Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help me remove iLivid "virus"


  • This topic is locked This topic is locked
44 replies to this topic

#1 DaveP90

DaveP90

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 23 July 2012 - 06:29 PM

HERE WAS MY ORIGONAL POST. I HAD IT IN THE WRONG SPOT.

Hey guys,

So I was on Gatheringiofthevibes web site, and clicked a link to view the schedule they had for the weekend. It brought me to a new page asking me to download "iLivid" to view the contents. So I clicked the link, downloaded the "virus" :crazy: and now it's taken over my web browser.


I can no longer see any videos on youtube. It shows a black screen with "Watch now" and "Download"
All links I click like "next page" ect will bring me to a new website
Any pictures on Facebook will disappear and say iLivid in the top corner followed by "Watch now" and "Download" or will bring me to an add site
I believe it took over all "picture stuff" :crazy:



I've followed the directions on their website to delete the program, but this did nothing. I also contacted their support team :busy: in regards to the issue, and they did nothing but direct me back to their instruction on the web site :blink: . When I told them that it did not work and than I got a reply of "Sorry to hear about this, we will look into the issue"


It's been 5 days with no reply back. :angry:


I've run a system restore to a date before the download took place, but the program still exists.

I've done the old fashion Add/remove, uninstall "iLivid"

And I've searched for "iLivid.exe" in Regedit to delete it that way

I've also tried to "Shred" the file with MacAfee, and I've done numerous scans.



Nothing seems to work. Any Ideas on how I can fix this other than re-installing windows 7??


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30
Run by Dave at 19:05:07 on 2012-07-23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16364.13731 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: BullGuard Firewall *Disabled* {68747E43-7A47-EA26-053F-CB84640E3E67}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
C:\Windows\System32\SvcHost.exe -k BullGuard_LowPriv
C:\Windows\System32\SvcHost.exe -k BullGuard
C:\Windows\System32\SvcHost.exe -k BullGuard_Main
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\mspaint.exe
C:\Users\Dave\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120621213429.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: BullGuard Safe Browsing: {fc872b94-35e3-4b94-b028-184a2a1c7cce} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe"
mRun: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIO-RE~1.LNK - C:\Program Files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\system32\BGLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{82278856-8817-43C1-88D7-9E3D2E853F70} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CCC5BC8F-837D-4762-B20E-AAAD14583AEE} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: bglink - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
AppInit_DLLs: BgGamingMonitor.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120621213429.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: BullGuard Safe Browsing: {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll
BHO-X64: BullGuard Safe Browsing - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
AppInit_DLLs-X64: BgGamingMonitor.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\hdl4bgzz.default\
FF - prefs.js: keyword.URL - www.google.com
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 AFW;Agnitum Firewall Driver;C:\Windows\system32\DRIVERS\afw.sys --> C:\Windows\system32\DRIVERS\afw.sys [?]
R1 BdSpy;BdSpy;C:\Windows\system32\DRIVERS\BdSpy.sys --> C:\Windows\system32\DRIVERS\BdSpy.sys [?]
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2011-12-19 14136]
R1 BS_I2cIo;BS_I2cIo;\??\C:\Windows\system32\drivers\BS_I2c64.sys --> C:\Windows\system32\drivers\BS_I2c64.sys [?]
R1 BS_TPIO;BS_TPIO;\??\C:\Windows\system32\drivers\BS_TPIO64.sys --> C:\Windows\system32\drivers\BS_TPIO64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 NovaShieldFilterDriver;NovaShieldFilterDriver;C:\Windows\system32\DRIVERS\NSKernel.sys --> C:\Windows\system32\DRIVERS\NSKernel.sys [?]
R1 NovaShieldTDIDriver;NovaShieldTDIDriver;C:\Windows\system32\DRIVERS\NSNetmon.sys --> C:\Windows\system32\DRIVERS\NSNetmon.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BsBhvScan;BullGuard Behavioural Detection;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2011-12-21 383320]
R2 BsBrowser;BullGuard antiphishing service;C:\Windows\System32\SvcHost.exe -k BullGuard_LowPriv [2009-7-13 20992]
R2 BsFileScan;BullGuard on-access service;C:\Windows\System32\SvcHost.exe -k BullGuard [2009-7-13 20992]
R2 BsFire;BullGuard firewall service;C:\Windows\System32\SvcHost.exe -k BullGuard [2009-7-13 20992]
R2 BsMailProxy;BullGuard e-mail monitoring service;C:\Windows\System32\SvcHost.exe -k BullGuard [2009-7-13 20992]
R2 BsMain;BullGuard main service;C:\Windows\System32\SvcHost.exe -k BullGuard_Main [2009-7-13 20992]
R2 BsUpdate;BullGuard update service;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2012-5-29 409944]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-21 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-21 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-21 249936]
R2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-21 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-6-21 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-6-21 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-6-21 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 afwcore;afwcore;C:\Windows\system32\DRIVERS\afwcore.sys --> C:\Windows\system32\DRIVERS\afwcore.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BsScanner;BullGuard scanning service;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2011-12-19 341848]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 0158591343083963mcinstcleanup;McAfee Application Installer Cleanup (0158591343083963);C:\Windows\TEMP\015859~1.EXE -cleanup -nolog --> C:\Windows\TEMP\015859~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BgRaSvc;BgRaSvc;C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [2011-12-19 161112]
S3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys --> C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [?]
S3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys --> C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-6-21 225216]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-17 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-23 20:24:56 -------- d-----w- C:\Program Files (x86)\Phyxion.net
2012-07-23 14:24:51 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-19 01:13:28 -------- d-----w- C:\Windows\System32\appmgmt
2012-07-18 21:33:50 -------- d-----w- C:\Users\Dave\AppData\Local\Ilivid Player
2012-07-05 17:30:46 -------- d-----w- C:\Users\Dave\AppData\Local\Eastman Kodak Company
2012-07-05 17:29:25 -------- d-----w- C:\Windows\SysWow64\spool
2012-07-05 17:29:17 -------- d-----w- C:\Program Files (x86)\Kodak
2012-07-05 17:28:22 -------- d-----w- C:\Users\Dave\AppData\Roaming\Temp
2012-07-05 17:28:22 -------- d-----w- C:\ProgramData\Kodak
2012-07-01 02:01:09 -------- d-----w- C:\Windows\System32\EventProviders
2012-07-01 02:01:01 -------- d-----w- C:\ae286c543849dcd7272e9362cb2bee
2012-06-27 17:20:38 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-27 17:20:38 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-14 22:32:37 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-05-14 22:32:37 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-05-14 22:32:37 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-05-14 22:32:37 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 19:10:40.63 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,983 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 25 July 2012 - 01:58 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 DaveP90

DaveP90
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 25 July 2012 - 08:55 PM

I skipped the Cobofix step. I'm running Windows 7





Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
BullGuard Antivirus
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 30
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.55 Flash Player out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,983 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 25 July 2012 - 09:08 PM

Greetings


Combofix: runs on win 7 64 bit - please run it for me now



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 DaveP90

DaveP90
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 26 July 2012 - 07:21 PM

Oh okay, Sorry for the confusion.


ComboFix 12-07-27.02 - Dave 07/26/2012 19:55:18.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16364.13988 [GMT -4:00]
Running from: c:\users\Dave\Downloads\ComboFix.exe
AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: BullGuard Firewall *Disabled* {68747E43-7A47-EA26-053F-CB84640E3E67}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CAD8492B-114F-4329-B87D-EB253A8ADA5B}.xps
c:\users\Dave\AppData\Roaming\Local
c:\users\Dave\AppData\Roaming\Local\FalloutNV\Fallout.ini
c:\users\Dave\AppData\Roaming\Local\FalloutNV\FalloutPrefs.ini
c:\users\Dave\AppData\Roaming\Local\FalloutNV\NVDLCList.txt
c:\users\Dave\AppData\Roaming\Local\FalloutNV\plugins.txt
c:\users\Dave\AppData\Roaming\Local\FalloutNV\RendererInfo.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 00:15 . 2012-07-27 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-23 20:24 . 2012-07-23 20:24 -------- d-----w- c:\program files (x86)\Phyxion.net
2012-07-23 14:24 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-19 01:13 . 2012-07-19 01:13 -------- d-----w- c:\windows\system32\appmgmt
2012-07-18 21:33 . 2012-07-18 21:33 -------- d-----w- c:\users\Dave\AppData\Local\Ilivid Player
2012-07-05 17:30 . 2012-07-05 17:30 -------- d-----w- c:\users\Dave\AppData\Local\Eastman Kodak Company
2012-07-05 17:29 . 2012-07-05 17:29 -------- d-----w- c:\windows\SysWow64\spool
2012-07-05 17:29 . 2012-07-19 00:13 -------- d-----w- c:\program files (x86)\Kodak
2012-07-05 17:28 . 2012-07-19 00:13 -------- d-----w- c:\programdata\Kodak
2012-07-01 02:01 . 2012-07-01 02:01 -------- d-----w- c:\windows\system32\EventProviders
2012-07-01 02:01 . 2012-07-19 00:13 -------- d-----w- C:\ae286c543849dcd7272e9362cb2bee
2012-06-27 17:20 . 2012-06-27 17:20 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-27 17:20 . 2012-06-27 17:20 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 14:22 . 2011-12-19 13:33 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-18 23:44 . 2012-06-18 23:44 90112 ----a-w- c:\users\Dave\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2012-06-18 23:44 . 2012-06-18 23:44 24576 ----a-w- c:\users\Dave\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2012-06-18 23:44 . 2012-06-18 23:44 1339392 ----a-w- c:\users\Dave\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2012-06-02 22:19 . 2012-06-22 01:42 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 01:43 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 01:43 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 01:43 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 01:42 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 01:43 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 01:42 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 01:42 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 01:42 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 04:04 . 2012-06-19 16:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{894B425D-409E-49BB-8754-440ECFC4DE81}\mpengine.dll
2012-05-15 03:56 . 2012-06-13 00:36 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:52 . 2012-06-13 00:36 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:08 . 2012-06-13 00:36 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-14 22:38 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-05-14 22:38 . 2009-08-18 15:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-14 22:32 . 2012-05-14 22:32 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-14 22:32 . 2012-05-14 22:32 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-14 22:32 . 2012-05-14 22:32 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-14 22:32 . 2012-05-14 22:32 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-05-04 10:52 . 2012-06-13 00:36 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 00:36 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 00:36 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-13 00:36 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-13 00:36 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-12-20 1242448]
"Akamai NetSession Interface"="c:\users\Dave\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BiosNotice"="c:\program files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-10-13 1003008]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"BYR_AGENT"="c:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-03-15 392280]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BIO-Remote.lnk - c:\program files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe [2011-12-19 687616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\BgGamingMonitor.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0158591343083963mcinstcleanup;McAfee Application Installer Cleanup (0158591343083963);c:\windows\TEMP\015859~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [2011-12-19 161112]
R3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [2010-02-09 28680]
R3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [2010-02-09 196616]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-19 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 AFW;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2010-10-12 39528]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2011-12-19 66272]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2009-07-15 14136]
S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys [2010-05-17 15408]
S1 BS_TPIO;BS_TPIO;c:\windows\system32\drivers\BS_TPIO64.sys [2009-04-29 13360]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-19 254528]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys [2011-12-19 255560]
S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys [2011-12-19 25160]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-25 204288]
S2 BsBhvScan;BullGuard Behavioural Detection;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2011-12-21 383320]
S2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2012-05-29 409944]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [2010-10-12 424040]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-25 9359872]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-25 309760]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2011-12-19 341848]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-06 11474024]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2012-03-05 1696088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\BgGamingMonitor.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\BGLsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\hdl4bgzz.default\
FF - prefs.js: keyword.URL - www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-26 20:20:35
ComboFix-quarantined-files.txt 2012-07-27 00:20
.
Pre-Run: 130,618,867,712 bytes free
Post-Run: 131,347,496,960 bytes free
.
- - End Of File - - 8556EBE2A27F346FBD8917A4F2C1F90B

