylon
2012-06-14 22:43:35 -------- d-----w- C:\Program Files\iTunes
2012-06-14 22:43:35 -------- d-----w- C:\Program Files\iPod
2012-06-14 22:43:35 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-14 13:41:13 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-06-24 03:28:40 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 03:28:40 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-04-19 00:56:30 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2012-04-04 19:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 16:36:38.25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 AM

Posted 24 June 2012 - 11:42 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 achisri

achisri
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 25 June 2012 - 09:59 PM

Thanks Gringo,

Here is the first log.

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 30
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 AM

Posted 25 June 2012 - 10:21 PM

ok send me the next one when it is ready


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 achisri

achisri
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 25 June 2012 - 10:38 PM

I am trying to disable MCAFEE Antivirus. But first option , I am not seeing Exit option when i did Right Click.


MCAFEE ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a sign.•Right-click it -> chose "Exit."
•A popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.

Please see the attachment.

And also I am not able to see below one as well. Not sure how to diable McaFee, If i know how to disable Mcafee, then i will start running ComboFix.

I had already disabled Malware Bytes s/w.




MCAFEE SECURITY CENTER 7.1
Please navigate to the system tray and double-click the taskbar icon to open Security Center.•Click Advanced Menu (bottom mid-left).

•Click Configure (left).

•Click Computer & Files (top left).

•VirusScan can be disabled in the right-hand module and set when it should resume or you can do that manually later on.

•Do the same via Internet & Network for Firewall Plus.
Instructions to disable McAfee Security

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 AM

Posted 25 June 2012 - 10:50 PM

go ahead and turn off what you can and go ahead and run it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 achisri

achisri
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 26 June 2012 - 07:33 PM

Thanks for info. I am not able to disable McaFee, I am going to run Combofix and update you log soon.
Sorry for the dealy, I am getting time to work on this personal laptop issue only after coming from office.

#8 achisri

achisri
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 26 June 2012 - 08:12 PM

Here is the Log for ComboFix.

ComboFix 12-06-26.02 - achisreeni 06/26/2012 20:46:25.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.6607 [GMT -4:00]
Running from: c:\users\achisreeni\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\achisreeni\AppData\Local\assembly\tmp
c:\users\achisreeni\AppData\Local\TVU Networks\Octoshape\htngacy.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 00:57 . 2012-06-27 00:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 01:23 . 2012-06-26 01:23 -------- d-----w- c:\users\achisreeni\AppData\Roaming\SUPERAntiSpyware.com
2012-06-26 01:22 . 2012-06-26 02:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-26 01:22 . 2012-06-26 01:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-24 13:25 . 2012-06-24 13:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-24 03:22 . 2012-06-24 03:22 -------- d-----w- c:\program files (x86)\ESET
2012-06-24 03:13 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-24 03:13 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-24 03:13 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-24 03:12 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-24 03:12 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-24 03:12 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-24 03:12 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-24 03:12 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-24 03:12 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-24 01:44 . 2012-06-24 01:44 -------- d-----w- c:\users\achisreeni\AppData\Local\Macromedia
2012-06-20 01:26 . 2012-06-20 01:26 116016 ----a-w- c:\windows\system32\drivers\19654497.sys
2012-06-18 01:00 . 2012-06-24 02:07 -------- d-----w- c:\programdata\HitmanPro
2012-06-17 14:13 . 2012-06-17 14:13 -------- d-----w- c:\users\achisreeni\AppData\Roaming\Babylon
2012-06-17 14:13 . 2012-06-17 14:13 -------- d-----w- c:\programdata\Babylon
2012-06-14 22:43 . 2012-06-24 02:52 -------- d-----w- c:\program files\iTunes
2012-06-14 22:43 . 2012-06-24 02:52 -------- d-----w- c:\program files\iPod
2012-06-14 22:43 . 2012-06-24 02:52 -------- d-----w- c:\program files (x86)\iTunes
2012-06-14 13:41 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 12:44 . 2012-04-18 11:42 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-25 12:44 . 2011-10-06 15:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-04 19:56 . 2011-11-29 01:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-09 12:23 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Octoshape Streaming Services"="c:\users\achisreeni\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2011-03-24 107800]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-05 559616]
.
c:\users\achisreeni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageMixer 3 SE Camera Monitor Ver.5.lnk - c:\program files (x86)\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe [2011-10-2 253952]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 116648]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 257224]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 116648]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-04 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-04-25 87600]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-05-21 1052328]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-10-19 274432]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-11-04 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 12:44]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 01:34]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 01:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-21 3666800]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2011-01-24 139944]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"combofix"="c:\combofix\CF20417.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: icicibank.co.in\infinity
Trusted Zone: toolwire.com
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\achisreeni\AppData\Roaming\Mozilla\Firefox\Profiles\uxyxuqp6.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Octoshape - c:\users\achisreeni\AppData\Local\TVU Networks\Octoshape\htngacy.dll
SafeBoot-87616092.sys
AddRemove-{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1 - c:\program files (x86)\iolo\System Checkup\uninstscu.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-26 21:05:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 01:05
.
Pre-Run: 344,502,022,144 bytes free
Post-Run: 344,469,192,704 bytes free
.
- - End Of File - - A626C5AD968F425DFF74147610AF35E9

#9 achisri

achisri
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 26 June 2012 - 08:47 PM

after running Combo Fix I am not seeing Google Redirect issue. I will observer one more day and give you the status. But as of now I am not seeing Google Redirect Issue.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 AM

Posted 26 June 2012 - 08:49 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 achisri

achisri
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 26 June 2012 - 09:18 PM

Thanks Gringo. I will do the scan and post the logs soon.

#12 achisri

achisri
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 26 June 2012 - 09:24 PM

Here is the TDSS Killer log:

