Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect and Windows Security Center Disable


  • This topic is locked This topic is locked
20 replies to this topic

#1 jeremyws1

jeremyws1

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 10 November 2011 - 03:13 PM

Hello,

I'm a Windows 7 64-bit user. Google is redirecting to random sites, and Windows Security Center is permanently disabled. I fixed a similar problem on a different computer by using System Restore, but no previous restore points were available on this machine, which was probably caused by the infection. I'm usually a do-it-yourself guy, but I'm beyond stumped. Also, McAfee has been completely uninstalled (before running DDS), although DDS shows it being "enabled/updated." I will leave the computer completely alone until I receive directions. Thank you for your time.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by jskipper at 13:57:11 on 2011-11-10
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8126.6896 [GMT -6:00]
.
AV: McAfee® Total Protection™ Service *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee® Total Protection™ Service *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
StartupFolder: C:\Users\jskipper\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\TDMNOT~1.LNK - C:\Program Files (x86)\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.26.41.6 10.26.41.5
TCP: Interfaces\{153ED8B4-1128-4A61-8FBA-F1B839D7BEB6} : DhcpNameServer = 10.26.41.6 10.26.41.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jskipper\AppData\Roaming\Mozilla\Firefox\Profiles\zmdbkt1k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\jskipper\AppData\Roaming\Mozilla\Firefox\Profiles\zmdbkt1k.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-19 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-8 366152]
R2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.scr=DWGTrueViewScriptFile
.
=============== Created Last 30 ================
.
2011-11-10 19:05:31 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-10 16:05:34 306 ----a-w- C:\Windows\myClean.bat
2011-11-10 15:57:58 -------- d-----w- C:\Users\jskipper\AppData\Local\Akamai
2011-11-10 14:18:56 18816 ------w- C:\Windows\SysWow64\SAVRKBootTasks.sys
2011-11-09 21:35:34 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-09 21:25:02 5848 ----a-w- C:\backup.reg
2011-11-09 20:35:56 -------- d-----w- C:\Program Files (x86)\CCleaner
2011-11-09 20:24:46 -------- d-----w- C:\Users\jskipper\AppData\Local\Apps
2011-11-09 20:06:58 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-11-09 19:45:43 -------- d-----w- C:\Program Files (x86)\ESET
2011-11-09 19:25:04 -------- d-----w- C:\Windows\System32\wbem\Logs
2011-11-09 17:08:11 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7426A330-834C-4452-8E38-5E4B56EAA0D5}\mpengine.dll
2011-11-09 16:38:52 256000 ----a-w- C:\Windows\PEV.exe
2011-11-09 16:32:19 98816 ----a-w- C:\Windows\sed.exe
2011-11-09 16:32:19 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-09 16:32:19 208896 ----a-w- C:\Windows\MBR.exe
2011-11-09 16:02:56 -------- d-----w- C:\Program Files (x86)\Temp File Cleaner
2011-11-09 16:01:05 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 16:01:05 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 16:01:03 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 16:01:00 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 15:01:41 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-09 14:52:54 -------- d-----w- C:\Program Files (x86)\Sophos
2011-11-09 14:48:09 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-11-09 14:48:05 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-08 23:10:37 -------- d-----w- C:\Users\jskipper\AppData\Roaming\Malwarebytes
2011-11-08 23:10:33 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-08 23:10:29 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-08 23:10:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-08 15:40:58 -------- d-----w- C:\Users\jskipper\AppData\Local\{6D1764E0-DB19-468B-99CD-36A2D5A17899}
2011-11-08 15:40:46 -------- d-----w- C:\Users\jskipper\AppData\Local\{950835BC-69D3-4425-9FF8-C3621B8934D7}
2011-11-07 22:17:33 62464 --sha-r- C:\Windows\SysWow64\wpdwcnl.dll
2011-11-07 15:36:20 -------- d-----w- C:\Users\jskipper\AppData\Local\{2995EF5D-9089-4170-8C22-2BF6C013A196}
2011-11-07 15:36:08 -------- d-----w- C:\Users\jskipper\AppData\Local\{376E66A4-4D6D-4499-A972-04EA12520DC2}
2011-11-04 18:42:03 -------- d-----w- C:\Users\jskipper\AppData\Local\{6B13D7B9-C166-4032-8B35-279701755CA9}
2011-11-04 18:41:51 -------- d-----w- C:\Users\jskipper\AppData\Local\{AEDCDBC4-A920-40EA-9BC0-611A52893383}
2011-11-04 13:37:15 -------- d-----w- C:\Users\jskipper\AppData\Local\{D1DD24D3-DC89-4D23-9104-35778BD3052A}
2011-11-03 13:21:09 -------- d-----w- C:\Users\jskipper\AppData\Local\{365D5C98-23A8-4C15-9124-E896D2F5900F}
2011-11-03 13:20:58 -------- d-----w- C:\Users\jskipper\AppData\Local\{649560FF-25DC-481C-82E4-CB08F1F36A49}
2011-11-02 14:46:35 -------- d-----w- C:\Users\jskipper\AppData\Local\{3963373D-DDC7-4008-80BD-174F70C2FDB5}
2011-11-02 14:46:23 -------- d-----w- C:\Users\jskipper\AppData\Local\{507E055D-68C7-4B34-83D9-ECA7B417089C}
2011-11-02 02:46:11 -------- d-----w- C:\Users\jskipper\AppData\Local\{2F6685E5-499B-4B3C-A233-36456387EABD}
2011-11-02 02:46:01 -------- d-----w- C:\Users\jskipper\AppData\Local\{CAC6036A-C036-4806-8AC0-5772A8F6AD77}
2011-11-01 14:45:50 -------- d-----w- C:\Users\jskipper\AppData\Local\{48527742-0181-4D49-9766-9B21DA094951}
2011-11-01 14:45:39 -------- d-----w- C:\Users\jskipper\AppData\Local\{692C5CFE-99CD-48C7-BD08-8076AE56B2BA}
2011-11-01 02:45:27 -------- d-----w- C:\Users\jskipper\AppData\Local\{BE93B446-D15A-4281-9999-DC8B4AB38743}
2011-11-01 02:45:13 -------- d-----w- C:\Users\jskipper\AppData\Local\{CF3CF705-41A4-4C09-BD5B-EC2F41D0D054}
2011-10-31 14:44:59 -------- d-----w- C:\Users\jskipper\AppData\Local\{FCB8EE08-9A41-46B9-AB6C-9AB4D30E4D49}
2011-10-31 14:44:47 -------- d-----w- C:\Users\jskipper\AppData\Local\{F4494733-5E24-4630-9B7D-95AC2D9E6025}
2011-10-28 13:42:02 -------- d-----w- C:\Users\jskipper\AppData\Local\{141AFAA1-9C0E-4C66-8969-6DAAECDEAA5F}
2011-10-28 13:41:51 -------- d-----w- C:\Users\jskipper\AppData\Local\{984466FD-E8C6-434F-BA3E-DC54D4D2A956}
2011-10-25 13:58:14 -------- d-----w- C:\Users\jskipper\AppData\Local\{72176EE5-A927-4B7B-BA14-7BD9739D6D66}
2011-10-25 13:58:04 -------- d-----w- C:\Users\jskipper\AppData\Local\{93B4DBE1-71AD-46A3-9591-8787064D7425}
2011-10-24 20:44:35 -------- d-----w- C:\Program Files (x86)\quindar
2011-10-24 13:24:34 -------- d-----w- C:\Users\jskipper\AppData\Local\{D4EF2D39-7B9A-45D4-95A2-C405C2EBDF0C}
2011-10-24 13:24:23 -------- d-----w- C:\Users\jskipper\AppData\Local\{421811F1-5C06-44C9-BA57-03A64DEFD645}
2011-10-21 13:40:08 -------- d-----w- C:\Users\jskipper\AppData\Local\{B6FEE1C7-B045-4797-BCE0-C4AABF0CBFCF}
2011-10-21 13:39:52 -------- d-----w- C:\Users\jskipper\AppData\Local\{51C23D8A-E097-4CEE-82EC-D2592D719C04}
2011-10-20 13:27:07 -------- d-----w- C:\Users\jskipper\AppData\Local\{AF6B0B8D-4057-4F17-ADFC-F5AD50FC86AB}
2011-10-20 13:26:51 -------- d-----w- C:\Users\jskipper\AppData\Local\{36AAB35C-FCA4-4EB4-AE00-7883BBE94B18}
2011-10-19 13:42:08 -------- d-----w- C:\Users\jskipper\AppData\Local\{2FB58467-04E8-408B-8B3A-31E7F1686D06}
2011-10-19 13:41:53 -------- d-----w- C:\Users\jskipper\AppData\Local\{77F35523-AF84-4102-AA55-DDB9B9C53166}
2011-10-18 14:45:29 -------- d-----w- C:\Program Files (x86)\SEL
2011-10-18 14:45:01 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-10-18 13:46:55 -------- d-----w- C:\Users\jskipper\AppData\Local\{237345A0-C20A-45C8-850B-8EF642D52C0F}
2011-10-18 13:46:40 -------- d-----w- C:\Users\jskipper\AppData\Local\{B0C49D3F-6A85-4226-9DE1-D2B89ACB1DD5}
2011-10-18 01:46:24 -------- d-----w- C:\Users\jskipper\AppData\Local\{2953DC35-1AB1-486A-B0CD-547F3716F974}
2011-10-18 01:46:07 -------- d-----w- C:\Users\jskipper\AppData\Local\{4DCA6442-9F8C-4C5E-B2F9-CF2751A77E66}
2011-10-17 13:45:51 -------- d-----w- C:\Users\jskipper\AppData\Local\{631BFFE6-C839-4259-A8E0-ED60FAEE3042}
2011-10-17 13:45:34 -------- d-----w- C:\Users\jskipper\AppData\Local\{8C645DDB-6D88-4F70-B3FD-8EB242420B6F}
2011-10-17 01:45:18 -------- d-----w- C:\Users\jskipper\AppData\Local\{941CD9E3-F1ED-441A-A119-481B3FD4231E}
2011-10-17 01:45:01 -------- d-----w- C:\Users\jskipper\AppData\Local\{651F60F8-EC03-43CE-9B97-EC72A01F06A5}
2011-10-17 00:55:32 18139008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2011-10-16 13:44:49 -------- d-----w- C:\Users\jskipper\AppData\Local\{FEEB117B-30D3-4FBD-9B1C-C608EF898390}
2011-10-16 13:44:34 -------- d-----w- C:\Users\jskipper\AppData\Local\{8DAD65D6-42F7-4C32-A205-9954D4596EAB}
2011-10-16 01:44:18 -------- d-----w- C:\Users\jskipper\AppData\Local\{B3ECF71C-7352-4925-A17B-5DBF62ACD35A}
2011-10-16 01:44:01 -------- d-----w- C:\Users\jskipper\AppData\Local\{55A9A96F-06FF-4519-BD5E-6C17147A8898}
2011-10-15 13:43:45 -------- d-----w- C:\Users\jskipper\AppData\Local\{1C2221DE-6ED6-4953-B2D2-D5C1465B0F34}
2011-10-15 13:43:30 -------- d-----w- C:\Users\jskipper\AppData\Local\{48905502-CEA1-47B4-8391-62183B931A08}
2011-10-15 01:43:13 -------- d-----w- C:\Users\jskipper\AppData\Local\{12BE9A0D-A183-40F4-AA4C-3C98CBE7B878}
2011-10-15 01:42:56 -------- d-----w- C:\Users\jskipper\AppData\Local\{69450B11-DE37-4649-B8AE-5183FFC770E7}
2011-10-14 13:42:38 -------- d-----w- C:\Users\jskipper\AppData\Local\{7C44FECE-CC56-4243-B5F4-F61680D00DBD}
2011-10-14 13:42:23 -------- d-----w- C:\Users\jskipper\AppData\Local\{4A3DDBEE-F42B-42BA-82B7-7546021F5334}
2011-10-12 13:29:40 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-12 13:29:39 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-12 13:29:38 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-12 13:29:37 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-12 13:28:54 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-12 13:28:53 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-12 13:28:52 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-12 13:28:52 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-12 13:24:46 -------- d-----w- C:\Users\jskipper\AppData\Local\{2F8AB1EE-6552-4B1B-B859-876962AEB55B}
2011-10-12 13:24:28 -------- d-----w- C:\Users\jskipper\AppData\Local\{E49E9A7E-4901-4D51-B183-00CD6E9AED37}
.
==================== Find3M ====================
.
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 13:57:23.67 ===============

