Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect to happili and gimmeanswers


  • This topic is locked This topic is locked
21 replies to this topic

#1 tenacious89c

tenacious89c

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 21 March 2012 - 11:00 PM

Hey,

Recently the google searches i've done have been redirecting me to happili and gimmeanswers. I have determined that these are malware, and I would really like to get rid of them! If anyone could help, that would be great!

Thanks,

Curtis

Edit: Didn't catch the startup procedure the first time around. Here is my DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Curtis at 9:47:34 on 2012-03-22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2370 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{55211AA3-41D5-4BC3-B290-37BBD2F1533C} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{55211AA3-41D5-4BC3-B290-37BBD2F1533C}\7716272796F627 : DhcpNameServer = 64.37.18.2 64.251.160.2
TCP: Interfaces\{55211AA3-41D5-4BC3-B290-37BBD2F1533C}\A4B414 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{55211AA3-41D5-4BC3-B290-37BBD2F1533C}\A6F6379656 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{55211AA3-41D5-4BC3-B290-37BBD2F1533C}\C416155796E64716 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{55211AA3-41D5-4BC3-B290-37BBD2F1533C}\F402351757967676C69702C496E656 : DhcpNameServer = 68.87.85.102 68.87.69.150
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce-x64: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Curtis\AppData\Roaming\Mozilla\Firefox\Profiles\vj7jr6ji.default\
FF - prefs.js: browser.startup.homepage - www.google.com/
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20111206.001\IDSviA64.sys [2011-12-7 488568]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-8-17 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-17 673088]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20111124.011\BHDrvx64.sys [2011-11-30 1156216]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [?]
S1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-4 136176]
S2 SepMasterService;Symantec Endpoint Protection;"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll" /prefetch:1 --> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-4 136176]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-22 03:51:46 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{76343356-6873-4A7A-8521-2E619CD5C2E9}\mpengine.dll
2012-03-08 16:31:20 -------- d-----w- C:\Program Files\R
2012-03-04 18:32:40 -------- d-----w- C:\Program Files\iPod
2012-03-04 18:32:39 -------- d-----w- C:\Program Files\iTunes
2012-03-04 18:32:39 -------- d-----w- C:\Program Files (x86)\iTunes
2012-02-26 10:02:59 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2012-02-26 10:01:25 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
.
==================== Find3M ====================
.
2012-02-26 10:02:59 85504 ----a-w- C:\Windows\System32\iesetup.dll
2012-02-26 10:02:59 76800 ----a-w- C:\Windows\System32\tdc.ocx
2012-02-26 10:02:59 48640 ----a-w- C:\Windows\System32\mshtmler.dll
2012-02-26 10:02:59 448512 ----a-w- C:\Windows\System32\html.iec
2012-02-26 10:02:59 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-26 10:02:59 135168 ----a-w- C:\Windows\System32\IEAdvpack.dll
2012-02-26 10:02:59 111616 ----a-w- C:\Windows\System32\iesysprep.dll
2012-02-26 10:02:58 603648 ----a-w- C:\Windows\System32\vbscript.dll
2012-02-26 10:02:58 30720 ----a-w- C:\Windows\System32\licmgr10.dll
2012-02-26 10:02:58 165888 ----a-w- C:\Windows\System32\iexpress.exe
2012-02-26 10:02:58 160256 ----a-w- C:\Windows\System32\wextract.exe
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 9:48:49.45 ===============

Edited by tenacious89c, 22 March 2012 - 10:59 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 22 March 2012 - 11:59 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 26 March 2012 - 08:53 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 tenacious89c

tenacious89c
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 27 March 2012 - 08:14 PM

Very Sorry Gringo! I though I had watched the topic, and apparently I had not. I still need help. I will run combofix as soon as I can and proceed with the rest of your directions, then post the logs.

Thank you!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 27 March 2012 - 08:40 PM

I will be waiting. :thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 tenacious89c

tenacious89c
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 27 March 2012 - 09:01 PM

Gringo,

I ran combofix. No errors came up that I could see. It did not seem to fix the problem. First search link I clicked went straight to gimmeanswers.

Here's the log:

