Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Incredibar by MyStart on firefox


  • This topic is locked This topic is locked
14 replies to this topic

#1 Pump Blood

Pump Blood

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 March 2012 - 03:22 PM

Hey there,

Wife didn't quite know how to use p2p sites and I believe she mistakenly installed or opened something she shouldn't have. I noticed the problem when I would use the quick search on firefox address bar. It would re direct me to Incredibar by Mystart (powered by google it claims) and would have a similar format to google search. I foolishly tried taking care of this problem myself but wasn't able to get rid of that re-direct from occuring. I ran a bunch of malware/anti-virus programs but they had found nothing. I used Malwarebytes Anti-Malware and it found nothing. I used both quick and full scans. I need help in making sure that this malware gets removed and quite possibly whatever else is lurking on this computer. I did in haste uninstall firefox but haven't re-installed it yet. When I re-booted my computer the cpu usage now seems to be at or near 100% quite consistently so I am not sure if I did something there or not. Thanks for your help and time, hopefully this isn't as bad as I think its going to be.


Here is a little bit of information of this computer:

Windows 7 Professional, Intel pentium 4 cpu 3.00 ghz, RAM = 2gb
32 bit operationg system.

Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Victor at 13:01:28 on 2012-03-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.1121 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SOUNDMAN.EXE
C:\Windows\System32\CtHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\recvrsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120315123748.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
TCP: Interfaces\{B25F4D45-10DA-4239-A996-25DF4997912B} : DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464176]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-3-15 165680]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2012-3-15 64880]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-15 652360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-15 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-15 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-15 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-15 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-3-15 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-3-15 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-3-15 150856]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-3-15 57600]
R3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [2009-4-29 22600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-15 20464]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-3-15 180816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-3-15 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-3-15 338176]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-11 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-11 136176]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-3-15 87656]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-12 52224]
.
=============== Created Last 30 ================
.
2012-03-16 17:53:21 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6fb49516-f57a-4aae-a5fb-d40e191a1c32}\offreg.dll
2012-03-16 05:08:23 -------- d-----w- c:\users\victor\appdata\roaming\IObit
2012-03-16 05:08:10 -------- d-----w- c:\program files\IObit
2012-03-16 05:07:54 -------- d-----w- c:\users\victor\appdata\roaming\FreeFixer
2012-03-16 05:07:54 -------- d-----w- c:\users\victor\appdata\local\FreeFixer
2012-03-16 05:07:45 -------- d-----w- c:\program files\FreeFixer
2012-03-16 04:09:25 388096 ----a-r- c:\users\victor\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-16 04:09:18 -------- d-----w- c:\program files\Trend Micro
2012-03-16 03:04:10 -------- d-----w- c:\users\victor\appdata\roaming\Malwarebytes
2012-03-16 03:02:51 -------- d-----w- c:\programdata\Malwarebytes
2012-03-16 03:02:34 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 03:02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-15 18:37:48 28760 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
2012-03-15 18:37:46 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-03-15 18:37:01 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-03-15 18:37:01 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-03-15 18:37:01 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-03-15 18:37:01 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-03-15 18:37:01 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-03-15 18:37:01 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-03-15 18:37:01 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-03-15 18:36:45 -------- d-----w- c:\program files\common files\Mcafee
2012-03-15 18:36:43 -------- d-----w- c:\program files\McAfee.com
2012-03-15 18:36:27 -------- d-----w- c:\program files\McAfee
2012-03-15 18:29:07 150856 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-14 03:26:12 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 03:26:10 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 00:22:29 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 00:22:15 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 00:13:59 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6fb49516-f57a-4aae-a5fb-d40e191a1c32}\mpengine.dll
2012-03-13 23:55:30 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 23:55:29 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 23:55:28 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 23:55:23 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:55:21 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 23:55:20 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-11 16:52:50 -------- d-----w- c:\programdata\Tarma Installer
2012-03-11 16:52:43 -------- d-----w- c:\program files\fbphotozoom
2012-03-10 19:48:20 -------- d-----w- c:\users\victor\appdata\roaming\MusicBrainz
2012-02-24 21:48:00 -------- d-----w- c:\users\victor\appdata\local\Htc
2012-02-24 21:47:03 -------- d-----w- c:\users\victor\appdata\roaming\HTC
2012-02-24 21:35:59 -------- d-----w- c:\users\victor\appdata\local\Downloaded Installations
2012-02-24 21:35:27 -------- d-----w- c:\program files\Spirent Communications
2012-02-24 21:35:04 -------- d-----w- c:\program files\HTC
2012-02-24 21:34:38 -------- d-----w- c:\program files\MSXML 4.0
2012-02-17 01:11:03 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-17 01:10:56 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 01:10:45 442880 ----a-w- c:\windows\system32\ntshrui.dll
.
==================== Find3M ====================
.
2012-02-27 23:08:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:07:25.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:46 PM

Posted 17 March 2012 - 01:04 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Backup The Computer!!

If you have not done it yet spend a few minutes to backup the computer. Removing malware can be unpredictable and this may save you and me allot of grief later.

There is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the computer backed up you may do the following.


Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Pump Blood

Pump Blood
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 17 March 2012 - 11:46 PM

Hey Gringo,

After the scan the computer seems to responding nicely now. Computer usage is back to where it should be and responsiveness doesn't seem to be bogged down.

Here is the combofix report as requested, Thanks .....