Attached Files


Edited by jeremyws1, 10 November 2011 - 03:15 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 AM

Posted 11 November 2011 - 03:03 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jeremyws1

jeremyws1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 11 November 2011 - 11:42 AM

I disabled McAfee's on-access scan, although the log doesn't confirm that.
I ran ComboFix.
It downloaded the newest version.
It ran without a problem (no McAfee dialogs or such), rebooted, and created the file below.

Google is redirecting, and Windows Security Service can't be started.

ComboFix 11-11-11.04 - jskipper 11/11/2011 10:22:20.7.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8126.6585 [GMT -6:00]
Running from: c:\users\jskipper\Desktop\ComboFix.exe
AV: McAfee® Total Protection™ Service *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee® Total Protection™ Service *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 16:25 . 2011-11-11 16:25 -------- d-----w- c:\users\mepatech\AppData\Local\temp
2011-11-11 16:25 . 2011-11-11 16:25 -------- d-----w- c:\users\dhouston\AppData\Local\temp
2011-11-11 16:25 . 2011-11-11 16:25 -------- d-----w- c:\users\dennisr\AppData\Local\temp
2011-11-11 16:25 . 2011-11-11 16:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-11 16:25 . 2011-11-11 16:25 -------- d-----w- c:\users\administrator\AppData\Local\temp
2011-11-11 15:03 . 2011-01-12 20:13 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-11-11 15:03 . 2011-01-19 16:18 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-11-11 15:03 . 2011-01-19 16:18 156248 ----a-w- c:\windows\system32\mfevtps.exe
2011-11-11 14:59 . 2011-11-11 14:59 -------- d-----w- c:\program files (x86)\McAfee
2011-11-10 19:01 . 2011-11-11 15:02 -------- d-----w- c:\users\McAfeeMVSUser
2011-11-10 16:05 . 2009-07-23 06:13 306 ----a-w- c:\windows\myClean.bat
2011-11-10 15:57 . 2011-11-10 15:59 -------- d-----w- c:\users\jskipper\AppData\Local\Akamai
2011-11-10 14:18 . 2011-05-12 20:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2011-11-09 21:35 . 2011-11-10 14:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-09 21:25 . 2011-11-09 21:25 5848 ----a-w- C:\backup.reg
2011-11-09 20:35 . 2011-11-09 20:35 -------- d-----w- c:\program files (x86)\CCleaner
2011-11-09 20:24 . 2011-11-09 20:24 -------- d-----w- c:\users\jskipper\AppData\Local\Apps
2011-11-09 20:06 . 2011-11-09 20:06 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-11-09 19:45 . 2011-11-09 19:45 -------- d-----w- c:\program files (x86)\ESET
2011-11-09 19:25 . 2011-11-09 19:25 -------- d-----w- c:\windows\system32\wbem\Logs
2011-11-09 16:02 . 2011-11-09 16:02 -------- d-----w- c:\program files (x86)\Temp File Cleaner
2011-11-09 16:01 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 16:01 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 16:01 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 16:01 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 15:01 . 2011-11-09 15:06 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-09 14:52 . 2011-11-09 14:52 -------- d-----w- c:\program files (x86)\Sophos
2011-11-08 23:10 . 2011-11-08 23:10 -------- d-----w- c:\users\jskipper\AppData\Roaming\Malwarebytes
2011-11-08 23:10 . 2011-11-08 23:10 -------- d-----w- c:\programdata\Malwarebytes
2011-11-08 23:10 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-08 23:10 . 2011-11-08 23:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-07 22:17 . 2011-11-07 22:17 62464 --sha-r- c:\windows\SysWow64\wpdwcnl.dll
2011-10-24 20:44 . 2011-10-24 20:50 -------- d-----w- c:\program files (x86)\quindar
2011-10-18 14:45 . 2011-10-18 14:45 -------- d-----w- c:\program files (x86)\SEL
2011-10-18 14:45 . 2011-10-18 14:45 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-10-17 00:55 . 2011-10-17 00:55 18139008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 05:24 . 2011-10-12 15:54 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 15:54 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 15:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 15:54 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 15:54 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 15:54 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-27 05:37 . 2011-10-12 13:28 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 13:28 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 13:28 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-27 04:26 . 2011-10-12 13:28 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-17 05:26 . 2011-10-12 13:29 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 05:25 . 2011-10-12 13:29 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-08-17 04:24 . 2011-10-12 13:29 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-08-17 04:19 . 2011-10-12 13:29 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-09_19.00.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-06-13 12:57 . 2011-01-12 19:11 74848 c:\windows\SysWOW64\MfeOtlkAddin.dll
+ 2011-06-13 12:57 . 2011-01-12 20:11 74848 c:\windows\SysWOW64\MfeOtlkAddin.dll
- 2011-06-13 12:57 . 2011-01-12 19:11 22816 c:\windows\SysWOW64\MFEOtlk.dll
+ 2011-06-13 12:57 . 2011-01-12 20:11 22816 c:\windows\SysWOW64\MFEOtlk.dll
- 2009-07-14 04:54 . 2011-11-09 18:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-11 16:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-11 16:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-09 18:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-09 18:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-11 16:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-20 04:06 . 2011-11-11 15:00 37394 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-11 15:00 39286 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-08 13:33 . 2011-11-11 15:00 12024 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-854245398-2025429265-682003330-1222_UserData.bin
- 2011-06-13 12:57 . 2011-01-12 19:05 99056 c:\windows\system32\MfeOtlkAddin.dll
+ 2011-06-13 12:57 . 2011-01-12 20:05 99056 c:\windows\system32\MfeOtlkAddin.dll
- 2009-07-14 05:30 . 2011-11-09 18:29 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-11-09 20:07 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-08-01 21:59 . 2011-08-01 21:59 45416 c:\windows\system32\DriverStore\FileRepository\point64.inf_amd64_neutral_b1cf5e889e918ca6\point64.sys
+ 2011-07-29 00:37 . 2011-07-29 00:37 52584 c:\windows\system32\DriverStore\FileRepository\dc3du.inf_amd64_neutral_74c6c3670a9a8e89\dc3d.sys
+ 2011-08-01 21:59 . 2011-08-01 21:59 45416 c:\windows\system32\drivers\point64.sys
- 2011-01-19 15:18 . 2011-01-19 15:18 97960 c:\windows\system32\drivers\mferkdet.sys
+ 2011-01-19 16:18 . 2011-01-19 16:18 97960 c:\windows\system32\drivers\mferkdet.sys
- 2010-08-26 19:27 . 2011-11-09 18:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-26 19:27 . 2011-11-11 16:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-26 19:27 . 2011-11-11 16:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-26 19:27 . 2011-11-09 18:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-09 18:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-11 16:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-11 16:26 . 2011-11-11 16:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-09 18:59 . 2011-11-09 18:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-11 16:26 . 2011-11-11 16:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-09 18:59 . 2011-11-09 18:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-11-11 15:06 663184 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-11 15:06 122052 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:45 . 2011-11-09 20:09 486192 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:30 . 2011-11-09 18:29 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-11-09 20:07 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-11-09 20:07 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-11-09 18:28 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-08-01 21:59 . 2011-08-01 21:59 470376 c:\windows\system32\DriverStore\FileRepository\ipcdless.inf_amd64_neutral_165412f37e9f9224\ipcoin82.dll
- 2011-01-19 15:18 . 2011-01-19 15:18 281544 c:\windows\system32\drivers\mfewfpk.sys
+ 2011-01-19 16:18 . 2011-01-19 16:18 281544 c:\windows\system32\drivers\mfewfpk.sys
+ 2011-01-19 16:18 . 2011-01-19 16:18 607152 c:\windows\system32\drivers\mfehidk.sys
- 2009-12-15 20:28 . 2011-01-19 15:18 607152 c:\windows\system32\drivers\mfehidk.sys
- 2009-12-15 20:28 . 2011-01-19 15:18 217696 c:\windows\system32\drivers\mfeavfk.sys
+ 2011-01-19 16:18 . 2011-01-19 16:18 217696 c:\windows\system32\drivers\mfeavfk.sys
- 2011-01-19 15:18 . 2011-01-19 15:18 153952 c:\windows\system32\drivers\mfeapfk.sys
+ 2011-01-19 16:18 . 2011-01-19 16:18 153952 c:\windows\system32\drivers\mfeapfk.sys
+ 2009-07-14 04:46 . 2011-11-11 16:11 104976 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2011-11-09 18:59 431880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-11 16:25 431880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-01 21:59 . 2011-08-01 21:59 1721576 c:\windows\system32\DriverStore\FileRepository\point64.inf_amd64_neutral_b1cf5e889e918ca6\wdfcoinstaller01009.dll
+ 2011-07-29 00:37 . 2011-07-29 00:37 1721576 c:\windows\system32\DriverStore\FileRepository\dc3du.inf_amd64_neutral_74c6c3670a9a8e89\WdfCoInstaller01009.dll
+ 2009-07-14 04:45 . 2011-11-11 16:11 7351234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-11-09 18:35 7351234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-10-22 22:03 . 2011-11-11 16:25 6440878 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-854245398-2025429265-682003330-1222-12288.dat
+ 2011-04-18 15:27 . 2011-11-09 21:25 2203488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2589211431-2798449974-3351060956-1001-12288.dat
+ 2011-08-01 21:59 . 2011-08-01 21:59 1978368 c:\windows\Installer\18344.msi
+ 2011-08-01 21:59 . 2011-08-01 21:59 2081792 c:\windows\Installer\181b2.msi
- 2009-07-14 02:34 . 2011-11-09 18:32 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-11-11 16:21 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MVS Splash"="c:\program files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2011-04-13 476480]
.
c:\users\jskipper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 185192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 WinRT;WinRT; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-04-13 291064]
S2 RumorServer;McAfee Peer Distribution Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-04-13 291064]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]
S2 SWAGENT;SonicWALL Agent Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\swAgent.exe [2011-04-13 189760]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-2025429265-682003330-1652Core.job
- c:\users\dhouston\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-04 14:37]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-2025429265-682003330-1652UA.job
- c:\users\dhouston\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-04 14:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 17:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 17:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 10.26.41.6 10.26.41.5
FF - ProfilePath - c:\users\jskipper\AppData\Roaming\Mozilla\Firefox\Profiles\zmdbkt1k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,b3,c7,97,33,cf,ff,4c,9e,a4,9c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,b3,c7,97,33,cf,ff,4c,9e,a4,9c,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\ManagedServices]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\VSCORE]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-11-11 10:30:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-11 16:30
ComboFix2.txt 2011-11-10 19:01
ComboFix3.txt 2011-11-10 14:34
ComboFix4.txt 2011-11-09 21:20
ComboFix5.txt 2011-11-11 16:21
.
Pre-Run: 932,988,870,656 bytes free
Post-Run: 932,689,059,840 bytes free
.
- - End Of File - - 5DBC410372B3CCC8D380B51ADB7B975E