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,983 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 26 July 2012 - 08:35 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 DaveP90

DaveP90
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 27 July 2012 - 10:35 AM

23:23:50.0658 4116 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:23:51.0346 4116 ============================================================
23:23:51.0346 4116 Current date / time: 2012/07/26 23:23:51.0346
23:23:51.0346 4116 SystemInfo:
23:23:51.0346 4116
23:23:51.0346 4116 OS Version: 6.1.7600 ServicePack: 0.0
23:23:51.0346 4116 Product type: Workstation
23:23:51.0346 4116 ComputerName: DAVE-PC
23:23:51.0346 4116 UserName: Dave
23:23:51.0346 4116 Windows directory: C:\Windows
23:23:51.0346 4116 System windows directory: C:\Windows
23:23:51.0346 4116 Running under WOW64
23:23:51.0346 4116 Processor architecture: Intel x64
23:23:51.0347 4116 Number of processors: 4
23:23:51.0347 4116 Page size: 0x1000
23:23:51.0347 4116 Boot type: Normal boot
23:23:51.0347 4116 ============================================================
23:23:52.0256 4116 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:23:52.0261 4116 ============================================================
23:23:52.0261 4116 \Device\Harddisk0\DR0:
23:23:52.0261 4116 MBR partitions:
23:23:52.0261 4116 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
23:23:52.0261 4116 ============================================================
23:23:52.0285 4116 C: <-> \Device\Harddisk0\DR0\Partition0
23:23:52.0285 4116 ============================================================
23:23:52.0285 4116 Initialize success
23:23:52.0285 4116 ============================================================
23:24:15.0178 5704 ============================================================
23:24:15.0178 5704 Scan started
23:24:15.0178 5704 Mode: Manual;
23:24:15.0178 5704 ============================================================
23:24:15.0859 5704 0158591343083963mcinstcleanup - ok
23:24:15.0968 5704 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
23:24:15.0970 5704 1394ohci - ok
23:24:16.0012 5704 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:24:16.0015 5704 ACPI - ok
23:24:16.0030 5704 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:24:16.0030 5704 AcpiPmi - ok
23:24:16.0093 5704 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:24:16.0097 5704 adp94xx - ok
23:24:16.0119 5704 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:24:16.0122 5704 adpahci - ok
23:24:16.0135 5704 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:24:16.0136 5704 adpu320 - ok
23:24:16.0169 5704 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:24:16.0170 5704 AeLookupSvc - ok
23:24:16.0217 5704 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
23:24:16.0221 5704 AFD - ok
23:24:16.0268 5704 AFW (cbdd7eb1431086a6d56c6f700d98b644) C:\Windows\system32\DRIVERS\afw.sys
23:24:16.0268 5704 AFW - ok
23:24:16.0293 5704 afwcore (c8c34a00c98322b06bed456b13ee4497) C:\Windows\system32\DRIVERS\afwcore.sys
23:24:16.0297 5704 afwcore - ok
23:24:16.0316 5704 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:24:16.0317 5704 agp440 - ok
23:24:16.0338 5704 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:24:16.0339 5704 ALG - ok
23:24:16.0352 5704 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:24:16.0352 5704 aliide - ok
23:24:16.0386 5704 AMD External Events Utility (514089cb4a7df38dc4dd936ade4114d3) C:\Windows\system32\atiesrxx.exe
23:24:16.0388 5704 AMD External Events Utility - ok
23:24:16.0402 5704 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:24:16.0402 5704 amdide - ok
23:24:16.0423 5704 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:24:16.0424 5704 AmdK8 - ok
23:24:16.0840 5704 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
23:24:16.0877 5704 amdkmdag - ok
23:24:16.0983 5704 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
23:24:16.0986 5704 amdkmdap - ok
23:24:17.0025 5704 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:24:17.0026 5704 AmdPPM - ok
23:24:17.0064 5704 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
23:24:17.0065 5704 amdsata - ok
23:24:17.0086 5704 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:24:17.0088 5704 amdsbs - ok
23:24:17.0097 5704 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
23:24:17.0098 5704 amdxata - ok
23:24:17.0132 5704 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:24:17.0133 5704 AppID - ok
23:24:17.0156 5704 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:24:17.0156 5704 AppIDSvc - ok
23:24:17.0201 5704 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
23:24:17.0202 5704 Appinfo - ok
23:24:17.0268 5704 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:24:17.0270 5704 Apple Mobile Device - ok
23:24:17.0311 5704 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
23:24:17.0313 5704 AppMgmt - ok
23:24:17.0334 5704 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:24:17.0336 5704 arc - ok
23:24:17.0353 5704 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:24:17.0354 5704 arcsas - ok
23:24:17.0371 5704 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:24:17.0372 5704 AsyncMac - ok
23:24:17.0381 5704 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:24:17.0382 5704 atapi - ok
23:24:17.0438 5704 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
23:24:17.0439 5704 AtiHDAudioService - ok
23:24:17.0922 5704 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
23:24:17.0958 5704 atikmdag - ok
23:24:18.0061 5704 ATITool (b07e6681d303a612680223c729b021e2) C:\Windows\system32\DRIVERS\ATITool64.sys
23:24:18.0061 5704 ATITool - ok
23:24:18.0143 5704 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:24:18.0148 5704 AudioEndpointBuilder - ok
23:24:18.0156 5704 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:24:18.0161 5704 AudioSrv - ok
23:24:18.0198 5704 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
23:24:18.0199 5704 AxInstSV - ok
23:24:18.0256 5704 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:24:18.0259 5704 b06bdrv - ok
23:24:18.0306 5704 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:24:18.0309 5704 b57nd60a - ok
23:24:18.0410 5704 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:24:18.0419 5704 BCM43XX - ok
23:24:18.0518 5704 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:24:18.0520 5704 BDESVC - ok
23:24:18.0575 5704 BdSpy (73f7e3e94e6122f0cb2968db7f6a6855) C:\Windows\system32\DRIVERS\BdSpy.sys
23:24:18.0576 5704 BdSpy - ok
23:24:18.0584 5704 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:24:18.0584 5704 Beep - ok
23:24:18.0671 5704 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
23:24:18.0677 5704 BFE - ok
23:24:18.0755 5704 BgRaSvc (d4315cd51a8b24519f20d31b0e611602) C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe
23:24:18.0756 5704 BgRaSvc - ok
23:24:18.0792 5704 BIOS (00cadb1bc2d0030f0b2a1063618b6bd7) C:\Windows\system32\drivers\BIOS64.sys
23:24:18.0793 5704 BIOS - ok
23:24:18.0873 5704 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
23:24:18.0881 5704 BITS - ok
23:24:18.0898 5704 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:24:18.0899 5704 blbdrive - ok
23:24:18.0953 5704 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:24:18.0957 5704 Bonjour Service - ok
23:24:19.0000 5704 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:24:19.0002 5704 bowser - ok
23:24:19.0028 5704 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:24:19.0029 5704 BrFiltLo - ok
23:24:19.0040 5704 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:24:19.0040 5704 BrFiltUp - ok
23:24:19.0068 5704 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:24:19.0069 5704 BridgeMP - ok
23:24:19.0128 5704 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
23:24:19.0130 5704 Browser - ok
23:24:19.0153 5704 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:24:19.0155 5704 Brserid - ok
23:24:19.0167 5704 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:24:19.0168 5704 BrSerWdm - ok
23:24:19.0179 5704 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:24:19.0179 5704 BrUsbMdm - ok
23:24:19.0187 5704 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:24:19.0188 5704 BrUsbSer - ok
23:24:19.0266 5704 BsBhvScan (d324f8de731b544790a2715f2a98ce30) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
23:24:19.0269 5704 BsBhvScan - ok
23:24:19.0299 5704 BsBrowser (61e8f3eb2684aeb482ce3afe0716053a) C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll
23:24:19.0300 5704 BsBrowser - ok
23:24:19.0351 5704 BsFileScan (9d3c1f140046d6ed0afd8db0b3ac12e5) C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll
23:24:19.0355 5704 BsFileScan - ok
23:24:19.0415 5704 BsFire (be79d69cee2ecf5290907a2b4fc77e1b) C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll
23:24:19.0421 5704 BsFire - ok
23:24:19.0458 5704 BsMailProxy (99afaeeadcf707d3d234d1759c27f655) C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll
23:24:19.0461 5704 BsMailProxy - ok
23:24:19.0512 5704 BsMain (a92ed131c5f4de9f01e47f96c3eaabca) C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll
23:24:19.0514 5704 BsMain - ok
23:24:19.0555 5704 BsScanner (039028e8549754ce1160e0f2baf5ef5f) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
23:24:19.0559 5704 BsScanner - ok
23:24:19.0607 5704 BsUpdate (27d6348dcc371225902e0509a868b31a) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
23:24:19.0611 5704 BsUpdate - ok
23:24:19.0703 5704 BS_I2cIo (83601bbe5563d92c1fdb4e960d84dc77) C:\Windows\system32\drivers\BS_I2c64.sys
23:24:19.0704 5704 BS_I2cIo - ok
23:24:19.0748 5704 BS_TPIO (b6cd9c35ade8459893447c2e83167480) C:\Windows\system32\drivers\BS_TPIO64.sys
23:24:19.0749 5704 BS_TPIO - ok
23:24:19.0788 5704 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:24:19.0789 5704 BTHMODEM - ok
23:24:19.0821 5704 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:24:19.0822 5704 bthserv - ok
23:24:19.0850 5704 catchme - ok
23:24:19.0878 5704 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:24:19.0880 5704 cdfs - ok
23:24:19.0932 5704 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:24:19.0933 5704 cdrom - ok
23:24:19.0980 5704 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:24:19.0982 5704 CertPropSvc - ok
23:24:20.0026 5704 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
23:24:20.0027 5704 cfwids - ok
23:24:20.0040 5704 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:24:20.0041 5704 circlass - ok
23:24:20.0073 5704 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:24:20.0076 5704 CLFS - ok
23:24:20.0129 5704 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:24:20.0130 5704 clr_optimization_v2.0.50727_32 - ok
23:24:20.0157 5704 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:24:20.0158 5704 clr_optimization_v2.0.50727_64 - ok
23:24:20.0220 5704 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:24:20.0222 5704 clr_optimization_v4.0.30319_32 - ok
23:24:20.0265 5704 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:24:20.0266 5704 clr_optimization_v4.0.30319_64 - ok
23:24:20.0292 5704 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:24:20.0292 5704 CmBatt - ok
23:24:20.0322 5704 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:24:20.0323 5704 cmdide - ok
23:24:20.0372 5704 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
23:24:20.0376 5704 CNG - ok
23:24:20.0396 5704 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:24:20.0397 5704 Compbatt - ok
23:24:20.0423 5704 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:24:20.0424 5704 CompositeBus - ok
23:24:20.0440 5704 COMSysApp - ok
23:24:20.0454 5704 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:24:20.0455 5704 crcdisk - ok
23:24:20.0498 5704 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
23:24:20.0500 5704 CryptSvc - ok
23:24:20.0533 5704 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
23:24:20.0537 5704 CSC - ok
23:24:20.0577 5704 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
23:24:20.0583 5704 CscService - ok
23:24:20.0642 5704 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:24:20.0647 5704 DcomLaunch - ok
23:24:20.0675 5704 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:24:20.0678 5704 defragsvc - ok
23:24:20.0710 5704 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:24:20.0712 5704 DfsC - ok
23:24:20.0732 5704 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
23:24:20.0735 5704 Dhcp - ok
23:24:20.0758 5704 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:24:20.0759 5704 discache - ok
23:24:20.0785 5704 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:24:20.0786 5704 Disk - ok
23:24:20.0808 5704 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
23:24:20.0810 5704 Dnscache - ok
23:24:20.0840 5704 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
23:24:20.0843 5704 dot3svc - ok
23:24:20.0860 5704 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
23:24:20.0862 5704 DPS - ok
23:24:20.0885 5704 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:24:20.0885 5704 drmkaud - ok
23:24:20.0920 5704 dtsoftbus01 (9f98d7afa293947a0dfc6ffd4671fe70) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:24:20.0922 5704 dtsoftbus01 - ok
23:24:20.0986 5704 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
23:24:20.0994 5704 DXGKrnl - ok
23:24:21.0014 5704 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:24:21.0016 5704 EapHost - ok
23:24:21.0178 5704 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:24:21.0192 5704 ebdrv - ok
23:24:21.0305 5704 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
23:24:21.0307 5704 EFS - ok
23:24:21.0383 5704 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
23:24:21.0389 5704 ehRecvr - ok
23:24:21.0409 5704 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:24:21.0411 5704 ehSched - ok
23:24:21.0469 5704 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:24:21.0473 5704 elxstor - ok
23:24:21.0510 5704 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:24:21.0511 5704 ErrDev - ok
23:24:21.0549 5704 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:24:21.0553 5704 EventSystem - ok
23:24:21.0599 5704 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:24:21.0601 5704 exfat - ok
23:24:21.0633 5704 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:24:21.0635 5704 fastfat - ok
23:24:21.0705 5704 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
23:24:21.0711 5704 Fax - ok
23:24:21.0726 5704 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:24:21.0727 5704 fdc - ok
23:24:21.0744 5704 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:24:21.0745 5704 fdPHost - ok
23:24:21.0755 5704 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:24:21.0756 5704 FDResPub - ok
23:24:21.0779 5704 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:24:21.0781 5704 FileInfo - ok
23:24:21.0793 5704 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:24:21.0794 5704 Filetrace - ok
23:24:21.0808 5704 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:24:21.0808 5704 flpydisk - ok
23:24:21.0834 5704 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:24:21.0837 5704 FltMgr - ok
23:24:21.0927 5704 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
23:24:21.0937 5704 FontCache - ok
23:24:22.0017 5704 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:24:22.0018 5704 FontCache3.0.0.0 - ok
23:24:22.0042 5704 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:24:22.0043 5704 FsDepends - ok
23:24:22.0051 5704 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
23:24:22.0052 5704 Fs_Rec - ok
23:24:22.0075 5704 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:24:22.0077 5704 fvevol - ok
23:24:22.0096 5704 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:24:22.0097 5704 gagp30kx - ok
23:24:22.0133 5704 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:24:22.0134 5704 GEARAspiWDM - ok
23:24:22.0205 5704 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
23:24:22.0212 5704 gpsvc - ok
23:24:22.0227 5704 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:24:22.0228 5704 hcw85cir - ok
23:24:22.0269 5704 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
23:24:22.0272 5704 HdAudAddService - ok
23:24:22.0316 5704 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:24:22.0317 5704 HDAudBus - ok
23:24:22.0336 5704 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:24:22.0337 5704 HidBatt - ok
23:24:22.0359 5704 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:24:22.0360 5704 HidBth - ok
23:24:22.0379 5704 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:24:22.0380 5704 HidIr - ok