22:20:17.0388 7672 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
22:20:19.0393 7672 ============================================================
22:20:19.0393 7672 Current date / time: 2012/06/26 22:20:19.0393
22:20:19.0393 7672 SystemInfo:
22:20:19.0393 7672
22:20:19.0393 7672 OS Version: 6.1.7601 ServicePack: 1.0
22:20:19.0393 7672 Product type: Workstation
22:20:19.0394 7672 ComputerName: ACHISREENI-PC
22:20:19.0394 7672 UserName: achisreeni
22:20:19.0394 7672 Windows directory: C:\windows
22:20:19.0394 7672 System windows directory: C:\windows
22:20:19.0394 7672 Running under WOW64
22:20:19.0394 7672 Processor architecture: Intel x64
22:20:19.0394 7672 Number of processors: 4
22:20:19.0394 7672 Page size: 0x1000
22:20:19.0394 7672 Boot type: Normal boot
22:20:19.0394 7672 ============================================================
22:20:19.0999 7672 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:20:20.0004 7672 ============================================================
22:20:20.0004 7672 \Device\Harddisk0\DR0:
22:20:20.0004 7672 MBR partitions:
22:20:20.0004 7672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
22:20:20.0004 7672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x2FFC76F0
22:20:20.0020 7672 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x31D46800, BlocksNum 0x257FF000
22:20:20.0021 7672 ============================================================
22:20:20.0089 7672 C: <-> \Device\Harddisk0\DR0\Partition1
22:20:20.0155 7672 E: <-> \Device\Harddisk0\DR0\Partition2
22:20:20.0155 7672 ============================================================
22:20:20.0155 7672 Initialize success
22:20:20.0155 7672 ============================================================
22:20:27.0785 6868 ============================================================
22:20:27.0785 6868 Scan started
22:20:27.0785 6868 Mode: Manual; SigCheck; TDLFS;
22:20:27.0785 6868 ============================================================
22:20:28.0666 6868 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:20:28.0767 6868 !SASCORE - ok
22:20:29.0037 6868 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
22:20:29.0197 6868 1394ohci - ok
22:20:29.0291 6868 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
22:20:29.0319 6868 ACPI - ok
22:20:29.0356 6868 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
22:20:29.0432 6868 AcpiPmi - ok
22:20:29.0598 6868 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:20:29.0616 6868 AdobeARMservice - ok
22:20:29.0791 6868 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:20:29.0826 6868 AdobeFlashPlayerUpdateSvc - ok
22:20:29.0921 6868 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
22:20:29.0976 6868 adp94xx - ok
22:20:30.0037 6868 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
22:20:30.0077 6868 adpahci - ok
22:20:30.0104 6868 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
22:20:30.0123 6868 adpu320 - ok
22:20:30.0167 6868 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
22:20:30.0254 6868 AeLookupSvc - ok
22:20:30.0357 6868 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
22:20:30.0454 6868 AESTFilters - ok
22:20:30.0550 6868 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
22:20:30.0665 6868 AFD - ok
22:20:30.0718 6868 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
22:20:30.0754 6868 agp440 - ok
22:20:30.0789 6868 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
22:20:30.0840 6868 ALG - ok
22:20:30.0879 6868 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
22:20:30.0906 6868 aliide - ok
22:20:30.0923 6868 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
22:20:30.0934 6868 amdide - ok
22:20:30.0984 6868 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
22:20:31.0053 6868 AmdK8 - ok
22:20:31.0084 6868 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
22:20:31.0139 6868 AmdPPM - ok
22:20:31.0188 6868 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
22:20:31.0285 6868 amdsata - ok
22:20:31.0329 6868 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
22:20:31.0364 6868 amdsbs - ok
22:20:31.0381 6868 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
22:20:31.0424 6868 amdxata - ok
22:20:31.0507 6868 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys
22:20:31.0578 6868 ApfiltrService - ok
22:20:31.0636 6868 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
22:20:31.0754 6868 AppID - ok
22:20:31.0796 6868 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
22:20:31.0880 6868 AppIDSvc - ok
22:20:31.0914 6868 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
22:20:31.0987 6868 Appinfo - ok
22:20:32.0136 6868 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:20:32.0162 6868 Apple Mobile Device - ok
22:20:32.0216 6868 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
22:20:32.0253 6868 arc - ok
22:20:32.0281 6868 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
22:20:32.0316 6868 arcsas - ok
22:20:32.0343 6868 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
22:20:32.0434 6868 AsyncMac - ok
22:20:32.0481 6868 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
22:20:32.0498 6868 atapi - ok
22:20:32.0599 6868 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:20:32.0658 6868 AudioEndpointBuilder - ok
22:20:32.0663 6868 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:20:32.0698 6868 AudioSrv - ok
22:20:32.0763 6868 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
22:20:32.0853 6868 AxInstSV - ok
22:20:32.0939 6868 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
22:20:32.0975 6868 b06bdrv - ok
22:20:33.0040 6868 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
22:20:33.0111 6868 b57nd60a - ok
22:20:33.0162 6868 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
22:20:33.0216 6868 BDESVC - ok
22:20:33.0240 6868 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
22:20:33.0273 6868 Beep - ok
22:20:33.0370 6868 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
22:20:33.0464 6868 BFE - ok
22:20:33.0573 6868 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
22:20:33.0623 6868 BITS - ok
22:20:33.0702 6868 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
22:20:33.0726 6868 blbdrive - ok
22:20:33.0862 6868 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:20:33.0881 6868 Bonjour Service - ok
22:20:33.0922 6868 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
22:20:33.0995 6868 bowser - ok
22:20:34.0030 6868 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
22:20:34.0084 6868 BrFiltLo - ok
22:20:34.0108 6868 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
22:20:34.0147 6868 BrFiltUp - ok
22:20:34.0221 6868 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
22:20:34.0312 6868 BridgeMP - ok
22:20:34.0377 6868 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
22:20:34.0455 6868 Browser - ok
22:20:34.0496 6868 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
22:20:34.0562 6868 Brserid - ok
22:20:34.0585 6868 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
22:20:34.0618 6868 BrSerWdm - ok
22:20:34.0651 6868 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
22:20:34.0716 6868 BrUsbMdm - ok
22:20:34.0734 6868 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
22:20:34.0762 6868 BrUsbSer - ok
22:20:34.0817 6868 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
22:20:34.0885 6868 BthEnum - ok
22:20:34.0921 6868 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
22:20:34.0970 6868 BTHMODEM - ok
22:20:35.0014 6868 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
22:20:35.0074 6868 BthPan - ok
22:20:35.0164 6868 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
22:20:35.0270 6868 BTHPORT - ok
22:20:35.0327 6868 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
22:20:35.0410 6868 bthserv - ok
22:20:35.0440 6868 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
22:20:35.0497 6868 BTHUSB - ok
22:20:35.0552 6868 btmaux (16c1bac9760c9fa85a30f3fa0fbb1b7a) C:\windows\system32\DRIVERS\btmaux.sys
22:20:35.0612 6868 btmaux - ok
22:20:35.0685 6868 btmhsf (0c468d8da95be16bfdd380bb9de88259) C:\windows\system32\DRIVERS\btmhsf.sys
22:20:35.0786 6868 btmhsf - ok
22:20:35.0813 6868 catchme - ok
22:20:35.0868 6868 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
22:20:35.0928 6868 cdfs - ok
22:20:35.0994 6868 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
22:20:36.0079 6868 cdrom - ok
22:20:36.0124 6868 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:20:36.0226 6868 CertPropSvc - ok
22:20:36.0303 6868 cfwids (274ce03459896006f7a5069266e0469e) C:\windows\system32\drivers\cfwids.sys
22:20:36.0366 6868 cfwids - ok
22:20:36.0407 6868 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