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 AM

Posted 12 November 2011 - 04:12 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jeremyws1

jeremyws1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 14 November 2011 - 10:15 AM

09:13:52.0462 2248 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
09:13:52.0914 2248 ============================================================
09:13:52.0914 2248 Current date / time: 2011/11/14 09:13:52.0914
09:13:52.0914 2248 SystemInfo:
09:13:52.0914 2248
09:13:52.0914 2248 OS Version: 6.1.7601 ServicePack: 1.0
09:13:52.0914 2248 Product type: Workstation
09:13:52.0914 2248 ComputerName: JEREMY-DESKTOP
09:13:52.0914 2248 UserName: jskipper
09:13:52.0914 2248 Windows directory: C:\Windows
09:13:52.0914 2248 System windows directory: C:\Windows
09:13:52.0914 2248 Running under WOW64
09:13:52.0914 2248 Processor architecture: Intel x64
09:13:52.0914 2248 Number of processors: 2
09:13:52.0914 2248 Page size: 0x1000
09:13:52.0914 2248 Boot type: Normal boot
09:13:52.0914 2248 ============================================================
09:13:53.0148 2248 Initialize success
09:13:55.0706 0696 ============================================================
09:13:55.0706 0696 Scan started
09:13:55.0706 0696 Mode: Manual;
09:13:55.0706 0696 ============================================================
09:13:56.0564 0696 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:13:56.0564 0696 1394ohci - ok
09:13:56.0595 0696 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:13:56.0595 0696 ACPI - ok
09:13:56.0627 0696 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:13:56.0627 0696 AcpiPmi - ok
09:13:56.0673 0696 ADIHdAudAddService (0fa60a409e1c8ab9a81901311d15393d) C:\Windows\system32\drivers\ADIHdAud.sys
09:13:56.0673 0696 ADIHdAudAddService - ok
09:13:56.0705 0696 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:13:56.0705 0696 adp94xx - ok
09:13:56.0720 0696 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:13:56.0720 0696 adpahci - ok
09:13:56.0736 0696 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:13:56.0751 0696 adpu320 - ok
09:13:56.0814 0696 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
09:13:56.0814 0696 AFD - ok
09:13:56.0845 0696 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:13:56.0845 0696 agp440 - ok
09:13:56.0907 0696 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:13:56.0907 0696 aliide - ok
09:13:56.0923 0696 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:13:56.0923 0696 amdide - ok
09:13:56.0939 0696 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:13:56.0939 0696 AmdK8 - ok
09:13:57.0032 0696 amdkmdag (9673319070166e26660eba4edf316fa2) C:\Windows\system32\DRIVERS\atipmdag.sys
09:13:57.0095 0696 amdkmdag - ok
09:13:57.0141 0696 amdkmdap (430d06d63952848e64cbbf23b5c1479e) C:\Windows\system32\DRIVERS\atikmpag.sys
09:13:57.0141 0696 amdkmdap - ok
09:13:57.0157 0696 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:13:57.0157 0696 AmdPPM - ok
09:13:57.0188 0696 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:13:57.0188 0696 amdsata - ok
09:13:57.0219 0696 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:13:57.0219 0696 amdsbs - ok
09:13:57.0219 0696 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:13:57.0235 0696 amdxata - ok
09:13:57.0282 0696 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:13:57.0282 0696 AppID - ok
09:13:57.0313 0696 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:13:57.0313 0696 arc - ok
09:13:57.0329 0696 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:13:57.0329 0696 arcsas - ok
09:13:57.0375 0696 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:13:57.0375 0696 AsyncMac - ok
09:13:57.0422 0696 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:13:57.0422 0696 atapi - ok
09:13:57.0453 0696 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:13:57.0469 0696 b06bdrv - ok
09:13:57.0485 0696 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:13:57.0485 0696 b57nd60a - ok
09:13:57.0516 0696 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:13:57.0516 0696 Beep - ok
09:13:57.0547 0696 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:13:57.0547 0696 blbdrive - ok
09:13:57.0594 0696 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:13:57.0594 0696 bowser - ok
09:13:57.0609 0696 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:13:57.0609 0696 BrFiltLo - ok
09:13:57.0625 0696 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:13:57.0625 0696 BrFiltUp - ok
09:13:57.0672 0696 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:13:57.0672 0696 Brserid - ok
09:13:57.0687 0696 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:13:57.0687 0696 BrSerWdm - ok
09:13:57.0719 0696 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:13:57.0734 0696 BrUsbMdm - ok
09:13:57.0750 0696 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:13:57.0750 0696 BrUsbSer - ok
09:13:57.0765 0696 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:13:57.0765 0696 BTHMODEM - ok
09:13:57.0797 0696 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:13:57.0797 0696 cdfs - ok
09:13:57.0828 0696 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
09:13:57.0843 0696 cdrom - ok
09:13:57.0890 0696 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:13:57.0890 0696 circlass - ok
09:13:57.0906 0696 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:13:57.0906 0696 CLFS - ok
09:13:57.0953 0696 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:13:57.0953 0696 CmBatt - ok
09:13:57.0968 0696 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:13:57.0968 0696 cmdide - ok
09:13:58.0015 0696 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
09:13:58.0015 0696 CNG - ok
09:13:58.0046 0696 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:13:58.0046 0696 Compbatt - ok
09:13:58.0077 0696 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:13:58.0077 0696 CompositeBus - ok
09:13:58.0093 0696 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:13:58.0093 0696 crcdisk - ok
09:13:58.0140 0696 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
09:13:58.0140 0696 CSC - ok
09:13:58.0187 0696 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
09:13:58.0202 0696 dc3d - ok
09:13:58.0233 0696 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:13:58.0233 0696 DfsC - ok
09:13:58.0265 0696 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:13:58.0265 0696 discache - ok
09:13:58.0280 0696 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:13:58.0280 0696 Disk - ok
09:13:58.0327 0696 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:13:58.0327 0696 drmkaud - ok
09:13:58.0374 0696 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:13:58.0389 0696 DXGKrnl - ok
09:13:58.0405 0696 e1kexpress (711405da1fbc40b820db5a2b4dd939f0) C:\Windows\system32\DRIVERS\e1k62x64.sys
09:13:58.0421 0696 e1kexpress - ok
09:13:58.0483 0696 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:13:58.0499 0696 ebdrv - ok
09:13:58.0545 0696 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:13:58.0545 0696 elxstor - ok
09:13:58.0577 0696 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:13:58.0577 0696 ErrDev - ok
09:13:58.0592 0696 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:13:58.0592 0696 exfat - ok
09:13:58.0623 0696 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:13:58.0623 0696 fastfat - ok
09:13:58.0639 0696 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:13:58.0639 0696 fdc - ok
09:13:58.0670 0696 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:13:58.0670 0696 FileInfo - ok
09:13:58.0686 0696 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:13:58.0686 0696 Filetrace - ok
09:13:58.0701 0696 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:13:58.0701 0696 flpydisk - ok
09:13:58.0748 0696 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:13:58.0748 0696 FltMgr - ok
09:13:58.0764 0696 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:13:58.0764 0696 FsDepends - ok
09:13:58.0811 0696 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
09:13:58.0811 0696 fssfltr - ok
09:13:58.0842 0696 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:13:58.0842 0696 Fs_Rec - ok
09:13:58.0889 0696 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:13:58.0889 0696 fvevol - ok
09:13:58.0904 0696 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:13:58.0904 0696 gagp30kx - ok
09:13:58.0935 0696 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:13:58.0935 0696 hcw85cir - ok
09:13:58.0982 0696 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:13:58.0982 0696 HDAudBus - ok
09:13:59.0013 0696 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:13:59.0013 0696 HidBatt - ok
09:13:59.0029 0696 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:13:59.0029 0696 HidBth - ok
09:13:59.0076 0696 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:13:59.0076 0696 HidIr - ok
09:13:59.0107 0696 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:13:59.0107 0696 HidUsb - ok
09:13:59.0138 0696 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:13:59.0154 0696 HpSAMD - ok
09:13:59.0185 0696 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:13:59.0201 0696 HTTP - ok
09:13:59.0232 0696 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:13:59.0232 0696 hwpolicy - ok
09:13:59.0263 0696 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:13:59.0263 0696 i8042prt - ok
09:13:59.0294 0696 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
09:13:59.0294 0696 iaStor - ok
09:13:59.0341 0696 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:13:59.0341 0696 iaStorV - ok
09:13:59.0357 0696 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:13:59.0357 0696 iirsp - ok
09:13:59.0388 0696 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:13:59.0388 0696 intelide - ok
09:13:59.0419 0696 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:13:59.0419 0696 intelppm - ok
09:13:59.0450 0696 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:13:59.0450 0696 IpFilterDriver - ok
09:13:59.0466 0696 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:13:59.0466 0696 IPMIDRV - ok
09:13:59.0497 0696 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:13:59.0497 0696 IPNAT - ok
09:13:59.0528 0696 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:13:59.0528 0696 IRENUM - ok
09:13:59.0544 0696 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:13:59.0544 0696 isapnp - ok
09:13:59.0559 0696 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:13:59.0575 0696 iScsiPrt - ok
09:13:59.0591 0696 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:13:59.0591 0696 kbdclass - ok
09:13:59.0606 0696 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:13:59.0606 0696 kbdhid - ok
09:13:59.0653 0696 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
09:13:59.0653 0696 KSecDD - ok
09:13:59.0669 0696 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
09:13:59.0669 0696 KSecPkg - ok
09:13:59.0700 0696 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:13:59.0700 0696 ksthunk - ok
09:13:59.0762 0696 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:13:59.0762 0696 lltdio - ok
09:13:59.0778 0696 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:13:59.0793 0696 LSI_FC - ok
09:13:59.0809 0696 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:13:59.0809 0696 LSI_SAS - ok
09:13:59.0824 0696 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:13:59.0824 0696 LSI_SAS2 - ok
09:13:59.0871 0696 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:13:59.0871 0696 LSI_SCSI - ok
09:13:59.0918 0696 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:13:59.0918 0696 luafv - ok
09:13:59.0980 0696 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
09:13:59.0980 0696 MBAMProtector - ok
09:14:00.0027 0696 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:14:00.0027 0696 megasas - ok
09:14:00.0043 0696 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:14:00.0043 0696 MegaSR - ok
09:14:00.0074 0696 mfeapfk (0d121a46e0148a3bc941fa3bb0269329) C:\Windows\system32\drivers\mfeapfk.sys
09:14:00.0074 0696 mfeapfk - ok
09:14:00.0090 0696 mfeavfk (93f251905c028809ffb49f95a63fcbc9) C:\Windows\system32\drivers\mfeavfk.sys
09:14:00.0090 0696 mfeavfk - ok
09:14:00.0090 0696 mfeavfk01 - ok
09:14:00.0121 0696 mfehidk (a282a937127ea7b15eb85559e59ae576) C:\Windows\system32\drivers\mfehidk.sys
09:14:00.0121 0696 mfehidk - ok
09:14:00.0152 0696 mferkdet (04d7e0e2a48730a1c535837f105e6352) C:\Windows\system32\drivers\mferkdet.sys
09:14:00.0152 0696 mferkdet - ok
09:14:00.0183 0696 mfewfpk (325dd1031cfd71bd4d8afdb1faaf3bea) C:\Windows\system32\drivers\mfewfpk.sys
09:14:00.0183 0696 mfewfpk - ok
09:14:00.0214 0696 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:14:00.0214 0696 Modem - ok
09:14:00.0214 0696 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:14:00.0214 0696 monitor - ok
09:14:00.0261 0696 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:14:00.0261 0696 mouclass - ok
09:14:00.0292 0696 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:14:00.0292 0696 mouhid - ok
09:14:00.0339 0696 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:14:00.0339 0696 mountmgr - ok
09:14:00.0386 0696 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:14:00.0386 0696 mpio - ok
09:14:00.0402 0696 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:14:00.0402 0696 mpsdrv - ok
09:14:00.0433 0696 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:14:00.0433 0696 MRxDAV - ok
09:14:00.0464 0696 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:14:00.0464 0696 mrxsmb - ok
09:14:00.0495 0696 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:14:00.0495 0696 mrxsmb10 - ok
09:14:00.0511 0696 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:14:00.0511 0696 mrxsmb20 - ok
09:14:00.0558 0696 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:14:00.0558 0696 msahci - ok
09:14:00.0573 0696 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:14:00.0573 0696 msdsm - ok
09:14:00.0604 0696 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:14:00.0604 0696 Msfs - ok
09:14:00.0620 0696 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:14:00.0620 0696 mshidkmdf - ok
09:14:00.0667 0696 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:14:00.0667 0696 msisadrv - ok