23:24:22.0407 5704 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:24:22.0408 5704 hidserv - ok
23:24:22.0420 5704 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:24:22.0421 5704 HidUsb - ok
23:24:22.0454 5704 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
23:24:22.0456 5704 hkmsvc - ok
23:24:22.0488 5704 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
23:24:22.0491 5704 HomeGroupListener - ok
23:24:22.0550 5704 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
23:24:22.0553 5704 HomeGroupProvider - ok
23:24:22.0573 5704 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:24:22.0574 5704 HpSAMD - ok
23:24:22.0631 5704 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:24:22.0638 5704 HTTP - ok
23:24:22.0652 5704 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:24:22.0653 5704 hwpolicy - ok
23:24:22.0671 5704 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:24:22.0673 5704 i8042prt - ok
23:24:22.0714 5704 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
23:24:22.0717 5704 iaStorV - ok
23:24:22.0837 5704 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:24:22.0843 5704 idsvc - ok
23:24:22.0936 5704 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:24:22.0937 5704 iirsp - ok
23:24:22.0998 5704 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
23:24:23.0006 5704 IKEEXT - ok
23:24:23.0146 5704 IntcAzAudAddService (c03463214d23b46b991f582821c8df69) C:\Windows\system32\drivers\RTKVHD64.sys
23:24:23.0163 5704 IntcAzAudAddService - ok
23:24:23.0243 5704 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:24:23.0244 5704 intelide - ok
23:24:23.0265 5704 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:24:23.0266 5704 intelppm - ok
23:24:23.0291 5704 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:24:23.0292 5704 IPBusEnum - ok
23:24:23.0311 5704 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:24:23.0312 5704 IpFilterDriver - ok
23:24:23.0391 5704 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
23:24:23.0396 5704 iphlpsvc - ok
23:24:23.0418 5704 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:24:23.0419 5704 IPMIDRV - ok
23:24:23.0436 5704 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:24:23.0437 5704 IPNAT - ok
23:24:23.0563 5704 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
23:24:23.0570 5704 iPod Service - ok
23:24:23.0584 5704 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:24:23.0585 5704 IRENUM - ok
23:24:23.0611 5704 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:24:23.0611 5704 isapnp - ok
23:24:23.0648 5704 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:24:23.0650 5704 iScsiPrt - ok
23:24:23.0665 5704 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:24:23.0666 5704 kbdclass - ok
23:24:23.0675 5704 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:24:23.0676 5704 kbdhid - ok
23:24:23.0713 5704 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:24:23.0715 5704 KeyIso - ok
23:24:23.0736 5704 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
23:24:23.0738 5704 KSecDD - ok
23:24:23.0763 5704 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
23:24:23.0765 5704 KSecPkg - ok
23:24:23.0778 5704 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:24:23.0779 5704 ksthunk - ok
23:24:23.0818 5704 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:24:23.0822 5704 KtmRm - ok
23:24:23.0878 5704 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
23:24:23.0881 5704 LanmanServer - ok
23:24:23.0933 5704 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
23:24:23.0936 5704 LanmanWorkstation - ok
23:24:23.0972 5704 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:24:23.0973 5704 lltdio - ok
23:24:24.0010 5704 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:24:24.0013 5704 lltdsvc - ok
23:24:24.0036 5704 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:24:24.0037 5704 lmhosts - ok
23:24:24.0068 5704 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:24:24.0070 5704 LSI_FC - ok
23:24:24.0084 5704 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:24:24.0085 5704 LSI_SAS - ok
23:24:24.0095 5704 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:24:24.0096 5704 LSI_SAS2 - ok
23:24:24.0112 5704 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:24:24.0113 5704 LSI_SCSI - ok
23:24:24.0131 5704 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:24:24.0133 5704 luafv - ok
23:24:24.0172 5704 MADFULEGACYKEYBOARD (f0dcd0fd9d79668e34a660f49c8c00bc) C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys
23:24:24.0173 5704 MADFULEGACYKEYBOARD - ok
23:24:24.0213 5704 MAUSBLEGACYKEYBOARD (faedbee189a877e302b023bd24faebf8) C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys
23:24:24.0215 5704 MAUSBLEGACYKEYBOARD - ok
23:24:24.0306 5704 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:24:24.0308 5704 McAfee SiteAdvisor Service - ok
23:24:24.0382 5704 McAWFwk (f48571922079bbab289c57bafefe88f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
23:24:24.0384 5704 McAWFwk - ok
23:24:24.0389 5704 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:24:24.0391 5704 McMPFSvc - ok
23:24:24.0395 5704 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:24:24.0397 5704 mcmscsvc - ok
23:24:24.0402 5704 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:24:24.0404 5704 McNaiAnn - ok
23:24:24.0413 5704 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:24:24.0415 5704 McNASvc - ok
23:24:24.0491 5704 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
23:24:24.0495 5704 McODS - ok
23:24:24.0499 5704 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:24:24.0502 5704 McOobeSv - ok
23:24:24.0506 5704 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:24:24.0508 5704 McProxy - ok
23:24:24.0554 5704 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
23:24:24.0556 5704 McShield - ok
23:24:24.0652 5704 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
23:24:24.0654 5704 Mcx2Svc - ok
23:24:24.0688 5704 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:24:24.0689 5704 megasas - ok
23:24:24.0726 5704 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:24:24.0728 5704 MegaSR - ok
23:24:24.0780 5704 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
23:24:24.0781 5704 MEIx64 - ok
23:24:24.0823 5704 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
23:24:24.0825 5704 mfeapfk - ok
23:24:24.0863 5704 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
23:24:24.0865 5704 mfeavfk - ok
23:24:24.0880 5704 mfeavfk01 - ok
23:24:24.0905 5704 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
23:24:24.0907 5704 mfefire - ok
23:24:24.0942 5704 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
23:24:24.0946 5704 mfefirek - ok
23:24:24.0983 5704 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
23:24:24.0988 5704 mfehidk - ok
23:24:25.0010 5704 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
23:24:25.0011 5704 mfenlfk - ok
23:24:25.0064 5704 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
23:24:25.0065 5704 mferkdet - ok
23:24:25.0113 5704 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
23:24:25.0115 5704 mfevtp - ok
23:24:25.0134 5704 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
23:24:25.0137 5704 mfewfpk - ok
23:24:25.0197 5704 Microsoft SharePoint Workspace Audit Service - ok
23:24:25.0220 5704 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:24:25.0222 5704 MMCSS - ok
23:24:25.0246 5704 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:24:25.0247 5704 Modem - ok
23:24:25.0276 5704 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:24:25.0276 5704 monitor - ok
23:24:25.0326 5704 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:24:25.0327 5704 mouclass - ok
23:24:25.0344 5704 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:24:25.0345 5704 mouhid - ok
23:24:25.0372 5704 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:24:25.0374 5704 mountmgr - ok
23:24:25.0415 5704 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:24:25.0416 5704 MozillaMaintenance - ok
23:24:25.0443 5704 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:24:25.0444 5704 mpio - ok
23:24:25.0473 5704 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:24:25.0474 5704 mpsdrv - ok
23:24:25.0552 5704 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
23:24:25.0559 5704 MpsSvc - ok
23:24:25.0580 5704 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:24:25.0582 5704 MRxDAV - ok
23:24:25.0614 5704 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:24:25.0616 5704 mrxsmb - ok
23:24:25.0661 5704 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:24:25.0664 5704 mrxsmb10 - ok
23:24:25.0679 5704 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:24:25.0681 5704 mrxsmb20 - ok
23:24:25.0696 5704 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
23:24:25.0697 5704 msahci - ok
23:24:25.0718 5704 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:24:25.0720 5704 msdsm - ok
23:24:25.0757 5704 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:24:25.0759 5704 MSDTC - ok
23:24:25.0781 5704 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:24:25.0781 5704 Msfs - ok
23:24:25.0795 5704 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:24:25.0795 5704 mshidkmdf - ok
23:24:25.0806 5704 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:24:25.0807 5704 msisadrv - ok
23:24:25.0837 5704 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:24:25.0839 5704 MSiSCSI - ok
23:24:25.0843 5704 msiserver - ok
23:24:25.0939 5704 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:24:25.0941 5704 MSK80Service - ok
23:24:25.0955 5704 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:24:25.0956 5704 MSKSSRV - ok
23:24:25.0964 5704 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:24:25.0965 5704 MSPCLOCK - ok
23:24:25.0968 5704 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:24:25.0969 5704 MSPQM - ok
23:24:26.0000 5704 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:24:26.0004 5704 MsRPC - ok
23:24:26.0016 5704 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:24:26.0017 5704 mssmbios - ok
23:24:26.0020 5704 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:24:26.0021 5704 MSTEE - ok
23:24:26.0032 5704 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:24:26.0033 5704 MTConfig - ok
23:24:26.0048 5704 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:24:26.0050 5704 Mup - ok
23:24:26.0101 5704 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
23:24:26.0106 5704 napagent - ok
23:24:26.0138 5704 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:24:26.0141 5704 NativeWifiP - ok
23:24:26.0196 5704 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:24:26.0203 5704 NDIS - ok
23:24:26.0218 5704 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:24:26.0219 5704 NdisCap - ok
23:24:26.0242 5704 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:24:26.0243 5704 NdisTapi - ok
23:24:26.0268 5704 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:24:26.0269 5704 Ndisuio - ok
23:24:26.0286 5704 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:24:26.0288 5704 NdisWan - ok
23:24:26.0301 5704 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:24:26.0303 5704 NDProxy - ok
23:24:26.0313 5704 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:24:26.0314 5704 NetBIOS - ok
23:24:26.0340 5704 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:24:26.0342 5704 NetBT - ok
23:24:26.0380 5704 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:24:26.0382 5704 Netlogon - ok
23:24:26.0433 5704 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:24:26.0437 5704 Netman - ok
23:24:26.0465 5704 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:24:26.0470 5704 netprofm - ok
23:24:26.0557 5704 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:24:26.0558 5704 NetTcpPortSharing - ok
23:24:26.0590 5704 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:24:26.0591 5704 nfrd960 - ok
23:24:26.0636 5704 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
23:24:26.0640 5704 NlaSvc - ok
23:24:26.0670 5704 NovaShieldFilterDriver (432e880e1e94efa8c2dc1a57f411d4ca) C:\Windows\system32\DRIVERS\NSKernel.sys
23:24:26.0672 5704 NovaShieldFilterDriver - ok
23:24:26.0688 5704 NovaShieldTDIDriver (8b4238f9c5b4365316f98d6a2d7366ab) C:\Windows\system32\DRIVERS\NSNetmon.sys
23:24:26.0689 5704 NovaShieldTDIDriver - ok
23:24:26.0701 5704 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:24:26.0702 5704 Npfs - ok
23:24:26.0717 5704 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:24:26.0719 5704 nsi - ok
23:24:26.0727 5704 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:24:26.0728 5704 nsiproxy - ok
23:24:26.0840 5704 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
23:24:26.0852 5704 Ntfs - ok
23:24:26.0903 5704 nTuneService - ok
23:24:26.0983 5704 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:24:26.0984 5704 Null - ok
23:24:27.0022 5704 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
23:24:27.0024 5704 nusb3hub - ok
23:24:27.0039 5704 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:24:27.0041 5704 nusb3xhc - ok
23:24:27.0074 5704 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
23:24:27.0076 5704 nvraid - ok
23:24:27.0091 5704 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
23:24:27.0093 5704 nvstor - ok
23:24:27.0126 5704 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:24:27.0128 5704 nv_agp - ok
23:24:27.0146 5704 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:24:27.0147 5704 ohci1394 - ok
23:24:27.0184 5704 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:24:27.0186 5704 ose - ok
23:24:27.0387 5704 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:24:27.0407 5704 osppsvc - ok
23:24:27.0520 5704 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:24:27.0524 5704 p2pimsvc - ok
23:24:27.0563 5704 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:24:27.0568 5704 p2psvc - ok
23:24:27.0612 5704 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:24:27.0613 5704 Parport - ok
23:24:27.0634 5704 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
23:24:27.0635 5704 partmgr - ok
23:24:27.0657 5704 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:24:27.0660 5704 PcaSvc - ok
23:24:27.0695 5704 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:24:27.0697 5704 pci - ok
23:24:27.0709 5704 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:24:27.0710 5704 pciide - ok
23:24:27.0733 5704 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:24:27.0735 5704 pcmcia - ok
23:24:27.0756 5704 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:24:27.0757 5704 pcw - ok
23:24:27.0794 5704 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:24:27.0799 5704 PEAUTH - ok
23:24:27.0884 5704 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
23:24:27.0895 5704 PeerDistSvc - ok
23:24:27.0999 5704 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:24:28.0000 5704 PerfHost - ok
23:24:28.0140 5704 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
23:24:28.0150 5704 pla - ok
23:24:28.0258 5704 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
23:24:28.0263 5704 PlugPlay - ok
23:24:28.0288 5704 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:24:28.0290 5704 PNRPAutoReg - ok
23:24:28.0311 5704 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:24:28.0315 5704 PNRPsvc - ok
23:24:28.0365 5704 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
23:24:28.0370 5704 PolicyAgent - ok
23:24:28.0401 5704 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:24:28.0404 5704 Power - ok
23:24:28.0463 5704 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:24:28.0465 5704 PptpMiniport - ok
23:24:28.0489 5704 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:24:28.0490 5704 Processor - ok
23:24:28.0510 5704 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
23:24:28.0513 5704 ProfSvc - ok
23:24:28.0530 5704 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:24:28.0532 5704 ProtectedStorage - ok
23:24:28.0582 5704 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:24:28.0583 5704 Psched - ok
23:24:28.0676 5704 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:24:28.0688 5704 ql2300 - ok
23:24:28.0766 5704 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:24:28.0768 5704 ql40xx - ok
23:24:28.0806 5704 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:24:28.0809 5704 QWAVE - ok
23:24:28.0820 5704 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:24:28.0821 5704 QWAVEdrv - ok
23:24:28.0838 5704 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:24:28.0839 5704 RasAcd - ok