22:20:36.0431 6868 circlass - ok
22:20:36.0494 6868 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
22:20:36.0525 6868 CLFS - ok
22:20:36.0599 6868 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:20:36.0634 6868 clr_optimization_v2.0.50727_32 - ok
22:20:36.0684 6868 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:20:36.0722 6868 clr_optimization_v2.0.50727_64 - ok
22:20:36.0819 6868 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:20:36.0883 6868 clr_optimization_v4.0.30319_32 - ok
22:20:36.0931 6868 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:20:37.0004 6868 clr_optimization_v4.0.30319_64 - ok
22:20:37.0036 6868 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
22:20:37.0050 6868 CmBatt - ok
22:20:37.0075 6868 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
22:20:37.0101 6868 cmdide - ok
22:20:37.0182 6868 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
22:20:37.0241 6868 CNG - ok
22:20:37.0293 6868 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
22:20:37.0325 6868 Compbatt - ok
22:20:37.0353 6868 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
22:20:37.0436 6868 CompositeBus - ok
22:20:37.0456 6868 COMSysApp - ok
22:20:37.0476 6868 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
22:20:37.0504 6868 crcdisk - ok
22:20:37.0550 6868 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
22:20:37.0595 6868 CryptSvc - ok
22:20:37.0674 6868 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\windows\system32\DRIVERS\CtClsFlt.sys
22:20:37.0766 6868 CtClsFlt - ok
22:20:37.0830 6868 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\windows\system32\DRIVERS\ctxusbm.sys
22:20:37.0896 6868 ctxusbm - ok
22:20:37.0953 6868 dc3d (1ca90212a99db6975c344826d11055c9) C:\windows\system32\DRIVERS\dc3d.sys
22:20:38.0009 6868 dc3d - ok
22:20:38.0096 6868 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:20:38.0164 6868 DcomLaunch - ok
22:20:38.0259 6868 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
22:20:38.0356 6868 defragsvc - ok
22:20:38.0407 6868 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
22:20:38.0501 6868 DfsC - ok
22:20:38.0591 6868 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
22:20:38.0660 6868 Dhcp - ok
22:20:38.0689 6868 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
22:20:38.0750 6868 discache - ok
22:20:38.0802 6868 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
22:20:38.0829 6868 Disk - ok
22:20:38.0861 6868 dlea_device - ok
22:20:38.0907 6868 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
22:20:38.0957 6868 Dnscache - ok
22:20:39.0012 6868 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
22:20:39.0098 6868 dot3svc - ok
22:20:39.0139 6868 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
22:20:39.0200 6868 DPS - ok
22:20:39.0245 6868 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
22:20:39.0319 6868 drmkaud - ok
22:20:39.0430 6868 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
22:20:39.0507 6868 DXGKrnl - ok
22:20:39.0550 6868 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
22:20:39.0692 6868 EapHost - ok
22:20:39.0938 6868 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
22:20:40.0126 6868 ebdrv - ok
22:20:40.0259 6868 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
22:20:40.0323 6868 EFS - ok
22:20:40.0447 6868 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
22:20:40.0561 6868 ehRecvr - ok
22:20:40.0606 6868 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
22:20:40.0643 6868 ehSched - ok
22:20:40.0758 6868 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
22:20:40.0789 6868 elxstor - ok
22:20:40.0811 6868 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
22:20:40.0862 6868 ErrDev - ok
22:20:40.0941 6868 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
22:20:40.0993 6868 EventSystem - ok
22:20:41.0259 6868 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:20:41.0313 6868 EvtEng - ok
22:20:41.0490 6868 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
22:20:41.0547 6868 exfat - ok
22:20:41.0577 6868 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
22:20:41.0652 6868 fastfat - ok
22:20:41.0748 6868 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
22:20:41.0779 6868 Fax - ok
22:20:41.0806 6868 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
22:20:41.0851 6868 fdc - ok
22:20:41.0884 6868 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
22:20:41.0961 6868 fdPHost - ok
22:20:41.0984 6868 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
22:20:42.0029 6868 FDResPub - ok
22:20:42.0070 6868 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
22:20:42.0096 6868 FileInfo - ok
22:20:42.0120 6868 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
22:20:42.0178 6868 Filetrace - ok
22:20:42.0212 6868 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
22:20:42.0245 6868 flpydisk - ok
22:20:42.0292 6868 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
22:20:42.0330 6868 FltMgr - ok
22:20:42.0449 6868 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
22:20:42.0519 6868 FontCache - ok
22:20:42.0608 6868 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:20:42.0670 6868 FontCache3.0.0.0 - ok
22:20:42.0724 6868 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
22:20:42.0755 6868 FsDepends - ok
22:20:42.0777 6868 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
22:20:42.0820 6868 Fs_Rec - ok
22:20:42.0883 6868 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
22:20:42.0943 6868 fvevol - ok
22:20:42.0962 6868 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
22:20:42.0976 6868 gagp30kx - ok
22:20:43.0028 6868 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:20:43.0084 6868 GEARAspiWDM - ok
22:20:43.0180 6868 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
22:20:43.0275 6868 gpsvc - ok
22:20:43.0405 6868 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:20:43.0418 6868 gupdate - ok
22:20:43.0420 6868 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:20:43.0429 6868 gupdatem - ok
22:20:43.0465 6868 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
22:20:43.0505 6868 hcw85cir - ok
22:20:43.0590 6868 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
22:20:43.0681 6868 HdAudAddService - ok
22:20:43.0718 6868 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
22:20:43.0777 6868 HDAudBus - ok
22:20:43.0780 6868 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
22:20:43.0794 6868 HidBatt - ok
22:20:43.0829 6868 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
22:20:43.0867 6868 HidBth - ok
22:20:43.0905 6868 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
22:20:43.0953 6868 HidIr - ok
22:20:43.0994 6868 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
22:20:44.0055 6868 hidserv - ok
22:20:44.0097 6868 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
22:20:44.0163 6868 HidUsb - ok
22:20:44.0201 6868 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
22:20:44.0301 6868 hkmsvc - ok
22:20:44.0358 6868 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
22:20:44.0431 6868 HomeGroupListener - ok
22:20:44.0481 6868 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
22:20:44.0581 6868 HomeGroupProvider - ok
22:20:44.0612 6868 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
22:20:44.0677 6868 HpSAMD - ok
22:20:44.0769 6868 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
22:20:44.0873 6868 HTTP - ok
22:20:44.0906 6868 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
22:20:44.0962 6868 hwpolicy - ok
22:20:44.0998 6868 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
22:20:45.0036 6868 i8042prt - ok
22:20:45.0119 6868 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
22:20:45.0155 6868 iaStor - ok
22:20:45.0215 6868 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:20:45.0242 6868 IAStorDataMgrSvc - ok
22:20:45.0323 6868 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
22:20:45.0403 6868 iaStorV - ok
22:20:45.0441 6868 iBtFltCoex (fc85972037815fa7b413e790b426acb2) C:\windows\system32\DRIVERS\iBtFltCoex.sys
22:20:45.0503 6868 iBtFltCoex - ok
22:20:45.0655 6868 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:20:45.0721 6868 idsvc - ok
22:20:46.0450 6868 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\windows\system32\DRIVERS\igdkmd64.sys
22:20:46.0879 6868 igfx - ok
22:20:47.0035 6868 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
22:20:47.0074 6868 iirsp - ok
22:20:47.0180 6868 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
22:20:47.0239 6868 IKEEXT - ok
22:20:47.0317 6868 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
22:20:47.0398 6868 IntcDAud - ok
22:20:47.0452 6868 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