ComboFix 12-03-17.01 - VictoRonika 03/17/2012 22:16:34.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.1352 [GMT -6:00]
Running from: c:\users\VictoRonika\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
.
.
((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-18 04:32 . 2012-03-18 04:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-17 20:04 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23D3B6B6-9803-4B90-8783-3570C1B5A570}\mpengine.dll
2012-03-16 17:27 . 2012-03-16 17:28 -------- d-----w- c:\users\VictoRonika
2012-03-16 05:08 . 2012-03-16 05:08 -------- d-----w- c:\program files\IObit
2012-03-16 05:07 . 2012-03-16 05:07 -------- d-----w- c:\program files\FreeFixer
2012-03-16 04:09 . 2012-03-16 04:09 -------- d-----w- c:\program files\Trend Micro
2012-03-16 03:02 . 2012-03-16 03:02 -------- d-----w- c:\programdata\Malwarebytes
2012-03-16 03:02 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 03:02 . 2012-03-16 03:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-15 18:37 . 2011-12-06 23:22 28760 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2012-03-15 18:37 . 2011-10-15 18:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-03-15 18:37 . 2011-10-15 18:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-03-15 18:37 . 2011-10-15 18:16 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-03-15 18:37 . 2011-10-15 18:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-03-15 18:37 . 2011-10-15 18:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-03-15 18:37 . 2011-10-15 18:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-03-15 18:37 . 2011-10-15 18:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-03-15 18:37 . 2011-10-15 18:16 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-03-15 18:36 . 2012-03-15 18:38 -------- d-----w- c:\program files\Common Files\Mcafee
2012-03-15 18:36 . 2012-03-18 03:42 -------- d-----w- c:\program files\McAfee
2012-03-15 18:29 . 2011-11-18 22:36 150856 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-15 18:29 . 2012-03-15 21:38 -------- d-----w- c:\programdata\McAfee
2012-03-14 03:26 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 03:26 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 00:22 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 00:22 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:55 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 23:55 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 23:55 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 23:55 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:55 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 23:55 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-11 16:52 . 2012-03-11 16:52 -------- d-----w- c:\program files\fbphotozoom
2012-02-24 21:35 . 2012-02-24 21:35 -------- d-----w- c:\program files\Spirent Communications
2012-02-24 21:35 . 2012-02-24 21:46 -------- d-----w- c:\program files\HTC
2012-02-24 21:34 . 2012-02-24 21:34 -------- d-----w- c:\program files\MSXML 4.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 23:08 . 2011-06-25 20:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 15:18 . 2010-01-23 01:54 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 08:58 . 2012-02-17 01:10 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-17 01:11 478720 ----a-w- c:\windows\system32\timedate.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-11 136176]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-11 136176]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 87656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-25 691696]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-15 165680]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 64880]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 160608]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-11-18 150856]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 recvrsvc.exe;NETGEAR Receiver Service;c:\program files\NETGEAR\NETGEAR Digital Entertainer for Windows\recvrsvc.exe [2009-04-29 172808]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 57600]
S3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [2009-04-29 22600]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 338176]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-11 17:30]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-11 17:30]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-NeuLion Adaptive Plugin - c:\users\Victor\AppData\Roaming\NeuLion\AdaptivePlugin\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-17 22:40:36
ComboFix-quarantined-files.txt 2012-03-18 04:40
.
Pre-Run: 85,506,834,432 bytes free
Post-Run: 85,415,632,896 bytes free
.
- - End Of File - - 0EC7A393A8A0A75D3A9D8740E25C05A4

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:46 PM

Posted 18 March 2012 - 06:37 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Pump Blood

Pump Blood
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 18 March 2012 - 12:18 PM

Hey Gringo,

Computer seems to still be doing good. When I tried running AswMBR the first time it did freeze my computer, but after re-booting I was able to run it with no problems. Thanks for your help.