23:24:28.0874 5704 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:24:28.0875 5704 RasAgileVpn - ok
23:24:28.0888 5704 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:24:28.0891 5704 RasAuto - ok
23:24:28.0932 5704 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:24:28.0934 5704 Rasl2tp - ok
23:24:28.0992 5704 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
23:24:28.0996 5704 RasMan - ok
23:24:29.0011 5704 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:24:29.0013 5704 RasPppoe - ok
23:24:29.0038 5704 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:24:29.0040 5704 RasSstp - ok
23:24:29.0065 5704 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:24:29.0068 5704 rdbss - ok
23:24:29.0082 5704 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:24:29.0083 5704 rdpbus - ok
23:24:29.0111 5704 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:24:29.0112 5704 RDPCDD - ok
23:24:29.0141 5704 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
23:24:29.0143 5704 RDPDR - ok
23:24:29.0157 5704 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:24:29.0157 5704 RDPENCDD - ok
23:24:29.0178 5704 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:24:29.0179 5704 RDPREFMP - ok
23:24:29.0200 5704 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
23:24:29.0202 5704 RDPWD - ok
23:24:29.0225 5704 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:24:29.0228 5704 rdyboost - ok
23:24:29.0249 5704 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:24:29.0251 5704 RemoteAccess - ok
23:24:29.0269 5704 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:24:29.0272 5704 RemoteRegistry - ok
23:24:29.0281 5704 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:24:29.0283 5704 RpcEptMapper - ok
23:24:29.0302 5704 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:24:29.0304 5704 RpcLocator - ok
23:24:29.0333 5704 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:24:29.0338 5704 RpcSs - ok
23:24:29.0352 5704 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:24:29.0354 5704 rspndr - ok
23:24:29.0405 5704 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:24:29.0409 5704 RTL8167 - ok
23:24:29.0435 5704 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
23:24:29.0436 5704 s3cap - ok
23:24:29.0472 5704 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:24:29.0473 5704 SamSs - ok
23:24:29.0492 5704 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:24:29.0494 5704 sbp2port - ok
23:24:29.0524 5704 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:24:29.0527 5704 SCardSvr - ok
23:24:29.0555 5704 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:24:29.0556 5704 scfilter - ok
23:24:29.0622 5704 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
23:24:29.0632 5704 Schedule - ok
23:24:29.0663 5704 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:24:29.0664 5704 SCPolicySvc - ok
23:24:29.0678 5704 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
23:24:29.0681 5704 SDRSVC - ok
23:24:29.0726 5704 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:24:29.0727 5704 secdrv - ok
23:24:29.0735 5704 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
23:24:29.0737 5704 seclogon - ok
23:24:29.0757 5704 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:24:29.0759 5704 SENS - ok
23:24:29.0773 5704 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:24:29.0775 5704 SensrSvc - ok
23:24:29.0782 5704 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:24:29.0783 5704 Serenum - ok
23:24:29.0815 5704 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:24:29.0816 5704 Serial - ok
23:24:29.0842 5704 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:24:29.0843 5704 sermouse - ok
23:24:29.0868 5704 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
23:24:29.0870 5704 SessionEnv - ok
23:24:29.0884 5704 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:24:29.0885 5704 sffdisk - ok
23:24:29.0892 5704 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:24:29.0893 5704 sffp_mmc - ok
23:24:29.0896 5704 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:24:29.0897 5704 sffp_sd - ok
23:24:29.0911 5704 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:24:29.0911 5704 sfloppy - ok
23:24:29.0955 5704 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:24:29.0958 5704 SharedAccess - ok
23:24:29.0985 5704 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
23:24:29.0989 5704 ShellHWDetection - ok
23:24:30.0003 5704 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:24:30.0004 5704 SiSRaid2 - ok
23:24:30.0024 5704 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:24:30.0025 5704 SiSRaid4 - ok
23:24:30.0060 5704 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:24:30.0061 5704 Smb - ok
23:24:30.0085 5704 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:24:30.0087 5704 SNMPTRAP - ok
23:24:30.0096 5704 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:24:30.0097 5704 spldr - ok
23:24:30.0155 5704 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
23:24:30.0160 5704 Spooler - ok
23:24:30.0333 5704 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
23:24:30.0349 5704 sppsvc - ok
23:24:30.0427 5704 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:24:30.0429 5704 sppuinotify - ok
23:24:30.0491 5704 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:24:30.0495 5704 srv - ok
23:24:30.0525 5704 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:24:30.0529 5704 srv2 - ok
23:24:30.0545 5704 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:24:30.0547 5704 srvnet - ok
23:24:30.0576 5704 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:24:30.0579 5704 SSDPSRV - ok
23:24:30.0588 5704 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:24:30.0591 5704 SstpSvc - ok
23:24:30.0621 5704 Steam Client Service - ok
23:24:30.0644 5704 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:24:30.0645 5704 stexstor - ok
23:24:30.0700 5704 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
23:24:30.0707 5704 stisvc - ok
23:24:30.0733 5704 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
23:24:30.0734 5704 storflt - ok
23:24:30.0750 5704 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
23:24:30.0751 5704 storvsc - ok
23:24:30.0769 5704 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:24:30.0769 5704 swenum - ok
23:24:30.0799 5704 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:24:30.0804 5704 swprv - ok
23:24:30.0918 5704 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
23:24:30.0933 5704 SysMain - ok
23:24:31.0007 5704 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
23:24:31.0009 5704 TabletInputService - ok
23:24:31.0030 5704 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
23:24:31.0034 5704 TapiSrv - ok
23:24:31.0064 5704 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:24:31.0066 5704 TBS - ok
23:24:31.0170 5704 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
23:24:31.0185 5704 Tcpip - ok
23:24:31.0317 5704 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
23:24:31.0327 5704 TCPIP6 - ok
23:24:31.0370 5704 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:24:31.0371 5704 tcpipreg - ok
23:24:31.0395 5704 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:24:31.0395 5704 TDPIPE - ok
23:24:31.0409 5704 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
23:24:31.0409 5704 TDTCP - ok
23:24:31.0427 5704 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:24:31.0428 5704 tdx - ok
23:24:31.0455 5704 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:24:31.0456 5704 TermDD - ok
23:24:31.0501 5704 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
23:24:31.0508 5704 TermService - ok
23:24:31.0528 5704 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:24:31.0530 5704 Themes - ok
23:24:31.0555 5704 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:24:31.0556 5704 THREADORDER - ok
23:24:31.0573 5704 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:24:31.0575 5704 TrkWks - ok
23:24:31.0616 5704 Trufos (110ebba2290fd37f8c0e7f68623ed50c) C:\Windows\system32\DRIVERS\Trufos.sys
23:24:31.0618 5704 Trufos - ok
23:24:31.0683 5704 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
23:24:31.0685 5704 TrustedInstaller - ok
23:24:31.0711 5704 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:24:31.0712 5704 tssecsrv - ok
23:24:31.0740 5704 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:24:31.0742 5704 tunnel - ok
23:24:31.0770 5704 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:24:31.0771 5704 uagp35 - ok
23:24:31.0802 5704 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
23:24:31.0805 5704 udfs - ok
23:24:31.0823 5704 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:24:31.0825 5704 UI0Detect - ok
23:24:31.0847 5704 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:24:31.0848 5704 uliagpkx - ok
23:24:31.0870 5704 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:24:31.0871 5704 umbus - ok
23:24:31.0889 5704 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:24:31.0890 5704 UmPass - ok
23:24:31.0933 5704 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
23:24:31.0937 5704 UmRdpService - ok
23:24:31.0963 5704 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:24:31.0967 5704 upnphost - ok
23:24:32.0002 5704 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:24:32.0003 5704 USBAAPL64 - ok
23:24:32.0050 5704 usbbus (c85b8247fadd432fa54fe11667c8d97d) C:\Windows\system32\DRIVERS\lgx64bus.sys
23:24:32.0051 5704 usbbus - ok
23:24:32.0079 5704 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
23:24:32.0080 5704 usbccgp - ok
23:24:32.0100 5704 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:24:32.0101 5704 usbcir - ok
23:24:32.0121 5704 UsbDiag (d8cdc12f5429878f23ddb3785a0fdf95) C:\Windows\system32\DRIVERS\lgx64diag.sys
23:24:32.0121 5704 UsbDiag - ok
23:24:32.0141 5704 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
23:24:32.0142 5704 usbehci - ok
23:24:32.0166 5704 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
23:24:32.0169 5704 usbhub - ok
23:24:32.0189 5704 USBModem (79fa7a22b0f6f0082f640cbc82a00fce) C:\Windows\system32\DRIVERS\lgx64modem.sys
23:24:32.0189 5704 USBModem - ok
23:24:32.0200 5704 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
23:24:32.0201 5704 usbohci - ok
23:24:32.0216 5704 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:24:32.0217 5704 usbprint - ok
23:24:32.0232 5704 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:24:32.0233 5704 USBSTOR - ok
23:24:32.0254 5704 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
23:24:32.0255 5704 usbuhci - ok
23:24:32.0274 5704 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:24:32.0277 5704 UxSms - ok
23:24:32.0314 5704 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:24:32.0316 5704 VaultSvc - ok
23:24:32.0328 5704 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:24:32.0329 5704 vdrvroot - ok
23:24:32.0362 5704 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
23:24:32.0367 5704 vds - ok
23:24:32.0408 5704 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:24:32.0408 5704 vga - ok
23:24:32.0421 5704 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:24:32.0422 5704 VgaSave - ok
23:24:32.0449 5704 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:24:32.0451 5704 vhdmp - ok
23:24:32.0460 5704 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:24:32.0461 5704 viaide - ok
23:24:32.0484 5704 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
23:24:32.0486 5704 vmbus - ok
23:24:32.0507 5704 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
23:24:32.0507 5704 VMBusHID - ok
23:24:32.0539 5704 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:24:32.0540 5704 volmgr - ok
23:24:32.0568 5704 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:24:32.0571 5704 volmgrx - ok
23:24:32.0591 5704 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:24:32.0593 5704 volsnap - ok
23:24:32.0615 5704 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:24:32.0617 5704 vsmraid - ok
23:24:32.0707 5704 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
23:24:32.0720 5704 VSS - ok
23:24:32.0826 5704 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:24:32.0827 5704 vwifibus - ok
23:24:32.0835 5704 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:24:32.0836 5704 vwififlt - ok
23:24:32.0885 5704 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:24:32.0890 5704 W32Time - ok
23:24:32.0904 5704 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:24:32.0905 5704 WacomPen - ok
23:24:32.0924 5704 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:24:32.0926 5704 WANARP - ok
23:24:32.0929 5704 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:24:32.0930 5704 Wanarpv6 - ok
23:24:33.0021 5704 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:24:33.0030 5704 WatAdminSvc - ok
23:24:33.0130 5704 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
23:24:33.0143 5704 wbengine - ok
23:24:33.0234 5704 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:24:33.0237 5704 WbioSrvc - ok
23:24:33.0266 5704 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
23:24:33.0271 5704 wcncsvc - ok
23:24:33.0284 5704 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:24:33.0286 5704 WcsPlugInService - ok
23:24:33.0317 5704 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:24:33.0318 5704 Wd - ok
23:24:33.0354 5704 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:24:33.0359 5704 Wdf01000 - ok
23:24:33.0388 5704 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:24:33.0390 5704 WdiServiceHost - ok
23:24:33.0394 5704 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:24:33.0396 5704 WdiSystemHost - ok
23:24:33.0415 5704 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
23:24:33.0418 5704 WebClient - ok
23:24:33.0434 5704 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:24:33.0436 5704 Wecsvc - ok
23:24:33.0449 5704 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:24:33.0451 5704 wercplsupport - ok
23:24:33.0472 5704 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:24:33.0473 5704 WerSvc - ok
23:24:33.0492 5704 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:24:33.0493 5704 WfpLwf - ok
23:24:33.0507 5704 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:24:33.0508 5704 WIMMount - ok
23:24:33.0534 5704 WinDefend - ok
23:24:33.0538 5704 WinHttpAutoProxySvc - ok
23:24:33.0589 5704 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:24:33.0592 5704 Winmgmt - ok
23:24:33.0709 5704 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
23:24:33.0726 5704 WinRM - ok
23:24:33.0843 5704 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
23:24:33.0844 5704 WinUsb - ok
23:24:33.0912 5704 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:24:33.0920 5704 Wlansvc - ok
23:24:34.0113 5704 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:24:34.0130 5704 wlidsvc - ok
23:24:34.0184 5704 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:24:34.0185 5704 WmiAcpi - ok
23:24:34.0242 5704 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:24:34.0244 5704 wmiApSrv - ok
23:24:34.0252 5704 WMPNetworkSvc - ok
23:24:34.0279 5704 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:24:34.0281 5704 WPCSvc - ok
23:24:34.0318 5704 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
23:24:34.0321 5704 WPDBusEnum - ok
23:24:34.0344 5704 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:24:34.0345 5704 ws2ifsl - ok
23:24:34.0357 5704 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
23:24:34.0359 5704 wscsvc - ok
23:24:34.0363 5704 WSearch - ok
23:24:34.0507 5704 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:24:34.0526 5704 wuauserv - ok
23:24:34.0575 5704 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
23:24:34.0576 5704 WudfPf - ok
23:24:34.0600 5704 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:24:34.0602 5704 WUDFRd - ok
23:24:34.0621 5704 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
23:24:34.0623 5704 wudfsvc - ok
23:24:34.0645 5704 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:24:34.0648 5704 WwanSvc - ok
23:24:34.0691 5704 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:24:34.0870 5704 \Device\Harddisk0\DR0 - ok
23:24:34.0873 5704 Boot (0x1200) (20548e935aa1c61b39afad72fdd3fec7) \Device\Harddisk0\DR0\Partition0
23:24:34.0875 5704 \Device\Harddisk0\DR0\Partition0 - ok
23:24:34.0875 5704 ============================================================
23:24:34.0875 5704 Scan finished
23:24:34.0875 5704 ============================================================
23:24:34.0884 6368 Detected object count: 0
23:24:34.0884 6368 Actual detected object count: 0










aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-26 23:26:58
-----------------------------
23:26:58.185 OS Version: Windows x64 6.1.7600
23:26:58.185 Number of processors: 4 586 0x2A07
23:26:58.185 ComputerName: DAVE-PC UserName: Dave
23:26:59.471 Initialize success
23:27:59.948 AVAST engine defs: 12072602
23:42:47.644 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:42:47.646 Disk 0 Vendor: WDC_WD3200AAKS-00B3A0 01.03A01 Size: 305245MB BusType: 3
23:42:47.677 Disk 0 MBR read successfully
23:42:47.680 Disk 0 MBR scan
23:42:47.685 Disk 0 Windows 7 default MBR code
23:42:47.688 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
23:42:47.705 Disk 0 scanning C:\Windows\system32\drivers
23:42:55.081 Service scanning
23:43:12.350 Modules scanning
23:43:12.357 Disk 0 trace - called modules:
23:43:12.385 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:43:12.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800df03060]
23:43:12.395 3 CLASSPNP.SYS[fffff880015bd43f] -> nt!IofCallDriver -> [0xfffffa800d804250]
23:43:12.401 5 ACPI.sys[fffff88000f4d781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d909060]
23:43:14.699 AVAST engine scan C:\Windows
23:43:17.164 AVAST engine scan C:\Windows\system32
23:45:21.038 AVAST engine scan C:\Windows\system32\drivers
23:45:29.825 AVAST engine scan C:\Users\Dave
23:47:04.135 AVAST engine scan C:\ProgramData
23:47:46.216 Scan finished successfully
11:34:26.168 Disk 0 MBR has been saved successfully to "C:\Users\Dave\Desktop\MBR.dat"
11:34:26.171 The log file has been saved successfully to "C:\Users\Dave\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,983 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 27 July 2012 - 02:24 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Dave\AppData\Local\Ilivid Player