22:20:47.0474 6868 intelide - ok
22:20:47.0516 6868 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
22:20:47.0567 6868 intelppm - ok
22:20:47.0600 6868 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
22:20:47.0686 6868 IPBusEnum - ok
22:20:47.0724 6868 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:20:47.0829 6868 IpFilterDriver - ok
22:20:47.0941 6868 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
22:20:48.0013 6868 iphlpsvc - ok
22:20:48.0056 6868 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
22:20:48.0136 6868 IPMIDRV - ok
22:20:48.0209 6868 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
22:20:48.0318 6868 IPNAT - ok
22:20:48.0497 6868 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
22:20:48.0525 6868 iPod Service - ok
22:20:48.0548 6868 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
22:20:48.0606 6868 IRENUM - ok
22:20:48.0635 6868 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
22:20:48.0664 6868 isapnp - ok
22:20:48.0714 6868 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
22:20:48.0790 6868 iScsiPrt - ok
22:20:48.0824 6868 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
22:20:48.0834 6868 kbdclass - ok
22:20:48.0865 6868 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
22:20:48.0953 6868 kbdhid - ok
22:20:48.0992 6868 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:20:49.0024 6868 KeyIso - ok
22:20:49.0046 6868 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
22:20:49.0104 6868 KSecDD - ok
22:20:49.0135 6868 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
22:20:49.0203 6868 KSecPkg - ok
22:20:49.0229 6868 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
22:20:49.0307 6868 ksthunk - ok
22:20:49.0380 6868 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
22:20:49.0442 6868 KtmRm - ok
22:20:49.0515 6868 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
22:20:49.0557 6868 LanmanServer - ok
22:20:49.0604 6868 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
22:20:49.0666 6868 LanmanWorkstation - ok
22:20:49.0710 6868 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
22:20:49.0782 6868 lltdio - ok
22:20:49.0845 6868 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
22:20:49.0915 6868 lltdsvc - ok
22:20:49.0943 6868 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
22:20:49.0975 6868 lmhosts - ok
22:20:50.0113 6868 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:20:50.0137 6868 LMS - ok
22:20:50.0181 6868 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
22:20:50.0205 6868 LSI_FC - ok
22:20:50.0243 6868 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
22:20:50.0257 6868 LSI_SAS - ok
22:20:50.0280 6868 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
22:20:50.0294 6868 LSI_SAS2 - ok
22:20:50.0322 6868 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
22:20:50.0338 6868 LSI_SCSI - ok
22:20:50.0365 6868 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
22:20:50.0447 6868 luafv - ok
22:20:50.0510 6868 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
22:20:50.0582 6868 MBAMProtector - ok
22:20:50.0727 6868 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:20:50.0767 6868 MBAMService - ok
22:20:50.0892 6868 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:20:50.0917 6868 McAfee SiteAdvisor Service - ok
22:20:51.0011 6868 McAWFwk (b6bd99c3e23507a732c474caa620c0d7) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
22:20:51.0095 6868 McAWFwk - ok
22:20:51.0197 6868 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
22:20:51.0285 6868 McComponentHostService - ok
22:20:51.0301 6868 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:20:51.0312 6868 McMPFSvc - ok
22:20:51.0315 6868 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:20:51.0328 6868 mcmscsvc - ok
22:20:51.0336 6868 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:20:51.0348 6868 McNaiAnn - ok
22:20:51.0351 6868 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:20:51.0364 6868 McNASvc - ok
22:20:51.0457 6868 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\mcafee\VirusScan\mcods.exe
22:20:51.0487 6868 McODS - ok
22:20:51.0491 6868 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:20:51.0502 6868 McOobeSv - ok
22:20:51.0522 6868 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:20:51.0534 6868 McProxy - ok
22:20:51.0611 6868 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:20:51.0670 6868 McShield - ok
22:20:51.0817 6868 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
22:20:51.0911 6868 Mcx2Svc - ok
22:20:51.0956 6868 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
22:20:51.0994 6868 megasas - ok
22:20:52.0037 6868 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
22:20:52.0078 6868 MegaSR - ok
22:20:52.0115 6868 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\windows\system32\DRIVERS\HECIx64.sys
22:20:52.0176 6868 MEIx64 - ok
22:20:52.0247 6868 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\windows\system32\drivers\mfeapfk.sys
22:20:52.0300 6868 mfeapfk - ok
22:20:52.0346 6868 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\windows\system32\drivers\mfeavfk.sys
22:20:52.0413 6868 mfeavfk - ok
22:20:52.0438 6868 mfeavfk01 - ok
22:20:52.0490 6868 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:20:52.0543 6868 mfefire - ok
22:20:52.0614 6868 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\windows\system32\drivers\mfefirek.sys
22:20:52.0693 6868 mfefirek - ok
22:20:52.0802 6868 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\windows\system32\drivers\mfehidk.sys
22:20:52.0858 6868 mfehidk - ok
22:20:52.0895 6868 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\windows\system32\DRIVERS\mfenlfk.sys
22:20:52.0956 6868 mfenlfk - ok
22:20:53.0010 6868 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\windows\system32\drivers\mferkdet.sys
22:20:53.0097 6868 mferkdet - ok
22:20:53.0137 6868 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
22:20:53.0166 6868 mfevtp - ok
22:20:53.0213 6868 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\windows\system32\drivers\mfewfpk.sys
22:20:53.0266 6868 mfewfpk - ok
22:20:53.0390 6868 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:20:53.0467 6868 Microsoft Office Groove Audit Service - ok
22:20:53.0494 6868 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:20:53.0570 6868 MMCSS - ok
22:20:53.0608 6868 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
22:20:53.0687 6868 Modem - ok
22:20:53.0720 6868 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
22:20:53.0765 6868 monitor - ok
22:20:53.0841 6868 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
22:20:53.0883 6868 mouclass - ok
22:20:53.0918 6868 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
22:20:53.0975 6868 mouhid - ok
22:20:54.0015 6868 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
22:20:54.0071 6868 mountmgr - ok
22:20:54.0173 6868 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:20:54.0255 6868 MozillaMaintenance - ok
22:20:54.0309 6868 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
22:20:54.0371 6868 mpio - ok
22:20:54.0405 6868 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
22:20:54.0471 6868 mpsdrv - ok
22:20:54.0643 6868 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
22:20:54.0737 6868 MpsSvc - ok
22:20:54.0784 6868 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
22:20:54.0877 6868 MRxDAV - ok
22:20:54.0935 6868 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
22:20:55.0014 6868 mrxsmb - ok
22:20:55.0079 6868 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:20:55.0193 6868 mrxsmb10 - ok
22:20:55.0240 6868 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:20:55.0322 6868 mrxsmb20 - ok
22:20:55.0350 6868 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
22:20:55.0418 6868 msahci - ok
22:20:55.0463 6868 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
22:20:55.0542 6868 msdsm - ok
22:20:55.0584 6868 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
22:20:55.0641 6868 MSDTC - ok
22:20:55.0676 6868 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
22:20:55.0729 6868 Msfs - ok
22:20:55.0757 6868 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
22:20:55.0855 6868 mshidkmdf - ok
22:20:55.0898 6868 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
22:20:55.0925 6868 msisadrv - ok
22:20:56.0013 6868 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
22:20:56.0111 6868 MSiSCSI - ok
22:20:56.0113 6868 msiserver - ok
22:20:56.0237 6868 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:20:56.0258 6868 MSK80Service - ok
22:20:56.0280 6868 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