Here is the TDSSkiller report:
10:41:52.0889 2128 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
10:41:53.0530 2128 ============================================================
10:41:53.0530 2128 Current date / time: 2012/03/18 10:41:53.0530
10:41:53.0530 2128 SystemInfo:
10:41:53.0530 2128
10:41:53.0530 2128 OS Version: 6.1.7601 ServicePack: 1.0
10:41:53.0530 2128 Product type: Workstation
10:41:53.0530 2128 ComputerName: VICTORPC
10:41:53.0530 2128 UserName: VictoRonika
10:41:53.0530 2128 Windows directory: C:\Windows
10:41:53.0530 2128 System windows directory: C:\Windows
10:41:53.0530 2128 Processor architecture: Intel x86
10:41:53.0530 2128 Number of processors: 2
10:41:53.0530 2128 Page size: 0x1000
10:41:53.0530 2128 Boot type: Normal boot
10:41:53.0530 2128 ============================================================
10:41:56.0254 2128 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:41:56.0270 2128 Drive \Device\Harddisk1\DR1 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:41:56.0286 2128 \Device\Harddisk0\DR0:
10:41:56.0286 2128 MBR used
10:41:56.0286 2128 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
10:41:56.0286 2128 \Device\Harddisk1\DR1:
10:41:56.0286 2128 MBR used
10:41:56.0286 2128 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17BD13D8
10:41:56.0317 2128 Initialize success
10:41:56.0317 2128 ============================================================
10:41:58.0320 0528 ============================================================
10:41:58.0320 0528 Scan started
10:41:58.0320 0528 Mode: Manual;
10:41:58.0320 0528 ============================================================
10:41:59.0664 0528 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:41:59.0679 0528 1394ohci - ok
10:41:59.0757 0528 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:41:59.0773 0528 ACPI - ok
10:41:59.0835 0528 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:41:59.0851 0528 AcpiPmi - ok
10:41:59.0929 0528 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:41:59.0960 0528 adp94xx - ok
10:42:00.0039 0528 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:42:00.0039 0528 adpahci - ok
10:42:00.0101 0528 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:42:00.0101 0528 adpu320 - ok
10:42:00.0226 0528 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:42:00.0242 0528 AFD - ok
10:42:00.0304 0528 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:42:00.0304 0528 agp440 - ok
10:42:00.0398 0528 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:42:00.0398 0528 aic78xx - ok
10:42:00.0601 0528 ALCXWDM (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS
10:42:00.0664 0528 ALCXWDM - ok
10:42:00.0742 0528 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:42:00.0742 0528 aliide - ok
10:42:00.0804 0528 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:42:00.0820 0528 amdagp - ok
10:42:00.0882 0528 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:42:00.0882 0528 amdide - ok
10:42:00.0945 0528 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:42:00.0945 0528 AmdK8 - ok
10:42:01.0023 0528 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:42:01.0023 0528 AmdPPM - ok
10:42:01.0117 0528 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:42:01.0117 0528 amdsata - ok
10:42:01.0195 0528 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:42:01.0195 0528 amdsbs - ok
10:42:01.0257 0528 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:42:01.0257 0528 amdxata - ok
10:42:01.0320 0528 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:42:01.0320 0528 AppID - ok
10:42:01.0460 0528 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:42:01.0460 0528 arc - ok
10:42:01.0507 0528 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:42:01.0507 0528 arcsas - ok
10:42:01.0570 0528 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:42:01.0570 0528 AsyncMac - ok
10:42:01.0632 0528 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:42:01.0632 0528 atapi - ok
10:42:01.0759 0528 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:42:01.0791 0528 b06bdrv - ok
10:42:01.0869 0528 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:42:01.0884 0528 b57nd60x - ok
10:42:01.0947 0528 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:42:01.0947 0528 Beep - ok
10:42:02.0041 0528 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:42:02.0041 0528 blbdrive - ok
10:42:02.0134 0528 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:42:02.0134 0528 bowser - ok
10:42:02.0181 0528 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:42:02.0181 0528 BrFiltLo - ok
10:42:02.0244 0528 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:42:02.0244 0528 BrFiltUp - ok
10:42:02.0322 0528 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
10:42:02.0337 0528 BridgeMP - ok
10:42:02.0400 0528 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:42:02.0416 0528 Brserid - ok
10:42:02.0478 0528 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:42:02.0478 0528 BrSerWdm - ok
10:42:02.0556 0528 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:42:02.0587 0528 BrUsbMdm - ok
10:42:02.0650 0528 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:42:02.0650 0528 BrUsbSer - ok
10:42:02.0697 0528 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:42:02.0712 0528 BTHMODEM - ok
10:42:02.0869 0528 catchme - ok
10:42:02.0978 0528 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:42:02.0978 0528 cdfs - ok
10:42:03.0072 0528 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
10:42:03.0072 0528 cdrom - ok
10:42:03.0166 0528 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys
10:42:03.0166 0528 cfwids - ok
10:42:03.0228 0528 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:42:03.0228 0528 circlass - ok
10:42:03.0306 0528 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:42:03.0322 0528 CLFS - ok
10:42:03.0416 0528 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:42:03.0416 0528 CmBatt - ok
10:42:03.0494 0528 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:42:03.0509 0528 cmdide - ok
10:42:03.0587 0528 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
10:42:03.0603 0528 CNG - ok
10:42:03.0681 0528 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\Windows\system32\COMMONFX.DLL
10:42:03.0681 0528 COMMONFX.DLL - ok
10:42:03.0749 0528 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:42:03.0764 0528 Compbatt - ok
10:42:03.0842 0528 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
10:42:03.0842 0528 CompositeBus - ok
10:42:03.0905 0528 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:42:03.0905 0528 crcdisk - ok
10:42:03.0983 0528 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
10:42:04.0014 0528 CSC - ok
10:42:04.0108 0528 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\Windows\system32\CT20XUT.DLL
10:42:04.0108 0528 CT20XUT.DLL - ok
10:42:04.0186 0528 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\Windows\system32\drivers\ctac32k.sys
10:42:04.0186 0528 ctac32k - ok
10:42:04.0249 0528 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\Windows\system32\drivers\ctaud2k.sys
10:42:04.0249 0528 ctaud2k - ok
10:42:04.0311 0528 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\Windows\system32\CTAUDFX.DLL
10:42:04.0327 0528 CTAUDFX.DLL - ok
10:42:04.0405 0528 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\Windows\system32\drivers\ctdvda2k.sys
10:42:04.0420 0528 ctdvda2k - ok
10:42:04.0483 0528 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\Windows\system32\CTEAPSFX.DLL
10:42:04.0483 0528 CTEAPSFX.DLL - ok
10:42:04.0561 0528 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\Windows\system32\CTEDSPFX.DLL
10:42:04.0561 0528 CTEDSPFX.DLL - ok
10:42:04.0624 0528 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\Windows\system32\CTEDSPIO.DLL
10:42:04.0639 0528 CTEDSPIO.DLL - ok
10:42:04.0717 0528 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\Windows\system32\CTEDSPSY.DLL
10:42:04.0733 0528 CTEDSPSY.DLL - ok
10:42:04.0796 0528 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\Windows\system32\CTERFXFX.DLL
10:42:04.0796 0528 CTERFXFX.DLL - ok
10:42:04.0875 0528 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\Windows\system32\CTEXFIFX.DLL
10:42:04.0921 0528 CTEXFIFX.DLL - ok
10:42:04.0984 0528 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\Windows\system32\CTHWIUT.DLL