09:14:00.0698 0696 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:14:00.0698 0696 MSKSSRV - ok
09:14:00.0714 0696 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:14:00.0714 0696 MSPCLOCK - ok
09:14:00.0729 0696 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:14:00.0729 0696 MSPQM - ok
09:14:00.0776 0696 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:14:00.0776 0696 MsRPC - ok
09:14:00.0792 0696 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:14:00.0792 0696 mssmbios - ok
09:14:00.0807 0696 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:14:00.0807 0696 MSTEE - ok
09:14:00.0823 0696 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:14:00.0823 0696 MTConfig - ok
09:14:00.0854 0696 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:14:00.0854 0696 Mup - ok
09:14:00.0916 0696 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:14:00.0932 0696 NativeWifiP - ok
09:14:00.0994 0696 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:14:00.0994 0696 NDIS - ok
09:14:01.0010 0696 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:14:01.0010 0696 NdisCap - ok
09:14:01.0041 0696 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:14:01.0041 0696 NdisTapi - ok
09:14:01.0072 0696 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:14:01.0072 0696 Ndisuio - ok
09:14:01.0119 0696 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:14:01.0119 0696 NdisWan - ok
09:14:01.0150 0696 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:14:01.0150 0696 NDProxy - ok
09:14:01.0182 0696 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:14:01.0182 0696 NetBIOS - ok
09:14:01.0228 0696 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:14:01.0228 0696 NetBT - ok
09:14:01.0275 0696 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:14:01.0275 0696 nfrd960 - ok
09:14:01.0291 0696 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:14:01.0291 0696 Npfs - ok
09:14:01.0322 0696 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:14:01.0322 0696 nsiproxy - ok
09:14:01.0400 0696 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:14:01.0400 0696 Ntfs - ok
09:14:01.0416 0696 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:14:01.0416 0696 Null - ok
09:14:01.0540 0696 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:14:01.0540 0696 nvraid - ok
09:14:01.0572 0696 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:14:01.0572 0696 nvstor - ok
09:14:01.0603 0696 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:14:01.0618 0696 nv_agp - ok
09:14:01.0665 0696 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:14:01.0665 0696 ohci1394 - ok
09:14:01.0696 0696 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:14:01.0696 0696 Parport - ok
09:14:01.0712 0696 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:14:01.0712 0696 partmgr - ok
09:14:01.0728 0696 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys
09:14:01.0728 0696 PBADRV - ok
09:14:01.0774 0696 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:14:01.0774 0696 pci - ok
09:14:01.0806 0696 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:14:01.0806 0696 pciide - ok
09:14:01.0821 0696 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:14:01.0821 0696 pcmcia - ok
09:14:01.0837 0696 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:14:01.0837 0696 pcw - ok
09:14:01.0852 0696 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:14:01.0868 0696 PEAUTH - ok
09:14:01.0946 0696 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
09:14:01.0946 0696 Point64 - ok
09:14:01.0993 0696 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:14:01.0993 0696 PptpMiniport - ok
09:14:02.0008 0696 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:14:02.0008 0696 Processor - ok
09:14:02.0071 0696 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:14:02.0071 0696 Psched - ok
09:14:02.0118 0696 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
09:14:02.0118 0696 PxHlpa64 - ok
09:14:02.0149 0696 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:14:02.0164 0696 ql2300 - ok
09:14:02.0196 0696 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:14:02.0196 0696 ql40xx - ok
09:14:02.0227 0696 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:14:02.0227 0696 QWAVEdrv - ok
09:14:02.0242 0696 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:14:02.0242 0696 RasAcd - ok
09:14:02.0258 0696 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:14:02.0258 0696 RasAgileVpn - ok
09:14:02.0289 0696 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:14:02.0289 0696 Rasl2tp - ok
09:14:02.0320 0696 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:14:02.0320 0696 RasPppoe - ok
09:14:02.0352 0696 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:14:02.0352 0696 RasSstp - ok
09:14:02.0398 0696 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:14:02.0414 0696 rdbss - ok
09:14:02.0414 0696 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:14:02.0414 0696 rdpbus - ok
09:14:02.0430 0696 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:14:02.0430 0696 RDPCDD - ok
09:14:02.0476 0696 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
09:14:02.0476 0696 RDPDR - ok
09:14:02.0492 0696 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:14:02.0492 0696 RDPENCDD - ok
09:14:02.0492 0696 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:14:02.0508 0696 RDPREFMP - ok
09:14:02.0539 0696 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
09:14:02.0539 0696 RDPWD - ok
09:14:02.0586 0696 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:14:02.0586 0696 rdyboost - ok
09:14:02.0632 0696 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
09:14:02.0632 0696 RimUsb - ok
09:14:02.0664 0696 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
09:14:02.0664 0696 RimVSerPort - ok
09:14:02.0695 0696 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
09:14:02.0695 0696 ROOTMODEM - ok
09:14:02.0726 0696 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:14:02.0726 0696 rspndr - ok
09:14:02.0788 0696 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
09:14:02.0788 0696 s3cap - ok
09:14:02.0804 0696 SAVRKBootTasks - ok
09:14:02.0851 0696 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:14:02.0851 0696 sbp2port - ok
09:14:02.0913 0696 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:14:02.0913 0696 scfilter - ok
09:14:02.0929 0696 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:14:02.0944 0696 secdrv - ok
09:14:02.0991 0696 Sentinel64 (84ac127242dd3ccde02f9a4673214b1f) C:\Windows\System32\Drivers\Sentinel64.sys
09:14:02.0991 0696 Sentinel64 - ok
09:14:03.0022 0696 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:14:03.0022 0696 Serenum - ok
09:14:03.0022 0696 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:14:03.0022 0696 Serial - ok
09:14:03.0069 0696 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:14:03.0069 0696 sermouse - ok
09:14:03.0116 0696 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:14:03.0116 0696 sffdisk - ok
09:14:03.0163 0696 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:14:03.0163 0696 sffp_mmc - ok
09:14:03.0194 0696 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:14:03.0194 0696 sffp_sd - ok
09:14:03.0194 0696 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:14:03.0194 0696 sfloppy - ok
09:14:03.0241 0696 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:14:03.0241 0696 SiSRaid2 - ok
09:14:03.0256 0696 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:14:03.0256 0696 SiSRaid4 - ok
09:14:03.0288 0696 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:14:03.0288 0696 Smb - ok
09:14:03.0319 0696 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:14:03.0319 0696 spldr - ok
09:14:03.0381 0696 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:14:03.0381 0696 srv - ok
09:14:03.0412 0696 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:14:03.0412 0696 srv2 - ok
09:14:03.0428 0696 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:14:03.0428 0696 srvnet - ok
09:14:03.0444 0696 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:14:03.0444 0696 stexstor - ok
09:14:03.0522 0696 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
09:14:03.0522 0696 storflt - ok
09:14:03.0568 0696 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
09:14:03.0568 0696 storvsc - ok
09:14:03.0615 0696 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:14:03.0615 0696 swenum - ok
09:14:03.0693 0696 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
09:14:03.0709 0696 Tcpip - ok
09:14:03.0771 0696 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
09:14:03.0787 0696 TCPIP6 - ok
09:14:03.0849 0696 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:14:03.0849 0696 tcpipreg - ok
09:14:03.0880 0696 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:14:03.0880 0696 TDPIPE - ok
09:14:03.0896 0696 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:14:03.0896 0696 TDTCP - ok
09:14:03.0943 0696 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:14:03.0943 0696 tdx - ok
09:14:03.0943 0696 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:14:03.0958 0696 TermDD - ok
09:14:03.0990 0696 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:14:03.0990 0696 tssecsrv - ok
09:14:04.0036 0696 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:14:04.0052 0696 TsUsbFlt - ok
09:14:04.0099 0696 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:14:04.0099 0696 tunnel - ok
09:14:04.0146 0696 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:14:04.0146 0696 uagp35 - ok
09:14:04.0177 0696 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:14:04.0192 0696 udfs - ok
09:14:04.0224 0696 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:14:04.0224 0696 uliagpkx - ok
09:14:04.0255 0696 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:14:04.0255 0696 umbus - ok
09:14:04.0270 0696 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:14:04.0270 0696 UmPass - ok
09:14:04.0333 0696 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:14:04.0333 0696 usbccgp - ok
09:14:04.0364 0696 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:14:04.0364 0696 usbcir - ok
09:14:04.0411 0696 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:14:04.0411 0696 usbehci - ok
09:14:04.0458 0696 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:14:04.0458 0696 usbhub - ok
09:14:04.0473 0696 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
09:14:04.0473 0696 usbohci - ok
09:14:04.0489 0696 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:14:04.0489 0696 usbprint - ok
09:14:04.0520 0696 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:14:04.0536 0696 USBSTOR - ok
09:14:04.0567 0696 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
09:14:04.0567 0696 usbuhci - ok
09:14:04.0614 0696 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:14:04.0629 0696 vdrvroot - ok
09:14:04.0660 0696 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:14:04.0660 0696 vga - ok
09:14:04.0676 0696 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:14:04.0676 0696 VgaSave - ok
09:14:04.0707 0696 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:14:04.0723 0696 vhdmp - ok
09:14:04.0738 0696 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:14:04.0738 0696 viaide - ok
09:14:04.0770 0696 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
09:14:04.0770 0696 vmbus - ok
09:14:04.0770 0696 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
09:14:04.0785 0696 VMBusHID - ok
09:14:04.0801 0696 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:14:04.0801 0696 volmgr - ok
09:14:04.0832 0696 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:14:04.0848 0696 volmgrx - ok
09:14:04.0863 0696 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:14:04.0863 0696 volsnap - ok
09:14:04.0910 0696 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:14:04.0910 0696 vsmraid - ok
09:14:04.0926 0696 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
09:14:04.0926 0696 vwifibus - ok
09:14:04.0957 0696 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:14:04.0957 0696 WacomPen - ok
09:14:04.0988 0696 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:14:04.0988 0696 WANARP - ok
09:14:05.0003 0696 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:14:05.0003 0696 Wanarpv6 - ok
09:14:05.0050 0696 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:14:05.0050 0696 Wd - ok
09:14:05.0066 0696 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:14:05.0081 0696 Wdf01000 - ok
09:14:05.0128 0696 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:14:05.0128 0696 WfpLwf - ok
09:14:05.0144 0696 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:14:05.0144 0696 WIMMount - ok
09:14:05.0175 0696 WinRT - ok
09:14:05.0253 0696 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:14:05.0253 0696 WinUsb - ok
09:14:05.0315 0696 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:14:05.0315 0696 WmiAcpi - ok
09:14:05.0347 0696 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:14:05.0347 0696 ws2ifsl - ok
09:14:05.0409 0696 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:14:05.0409 0696 WudfPf - ok
09:14:05.0425 0696 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:14:05.0425 0696 WUDFRd - ok
09:14:05.0456 0696 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:14:05.0456 0696 \Device\Harddisk0\DR0 - ok
09:14:05.0456 0696 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
09:14:05.0877 0696 \Device\Harddisk1\DR1 - ok
09:14:05.0877 0696 Boot (0x1200) (b168a5e2ad9cf62753acc0b54479d6f3) \Device\Harddisk0\DR0\Partition0
09:14:05.0877 0696 \Device\Harddisk0\DR0\Partition0 - ok
09:14:05.0893 0696 Boot (0x1200) (ed9619b660fa237b2a82397108076919) \Device\Harddisk0\DR0\Partition1
09:14:05.0893 0696 \Device\Harddisk0\DR0\Partition1 - ok
09:14:05.0893 0696 Boot (0x1200) (42b8a7cbf1ea9f71b2d6972db4ff898a) \Device\Harddisk1\DR1\Partition0
09:14:05.0893 0696 \Device\Harddisk1\DR1\Partition0 - ok
09:14:05.0893 0696 ============================================================
09:14:05.0893 0696 Scan finished
09:14:05.0893 0696 ============================================================
09:14:05.0908 1916 Detected object count: 0
09:14:05.0908 1916 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 AM