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 DaveP90

DaveP90
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 29 July 2012 - 06:32 PM

ComboFix 12-07-27.03 - Dave 07/27/2012 23:01:17.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16364.13213 [GMT -4:00]
Running from: c:\users\Dave\Downloads\ComboFix.exe
Command switches used :: c:\users\Dave\Desktop\CFscript.txt
AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: BullGuard Firewall *Disabled* {68747E43-7A47-EA26-053F-CB84640E3E67}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dave\AppData\Local\Ilivid Player
c:\users\Dave\AppData\Local\Ilivid Player\script.qscript
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 03:04 . 2012-07-28 03:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-23 20:24 . 2012-07-23 20:24 -------- d-----w- c:\program files (x86)\Phyxion.net
2012-07-23 14:24 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-19 01:13 . 2012-07-19 01:13 -------- d-----w- c:\windows\system32\appmgmt
2012-07-05 17:30 . 2012-07-05 17:30 -------- d-----w- c:\users\Dave\AppData\Local\Eastman Kodak Company
2012-07-05 17:29 . 2012-07-05 17:29 -------- d-----w- c:\windows\SysWow64\spool
2012-07-05 17:29 . 2012-07-19 00:13 -------- d-----w- c:\program files (x86)\Kodak
2012-07-05 17:28 . 2012-07-19 00:13 -------- d-----w- c:\programdata\Kodak
2012-07-01 02:01 . 2012-07-01 02:01 -------- d-----w- c:\windows\system32\EventProviders
2012-07-01 02:01 . 2012-07-19 00:13 -------- d-----w- C:\ae286c543849dcd7272e9362cb2bee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 14:22 . 2011-12-19 13:33 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-18 23:44 . 2012-06-18 23:44 90112 ----a-w- c:\users\Dave\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2012-06-18 23:44 . 2012-06-18 23:44 24576 ----a-w- c:\users\Dave\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2012-06-18 23:44 . 2012-06-18 23:44 1339392 ----a-w- c:\users\Dave\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2012-06-02 22:19 . 2012-06-22 01:42 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 01:43 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 01:43 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 01:43 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 01:42 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 01:43 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 01:42 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 01:42 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 01:42 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 04:04 . 2012-06-19 16:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{894B425D-409E-49BB-8754-440ECFC4DE81}\mpengine.dll
2012-05-15 03:56 . 2012-06-13 00:36 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:52 . 2012-06-13 00:36 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:08 . 2012-06-13 00:36 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-14 22:38 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-05-14 22:38 . 2009-08-18 15:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-14 22:32 . 2012-05-14 22:32 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-14 22:32 . 2012-05-14 22:32 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-14 22:32 . 2012-05-14 22:32 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-14 22:32 . 2012-05-14 22:32 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-05-04 10:52 . 2012-06-13 00:36 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 00:36 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 00:36 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-13 00:36 208896 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-27_00.16.24 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-19 14:04 . 2012-07-26 23:27 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-19 14:04 . 2012-07-27 16:10 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-19 14:04 . 2012-07-26 23:27 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-19 14:04 . 2012-07-27 16:10 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-27 16:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-26 23:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-20 06:46 . 2012-07-28 02:44 254850 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:34 . 2012-07-27 15:54 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-07-26 12:21 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-12-20 1242448]
"Akamai NetSession Interface"="c:\users\Dave\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BiosNotice"="c:\program files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-10-13 1003008]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"BYR_AGENT"="c:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-03-15 392280]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BIO-Remote.lnk - c:\program files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe [2011-12-19 687616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\BgGamingMonitor.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0158591343083963mcinstcleanup;McAfee Application Installer Cleanup (0158591343083963);c:\windows\TEMP\015859~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [2011-12-19 161112]
R3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [2010-02-09 28680]
R3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [2010-02-09 196616]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-19 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 AFW;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2010-10-12 39528]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2011-12-19 66272]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2009-07-15 14136]
S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys [2010-05-17 15408]
S1 BS_TPIO;BS_TPIO;c:\windows\system32\drivers\BS_TPIO64.sys [2009-04-29 13360]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-19 254528]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys [2011-12-19 255560]
S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys [2011-12-19 25160]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-25 204288]
S2 BsBhvScan;BullGuard Behavioural Detection;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2011-12-21 383320]
S2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2012-05-29 409944]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [2010-10-12 424040]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-25 9359872]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-25 309760]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2011-12-19 341848]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 97331198
*NewlyCreated* - ASWMBR
*Deregistered* - 97331198
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-06 11474024]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2012-03-05 1696088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\BgGamingMonitor.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\BGLsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\hdl4bgzz.default\
FF - prefs.js: keyword.URL - www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-27 23:05:42
ComboFix-quarantined-files.txt 2012-07-28 03:05
ComboFix2.txt 2012-07-27 00:20
.
Pre-Run: 129,762,041,856 bytes free
Post-Run: 129,403,744,256 bytes free
.
- - End Of File - - A973770D82EDA2BC0B9D79E9122B3E3F