10:42:04.0984 0528 CTHWIUT.DLL - ok
10:42:05.0046 0528 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\Windows\system32\drivers\ctprxy2k.sys
10:42:05.0046 0528 ctprxy2k - ok
10:42:05.0093 0528 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\Windows\system32\CTSBLFX.DLL
10:42:05.0109 0528 CTSBLFX.DLL - ok
10:42:05.0156 0528 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\Windows\system32\drivers\ctsfm2k.sys
10:42:05.0156 0528 ctsfm2k - ok
10:42:05.0234 0528 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:42:05.0234 0528 DfsC - ok
10:42:05.0296 0528 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:42:05.0296 0528 discache - ok
10:42:05.0359 0528 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:42:05.0359 0528 Disk - ok
10:42:05.0437 0528 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:42:05.0437 0528 drmkaud - ok
10:42:05.0515 0528 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:42:05.0531 0528 DXGKrnl - ok
10:42:05.0671 0528 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:42:05.0781 0528 ebdrv - ok
10:42:05.0875 0528 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
10:42:05.0890 0528 ElbyCDIO - ok
10:42:05.0984 0528 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:42:06.0000 0528 elxstor - ok
10:42:06.0062 0528 emupia (2885f72d2daffd0329272f12e16d6579) C:\Windows\system32\drivers\emupia2k.sys
10:42:06.0062 0528 emupia - ok
10:42:06.0109 0528 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:42:06.0125 0528 ErrDev - ok
10:42:06.0203 0528 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:42:06.0203 0528 exfat - ok
10:42:06.0250 0528 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:42:06.0250 0528 fastfat - ok
10:42:06.0312 0528 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:42:06.0312 0528 fdc - ok
10:42:06.0359 0528 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:42:06.0359 0528 FileInfo - ok
10:42:06.0390 0528 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:42:06.0406 0528 Filetrace - ok
10:42:06.0437 0528 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:42:06.0437 0528 flpydisk - ok
10:42:06.0500 0528 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:42:06.0500 0528 FltMgr - ok
10:42:06.0546 0528 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:42:06.0562 0528 FsDepends - ok
10:42:06.0593 0528 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
10:42:06.0593 0528 Fs_Rec - ok
10:42:06.0718 0528 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:42:06.0718 0528 fvevol - ok
10:42:06.0765 0528 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:42:06.0781 0528 gagp30kx - ok
10:42:06.0859 0528 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:42:06.0859 0528 GEARAspiWDM - ok
10:42:06.0968 0528 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\Windows\system32\drivers\ha10kx2k.sys
10:42:06.0984 0528 ha10kx2k - ok
10:42:07.0046 0528 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\Windows\system32\drivers\hap16v2k.sys
10:42:07.0046 0528 hap16v2k - ok
10:42:07.0093 0528 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\Windows\system32\drivers\hap17v2k.sys
10:42:07.0093 0528 hap17v2k - ok
10:42:07.0156 0528 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:42:07.0156 0528 hcw85cir - ok
10:42:07.0218 0528 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
10:42:07.0234 0528 HDAudBus - ok
10:42:07.0281 0528 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:42:07.0281 0528 HidBatt - ok
10:42:07.0343 0528 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:42:07.0343 0528 HidBth - ok
10:42:07.0406 0528 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:42:07.0406 0528 HidIr - ok
10:42:07.0468 0528 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
10:42:07.0468 0528 HidUsb - ok
10:42:07.0546 0528 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:42:07.0562 0528 HpSAMD - ok
10:42:07.0625 0528 htcnprot (339adefad60353f960e3ca67ce468c24) C:\Windows\system32\DRIVERS\htcnprot.sys
10:42:07.0625 0528 htcnprot - ok
10:42:07.0734 0528 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:42:07.0782 0528 HTTP - ok
10:42:07.0813 0528 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:42:07.0829 0528 hwpolicy - ok
10:42:07.0907 0528 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:42:07.0907 0528 i8042prt - ok
10:42:07.0985 0528 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:42:08.0016 0528 iaStorV - ok
10:42:08.0079 0528 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:42:08.0094 0528 iirsp - ok
10:42:08.0172 0528 imvad_multi (0dc9c7be59f8dba591b9f145457ed77c) C:\Windows\system32\drivers\imvad.sys
10:42:08.0172 0528 imvad_multi - ok
10:42:08.0219 0528 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:42:08.0219 0528 intelide - ok
10:42:08.0266 0528 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:42:08.0266 0528 intelppm - ok
10:42:08.0313 0528 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:42:08.0329 0528 IpFilterDriver - ok
10:42:08.0407 0528 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:42:08.0407 0528 IPMIDRV - ok
10:42:08.0454 0528 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:42:08.0454 0528 IPNAT - ok
10:42:08.0547 0528 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:42:08.0547 0528 IRENUM - ok
10:42:08.0594 0528 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:42:08.0594 0528 isapnp - ok
10:42:08.0672 0528 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:42:08.0672 0528 iScsiPrt - ok
10:42:08.0766 0528 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
10:42:08.0766 0528 kbdclass - ok
10:42:08.0813 0528 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
10:42:08.0813 0528 kbdhid - ok
10:42:08.0860 0528 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
10:42:08.0875 0528 KSecDD - ok
10:42:08.0922 0528 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
10:42:08.0922 0528 KSecPkg - ok
10:42:09.0016 0528 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:42:09.0016 0528 lltdio - ok
10:42:09.0110 0528 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:42:09.0110 0528 LSI_FC - ok
10:42:09.0157 0528 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:42:09.0157 0528 LSI_SAS - ok
10:42:09.0219 0528 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:42:09.0219 0528 LSI_SAS2 - ok
10:42:09.0266 0528 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:42:09.0282 0528 LSI_SCSI - ok
10:42:09.0329 0528 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:42:09.0329 0528 luafv - ok
10:42:09.0391 0528 lvpopflt (cbf0bf6af73a704211bbb52efacaa8a0) C:\Windows\system32\DRIVERS\lvpopflt.sys
10:42:09.0391 0528 lvpopflt - ok
10:42:09.0469 0528 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
10:42:09.0469 0528 LVPr2Mon - ok
10:42:09.0547 0528 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys
10:42:09.0547 0528 LVRS - ok
10:42:09.0735 0528 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys
10:42:09.0782 0528 LVUVC - ok
10:42:09.0829 0528 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
10:42:09.0829 0528 MBAMProtector - ok
10:42:10.0000 0528 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:42:10.0016 0528 megasas - ok
10:42:10.0063 0528 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:42:10.0063 0528 MegaSR - ok
10:42:10.0125 0528 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys
10:42:10.0125 0528 mfeapfk - ok
10:42:10.0204 0528 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys
10:42:10.0204 0528 mfeavfk - ok
10:42:10.0250 0528 mfeavfk01 - ok
10:42:10.0375 0528 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys
10:42:10.0375 0528 mfebopk - ok
10:42:10.0704 0528 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys
10:42:10.0704 0528 mfefirek - ok
10:42:11.0001 0528 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys
10:42:11.0033 0528 mfehidk - ok
10:42:11.0220 0528 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys
10:42:11.0220 0528 mfenlfk - ok
10:42:11.0283 0528 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys
10:42:11.0283 0528 mferkdet - ok
10:42:11.0408 0528 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys
10:42:11.0408 0528 mfewfpk - ok
10:42:11.0470 0528 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:42:11.0470 0528 Modem - ok