Posted 14 November 2011 - 01:11 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jeremyws1

jeremyws1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 14 November 2011 - 01:16 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-14 12:14:14
-----------------------------
12:14:14.062 OS Version: Windows x64 6.1.7601 Service Pack 1
12:14:14.062 Number of processors: 2 586 0x170A
12:14:14.062 ComputerName: JEREMY-DESKTOP UserName: jskipper
12:14:17.198 Initialize success
12:14:47.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:14:47.093 Disk 0 Vendor: ST310005 CC46 Size: 953869MB BusType: 8
12:14:47.109 Disk 0 MBR read successfully
12:14:47.109 Disk 0 MBR scan
12:14:47.109 Disk 0 Windows 7 default MBR code
12:14:47.109 Service scanning
12:14:48.060 Modules scanning
12:14:48.060 Disk 0 trace - called modules:
12:14:48.060 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:14:48.060 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80099e6060]
12:14:48.060 3 CLASSPNP.SYS[fffff88001bba43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007680050]
12:14:48.076 Scan finished successfully
12:15:21.895 Disk 0 MBR has been saved successfully to "C:\Users\jskipper\Desktop\MBR.dat"
12:15:21.895 The log file has been saved successfully to "C:\Users\jskipper\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 AM

Posted 14 November 2011 - 04:18 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jeremyws1

jeremyws1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 14 November 2011 - 06:10 PM

OTL logfile created on: 11/14/2011 5:07:33 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jskipper\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.94 Gb Total Physical Memory | 6.40 Gb Available Physical Memory | 80.67% Memory free
15.87 Gb Paging File | 14.29 Gb Available in Paging File | 90.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.01 Gb Total Space | 868.21 Gb Free Space | 94.17% Space Free | Partition Type: NTFS
Drive E: | 1.98 Gb Total Space | 1.32 Gb Free Space | 67.01% Space Free | Partition Type: FAT

Computer Name: JEREMY-DESKTOP | User Name: jskipper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\jskipper\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\swAgent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV:64bit: - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_dac4cfd.dll ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SWAGENT) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\swAgent.exe (McAfee, Inc.)
SRV - (RumorServer) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
SRV - (myAgtSvc) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (tcsd_win32.exe) -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (e1kexpress) Intel® -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (PBADRV) -- C:\Windows\SysNative\drivers\PBADRV.SYS (Dell Inc)
DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV - (SAVRKBootTasks) -- C:\Windows\SysWOW64\SAVRKBootTasks.sys (Sophos Group)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-854245398-2025429265-682003330-1222\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-854245398-2025429265-682003330-1222\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-854245398-2025429265-682003330-1222\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-854245398-2025429265-682003330-1222\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-854245398-2025429265-682003330-1222\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/04 09:43:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 13:20:26 | 000,000,000 | ---D | M]