22:20:56.0327 6868 MSKSSRV - ok
22:20:56.0344 6868 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
22:20:56.0418 6868 MSPCLOCK - ok
22:20:56.0446 6868 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
22:20:56.0498 6868 MSPQM - ok
22:20:56.0562 6868 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
22:20:56.0613 6868 MsRPC - ok
22:20:56.0644 6868 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
22:20:56.0673 6868 mssmbios - ok
22:20:56.0686 6868 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
22:20:56.0734 6868 MSTEE - ok
22:20:56.0754 6868 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
22:20:56.0790 6868 MTConfig - ok
22:20:56.0824 6868 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
22:20:56.0857 6868 Mup - ok
22:20:56.0975 6868 MyWiFiDHCPDNS (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:20:57.0026 6868 MyWiFiDHCPDNS - ok
22:20:57.0095 6868 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
22:20:57.0171 6868 napagent - ok
22:20:57.0239 6868 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
22:20:57.0311 6868 NativeWifiP - ok
22:20:57.0430 6868 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
22:20:57.0467 6868 NDIS - ok
22:20:57.0497 6868 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
22:20:57.0531 6868 NdisCap - ok
22:20:57.0569 6868 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
22:20:57.0648 6868 NdisTapi - ok
22:20:57.0709 6868 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
22:20:57.0792 6868 Ndisuio - ok
22:20:57.0836 6868 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
22:20:57.0972 6868 NdisWan - ok
22:20:58.0020 6868 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
22:20:58.0103 6868 NDProxy - ok
22:20:58.0126 6868 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
22:20:58.0192 6868 NetBIOS - ok
22:20:58.0251 6868 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
22:20:58.0344 6868 NetBT - ok
22:20:58.0381 6868 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:20:58.0413 6868 Netlogon - ok
22:20:58.0496 6868 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
22:20:58.0575 6868 Netman - ok
22:20:58.0641 6868 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
22:20:58.0697 6868 netprofm - ok
22:20:58.0784 6868 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:20:58.0834 6868 NetTcpPortSharing - ok
22:20:59.0334 6868 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\windows\system32\DRIVERS\NETwNs64.sys
22:20:59.0667 6868 NETwNs64 - ok
22:20:59.0827 6868 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
22:20:59.0854 6868 nfrd960 - ok
22:20:59.0915 6868 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
22:20:59.0960 6868 NlaSvc - ok
22:21:00.0256 6868 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
22:21:00.0297 6868 NOBU - ok
22:21:00.0443 6868 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
22:21:00.0480 6868 Npfs - ok
22:21:00.0508 6868 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
22:21:00.0559 6868 nsi - ok
22:21:00.0563 6868 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
22:21:00.0615 6868 nsiproxy - ok
22:21:00.0802 6868 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
22:21:00.0884 6868 Ntfs - ok
22:21:01.0043 6868 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
22:21:01.0077 6868 Null - ok
22:21:01.0110 6868 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\windows\system32\DRIVERS\nusb3hub.sys
22:21:01.0176 6868 nusb3hub - ok
22:21:01.0208 6868 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\windows\system32\DRIVERS\nusb3xhc.sys
22:21:01.0305 6868 nusb3xhc - ok
22:21:01.0366 6868 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
22:21:01.0444 6868 nvraid - ok
22:21:01.0473 6868 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
22:21:01.0525 6868 nvstor - ok
22:21:01.0568 6868 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
22:21:01.0600 6868 nv_agp - ok
22:21:01.0763 6868 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:21:01.0871 6868 odserv - ok
22:21:01.0909 6868 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
22:21:01.0955 6868 ohci1394 - ok
22:21:02.0016 6868 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:21:02.0081 6868 ose - ok
22:21:02.0139 6868 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:21:02.0185 6868 p2pimsvc - ok
22:21:02.0244 6868 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
22:21:02.0270 6868 p2psvc - ok
22:21:02.0304 6868 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
22:21:02.0340 6868 Parport - ok
22:21:02.0373 6868 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
22:21:02.0438 6868 partmgr - ok
22:21:02.0477 6868 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
22:21:02.0534 6868 PcaSvc - ok
22:21:02.0633 6868 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
22:21:02.0684 6868 pci - ok
22:21:02.0723 6868 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
22:21:02.0736 6868 pciide - ok
22:21:02.0775 6868 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
22:21:02.0812 6868 pcmcia - ok
22:21:02.0829 6868 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
22:21:02.0841 6868 pcw - ok
22:21:02.0944 6868 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
22:21:03.0031 6868 PEAUTH - ok
22:21:03.0127 6868 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
22:21:03.0185 6868 PerfHost - ok
22:21:03.0406 6868 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
22:21:03.0549 6868 pla - ok
22:21:03.0637 6868 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
22:21:03.0692 6868 PlugPlay - ok
22:21:03.0733 6868 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
22:21:03.0762 6868 PNRPAutoReg - ok
22:21:03.0819 6868 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:21:03.0849 6868 PNRPsvc - ok
22:21:03.0925 6868 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
22:21:03.0994 6868 Point64 - ok
22:21:04.0069 6868 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
22:21:04.0177 6868 PolicyAgent - ok
22:21:04.0231 6868 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
22:21:04.0274 6868 Power - ok
22:21:04.0326 6868 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
22:21:04.0474 6868 PptpMiniport - ok
22:21:04.0503 6868 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
22:21:04.0544 6868 Processor - ok
22:21:04.0601 6868 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
22:21:04.0649 6868 ProfSvc - ok
22:21:04.0680 6868 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:21:04.0714 6868 ProtectedStorage - ok
22:21:04.0770 6868 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
22:21:04.0832 6868 Psched - ok
22:21:04.0897 6868 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
22:21:04.0958 6868 PxHlpa64 - ok
22:21:05.0102 6868 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
22:21:05.0211 6868 ql2300 - ok
22:21:05.0384 6868 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
22:21:05.0432 6868 ql40xx - ok
22:21:05.0487 6868 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
22:21:05.0517 6868 QWAVE - ok
22:21:05.0533 6868 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
22:21:05.0585 6868 QWAVEdrv - ok
22:21:05.0606 6868 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
22:21:05.0692 6868 RasAcd - ok
22:21:05.0754 6868 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
22:21:05.0830 6868 RasAgileVpn - ok
22:21:05.0848 6868 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
22:21:05.0896 6868 RasAuto - ok
22:21:05.0946 6868 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
22:21:06.0058 6868 Rasl2tp - ok
22:21:06.0123 6868 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
22:21:06.0202 6868 RasMan - ok
22:21:06.0229 6868 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
22:21:06.0264 6868 RasPppoe - ok
22:21:06.0308 6868 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
22:21:06.0369 6868 RasSstp - ok
22:21:06.0434 6868 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
22:21:06.0525 6868 rdbss - ok
22:21:06.0542 6868 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
22:21:06.0559 6868 rdpbus - ok
22:21:06.0583 6868 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
22:21:06.0651 6868 RDPCDD - ok
22:21:06.0682 6868 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
22:21:06.0765 6868 RDPENCDD - ok
22:21:06.0800 6868 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
22:21:06.0831 6868 RDPREFMP - ok
22:21:06.0880 6868 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
22:21:06.0962 6868 RDPWD - ok
22:21:07.0037 6868 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
22:21:07.0090 6868 rdyboost - ok
22:21:07.0240 6868 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:21:07.0310 6868 RegSrvc - ok