10:42:11.0533 0528 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:42:11.0548 0528 monitor - ok
10:42:11.0595 0528 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
10:42:11.0595 0528 mouclass - ok
10:42:11.0658 0528 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:42:11.0673 0528 mouhid - ok
10:42:11.0751 0528 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:42:11.0767 0528 mountmgr - ok
10:42:11.0814 0528 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:42:11.0830 0528 mpio - ok
10:42:11.0876 0528 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:42:11.0876 0528 mpsdrv - ok
10:42:11.0939 0528 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:42:11.0955 0528 MRxDAV - ok
10:42:12.0017 0528 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:42:12.0017 0528 mrxsmb - ok
10:42:12.0080 0528 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:42:12.0080 0528 mrxsmb10 - ok
10:42:12.0126 0528 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:42:12.0126 0528 mrxsmb20 - ok
10:42:12.0189 0528 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:42:12.0189 0528 msahci - ok
10:42:12.0267 0528 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:42:12.0267 0528 msdsm - ok
10:42:12.0345 0528 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:42:12.0345 0528 Msfs - ok
10:42:12.0376 0528 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:42:12.0392 0528 mshidkmdf - ok
10:42:12.0439 0528 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:42:12.0439 0528 msisadrv - ok
10:42:12.0501 0528 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:42:12.0517 0528 MSKSSRV - ok
10:42:12.0564 0528 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:42:12.0564 0528 MSPCLOCK - ok
10:42:12.0689 0528 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:42:12.0751 0528 MSPQM - ok
10:42:12.0814 0528 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:42:12.0814 0528 MsRPC - ok
10:42:12.0861 0528 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
10:42:12.0861 0528 mssmbios - ok
10:42:12.0923 0528 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:42:12.0923 0528 MSTEE - ok
10:42:12.0970 0528 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:42:12.0970 0528 MTConfig - ok
10:42:13.0017 0528 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:42:13.0017 0528 Mup - ok
10:42:13.0080 0528 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:42:13.0095 0528 NativeWifiP - ok
10:42:13.0189 0528 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:42:13.0205 0528 NDIS - ok
10:42:13.0251 0528 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:42:13.0251 0528 NdisCap - ok
10:42:13.0298 0528 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:42:13.0314 0528 NdisTapi - ok
10:42:13.0361 0528 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:42:13.0376 0528 Ndisuio - ok
10:42:13.0439 0528 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:42:13.0439 0528 NdisWan - ok
10:42:13.0486 0528 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:42:13.0486 0528 NDProxy - ok
10:42:13.0533 0528 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:42:13.0533 0528 NetBIOS - ok
10:42:13.0595 0528 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:42:13.0611 0528 NetBT - ok
10:42:13.0705 0528 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:42:13.0705 0528 nfrd960 - ok
10:42:13.0783 0528 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:42:13.0798 0528 Npfs - ok
10:42:13.0845 0528 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:42:13.0845 0528 nsiproxy - ok
10:42:13.0923 0528 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:42:13.0955 0528 Ntfs - ok
10:42:14.0001 0528 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:42:14.0001 0528 Null - ok
10:42:14.0439 0528 nvlddmkm (712d98d35e68d0006b121f4a3b8ee814) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:42:14.0533 0528 nvlddmkm - ok
10:42:14.0626 0528 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:42:14.0626 0528 nvraid - ok
10:42:14.0705 0528 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:42:14.0720 0528 nvstor - ok
10:42:14.0814 0528 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:42:14.0814 0528 nv_agp - ok
10:42:14.0892 0528 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:42:14.0908 0528 ohci1394 - ok
10:42:14.0986 0528 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\Windows\system32\drivers\ctoss2k.sys
10:42:14.0986 0528 ossrv - ok
10:42:15.0064 0528 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:42:15.0064 0528 Parport - ok
10:42:15.0111 0528 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
10:42:15.0111 0528 partmgr - ok
10:42:15.0158 0528 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:42:15.0158 0528 Parvdm - ok
10:42:15.0236 0528 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:42:15.0236 0528 pci - ok
10:42:15.0298 0528 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:42:15.0298 0528 pciide - ok
10:42:15.0361 0528 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:42:15.0361 0528 pcmcia - ok
10:42:15.0423 0528 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:42:15.0423 0528 pcw - ok
10:42:15.0486 0528 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:42:15.0501 0528 PEAUTH - ok
10:42:15.0626 0528 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:42:15.0626 0528 PptpMiniport - ok
10:42:15.0689 0528 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:42:15.0689 0528 Processor - ok
10:42:15.0798 0528 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:42:15.0798 0528 Psched - ok
10:42:15.0892 0528 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:42:15.0955 0528 ql2300 - ok
10:42:16.0017 0528 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:42:16.0033 0528 ql40xx - ok
10:42:16.0095 0528 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:42:16.0095 0528 QWAVEdrv - ok
10:42:16.0158 0528 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:42:16.0173 0528 RasAcd - ok
10:42:16.0236 0528 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:42:16.0236 0528 RasAgileVpn - ok
10:42:16.0298 0528 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:42:16.0298 0528 Rasl2tp - ok
10:42:16.0361 0528 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:42:16.0361 0528 RasPppoe - ok
10:42:16.0408 0528 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:42:16.0408 0528 RasSstp - ok
10:42:16.0470 0528 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:42:16.0470 0528 rdbss - ok
10:42:16.0517 0528 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:42:16.0517 0528 rdpbus - ok
10:42:16.0564 0528 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:42:16.0580 0528 RDPCDD - ok
10:42:16.0626 0528 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
10:42:16.0626 0528 RDPDR - ok
10:42:16.0689 0528 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:42:16.0705 0528 RDPENCDD - ok
10:42:16.0736 0528 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:42:16.0751 0528 RDPREFMP - ok
10:42:16.0830 0528 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
10:42:16.0830 0528 RDPWD - ok
10:42:16.0923 0528 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:42:16.0923 0528 rdyboost - ok
10:42:17.0033 0528 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:42:17.0033 0528 rspndr - ok
10:42:17.0095 0528 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
10:42:17.0095 0528 s3cap - ok
10:42:17.0189 0528 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:42:17.0189 0528 sbp2port - ok
10:42:17.0298 0528 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:42:17.0298 0528 scfilter - ok
10:42:17.0361 0528 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:42:17.0361 0528 secdrv - ok
10:42:17.0439 0528 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:42:17.0439 0528 Serenum - ok
10:42:17.0486 0528 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:42:17.0486 0528 Serial - ok
10:42:17.0533 0528 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:42:17.0533 0528 sermouse - ok
10:42:17.0611 0528 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:42:17.0626 0528 sffdisk - ok
10:42:17.0689 0528 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:42:17.0689 0528 sffp_mmc - ok
10:42:17.0767 0528 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:42:17.0767 0528 sffp_sd - ok