NO PROBLEMS DURING THE SCAN, HOWEVER:

Problem still persists. Unable to watch videos on youtubes website as well as some others, Including pictures. When pages first load I can see the picture for a split second, than it's taken over by the iLivid "advertisement"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,983 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 29 July 2012 - 08:39 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 DaveP90

DaveP90
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 30 July 2012 - 07:27 AM

OTL logfile created on: 7/29/2012 10:38:43 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Dave\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 13.31 Gb Available Physical Memory | 83.27% Memory free
31.96 Gb Paging File | 28.46 Gb Available in Paging File | 89.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 120.05 Gb Free Space | 40.27% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dave\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe (BullGuard Ltd.)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe (BIOSTAR)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\BullGuard Ltd\BullGuard\Files32\SQLite.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (BsUpdate) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (BsFire) -- C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll (BullGuard Ltd.)
SRV:64bit: - (BsFileScan) -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll (BullGuard Ltd.)
SRV:64bit: - (BsMailProxy) -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll (BullGuard Ltd.)
SRV:64bit: - (BsMain) -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.)
SRV:64bit: - (BsBhvScan) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe (BullGuard Ltd.)
SRV:64bit: - (BsBrowser) -- C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll (BullGuard Ltd.)
SRV:64bit: - (BgRaSvc) -- C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe (BullGuard Ltd.)
SRV:64bit: - (BsScanner) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (McAWFwk) -- c:\Program Files\McAfee\MSC\McAWFwk.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (NovaShieldTDIDriver) -- C:\Windows\SysNative\drivers\NSNetmon.sys (NovaShield, Inc.)
DRV:64bit: - (NovaShieldFilterDriver) -- C:\Windows\SysNative\drivers\NSKernel.sys (NovaShield, Inc.)
DRV:64bit: - (BdSpy) -- C:\Windows\SysNative\drivers\BdSpy.sys (BullGuard Ltd.)
DRV:64bit: - (Trufos) -- C:\Windows\SysNative\drivers\Trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (afwcore) -- C:\Windows\SysNative\drivers\afwcore.sys (Agnitum Ltd.)
DRV:64bit: - (AFW) -- C:\Windows\SysNative\drivers\afw.sys (Agnitum Ltd.)
DRV:64bit: - (BS_I2cIo) -- C:\Windows\SysNative\drivers\BS_I2c64.sys (BIOSTAR Group)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (MADFULEGACYKEYBOARD) -- C:\Windows\SysNative\drivers\MAudioLegacyKeyboard_DFU.sys (M-Audio)
DRV:64bit: - (MAUSBLEGACYKEYBOARD) -- C:\Windows\SysNative\drivers\MAudioLegacyKeyboard.sys (M-Audio)
DRV:64bit: - (BIOS) -- C:\Windows\SysNative\drivers\BIOS64.sys (BIOSTAR Group)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (BS_TPIO) -- C:\Windows\SysNative\drivers\BS_TPIO64.sys ()
DRV:64bit: - (ATITool) -- C:\Windows\SysNative\drivers\ATITool64.sys ()
DRV - (BIOS) -- C:\Windows\SysWOW64\drivers\BIOS64.sys (BIOSTAR Group)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-618227925-33645697-1987156417-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-618227925-33645697-1987156417-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F9 77 9E 93 6B 31 CD 01 [binary data]
IE - HKU\S-1-5-21-618227925-33645697-1987156417-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-618227925-33645697-1987156417-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-618227925-33645697-1987156417-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-618227925-33645697-1987156417-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-618227925-33645697-1987156417-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..keyword.URL: "www.google.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard\ [2012/01/11 15:38:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/07/23 18:52:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/07/18 20:13:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 12:05:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 12:05:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin [2011/12/19 08:45:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter [2011/12/19 08:45:40 | 000,000,000 | ---D | M]

[2012/07/18 17:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
[2012/07/23 16:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\hdl4bgzz.default\extensions
[2012/07/18 17:32:18 | 000,002,519 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\hdl4bgzz.default\searchplugins\Search_Results.xml
[2012/07/18 17:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/28 21:11:54 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HDL4BGZZ.DEFAULT\EXTENSIONS\[email protected]
[2012/06/09 16:53:22 | 000,003,423 | ---- | M] () (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HDL4BGZZ.DEFAULT\EXTENSIONS\[email protected]
[2012/07/19 12:05:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/27 13:20:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/12 18:35:45 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/07/18 17:32:18 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/06/27 13:20:37 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/27 23:04:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120621213429.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (BullGuard Safe Browsing) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120621213429.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (BullGuard Safe Browsing) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe (BullGuard Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe ()
O4 - HKLM..\Run: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-618227925-33645697-1987156417-1000..\Run: [Akamai NetSession Interface] C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-618227925-33645697-1987156417-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-618227925-33645697-1987156417-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-618227925-33645697-1987156417-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-618227925-33645697-1987156417-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O9:64bit: - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82278856-8817-43C1-88D7-9E3D2E853F70}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCC5BC8F-837D-4762-B20E-AAAD14583AEE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\bglink {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\bglink {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\BgGamingMonitor.dll) - C:\Windows\SysNative\BgGamingMonitor.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (C:\Windows\System32\BgGamingMonitor.dll) - C:\Windows\SysWOW64\BgGamingMonitor.dll (BullGuard Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/27 00:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/25 22:54:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/25 22:54:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/25 22:54:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/25 22:52:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/25 22:52:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/23 16:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2012/07/23 16:24:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2012/07/23 16:24:27 | 005,430,588 | ---- | C] (Phyxion.net ) -- C:\Users\Dave\Desktop\DriverSweeper_3.1.0.exe
[2012/07/19 11:45:41 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/18 21:13:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/07/05 13:30:46 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Eastman Kodak Company
[2012/07/05 13:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
[2012/07/05 13:29:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012/07/05 13:29:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kodak
[2012/07/05 13:28:22 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Temp
[2012/07/05 13:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012/06/30 22:01:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/06/30 22:01:01 | 000,000,000 | ---D | C] -- C:\ae286c543849dcd7272e9362cb2bee
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/29 19:25:02 | 000,001,445 | ---- | M] () -- C:\Users\Dave\Desktop\ComboFix - Shortcut.lnk
[2012/07/29 18:42:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/27 23:04:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/27 11:34:26 | 000,000,512 | ---- | M] () -- C:\Users\Dave\Desktop\MBR.dat
[2012/07/27 00:05:19 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2012/07/25 08:58:46 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 08:58:46 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 19:28:35 | 000,201,399 | ---- | M] () -- C:\Users\Dave\Desktop\Untitled.png
[2012/07/23 19:03:49 | 000,000,168 | ---- | M] () -- C:\Users\Dave\defogger_reenable
[2012/07/23 16:32:03 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/23 16:32:03 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/23 16:32:03 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/23 16:28:29 | 000,002,427 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/07/23 16:27:17 | 4279,324,670 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/23 16:24:29 | 005,430,588 | ---- | M] (Phyxion.net ) -- C:\Users\Dave\Desktop\DriverSweeper_3.1.0.exe
[2012/07/23 10:28:20 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/18 21:16:20 | 000,156,628 | ---- | M] () -- C:\Users\Dave\Desktop\0718121715.jpg
[2012/07/10 22:33:47 | 000,014,465 | ---- | M] () -- C:\Users\Dave\Desktop\safe_image.php.jpg
[2012/07/09 14:20:51 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2012/07/06 01:36:06 | 000,068,491 | ---- | M] () -- C:\Users\Dave\Desktop\0705122135.jpg
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/29 19:25:02 | 000,001,445 | ---- | C] () -- C:\Users\Dave\Desktop\ComboFix - Shortcut.lnk
[2012/07/27 11:34:26 | 000,000,512 | ---- | C] () -- C:\Users\Dave\Desktop\MBR.dat
[2012/07/25 22:54:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/25 22:54:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/25 22:54:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/25 22:54:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/25 22:54:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/23 19:03:49 | 000,000,168 | ---- | C] () -- C:\Users\Dave\defogger_reenable
[2012/07/23 18:59:37 | 000,201,399 | ---- | C] () -- C:\Users\Dave\Desktop\Untitled.png
[2012/07/18 17:26:19 | 000,156,628 | ---- | C] () -- C:\Users\Dave\Desktop\0718121715.jpg
[2012/07/18 17:26:19 | 000,068,491 | ---- | C] () -- C:\Users\Dave\Desktop\0705122135.jpg
[2012/07/18 17:26:19 | 000,030,362 | ---- | C] () -- C:\Users\Dave\Desktop\IMG953929.jpg
[2012/07/10 22:33:47 | 000,014,465 | ---- | C] () -- C:\Users\Dave\Desktop\safe_image.php.jpg
[2012/07/09 14:20:51 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2012/06/18 19:50:00 | 000,002,427 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/05/13 21:05:05 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/01/11 17:46:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/19 08:34:10 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,983 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 30 July 2012 - 11:59 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    [2012/07/18 17:32:18 | 000,002,519 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\hdl4bgzz.default\searchplugins\Search_Results.xml
    [2012/07/18 17:32:18 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xm
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 DaveP90

DaveP90
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 30 July 2012 - 07:02 PM