[2010/09/08 07:44:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jskipper\AppData\Roaming\mozilla\Extensions
[2011/11/11 10:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jskipper\AppData\Roaming\mozilla\Firefox\Profiles\zmdbkt1k.default\extensions
[2011/08/25 12:31:19 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\jskipper\AppData\Roaming\mozilla\Firefox\Profiles\zmdbkt1k.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/09/08 07:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/04 09:43:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/06 13:30:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/11 10:26:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111111090314.dll (McAfee, Inc.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111111090314.dll (McAfee, Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-854245398-2025429265-682003330-1222\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)
O4 - Startup: C:\Users\jskipper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2010/09/14 07:39:07 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-2025429265-682003330-1222\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-2025429265-682003330-1222\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-2025429265-682003330-1222\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.26.41.6 10.26.41.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mepa.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{153ED8B4-1128-4A61-8FBA-F1B839D7BEB6}: DhcpNameServer = 10.26.41.6 10.26.41.5
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/11 12:43:37 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 17:05:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jskipper\Desktop\OTL.exe
[2011/11/14 10:50:59 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{95A96F2C-F99B-44C0-AF6C-39DE940B4655}
[2011/11/11 15:48:16 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\jskipper\Desktop\TDSSKiller.exe
[2011/11/11 10:30:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/11 10:26:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/11 09:03:13 | 000,009,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2011/11/11 09:03:09 | 000,156,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2011/11/11 09:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/11 08:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2011/11/10 13:52:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\jskipper\Desktop\dds.exe
[2011/11/10 09:57:58 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\Akamai
[2011/11/10 09:04:22 | 076,592,848 | ---- | C] (Microsoft Corporation) -- C:\Users\jskipper\Desktop\msert.exe
[2011/11/10 08:18:56 | 000,018,816 | ---- | C] (Sophos Group) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2011/11/09 15:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/11/09 14:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2011/11/09 14:24:46 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\Apps
[2011/11/09 14:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/11/09 14:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/11/09 13:55:05 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\jskipper\Desktop\FixTDSS.exe
[2011/11/09 13:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/09 13:36:16 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\jskipper\Desktop\aswMBR.exe
[2011/11/09 10:32:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/09 10:32:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/09 10:32:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/09 10:32:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/09 10:31:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/09 10:30:41 | 004,289,973 | R--- | C] (Swearware) -- C:\Users\jskipper\Desktop\ComboFix.exe
[2011/11/09 10:02:56 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner
[2011/11/09 10:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Temp File Cleaner
[2011/11/09 09:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/11/09 09:01:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/11/09 08:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/11/09 08:52:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/11/08 17:10:37 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Roaming\Malwarebytes
[2011/11/08 17:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/08 17:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/08 17:10:29 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/08 17:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/08 09:40:58 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{6D1764E0-DB19-468B-99CD-36A2D5A17899}
[2011/11/08 09:40:46 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{950835BC-69D3-4425-9FF8-C3621B8934D7}
[2011/11/07 09:36:20 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{2995EF5D-9089-4170-8C22-2BF6C013A196}
[2011/11/07 09:36:08 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{376E66A4-4D6D-4499-A972-04EA12520DC2}
[2011/11/04 12:42:03 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{6B13D7B9-C166-4032-8B35-279701755CA9}
[2011/11/04 12:41:51 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{AEDCDBC4-A920-40EA-9BC0-611A52893383}
[2011/11/04 07:37:15 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{D1DD24D3-DC89-4D23-9104-35778BD3052A}
[2011/11/03 07:21:09 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{365D5C98-23A8-4C15-9124-E896D2F5900F}
[2011/11/03 07:20:58 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{649560FF-25DC-481C-82E4-CB08F1F36A49}
[2011/11/02 08:46:35 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{3963373D-DDC7-4008-80BD-174F70C2FDB5}
[2011/11/02 08:46:23 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{507E055D-68C7-4B34-83D9-ECA7B417089C}
[2011/11/01 20:46:11 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{2F6685E5-499B-4B3C-A233-36456387EABD}
[2011/11/01 20:46:01 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{CAC6036A-C036-4806-8AC0-5772A8F6AD77}
[2011/11/01 08:45:50 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{48527742-0181-4D49-9766-9B21DA094951}
[2011/11/01 08:45:39 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{692C5CFE-99CD-48C7-BD08-8076AE56B2BA}
[2011/10/31 20:45:27 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{BE93B446-D15A-4281-9999-DC8B4AB38743}
[2011/10/31 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{CF3CF705-41A4-4C09-BD5B-EC2F41D0D054}
[2011/10/31 08:44:59 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{FCB8EE08-9A41-46B9-AB6C-9AB4D30E4D49}
[2011/10/31 08:44:47 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{F4494733-5E24-4630-9B7D-95AC2D9E6025}
[2011/10/28 07:42:02 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{141AFAA1-9C0E-4C66-8969-6DAAECDEAA5F}
[2011/10/28 07:41:51 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{984466FD-E8C6-434F-BA3E-DC54D4D2A956}
[2011/10/25 07:58:14 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{72176EE5-A927-4B7B-BA14-7BD9739D6D66}
[2011/10/25 07:58:04 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{93B4DBE1-71AD-46A3-9591-8787064D7425}
[2011/10/24 14:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCADA Tools
[2011/10/24 14:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\quindar
[2011/10/24 07:24:34 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{D4EF2D39-7B9A-45D4-95A2-C405C2EBDF0C}
[2011/10/24 07:24:23 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{421811F1-5C06-44C9-BA57-03A64DEFD645}
[2011/10/21 07:40:08 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{B6FEE1C7-B045-4797-BCE0-C4AABF0CBFCF}
[2011/10/21 07:39:52 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{51C23D8A-E097-4CEE-82EC-D2592D719C04}
[2011/10/20 07:27:07 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{AF6B0B8D-4057-4F17-ADFC-F5AD50FC86AB}
[2011/10/20 07:26:51 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{36AAB35C-FCA4-4EB4-AE00-7883BBE94B18}
[2011/10/19 07:42:08 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{2FB58467-04E8-408B-8B3A-31E7F1686D06}
[2011/10/19 07:41:53 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{77F35523-AF84-4102-AA55-DDB9B9C53166}
[2011/10/18 08:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEL Applications
[2011/10/18 08:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEL
[2011/10/18 08:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/10/18 07:46:55 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{237345A0-C20A-45C8-850B-8EF642D52C0F}
[2011/10/18 07:46:40 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{B0C49D3F-6A85-4226-9DE1-D2B89ACB1DD5}
[2011/10/17 19:46:24 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{2953DC35-1AB1-486A-B0CD-547F3716F974}
[2011/10/17 19:46:07 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{4DCA6442-9F8C-4C5E-B2F9-CF2751A77E66}
[2011/10/17 07:45:51 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{631BFFE6-C839-4259-A8E0-ED60FAEE3042}
[2011/10/17 07:45:34 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{8C645DDB-6D88-4F70-B3FD-8EB242420B6F}
[2011/10/16 19:45:18 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{941CD9E3-F1ED-441A-A119-481B3FD4231E}
[2011/10/16 19:45:01 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{651F60F8-EC03-43CE-9B97-EC72A01F06A5}
[2011/10/16 07:44:49 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{FEEB117B-30D3-4FBD-9B1C-C608EF898390}
[2011/10/16 07:44:34 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{8DAD65D6-42F7-4C32-A205-9954D4596EAB}
[2011/10/15 19:44:18 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{B3ECF71C-7352-4925-A17B-5DBF62ACD35A}
[2011/10/15 19:44:01 | 000,000,000 | ---D | C] -- C:\Users\jskipper\AppData\Local\{55A9A96F-06FF-4519-BD5E-6C17147A8898}

========== Files - Modified Within 30 Days ==========

[2011/11/14 17:05:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jskipper\Desktop\OTL.exe
[2011/11/14 16:42:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-2025429265-682003330-1652UA.job
[2011/11/14 12:15:21 | 000,000,512 | ---- | M] () -- C:\Users\jskipper\Desktop\MBR.dat
[2011/11/14 09:13:30 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\jskipper\Desktop\TDSSKiller.exe
[2011/11/14 08:42:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-2025429265-682003330-1652Core.job
[2011/11/11 10:33:28 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/11 10:33:28 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/11 10:30:30 | 000,783,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/11 10:30:30 | 000,663,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/11 10:30:30 | 000,122,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/11 10:26:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/11 10:25:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/11 10:25:50 | 2095,259,647 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/11 10:21:17 | 004,289,973 | R--- | M] (Swearware) -- C:\Users\jskipper\Desktop\ComboFix.exe
[2011/11/11 08:55:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/11 08:32:41 | 000,001,512 | ---- | M] () -- C:\Windows\SysWow64\WLAN.INI
[2011/11/10 13:51:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\jskipper\Desktop\dds.exe
[2011/11/10 13:50:09 | 000,000,000 | ---- | M] () -- C:\Users\jskipper\defogger_reenable
[2011/11/10 13:49:20 | 000,050,477 | ---- | M] () -- C:\Users\jskipper\Desktop\Defogger.exe
[2011/11/10 13:28:14 | 000,302,592 | ---- | M] () -- C:\Users\jskipper\Desktop\p6m3j7hh.exe
[2011/11/10 09:03:12 | 076,592,848 | ---- | M] (Microsoft Corporation) -- C:\Users\jskipper\Desktop\msert.exe
[2011/11/09 15:25:07 | 000,005,848 | ---- | M] () -- C:\backup.reg
[2011/11/09 14:35:58 | 000,001,887 | ---- | M] () -- C:\Users\jskipper\Desktop\CCleaner.lnk
[2011/11/09 14:09:08 | 000,486,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/09 13:54:50 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\jskipper\Desktop\FixTDSS.exe
[2011/11/09 13:35:54 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\jskipper\Desktop\aswMBR.exe
[2011/11/09 13:11:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts old
[2011/11/09 11:22:12 | 000,079,623 | ---- | M] () -- C:\Users\jskipper\Desktop\Junction.zip
[2011/11/09 08:48:10 | 000,800,364 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/07 16:17:33 | 000,062,464 | RHS- | M] () -- C:\Windows\SysWow64\wpdwcnl.dll
[2011/11/02 14:53:43 | 000,495,616 | ---- | M] () -- C:\Users\jskipper\Desktop\reclose.mdb
[2011/10/24 14:53:25 | 000,001,993 | ---- | M] () -- C:\Users\jskipper\Desktop\WorldView.lnk
[2011/10/24 14:53:10 | 000,002,033 | ---- | M] () -- C:\Users\jskipper\Desktop\SCADA Explorer.lnk
[2011/10/18 08:44:54 | 006,305,448 | ---- | M] () -- C:\Users\jskipper\Desktop\sel-5801.exe
[2011/10/17 09:10:11 | 000,001,133 | ---- | M] () -- C:\Users\jskipper\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