10:42:17.0830 0528 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:42:17.0830 0528 sfloppy - ok
10:42:17.0923 0528 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:42:17.0923 0528 sisagp - ok
10:42:17.0970 0528 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:42:17.0970 0528 SiSRaid2 - ok
10:42:18.0048 0528 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:42:18.0048 0528 SiSRaid4 - ok
10:42:18.0158 0528 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:42:18.0173 0528 Smb - ok
10:42:18.0439 0528 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:42:18.0439 0528 spldr - ok
10:42:18.0626 0528 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
10:42:18.0658 0528 sptd - ok
10:42:18.0861 0528 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:42:18.0861 0528 srv - ok
10:42:19.0048 0528 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:42:19.0095 0528 srv2 - ok
10:42:19.0142 0528 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:42:19.0142 0528 srvnet - ok
10:42:19.0251 0528 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:42:19.0251 0528 stexstor - ok
10:42:19.0330 0528 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
10:42:19.0330 0528 storflt - ok
10:42:19.0392 0528 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
10:42:19.0392 0528 storvsc - ok
10:42:19.0439 0528 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
10:42:19.0455 0528 swenum - ok
10:42:19.0642 0528 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
10:42:19.0689 0528 Tcpip - ok
10:42:19.0814 0528 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
10:42:19.0830 0528 TCPIP6 - ok
10:42:19.0947 0528 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:42:19.0947 0528 tcpipreg - ok
10:42:20.0025 0528 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:42:20.0025 0528 TDPIPE - ok
10:42:20.0087 0528 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
10:42:20.0087 0528 TDTCP - ok
10:42:20.0166 0528 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:42:20.0166 0528 tdx - ok
10:42:20.0212 0528 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
10:42:20.0212 0528 TermDD - ok
10:42:20.0353 0528 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:42:20.0369 0528 tssecsrv - ok
10:42:20.0431 0528 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:42:20.0431 0528 TsUsbFlt - ok
10:42:20.0509 0528 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:42:20.0509 0528 tunnel - ok
10:42:20.0587 0528 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:42:20.0587 0528 uagp35 - ok
10:42:20.0697 0528 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:42:20.0712 0528 udfs - ok
10:42:20.0806 0528 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:42:20.0822 0528 uliagpkx - ok
10:42:20.0884 0528 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
10:42:20.0884 0528 umbus - ok
10:42:20.0963 0528 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:42:20.0979 0528 UmPass - ok
10:42:21.0104 0528 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
10:42:21.0104 0528 USBAAPL - ok
10:42:21.0166 0528 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
10:42:21.0166 0528 usbaudio - ok
10:42:21.0229 0528 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:42:21.0229 0528 usbccgp - ok
10:42:21.0276 0528 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:42:21.0291 0528 usbcir - ok
10:42:21.0338 0528 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
10:42:21.0354 0528 usbehci - ok
10:42:21.0401 0528 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:42:21.0416 0528 usbhub - ok
10:42:21.0479 0528 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
10:42:21.0479 0528 usbohci - ok
10:42:21.0541 0528 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:42:21.0541 0528 usbprint - ok
10:42:21.0604 0528 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:42:21.0620 0528 USBSTOR - ok
10:42:21.0713 0528 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
10:42:21.0713 0528 usbuhci - ok
10:42:21.0807 0528 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
10:42:21.0807 0528 usb_rndisx - ok
10:42:21.0901 0528 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
10:42:21.0901 0528 VClone - ok
10:42:21.0989 0528 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:42:21.0990 0528 vdrvroot - ok
10:42:22.0083 0528 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:42:22.0099 0528 vga - ok
10:42:22.0146 0528 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:42:22.0162 0528 VgaSave - ok
10:42:22.0224 0528 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:42:22.0240 0528 vhdmp - ok
10:42:22.0287 0528 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:42:22.0287 0528 viaagp - ok
10:42:22.0365 0528 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:42:22.0365 0528 ViaC7 - ok
10:42:22.0427 0528 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:42:22.0443 0528 viaide - ok
10:42:22.0505 0528 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
10:42:22.0521 0528 vmbus - ok
10:42:22.0568 0528 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
10:42:22.0568 0528 VMBusHID - ok
10:42:22.0630 0528 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:42:22.0630 0528 volmgr - ok
10:42:22.0724 0528 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:42:22.0724 0528 volmgrx - ok
10:42:22.0787 0528 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:42:22.0787 0528 volsnap - ok
10:42:22.0880 0528 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:42:22.0880 0528 vsmraid - ok
10:42:22.0958 0528 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
10:42:22.0958 0528 vwifibus - ok
10:42:23.0037 0528 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:42:23.0037 0528 WacomPen - ok
10:42:23.0146 0528 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:42:23.0146 0528 WANARP - ok
10:42:23.0177 0528 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:42:23.0177 0528 Wanarpv6 - ok
10:42:23.0333 0528 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:42:23.0333 0528 Wd - ok
10:42:23.0412 0528 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:42:23.0458 0528 Wdf01000 - ok
10:42:23.0693 0528 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:42:23.0693 0528 WfpLwf - ok
10:42:23.0771 0528 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:42:23.0771 0528 WIMMount - ok
10:42:24.0083 0528 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
10:42:24.0083 0528 WinUsb - ok
10:42:24.0192 0528 WmBEnum (84a90f13eebf4380345ef9474d30f10e) C:\Windows\system32\drivers\WmBEnum.sys
10:42:24.0192 0528 WmBEnum - ok
10:42:24.0254 0528 WmFilter (eb0034ac02a44dc784a3174d2b81e764) C:\Windows\system32\drivers\WmFilter.sys
10:42:24.0270 0528 WmFilter - ok
10:42:24.0317 0528 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:42:24.0333 0528 WmiAcpi - ok
10:42:24.0442 0528 WmVirHid (72c4f5a748c74d8d4016ccfa7367210f) C:\Windows\system32\drivers\WmVirHid.sys
10:42:24.0442 0528 WmVirHid - ok
10:42:24.0520 0528 WmXlCore (eacdcced934a185e61ce0684f71c2dec) C:\Windows\system32\drivers\WmXlCore.sys
10:42:24.0520 0528 WmXlCore - ok
10:42:24.0629 0528 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:42:24.0629 0528 ws2ifsl - ok
10:42:24.0754 0528 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:42:24.0754 0528 WudfPf - ok
10:42:24.0801 0528 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:42:24.0817 0528 WUDFRd - ok
10:42:25.0020 0528 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
10:42:25.0036 0528 yukonw7 - ok
10:42:25.0085 0528 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:42:25.0124 0528 \Device\Harddisk0\DR0 - ok
10:42:25.0124 0528 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
10:42:25.0139 0528 \Device\Harddisk1\DR1 - ok
10:42:25.0155 0528 Boot (0x1200) (597b54c41429b4f3756b14a07d7f87a2) \Device\Harddisk0\DR0\Partition0
10:42:25.0155 0528 \Device\Harddisk0\DR0\Partition0 - ok
10:42:25.0170 0528 Boot (0x1200) (d91d50bfac19598da885483aa38de727) \Device\Harddisk1\DR1\Partition0
10:42:25.0170 0528 \Device\Harddisk1\DR1\Partition0 - ok
10:42:25.0170 0528 ============================================================
10:42:25.0170 0528 Scan finished
10:42:25.0170 0528 ============================================================
10:42:25.0233 3204 Detected object count: 0
10:42:25.0233 3204 Actual detected object count: 0