22:21:07.0371 6868 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
22:21:07.0483 6868 RemoteAccess - ok
22:21:07.0522 6868 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
22:21:07.0581 6868 RemoteRegistry - ok
22:21:07.0673 6868 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
22:21:07.0729 6868 RFCOMM - ok
22:21:07.0976 6868 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
22:21:08.0088 6868 RoxMediaDB12OEM - ok
22:21:08.0148 6868 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
22:21:08.0234 6868 RoxWatch12 - ok
22:21:08.0361 6868 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
22:21:08.0415 6868 RpcEptMapper - ok
22:21:08.0444 6868 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
22:21:08.0506 6868 RpcLocator - ok
22:21:08.0580 6868 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:21:08.0632 6868 RpcSs - ok
22:21:08.0689 6868 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
22:21:08.0751 6868 rspndr - ok
22:21:08.0833 6868 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
22:21:08.0895 6868 RSUSBSTOR - ok
22:21:08.0967 6868 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\windows\system32\DRIVERS\Rt64win7.sys
22:21:09.0020 6868 RTL8167 - ok
22:21:09.0048 6868 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:21:09.0059 6868 SamSs - ok
22:21:09.0157 6868 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:21:09.0217 6868 SASDIFSV - ok
22:21:09.0241 6868 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:21:09.0306 6868 SASKUTIL - ok
22:21:09.0346 6868 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
22:21:09.0429 6868 sbp2port - ok
22:21:09.0471 6868 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
22:21:09.0539 6868 SCardSvr - ok
22:21:09.0571 6868 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
22:21:09.0701 6868 scfilter - ok
22:21:09.0827 6868 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
22:21:09.0889 6868 Schedule - ok
22:21:09.0922 6868 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:21:09.0951 6868 SCPolicySvc - ok
22:21:09.0997 6868 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
22:21:10.0075 6868 SDRSVC - ok
22:21:10.0152 6868 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
22:21:10.0196 6868 secdrv - ok
22:21:10.0225 6868 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
22:21:10.0279 6868 seclogon - ok
22:21:10.0315 6868 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
22:21:10.0389 6868 SENS - ok
22:21:10.0407 6868 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
22:21:10.0453 6868 SensrSvc - ok
22:21:10.0493 6868 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
22:21:10.0528 6868 Serenum - ok
22:21:10.0570 6868 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
22:21:10.0627 6868 Serial - ok
22:21:10.0692 6868 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
22:21:10.0742 6868 sermouse - ok
22:21:10.0792 6868 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
22:21:10.0867 6868 SessionEnv - ok
22:21:10.0895 6868 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
22:21:10.0947 6868 sffdisk - ok
22:21:10.0971 6868 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
22:21:11.0004 6868 sffp_mmc - ok
22:21:11.0023 6868 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
22:21:11.0083 6868 sffp_sd - ok
22:21:11.0122 6868 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
22:21:11.0145 6868 sfloppy - ok
22:21:11.0373 6868 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:21:11.0401 6868 SftService - ok
22:21:11.0607 6868 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
22:21:11.0686 6868 SharedAccess - ok
22:21:11.0761 6868 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
22:21:11.0825 6868 ShellHWDetection - ok
22:21:11.0887 6868 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
22:21:11.0917 6868 SiSRaid2 - ok
22:21:11.0944 6868 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
22:21:11.0958 6868 SiSRaid4 - ok
22:21:12.0069 6868 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:21:14.0072 6868 SkypeUpdate - ok
22:21:14.0137 6868 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
22:21:14.0251 6868 Smb - ok
22:21:14.0302 6868 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
22:21:14.0372 6868 SNMPTRAP - ok
22:21:14.0400 6868 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
22:21:14.0433 6868 spldr - ok
22:21:14.0505 6868 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
22:21:14.0549 6868 Spooler - ok
22:21:14.0803 6868 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
22:21:14.0880 6868 sppsvc - ok
22:21:15.0020 6868 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
22:21:15.0083 6868 sppuinotify - ok
22:21:15.0162 6868 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
22:21:15.0272 6868 srv - ok
22:21:15.0331 6868 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
22:21:15.0423 6868 srv2 - ok
22:21:15.0463 6868 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
22:21:15.0568 6868 srvnet - ok
22:21:15.0636 6868 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
22:21:15.0704 6868 SSDPSRV - ok
22:21:15.0737 6868 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
22:21:15.0772 6868 SstpSvc - ok
22:21:15.0909 6868 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
22:21:15.0955 6868 STacSV - ok
22:21:15.0998 6868 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
22:21:16.0026 6868 stexstor - ok
22:21:16.0120 6868 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\windows\system32\DRIVERS\stwrt64.sys
22:21:16.0169 6868 STHDA - ok
22:21:16.0264 6868 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
22:21:16.0349 6868 stisvc - ok
22:21:16.0462 6868 stllssvr (7731f46ec0d687a931cba063e8f90ef0) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
22:21:16.0539 6868 stllssvr - ok
22:21:16.0566 6868 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
22:21:16.0578 6868 swenum - ok
22:21:16.0649 6868 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
22:21:16.0724 6868 swprv - ok
22:21:16.0908 6868 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
22:21:16.0980 6868 SysMain - ok
22:21:17.0131 6868 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
22:21:17.0219 6868 TabletInputService - ok
22:21:17.0285 6868 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
22:21:17.0357 6868 TapiSrv - ok
22:21:17.0398 6868 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
22:21:17.0450 6868 TBS - ok
22:21:17.0645 6868 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
22:21:17.0704 6868 Tcpip - ok
22:21:17.0975 6868 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
22:21:18.0007 6868 TCPIP6 - ok
22:21:18.0106 6868 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
22:21:18.0213 6868 tcpipreg - ok
22:21:18.0264 6868 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
22:21:18.0315 6868 TDPIPE - ok
22:21:18.0352 6868 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
22:21:18.0394 6868 TDTCP - ok
22:21:18.0436 6868 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
22:21:18.0502 6868 tdx - ok
22:21:18.0830 6868 TeamViewer7 (33966a658ff37e0c65d46e59f37e2380) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
22:21:18.0873 6868 TeamViewer7 - ok
22:21:19.0027 6868 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
22:21:19.0080 6868 TermDD - ok
22:21:19.0181 6868 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
22:21:19.0230 6868 TermService - ok
22:21:19.0263 6868 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
22:21:19.0322 6868 Themes - ok
22:21:19.0359 6868 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:21:19.0404 6868 THREADORDER - ok
22:21:19.0436 6868 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
22:21:19.0516 6868 TrkWks - ok
22:21:19.0581 6868 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
22:21:19.0637 6868 TrustedInstaller - ok
22:21:19.0665 6868 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
22:21:19.0743 6868 tssecsrv - ok
22:21:19.0806 6868 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
22:21:19.0854 6868 TsUsbFlt - ok
22:21:19.0924 6868 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
22:21:20.0021 6868 tunnel - ok
22:21:20.0071 6868 TurboB (fd24f98d2898be093fe926604be7db99) C:\windows\system32\DRIVERS\TurboB.sys
22:21:20.0134 6868 TurboB - ok
22:21:20.0206 6868 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
22:21:20.0282 6868 TurboBoost - ok
22:21:20.0304 6868 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
22:21:20.0317 6868 uagp35 - ok
22:21:20.0375 6868 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
22:21:20.0481 6868 udfs - ok