OTL Extras logfile created on: 7/29/2012 10:38:43 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Dave\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 13.31 Gb Available Physical Memory | 83.27% Memory free
31.96 Gb Paging File | 28.46 Gb Available in Paging File | 89.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 120.05 Gb Free Space | 40.27% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-618227925-33645697-1987156417-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006B5472-E1FC-4A3C-831B-4A5160845687}" = rport=139 | protocol=6 | dir=out | app=system |
"{261CD3F5-EF13-46FB-8EC6-3C13B5E51BE2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{331051E6-5EEC-495E-953D-3EB8E4ED9D90}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3F3701D1-991C-4CDA-8924-08C4C68641FA}" = lport=445 | protocol=6 | dir=in | app=system |
"{413A22FC-1D5A-4572-8C39-3D69213B6BC3}" = lport=138 | protocol=17 | dir=in | app=system |
"{44277A03-241C-4E76-BDB7-7A4F0144105E}" = lport=137 | protocol=17 | dir=in | app=system |
"{649C3A1C-CDD7-43AE-A346-77CFAE872A48}" = rport=445 | protocol=6 | dir=out | app=system |
"{82702C2E-1AE3-41C3-ABBF-0364008542DF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{87DBA459-9C43-4A64-BF4E-F70E287FFDB7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{952DBFBF-DD93-4EBF-B69D-27B99BC46909}" = rport=138 | protocol=17 | dir=out | app=system |
"{A8A2D2B5-71B8-4A1A-927B-E6AA8AD28C2F}" = rport=137 | protocol=17 | dir=out | app=system |
"{B1192024-8D01-4E00-AD1C-EA8A80424B86}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{FC08821D-C496-4BA3-A02C-95FF65AB7581}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E11290D-AA98-4A7D-9BEE-879666B50AEC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{133A2E1D-8CA1-49E5-A588-BA708171F08B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2242135D-6657-4B3E-A8D5-4ABC177206F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{281DA5B4-ED61-49A9-ABEE-6ED16D28A427}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{28645D03-144D-45E2-9945-B0B981831FAC}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{2C5F4816-1C25-4766-9044-018D70CC900B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{347D6F4B-BE0F-4158-80BA-E365E0B8AF40}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3C21A91A-5190-43D9-89E0-631F0630D41F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{52AEE851-C17C-4241-9C38-3D8F0C71D886}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe |
"{59E14A9C-B76F-4FF9-8BAC-0DED3B4123FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{64EFB9F5-D9BF-4CDF-98D3-173399C26AB6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69E7D3B0-CC8A-48E9-ACE7-AC1FB422A1C0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6AB0AE1D-7C60-46A0-8ECD-56AD38E6BD54}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6BBCEFB7-C6A7-4F90-A610-13217DF4F828}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{740FF0C2-3E1C-453E-AAC5-0F86E6CFE284}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{944F9492-5403-4484-8189-D8FB2DC69276}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{99286B38-B1F2-442E-8777-EB7BCFAB89B7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9C79A49F-B9B5-433A-81C2-CA6CEF993245}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A2C0C9F3-6D7E-442F-9C7B-00A5D88B3EDE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A465A958-85DC-4D4A-8C98-84CEC66F9C52}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{B5A99D77-06FD-48DD-BDBF-D499C8D5AE78}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D3FFFBB5-2D86-4177-A6A6-C15A6F0E4A41}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E674814C-63EC-4C4B-B92D-FDEEC1E09F2B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EE7E21B1-2C5A-4055-ADB7-B7C1259E911D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe |
"{F2CA685F-8F58-4028-BD9E-755F438CB457}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{FF2B4019-DDA8-4B4A-859B-9899B0C52221}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{0720E7E8-8858-4396-8357-6FFA25AD3894}C:\users\dave\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\roaming\spotify\spotify.exe |
"TCP Query User{57D6C36D-1DCD-4927-90B9-3072860BE947}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe |
"TCP Query User{799C0693-A1FC-4CCA-A1C1-5313C7ACF92F}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{F4338C7C-45F2-4E84-9B52-9E207F5FAF69}C:\users\dave\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\local\akamai\netsession_win.exe |
"UDP Query User{50528EA7-172E-4D50-BB2C-201A90798C3A}C:\users\dave\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\local\akamai\netsession_win.exe |
"UDP Query User{867F7B1D-D324-44BB-A3A6-20E3D12FA111}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{DE54E55F-FD5A-4748-8624-74F8B2AD3E19}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe |
"UDP Query User{F50F94BC-4D66-4A39-83AE-5E838F73EEF1}C:\users\dave\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2CA9F96F-AFFC-4D41-B781-47EBD2378DB8}" = M-Audio Legacy Keyboard Driver 5.0.0 (x64)
"{3FD3FC64-DA16-318E-DFD5-57466FF5FEB5}" = ATI Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7CAFBA1E-D090-3F1F-662D-9828FD4D8E4D}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86E42509-8029-7678-F522-0636D80CD277}" = ATI AVIVO64 Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"BullGuard" = BullGuard
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B7F7645-F948-98D7-18F7-1C69D7B6ACDB}" = CCC Help Portuguese
"{168BEE42-1F65-1AFF-CD77-3DB5A9F91B5E}" = CCC Help Danish
"{1B7710D4-9D75-D5E5-4B6D-40F471E70398}" = HydraVision
"{1E4A6F03-4D71-4496-9B2D-71C8B59F64DE}" = BiosNotice
"{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}_is1" = Fallout New Vegas
"{2278744E-73C3-38C4-6991-3E1601785913}" = CCC Help Greek
"{24C796A3-B2EF-4847-97EA-4D79BC67567E}" = T AMI EFI BIOS Update
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{2E3C4040-B524-43BD-A665-564D2B5C5C19}" = eHOT Line
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3454886D-4AB3-BF96-D378-B7F6DCA0A281}" = CCC Help Finnish
"{364B2826-EEB6-A31B-F25B-5CBB78273414}" = CCC Help English
"{36EF7A28-5C99-44E2-ADB4-2CB67C4B2527}" = T-Utility Green Power Utility II
"{45D397FE-86B1-4234-16AC-9E7DD89A3207}" = CCC Help Norwegian
"{4898D29E-A858-DB50-C7D4-8554066A8DAA}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50B93225-3F76-F555-27A2-A1EAEC83C527}" = Catalyst Control Center InstallProxy
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{57AC79C8-157E-403A-A8D0-DD74EF71BAE2}" = Catalyst Control Center - Branding
"{59AAB74E-9A5B-D39E-E65D-6CD48DA8055F}" = CCC Help Korean
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.1.0
"{5CED4E8D-4508-D84A-2945-285B13852E0B}" = CCC Help French
"{61B563AC-F31E-A727-CBEA-F9648B803948}" = CCC Help Italian
"{633E917B-F74E-56D6-B8CF-3A443C260615}" = CCC Help Japanese
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6B8364EA-9B85-EF54-6DEC-FC3CE9C55123}" = CCC Help Spanish
"{6C51CF89-2452-B69F-94B3-6BF3FF3A03B1}" = CCC Help Hungarian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{786EBD1C-CAC0-8900-D77B-5777C5F74395}" = CCC Help Swedish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7E4BB999-4B59-1009-429B-963B6252E6DD}" = CCC Help Turkish
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8334930A-9405-467B-9498-1EBC1878A09D}" = Catalyst Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8CC928F6-93A2-D49D-E253-532C2FF053A1}" = Catalyst Control Center Profiles Desktop
"{8CFF08EF-CDF7-C328-AD6B-10BD2E1D1D73}" = CCC Help German
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C5BBDA1-F311-476B-1863-C0A3073CAC86}" = CCC Help Polish
"{AF9CA86D-83FA-C143-F9C8-EAB535B8B78C}" = Catalyst Control Center Localization All
"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C9CC7CE9-B185-40BE-A9A8-504303EA06F7}" = TOVERCLOCKER
"{CA6F93FB-A2DE-6CE1-57FC-8139684C07E7}" = CCC Help Chinese Traditional
"{D0C2E86F-5888-4AEE-9944-63A4769AED56}" = BIOScreen EFI
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{E30EE048-574F-5FD3-DA01-1126946E21C1}" = CCC Help Dutch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EFD0F1AB-2164-46C0-B502-06FE5EBB85FA}" = BIO-Remote
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2F7E361-D336-1338-A453-AB03B4818927}" = CCC Help Czech
"{F4BF6E6A-5F71-B52B-D738-B0A5C3456FED}" = CCC Help Chinese Standard
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FDF1D75A-1F72-6C4F-1103-DC6BF5218AE6}" = CCC Help Russian
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATITool" = ATITool Overclocking Utility
"DAEMON Tools Lite" = DAEMON Tools Lite
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Reason5_is1" = Reason 5.0
"Steam App 44320" = DiRT 3
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-618227925-33645697-1987156417-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/28/2012 1:57:31 PM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3011

Error - 7/29/2012 10:01:05 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/29/2012 10:01:05 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 999

Error - 7/29/2012 10:01:05 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 999

Error - 7/29/2012 10:01:06 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/29/2012 10:01:06 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1997

Error - 7/29/2012 10:01:06 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1997

Error - 7/29/2012 10:01:07 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/29/2012 10:01:07 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2996

Error - 7/29/2012 10:01:07 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2996

[ System Events ]
Error - 7/23/2012 10:28:31 AM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7023
Description = The IP Helper service terminated with the following error: %%126

Error - 7/23/2012 4:26:32 PM | Computer Name = Dave-PC | Source = DCOM | ID = 10010
Description =

Error - 7/23/2012 4:27:35 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7023
Description = The IP Helper service terminated with the following error: %%126

Error - 7/26/2012 8:05:19 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/26/2012 8:13:13 PM | Computer Name = Dave-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 7/26/2012 8:15:52 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/27/2012 11:02:35 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/27/2012 11:04:14 PM | Computer Name = Dave-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 7/27/2012 11:04:14 PM | Computer Name = Dave-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 7/27/2012 11:04:33 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

#14 DaveP90

DaveP90
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 30 July 2012 - 07:15 PM

Opps Sorry for that extra Log. :crazy:


I went ahead and did the "Run Fix" as directed. Problem was still there so, I restarted the system, and tried youtube again. Same thing. Instead of the video, it's all black with a link that says "Watch"

Edit: I did just notice that, if I click on a picture on facebook that has been taken over by an advertisement, that it will direct me to the picture. ALSO on youtube, in the black box I get a fake link to download a plug-in. It looks like a puzzle piece. I can try to upload a screen shot if necessary

Edited by DaveP90, 30 July 2012 - 07:20 PM.


#15 DaveP90

DaveP90
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 02 August 2012 - 09:16 PM

48 hour bump




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users