here is the aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-18 10:45:55
-----------------------------
10:45:55.477 OS Version: Windows 6.1.7601 Service Pack 1
10:45:55.477 Number of processors: 2 586 0x209
10:45:55.618 ComputerName: VICTORPC UserName:
10:46:26.780 Initialize success
10:46:51.037 AVAST engine defs: 12031700
10:47:21.385 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2
10:47:21.385 Disk 0 Vendor: ST3120026AS 3.05 Size: 114473MB BusType: 3
10:47:21.416 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-3
10:47:21.432 Disk 1 Vendor: Maxtor_6B200P0 BAH41B70 Size: 194481MB BusType: 3
10:47:21.463 Disk 0 MBR read successfully
10:47:21.479 Disk 0 MBR scan
10:47:21.510 Disk 0 Windows 7 default MBR code
10:47:21.526 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63
10:47:21.557 Disk 0 scanning sectors +234420480
10:47:21.682 Disk 0 scanning C:\Windows\system32\drivers
10:47:52.287 Service scanning
10:48:53.638 Modules scanning
10:49:22.943 Disk 0 trace - called modules:
10:49:23.005 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
10:49:23.021 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e77030]
10:49:23.052 3 CLASSPNP.SYS[89e7f59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-2[0x85d72908]
10:49:24.802 AVAST engine scan C:\Windows
10:49:32.193 AVAST engine scan C:\Windows\system32
10:57:33.015 AVAST engine scan C:\Windows\system32\drivers
10:58:12.990 AVAST engine scan C:\Users\VictoRonika
11:01:52.642 AVAST engine scan C:\ProgramData
11:02:44.022 Scan finished successfully
11:15:24.856 Disk 0 MBR has been saved successfully to "C:\Users\VictoRonika\Desktop\MBR.dat"
11:15:24.856 The log file has been saved successfully to "C:\Users\VictoRonika\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:46 PM