========== Files Created - No Company Name ==========

[2011/11/14 12:15:21 | 000,000,512 | ---- | C] () -- C:\Users\jskipper\Desktop\MBR.dat
[2011/11/11 08:32:41 | 000,001,512 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2011/11/10 13:50:09 | 000,000,000 | ---- | C] () -- C:\Users\jskipper\defogger_reenable
[2011/11/10 13:49:40 | 000,050,477 | ---- | C] () -- C:\Users\jskipper\Desktop\Defogger.exe
[2011/11/10 13:28:48 | 000,302,592 | ---- | C] () -- C:\Users\jskipper\Desktop\p6m3j7hh.exe
[2011/11/10 10:05:34 | 000,000,306 | ---- | C] () -- C:\Windows\myClean.bat
[2011/11/09 15:25:02 | 000,005,848 | ---- | C] () -- C:\backup.reg
[2011/11/09 14:35:58 | 000,001,887 | ---- | C] () -- C:\Users\jskipper\Desktop\CCleaner.lnk
[2011/11/09 14:25:06 | 000,363,520 | ---- | C] () -- C:\Users\jskipper\Desktop\rkill.com
[2011/11/09 11:23:40 | 000,079,623 | ---- | C] () -- C:\Users\jskipper\Desktop\Junction.zip
[2011/11/09 10:38:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/09 10:32:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/09 10:32:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/09 10:32:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/09 10:32:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/09 08:48:16 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/07 16:17:33 | 000,062,464 | RHS- | C] () -- C:\Windows\SysWow64\wpdwcnl.dll
[2011/10/24 14:53:25 | 000,001,993 | ---- | C] () -- C:\Users\jskipper\Desktop\WorldView.lnk
[2011/10/24 14:53:10 | 000,002,033 | ---- | C] () -- C:\Users\jskipper\Desktop\SCADA Explorer.lnk
[2011/10/24 14:44:42 | 000,002,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCADA Status Point Viewer.lnk
[2011/10/24 14:44:42 | 000,002,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCADA Analog Point Viewer.lnk
[2011/10/24 14:44:42 | 000,002,065 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCADA Text Point Viewer.lnk
[2011/10/24 14:44:42 | 000,002,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCADA Point Browser.lnk
[2011/10/24 14:44:42 | 000,002,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCADA Explorer.lnk
[2011/10/24 14:44:42 | 000,002,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOE Viewer.lnk
[2011/10/18 08:44:18 | 006,305,448 | ---- | C] () -- C:\Users\jskipper\Desktop\sel-5801.exe
[2011/05/19 12:32:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/09/14 07:32:46 | 000,000,580 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/09 14:26:54 | 000,000,044 | ---- | C] () -- C:\Windows\xSlcx.INI
[2010/09/08 16:01:30 | 000,000,003 | ---- | C] () -- C:\Windows\li-s.dat
[2010/09/08 16:01:29 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\setvariable.exe
[2010/09/08 16:01:28 | 000,131,144 | ---- | C] () -- C:\Windows\SysWow64\NiscCryptoTool2.dll
[2010/09/08 16:01:27 | 000,005,659 | ---- | C] () -- C:\Windows\SysWow64\ivue.ini
[2010/09/08 16:01:27 | 000,005,439 | ---- | C] () -- C:\Windows\SysWow64\horizon.ini
[2010/09/08 14:29:47 | 000,800,364 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/26 13:32:43 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/20 01:35:59 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/08/20 00:44:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/19 21:50:43 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2009/11/10 09:20:04 | 000,839,680 | ---- | C] () -- C:\Windows\SysWow64\DemoLicense.dll
[2009/11/10 09:07:44 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\lmgr10.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/06 11:49:16 | 000,000,586 | ---- | C] () -- C:\Windows\SysWow64\fontadjust.dat

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 AM

Posted 14 November 2011 - 07:27 PM

Hello

I want you to run this custom OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-854245398-2025429265-682003330-1222\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    [2011/11/07 16:17:33 | 000,062,464 | RHS- | C] () -- C:\Windows\SysWow64\wpdwcnl.dll  
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jeremyws1

jeremyws1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 15 November 2011 - 10:15 AM

No redirect!!! Unfortunately, the Windows Security Center still can't be started.


All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-854245398-2025429265-682003330-1222\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
C:\Windows\SysWOW64\wpdwcnl.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\jskipper\Desktop\cmd.bat deleted successfully.
C:\Users\jskipper\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: dennisr
->Temp folder emptied: 0 bytes

User: dhouston
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 15559017 bytes

User: jskipper
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 169366 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 47982292 bytes
->Flash cache emptied: 456 bytes

User: McAfeeMVSUser
->Temp folder emptied: 0 bytes

User: mepatech
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49523 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 3109830 bytes

Total Files Cleaned = 64.00 mb


[EMPTYJAVA]

User: administrator

User: All Users

User: Default

User: Default User

User: dennisr

User: dhouston

User: jskipper
->Java cache emptied: 0 bytes

User: McAfeeMVSUser

User: mepatech

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: administrator

User: All Users

User: Default

User: Default User

User: dennisr

User: dhouston

User: jskipper
->Flash cache emptied: 0 bytes

User: McAfeeMVSUser

User: mepatech

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11152011_082912

Files\Folders moved on Reboot...
C:\Users\jskipper\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 AM

Posted 16 November 2011 - 10:50 AM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jeremyws1

jeremyws1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 16 November 2011 - 12:15 PM

That appears to have fixed my problems! I can't thank you enough.