22:21:20.0520 6868 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
22:21:20.0556 6868 UI0Detect - ok
22:21:20.0602 6868 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
22:21:20.0625 6868 uliagpkx - ok
22:21:20.0659 6868 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
22:21:20.0702 6868 umbus - ok
22:21:20.0749 6868 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
22:21:20.0787 6868 UmPass - ok
22:21:21.0094 6868 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:21:21.0135 6868 UNS - ok
22:21:21.0297 6868 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
22:21:21.0367 6868 upnphost - ok
22:21:21.0467 6868 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
22:21:21.0549 6868 USBAAPL64 - ok
22:21:21.0596 6868 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
22:21:21.0687 6868 usbccgp - ok
22:21:21.0736 6868 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
22:21:21.0763 6868 usbcir - ok
22:21:21.0796 6868 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
22:21:21.0852 6868 usbehci - ok
22:21:21.0898 6868 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
22:21:21.0980 6868 usbhub - ok
22:21:22.0007 6868 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
22:21:22.0062 6868 usbohci - ok
22:21:22.0089 6868 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
22:21:22.0142 6868 usbprint - ok
22:21:22.0199 6868 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
22:21:22.0261 6868 usbscan - ok
22:21:22.0306 6868 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:21:22.0407 6868 USBSTOR - ok
22:21:22.0431 6868 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
22:21:22.0521 6868 usbuhci - ok
22:21:22.0598 6868 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
22:21:22.0684 6868 usbvideo - ok
22:21:22.0717 6868 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
22:21:22.0789 6868 UxSms - ok
22:21:22.0823 6868 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:21:22.0834 6868 VaultSvc - ok
22:21:22.0873 6868 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
22:21:22.0916 6868 vdrvroot - ok
22:21:22.0994 6868 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
22:21:23.0086 6868 vds - ok
22:21:23.0112 6868 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
22:21:23.0127 6868 vga - ok
22:21:23.0147 6868 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
22:21:23.0211 6868 VgaSave - ok
22:21:23.0250 6868 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
22:21:23.0321 6868 vhdmp - ok
22:21:23.0340 6868 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
22:21:23.0353 6868 viaide - ok
22:21:23.0377 6868 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
22:21:23.0423 6868 volmgr - ok
22:21:23.0486 6868 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
22:21:23.0561 6868 volmgrx - ok
22:21:23.0623 6868 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
22:21:23.0684 6868 volsnap - ok
22:21:23.0730 6868 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
22:21:23.0768 6868 vsmraid - ok
22:21:23.0951 6868 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
22:21:24.0023 6868 VSS - ok
22:21:24.0165 6868 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
22:21:24.0209 6868 vwifibus - ok
22:21:24.0240 6868 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
22:21:24.0279 6868 vwififlt - ok
22:21:24.0292 6868 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
22:21:24.0327 6868 vwifimp - ok
22:21:24.0395 6868 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
22:21:24.0445 6868 W32Time - ok
22:21:24.0459 6868 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
22:21:24.0474 6868 WacomPen - ok
22:21:24.0525 6868 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:21:24.0646 6868 WANARP - ok
22:21:24.0648 6868 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:21:24.0677 6868 Wanarpv6 - ok
22:21:24.0811 6868 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
22:21:24.0912 6868 WatAdminSvc - ok
22:21:25.0070 6868 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
22:21:25.0203 6868 wbengine - ok
22:21:25.0355 6868 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
22:21:25.0410 6868 WbioSrvc - ok
22:21:25.0471 6868 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
22:21:25.0574 6868 wcncsvc - ok
22:21:25.0579 6868 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
22:21:25.0603 6868 WcsPlugInService - ok
22:21:25.0660 6868 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
22:21:25.0687 6868 Wd - ok
22:21:25.0726 6868 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
22:21:25.0771 6868 WDC_SAM - ok
22:21:25.0861 6868 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
22:21:25.0887 6868 Wdf01000 - ok
22:21:25.0916 6868 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:21:25.0954 6868 WdiServiceHost - ok
22:21:25.0957 6868 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:21:25.0974 6868 WdiSystemHost - ok
22:21:26.0005 6868 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\windows\system32\DRIVERS\WDKMD.sys
22:21:26.0069 6868 wdkmd - ok
22:21:26.0132 6868 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
22:21:26.0237 6868 WebClient - ok
22:21:26.0287 6868 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
22:21:26.0366 6868 Wecsvc - ok
22:21:26.0384 6868 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
22:21:26.0414 6868 wercplsupport - ok
22:21:26.0452 6868 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
22:21:26.0482 6868 WerSvc - ok
22:21:26.0501 6868 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
22:21:26.0531 6868 WfpLwf - ok
22:21:26.0593 6868 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
22:21:26.0670 6868 WimFltr - ok
22:21:26.0691 6868 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
22:21:26.0702 6868 WIMMount - ok
22:21:26.0786 6868 WinDefend - ok
22:21:26.0801 6868 WinHttpAutoProxySvc - ok
22:21:26.0874 6868 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
22:21:26.0944 6868 Winmgmt - ok
22:21:27.0127 6868 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
22:21:27.0343 6868 WinRM - ok
22:21:27.0535 6868 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
22:21:27.0623 6868 WinUsb - ok
22:21:27.0730 6868 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
22:21:27.0794 6868 Wlansvc - ok
22:21:27.0863 6868 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:21:27.0910 6868 wlcrasvc - ok
22:21:28.0117 6868 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:21:28.0152 6868 wlidsvc - ok
22:21:28.0288 6868 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
22:21:28.0342 6868 WmiAcpi - ok
22:21:28.0438 6868 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
22:21:28.0509 6868 wmiApSrv - ok
22:21:28.0582 6868 WMPNetworkSvc - ok
22:21:28.0628 6868 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
22:21:28.0659 6868 WPCSvc - ok
22:21:28.0697 6868 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
22:21:28.0734 6868 WPDBusEnum - ok
22:21:28.0753 6868 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
22:21:28.0820 6868 ws2ifsl - ok
22:21:28.0881 6868 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
22:21:28.0954 6868 wscsvc - ok
22:21:28.0956 6868 WSearch - ok
22:21:29.0176 6868 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
22:21:29.0214 6868 wuauserv - ok
22:21:29.0385 6868 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
22:21:29.0521 6868 WudfPf - ok
22:21:29.0578 6868 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
22:21:29.0659 6868 WUDFRd - ok
22:21:29.0689 6868 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
22:21:29.0742 6868 wudfsvc - ok
22:21:29.0795 6868 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
22:21:29.0863 6868 WwanSvc - ok
22:21:29.0944 6868 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\windows\system32\DRIVERS\yk62x64.sys
22:21:30.0005 6868 yukonw7 - ok
22:21:30.0052 6868 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:21:30.0540 6868 \Device\Harddisk0\DR0 - ok
22:21:30.0547 6868 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
22:21:30.0550 6868 \Device\Harddisk0\DR0\Partition0 - ok
22:21:30.0577 6868 Boot (0x1200) (9e05a441814ce1409fe19cd0a6cfe62d) \Device\Harddisk0\DR0\Partition1
22:21:30.0580 6868 \Device\Harddisk0\DR0\Partition1 - ok
22:21:30.0597 6868 Boot (0x1200) (65fd84f727ca65ed192bf6e70ba5d5ab) \Device\Harddisk0\DR0\Partition2
22:21:30.0599 6868 \Device\Harddisk0\DR0\Partition2 - ok
22:21:30.0600 6868 ============================================================
22:21:30.0600 6868 Scan finished
22:21:30.0600 6868 ============================================================
22:21:30.0620 7504 Detected object count: 0
22:21:30.0620 7504 Actual detected object count: 0