Posted 18 March 2012 - 01:16 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Pump Blood

Pump Blood
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 18 March 2012 - 02:28 PM

Here is the script as requested. I did encounter that illegal operation as you said it may occur in your notes. I have restarted and things are looking okay. My cpu usage does seem to be hitting near 100% again. Things aren't as slow as they previously where but seems to be a little bit of lag in some operations.


ComboFix 12-03-17.01 - VictoRonika 03/18/2012 12:46:03.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.1083 [GMT -6:00]
Running from: c:\users\VictoRonika\Downloads\ComboFix.exe
Command switches used :: c:\users\VictoRonika\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-18 19:04 . 2012-03-18 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-18 18:10 . 2012-03-18 18:10 -------- d-----w- c:\program files\Common Files\Java
2012-03-18 18:10 . 2012-03-18 18:10 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-03-18 18:10 . 2012-03-18 18:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-18 17:59 . 2012-03-18 17:59 -------- d-----w- c:\program files\Common Files\Adobe
2012-03-17 20:04 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23D3B6B6-9803-4B90-8783-3570C1B5A570}\mpengine.dll
2012-03-16 17:27 . 2012-03-16 17:28 -------- d-----w- c:\users\VictoRonika
2012-03-16 05:08 . 2012-03-16 05:08 -------- d-----w- c:\program files\IObit
2012-03-16 05:07 . 2012-03-16 05:07 -------- d-----w- c:\program files\FreeFixer
2012-03-16 04:09 . 2012-03-16 04:09 -------- d-----w- c:\program files\Trend Micro
2012-03-16 03:02 . 2012-03-16 03:02 -------- d-----w- c:\programdata\Malwarebytes
2012-03-16 03:02 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 03:02 . 2012-03-16 03:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-15 18:37 . 2011-12-06 23:22 28760 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2012-03-15 18:37 . 2011-10-15 18:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-03-15 18:37 . 2011-10-15 18:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-03-15 18:37 . 2011-10-15 18:16 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-03-15 18:37 . 2011-10-15 18:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-03-15 18:37 . 2011-10-15 18:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-03-15 18:37 . 2011-10-15 18:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-03-15 18:37 . 2011-10-15 18:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-03-15 18:37 . 2011-10-15 18:16 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-03-15 18:36 . 2012-03-15 18:38 -------- d-----w- c:\program files\Common Files\Mcafee
2012-03-15 18:36 . 2012-03-18 03:42 -------- d-----w- c:\program files\McAfee
2012-03-15 18:29 . 2011-11-18 22:36 150856 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-15 18:29 . 2012-03-15 21:38 -------- d-----w- c:\programdata\McAfee
2012-03-14 03:26 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 03:26 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 00:22 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 00:22 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:55 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 23:55 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 23:55 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 23:55 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:55 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 23:55 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-11 16:52 . 2012-03-11 16:52 -------- d-----w- c:\program files\fbphotozoom
2012-02-24 21:35 . 2012-02-24 21:35 -------- d-----w- c:\program files\Spirent Communications
2012-02-24 21:35 . 2012-02-24 21:46 -------- d-----w- c:\program files\HTC
2012-02-24 21:34 . 2012-02-24 21:34 -------- d-----w- c:\program files\MSXML 4.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-18 17:50 . 2011-06-25 20:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 15:18 . 2010-01-23 01:54 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 08:58 . 2012-02-17 01:10 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-17 01:11 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-03-13 04:39 . 2012-03-18 17:21 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-11 136176]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-11 136176]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 87656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-25 691696]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-15 165680]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 64880]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 160608]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-11-18 150856]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 recvrsvc.exe;NETGEAR Receiver Service;c:\program files\NETGEAR\NETGEAR Digital Entertainer for Windows\recvrsvc.exe [2009-04-29 172808]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 57600]
S3 imvad_multi;NETGEAR Digital Entertainer Virtual Audio Device;c:\windows\system32\drivers\imvad.sys [2009-04-29 22600]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 338176]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 83311444
*Deregistered* - 83311444
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-11 17:30]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-11 17:30]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
FF - ProfilePath - c:\users\VictoRonika\AppData\Roaming\Mozilla\Firefox\Profiles\oiuo1pya.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-18 13:12:44
ComboFix-quarantined-files.txt 2012-03-18 19:12
ComboFix2.txt 2012-03-18 04:40
.
Pre-Run: 84,266,680,320 bytes free
Post-Run: 84,180,299,776 bytes free
.
- - End Of File - - B3BC26262F612C48C584D609C9EDAFF8

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:46 PM

Posted 18 March 2012 - 06:46 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.5.0
Java 2 Runtime Environment, SE v1.4.1_07
Java Web Start
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Pump Blood

Pump Blood
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 18 March 2012 - 09:12 PM

I had encountered this message while running Hijack this:

for some reason your system denied write access to the Hosts file. IF any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. TO do this, click start run and type: notepad C:\Windows\System32\drivers\etc\hosts

.........
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:54:15 PM, on 3/18/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\System32\CtHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120315123748.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: NETGEAR Receiver Service (recvrsvc.exe) - NETGEAR, Inc. - C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\recvrsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 7980 bytes




Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.18.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
VictoRonika :: VICTORPC [administrator]

Protection: Disabled

3/18/2012 7:56:26 PM
mbam-log-2012-03-18 (19-56-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183931
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:54:15 PM, on 3/18/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\System32\CtHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120315123748.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: NETGEAR Receiver Service (recvrsvc.exe) - NETGEAR, Inc. - C:\Program Files\NETGEAR\NETGEAR Digital Entertainer for Windows\recvrsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 7980 bytes



Right now the computer is doing good. At times cpu usage is at or near 100 but not sure what is causing it. Malwarebytes didn't find anything. Thanks for your help.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:46 PM

Posted 19 March 2012 - 08:09 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
      O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
      O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Pump Blood

Pump Blood
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 19 March 2012 - 11:55 PM

Hey Gringo so I ran the scan, it took a while but at no point did it give me an option nor could I find an option to copy any type of log. Just told me scan was finished nothing was found, check a box if i wanted to uninstall ESET. I hit finish but than took me to try 30 day trial or purchase page. Can you please let me know the step I missed and i'll try re-running the scan when I get time.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:46 PM

Posted 20 March 2012 - 12:02 AM

Hello


If you say nothing was found then I am happy with that.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop.

:DeFogger:

Note** This only needs to be run if it was run before - If not then skip it.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Pump Blood

Pump Blood
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 21 March 2012 - 06:32 PM

Hey Gringo,

Everything looks to be running normally. Thank you for all your help and suggestions. Thanks for the easy step by step walkthroughs you guys have prepared. Thanks again.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:46 PM

Posted 21 March 2012 - 08:58 PM

you are more than welcome


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:46 PM

Posted 23 March 2012 - 11:37 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users