ComboFix 11-11-15.06 - jskipper 11/16/2011 11:03:41.8.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8126.6245 [GMT -6:00]
Running from: c:\users\jskipper\Desktop\ComboFix.exe
AV: McAfee® Total Protection™ Service *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee® Total Protection™ Service *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))
.
.
2011-11-16 17:07 . 2011-11-16 17:07 -------- d-----w- c:\users\mepatech\AppData\Local\temp
2011-11-16 17:07 . 2011-11-16 17:07 -------- d-----w- c:\users\dhouston\AppData\Local\temp
2011-11-16 17:07 . 2011-11-16 17:07 -------- d-----w- c:\users\dennisr\AppData\Local\temp
2011-11-16 17:07 . 2011-11-16 17:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-16 17:07 . 2011-11-16 17:07 -------- d-----w- c:\users\administrator\AppData\Local\temp
2011-11-16 16:11 . 2011-11-16 16:11 -------- d-----w- c:\users\jskipper\AppData\Roaming\pdf995
2011-11-16 16:04 . 2011-11-16 16:41 60 ----a-w- c:\windows\wpd99.drv
2011-11-16 16:04 . 2011-11-16 16:33 -------- d-----w- c:\programdata\pdf995
2011-11-16 16:04 . 2006-10-20 03:44 47616 ----a-w- c:\windows\system32\pdf995mon64.dll
2011-11-16 16:04 . 2011-11-16 16:04 47616 ----a-w- c:\windows\SysWow64\pdf995mon64.dll
2011-11-16 16:04 . 2010-10-29 14:24 320512 ----a-w- c:\windows\system32\pdfmona64.dll
2011-11-16 16:04 . 2005-06-30 21:29 11264 ----a-w- c:\windows\system32\pdf995mon64ui.dll
2011-11-16 16:01 . 2011-11-16 16:04 -------- d-----w- C:\pdf995
2011-11-16 15:58 . 2011-11-16 16:00 -------- d-----w- c:\users\jskipper\AppData\Roaming\PrimoPDF
2011-11-16 15:57 . 2011-02-28 22:37 95008 ----a-w- c:\windows\system32\Primomonnt.dll
2011-11-16 15:57 . 2011-11-16 16:05 -------- d-----w- c:\program files (x86)\Nitro PDF
2011-11-16 15:53 . 2011-11-16 15:54 -------- d-----w- c:\users\jskipper\AppData\Local\CutePDF Writer
2011-11-16 15:49 . 2011-11-16 16:06 -------- d-----w- c:\program files (x86)\Acro Software
2011-11-15 22:28 . 2011-11-15 22:28 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-11-15 22:26 . 2011-11-15 22:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-11-15 20:41 . 2011-11-15 20:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 20:40 . 2011-11-15 20:40 -------- d-----w- c:\windows\system32\Macromed
2011-11-15 16:48 . 2009-09-04 23:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-11-15 16:48 . 2009-09-04 23:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-11-15 16:48 . 2009-09-04 23:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-11-15 16:48 . 2009-09-04 23:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-11-15 16:47 . 2006-11-29 19:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-11-15 16:47 . 2006-11-29 19:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-11-15 14:29 . 2011-11-15 14:29 -------- d-----w- C:\_OTL
2011-11-11 15:03 . 2011-01-12 20:13 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-11-11 15:03 . 2011-01-19 16:18 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-11-11 15:03 . 2011-01-19 16:18 156248 ----a-w- c:\windows\system32\mfevtps.exe
2011-11-11 14:59 . 2011-11-11 14:59 -------- d-----w- c:\program files (x86)\McAfee
2011-11-10 19:01 . 2011-11-11 15:02 -------- d-----w- c:\users\McAfeeMVSUser
2011-11-10 16:05 . 2009-07-23 06:13 306 ----a-w- c:\windows\myClean.bat
2011-11-10 15:57 . 2011-11-10 15:59 -------- d-----w- c:\users\jskipper\AppData\Local\Akamai
2011-11-10 14:18 . 2011-05-12 20:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2011-11-09 21:35 . 2011-11-10 14:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-09 21:25 . 2011-11-09 21:25 5848 ----a-w- C:\backup.reg
2011-11-09 20:35 . 2011-11-09 20:35 -------- d-----w- c:\program files (x86)\CCleaner
2011-11-09 20:24 . 2011-11-09 20:24 -------- d-----w- c:\users\jskipper\AppData\Local\Apps
2011-11-09 20:06 . 2011-11-09 20:06 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-11-09 19:45 . 2011-11-09 19:45 -------- d-----w- c:\program files (x86)\ESET
2011-11-09 19:25 . 2011-11-09 19:25 -------- d-----w- c:\windows\system32\wbem\Logs
2011-11-09 16:02 . 2011-11-09 16:02 -------- d-----w- c:\program files (x86)\Temp File Cleaner
2011-11-09 16:01 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 16:01 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 16:01 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 16:01 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 15:01 . 2011-11-09 15:06 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-09 14:52 . 2011-11-09 14:52 -------- d-----w- c:\program files (x86)\Sophos
2011-11-08 23:10 . 2011-11-08 23:10 -------- d-----w- c:\users\jskipper\AppData\Roaming\Malwarebytes
2011-11-08 23:10 . 2011-11-08 23:10 -------- d-----w- c:\programdata\Malwarebytes
2011-11-08 23:10 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-08 23:10 . 2011-11-08 23:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-24 20:44 . 2011-10-24 20:50 -------- d-----w- c:\program files (x86)\quindar
2011-10-18 14:45 . 2011-10-18 14:45 -------- d-----w- c:\program files (x86)\SEL
2011-10-18 14:45 . 2011-10-18 14:45 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 05:24 . 2011-10-12 15:54 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 15:54 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 15:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 15:54 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 15:54 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 15:54 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-27 05:37 . 2011-10-12 13:28 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 13:28 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 13:28 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-27 04:26 . 2011-10-12 13:28 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-11_16.26.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-16 14:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-11 16:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-11 16:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-16 14:47 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-16 14:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-11 16:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-20 04:06 . 2011-11-16 14:43 37840 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-16 14:43 39302 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-08 13:33 . 2011-11-16 14:43 12310 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-854245398-2025429265-682003330-1222_UserData.bin
+ 2011-11-16 16:04 . 2011-11-16 16:04 45568 c:\windows\system32\spool\drivers\x64\pdf995ui5-64.DLL
+ 2011-11-16 16:04 . 2011-11-16 16:04 45568 c:\windows\system32\spool\drivers\x64\3\pdf995ui5-64.DLL
+ 2010-10-21 13:24 . 2011-05-13 20:37 48488 c:\windows\system32\DRVSTORE\fssfltr_A5FA3C925848FF31CD1FDE1A2696CEACA292B950\fssfltr.sys
- 2010-10-21 13:24 . 2010-09-23 05:36 48488 c:\windows\system32\DRVSTORE\fssfltr_A5FA3C925848FF31CD1FDE1A2696CEACA292B950\fssfltr.sys
- 2010-10-21 13:24 . 2010-09-23 05:36 48488 c:\windows\system32\drivers\fssfltr.sys
+ 2010-10-21 13:24 . 2011-05-13 20:37 48488 c:\windows\system32\drivers\fssfltr.sys
+ 2010-08-26 19:27 . 2011-11-16 17:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-26 19:27 . 2011-11-11 16:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-26 19:27 . 2011-11-11 16:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-26 19:27 . 2011-11-16 17:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-11 16:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-16 17:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-21 13:22 . 2010-10-21 13:22 29696 c:\windows\Installer\96657.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 74240 c:\windows\Installer\96652.msi
+ 2011-08-09 13:35 . 2011-08-09 13:35 65536 c:\windows\Installer\9662f.msi
+ 2010-10-21 13:23 . 2010-10-21 13:23 56832 c:\windows\Installer\96629.msi
+ 2011-08-09 13:35 . 2011-08-09 13:35 67072 c:\windows\Installer\9661f.msi
+ 2011-11-15 16:49 . 2011-11-15 16:49 37888 c:\windows\Installer\96588.msi
+ 2011-11-15 16:48 . 2011-11-15 16:48 53248 c:\windows\Installer\96583.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 74240 c:\windows\Installer\96578.msi
+ 2011-08-09 13:35 . 2011-08-09 13:35 26112 c:\windows\Installer\9656b.msi
+ 2011-11-15 22:26 . 2011-11-15 22:26 32256 c:\windows\Installer\7bf2dc.msi
+ 2011-11-15 16:50 . 2011-11-15 16:50 80395 c:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
- 2011-08-09 13:36 . 2011-08-09 13:36 80395 c:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
- 2011-11-11 16:26 . 2011-11-11 16:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-16 17:07 . 2011-11-16 17:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-16 17:07 . 2011-11-16 17:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-11 16:26 . 2011-11-11 16:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-05-13 20:42 . 2011-05-13 20:42 302448 c:\windows\WLXPGSS.SCR
+ 2011-05-13 21:42 . 2011-05-13 21:42 302448 c:\windows\WLXPGSS.SCR
+ 2011-11-15 20:41 . 2011-11-15 20:41 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2011-11-16 15:49 . 2006-11-02 12:18 628736 c:\windows\system32\spool\drivers\x64\PSCRIPT5.DLL
+ 2011-11-16 16:04 . 2011-11-16 16:04 733696 c:\windows\system32\spool\drivers\x64\pscript5-64.dll
+ 2011-11-16 16:04 . 2011-11-16 16:04 225648 c:\windows\system32\spool\drivers\x64\Pscript.dll
+ 2011-11-16 15:49 . 2006-11-02 12:18 850432 c:\windows\system32\spool\drivers\x64\PS5UI.DLL
+ 2011-11-16 16:04 . 2011-11-16 16:04 218816 c:\windows\system32\spool\drivers\x64\Pdf995ui.dll
+ 2011-11-16 16:04 . 2011-11-16 16:04 237568 c:\windows\system32\spool\drivers\x64\pdf995ps5ui64.DLL
+ 2011-11-16 15:49 . 2006-11-02 12:18 628736 c:\windows\system32\spool\drivers\x64\3\PSCRIPT5.DLL
+ 2011-11-16 16:04 . 2011-11-16 16:04 733696 c:\windows\system32\spool\drivers\x64\3\pscript5-64.dll
+ 2011-11-16 15:49 . 2006-11-02 12:18 850432 c:\windows\system32\spool\drivers\x64\3\PS5UI.DLL
+ 2011-11-16 16:04 . 2011-11-16 16:04 237568 c:\windows\system32\spool\drivers\x64\3\pdf995ps5ui64.dll
- 2009-07-14 02:36 . 2011-11-11 15:06 663184 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-16 14:35 663184 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-16 14:35 122052 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-11 15:06 122052 c:\windows\system32\perfc009.dat
+ 2011-11-15 20:41 . 2011-11-15 20:41 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe
- 2009-07-14 04:46 . 2011-11-11 16:11 104976 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-11-16 14:35 104976 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2011-11-11 16:25 431880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-16 17:07 431880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-15 14:29 . 2011-11-16 17:07 625452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2589211431-2798449974-3351060956-1002-12288.dat
+ 2010-10-21 13:22 . 2010-10-21 13:22 153600 c:\windows\Installer\9664d.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 775168 c:\windows\Installer\9661a.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 429056 c:\windows\Installer\965a6.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 147968 c:\windows\Installer\965a1.msi
+ 2011-06-06 18:55 . 2011-06-06 18:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-11-15 20:41 . 2011-11-15 20:41 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2011-04-13 22:40 . 2011-04-13 22:40 4284416 c:\windows\SysWOW64\GPhotos.scr
- 2009-07-14 04:45 . 2011-11-11 16:11 7351234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-11-16 14:33 7351234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-10-22 22:03 . 2011-11-16 17:07 6454652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-854245398-2025429265-682003330-1222-12288.dat
+ 2010-10-21 13:22 . 2010-10-21 13:22 4250112 c:\windows\Installer\96648.msi
+ 2011-08-09 13:35 . 2011-08-09 13:35 6661632 c:\windows\Installer\96643.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 4175360 c:\windows\Installer\9663e.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 1070592 c:\windows\Installer\96639.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 3410944 c:\windows\Installer\96634.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 1492992 c:\windows\Installer\96624.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 6195200 c:\windows\Installer\96612.msi
+ 2011-11-15 16:49 . 2011-11-15 16:49 6363136 c:\windows\Installer\9660a.msi
+ 2011-11-15 16:49 . 2011-11-15 16:49 1819136 c:\windows\Installer\965df.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 8332288 c:\windows\Installer\965d3.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 8313856 c:\windows\Installer\965cb.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 3664384 c:\windows\Installer\965c0.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 3734016 c:\windows\Installer\965bb.msi
+ 2010-10-21 13:23 . 2010-10-21 13:23 3454976 c:\windows\Installer\965b6.msi
+ 2011-08-09 13:35 . 2011-08-09 13:35 2310656 c:\windows\Installer\965b0.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 4004864 c:\windows\Installer\965ab.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 2343936 c:\windows\Installer\9659c.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 4680704 c:\windows\Installer\96597.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 7710720 c:\windows\Installer\96592.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 9433088 c:\windows\Installer\9658d.msi
+ 2011-11-15 16:48 . 2011-11-15 16:48 2856448 c:\windows\Installer\9657e.msi
+ 2011-08-09 13:35 . 2011-08-09 13:35 9553408 c:\windows\Installer\96573.msi
+ 2008-07-17 17:47 . 2008-07-17 17:47 2081792 c:\windows\Installer\96566.msi
+ 2011-11-15 16:48 . 2011-11-15 16:48 4227072 c:\windows\Installer\96561.msi
+ 2011-08-09 13:35 . 2011-08-09 13:35 8822784 c:\windows\Installer\9655b.msi
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\7bf321.msi
+ 2011-06-06 18:55 . 2011-06-06 18:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-11-15 20:41 . 2011-11-15 20:41 11336864 c:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll
+ 2010-10-21 13:22 . 2010-10-21 13:22 11846656 c:\windows\Installer\965f2.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 34193408 c:\windows\Installer\965eb.msi
+ 2011-08-09 13:35 . 2011-08-09 13:35 22647296 c:\windows\Installer\965da.msi
+ 2010-10-21 13:22 . 2010-10-21 13:22 13850624 c:\windows\Installer\965c6.msi
+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\7bf322.msp
+ 2011-06-06 18:55 . 2011-06-06 18:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MVS Splash"="c:\program files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2011-04-13 476480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\jskipper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 185192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 WinRT;WinRT; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-04-13 291064]
S2 RumorServer;McAfee Peer Distribution Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-04-13 291064]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]
S2 SWAGENT;SonicWALL Agent Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\swAgent.exe [2011-04-13 189760]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-2025429265-682003330-1652Core.job
- c:\users\dhouston\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-04 14:37]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-2025429265-682003330-1652UA.job
- c:\users\dhouston\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-04 14:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 17:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 17:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: Interfaces\{153ED8B4-1128-4A61-8FBA-F1B839D7BEB6}: NameServer = 10.26.41.6
FF - ProfilePath - c:\users\jskipper\AppData\Roaming\Mozilla\Firefox\Profiles\zmdbkt1k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_3c5db2f.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,b3,c7,97,33,cf,ff,4c,9e,a4,9c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,b3,c7,97,33,cf,ff,4c,9e,a4,9c,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\ManagedServices]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\VSCORE]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-16 11:12:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-16 17:12
ComboFix2.txt 2011-11-11 16:30
ComboFix3.txt 2011-11-10 19:01
ComboFix4.txt 2011-11-10 14:34
ComboFix5.txt 2011-11-16 17:03
.
Pre-Run: 929,394,413,568 bytes free
Post-Run: 929,757,564,928 bytes free
.
- - End Of File - - 5AE260FAC5B42DC538D7C5940C6DA760

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 AM

Posted 16 November 2011 - 12:21 PM

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jeremyws1

jeremyws1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 16 November 2011 - 01:59 PM

All is well. :thumbsup:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8177

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/16/2011 12:54:49 PM
mbam-log-2011-11-16 (12-54-49).txt

Scan type: Quick scan
Objects scanned: 216222
Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:57:58 PM, on 11/16/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111111090314.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mepa.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{153ED8B4-1128-4A61-8FBA-F1B839D7BEB6}: NameServer = 10.26.41.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mepa.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{153ED8B4-1128-4A61-8FBA-F1B839D7BEB6}: NameServer = 10.26.41.6
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mepa.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{153ED8B4-1128-4A61-8FBA-F1B839D7BEB6}: NameServer = 10.26.41.6
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: McAfee Peer Distribution Service (RumorServer) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SonicWALL Agent Service (SWAGENT) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\swAgent.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10778 bytes

Edited by jeremyws1, 16 November 2011 - 02:00 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users