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 AM

Posted 26 June 2012 - 09:29 PM

that looks good - I will be waiting for the aswMBR report for whern it is ready
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 achisri

achisri
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 26 June 2012 - 09:59 PM

Here is the AswMBR log.
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-26 22:35:11
-----------------------------
22:35:11.282 OS Version: Windows x64 6.1.7601 Service Pack 1
22:35:11.282 Number of processors: 4 586 0x2A07
22:35:11.283 ComputerName: ACHISREENI-PC UserName: achisreeni
22:35:12.940 Initialize success
22:35:19.614 AVAST engine defs: 12062601
22:35:26.284 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:35:26.289 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
22:35:26.306 Disk 0 MBR read successfully
22:35:26.312 Disk 0 MBR scan
22:35:26.322 Disk 0 Windows 7 default MBR code
22:35:26.347 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048
22:35:26.364 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
22:35:26.385 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 393102 MB offset 30926848
22:35:26.399 Disk 0 Partition - 00 0F Extended LBA 307199 MB offset 836001792
22:35:26.439 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 307198 MB offset 836003840
22:35:26.494 Disk 0 scanning C:\windows\system32\drivers
22:35:40.447 Service scanning
22:36:45.869 Modules scanning
22:36:45.887 Disk 0 trace - called modules:
22:36:45.913 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
22:36:45.916 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80090bc060]
22:36:45.920 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8007111b20]
22:36:45.923 5 ACPI.sys[fffff88000d777a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007150050]
22:36:47.214 AVAST engine scan C:\windows
22:36:54.147 AVAST engine scan C:\windows\system32
22:42:27.228 AVAST engine scan C:\windows\system32\drivers
22:42:50.111 AVAST engine scan C:\Users\achisreeni
22:49:44.670 AVAST engine scan C:\ProgramData
22:56:47.751 Scan finished successfully
22:57:02.517 Disk 0 MBR has been saved successfully to "C:\Users\achisreeni\Desktop\Scan resutls\2nd level\MBR.dat"
22:57:02.523 The log file has been saved successfully to "C:\Users\achisreeni\Desktop\Scan resutls\2nd level\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 AM

Posted 26 June 2012 - 10:37 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\achisreeni\AppData\Roaming\Babylon
c:\programdata\Babylon

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users