ComboFix 12-03-27.03 - Curtis 03/27/2012 19:22:31.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2413 [GMT -6:00]
Running from: c:\users\Curtis\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 01:36 . 2012-03-28 01:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-27 04:39 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E614B08-B82E-4E81-889A-2CBACE600DDE}\mpengine.dll
2012-03-22 03:45 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-22 03:45 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 00:48 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 00:48 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-08 16:31 . 2012-03-08 16:31 -------- d-----w- c:\program files\R
2012-03-04 18:32 . 2012-03-04 18:32 -------- d-----w- c:\program files\iPod
2012-03-04 18:32 . 2012-03-04 18:33 -------- d-----w- c:\program files\iTunes
2012-03-04 18:32 . 2012-03-04 18:33 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 03:27 . 2012-01-09 04:20 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-26 10:03 . 2012-02-26 10:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-26 10:03 . 2012-02-26 10:03 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-26 10:03 . 2012-02-26 10:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-26 10:03 . 2012-02-26 10:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-26 10:03 . 2012-02-26 10:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-26 10:03 . 2012-02-26 10:03 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-26 10:03 . 2012-02-26 10:03 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-26 10:03 . 2012-02-26 10:03 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-26 10:03 . 2012-02-26 10:03 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-26 10:03 . 2012-02-26 10:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-26 10:03 . 2012-02-26 10:03 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-26 10:03 . 2012-02-26 10:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-26 10:03 . 2012-02-26 10:03 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-26 10:03 . 2012-02-26 10:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-26 10:03 . 2012-02-26 10:03 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-26 10:03 . 2012-02-26 10:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-26 10:03 . 2012-02-26 10:03 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-26 10:03 . 2012-02-26 10:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-26 10:03 . 2012-02-26 10:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-26 10:03 . 2012-02-26 10:03 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-26 10:03 . 2012-02-26 10:03 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-26 10:03 . 2012-02-26 10:03 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-26 10:03 . 2012-02-26 10:03 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-26 10:03 . 2012-02-26 10:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-26 10:03 . 2012-02-26 10:03 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-02-26 10:03 . 2012-02-26 10:03 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-26 10:03 . 2012-02-26 10:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-26 10:03 . 2012-02-26 10:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-26 10:03 . 2012-02-26 10:03 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-26 10:03 . 2012-02-26 10:03 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-26 10:02 . 2012-02-26 10:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-26 10:02 . 2012-02-26 10:02 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-26 10:02 . 2012-02-26 10:02 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-26 10:02 . 2012-02-26 10:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-26 10:02 . 2012-02-26 10:02 448512 ----a-w- c:\windows\system32\html.iec
2012-02-26 10:02 . 2012-02-26 10:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-26 10:02 . 2012-02-26 10:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-26 10:02 . 2012-02-26 10:02 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-26 10:02 . 2012-02-26 10:02 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-26 10:02 . 2012-02-26 10:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-26 10:02 . 2012-02-26 10:02 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-26 10:02 . 2012-02-26 10:02 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-26 10:01 . 2012-02-26 10:01 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-02-26 10:01 . 2012-02-26 10:01 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-02-26 10:01 . 2012-02-26 10:01 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-02-26 10:01 . 2012-02-26 10:01 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-02-26 10:01 . 2012-02-26 10:01 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2012-02-26 10:01 . 2012-02-26 10:01 144384 ----a-w- c:\windows\system32\cdd.dll
2012-02-26 10:01 . 2012-02-26 10:01 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-26 10:01 . 2012-02-26 10:01 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-02-26 10:01 . 2012-02-26 10:01 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-02-26 10:01 . 2012-02-26 10:01 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-02-26 10:01 . 2012-02-26 10:01 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-02-26 10:01 . 2012-02-26 10:01 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-02-26 10:01 . 2012-02-26 10:01 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-02-26 10:01 . 2012-02-26 10:01 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-02-26 10:01 . 2012-02-26 10:01 4068864 ----a-w- c:\windows\system32\mf.dll
2012-02-26 10:01 . 2012-02-26 10:01 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2012-02-26 10:01 . 2012-02-26 10:01 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-02-26 10:01 . 2012-02-26 10:01 206848 ----a-w- c:\windows\system32\mfps.dll
2012-02-26 10:01 . 2012-02-26 10:01 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-02-10 17:04 . 2012-02-10 17:05 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0143FE48-71D1-4806-BA10-95DC2D034068}\gapaengine.dll
2012-01-31 12:44 . 2011-12-19 16:53 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-28 102400]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-05-21 165184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20111124.011\BHDrvx64.sys [2011-11-15 1156216]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [x]
R1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [x]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20111206.001\IDSvia64.sys [2011-12-04 488568]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-03-17 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 00:19]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 00:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Curtis\AppData\Roaming\Mozilla\Firefox\Profiles\vj7jr6ji.default\
FF - prefs.js: browser.startup.homepage - www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-03-27 19:57:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-28 01:56
.
Pre-Run: 410,411,175,936 bytes free
Post-Run: 412,233,170,944 bytes free
.
- - End Of File - - 7E922EF2AE99266A28F0B3C7541FCE4B

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 27 March 2012 - 09:25 PM

Greetings

using which browsers does this happen with?


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 tenacious89c

tenacious89c
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 27 March 2012 - 10:26 PM

Gringo,

I only use Firefox, and this is the browser that this is happening with.

Here is the TDSkiller log:

21:08:13.0040 2996 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
21:08:13.0518 2996 ============================================================
21:08:13.0519 2996 Current date / time: 2012/03/27 21:08:13.0518
21:08:13.0519 2996 SystemInfo:
21:08:13.0519 2996
21:08:13.0519 2996 OS Version: 6.1.7600 ServicePack: 0.0
21:08:13.0519 2996 Product type: Workstation
21:08:13.0519 2996 ComputerName: CURTIS-PC
21:08:13.0519 2996 UserName: Curtis
21:08:13.0520 2996 Windows directory: C:\Windows
21:08:13.0520 2996 System windows directory: C:\Windows
21:08:13.0520 2996 Running under WOW64
21:08:13.0520 2996 Processor architecture: Intel x64
21:08:13.0520 2996 Number of processors: 3
21:08:13.0520 2996 Page size: 0x1000
21:08:13.0520 2996 Boot type: Normal boot
21:08:13.0520 2996 ============================================================
21:08:14.0466 2996 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:08:14.0475 2996 \Device\Harddisk0\DR0:
21:08:14.0476 2996 MBR used
21:08:14.0476 2996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
21:08:14.0476 2996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
21:08:14.0511 2996 Initialize success
21:08:14.0511 2996 ============================================================
21:08:49.0460 5104 ============================================================
21:08:49.0460 5104 Scan started
21:08:49.0460 5104 Mode: Manual;
21:08:49.0460 5104 ============================================================
21:08:50.0224 5104 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
21:08:50.0224 5104 1394ohci - ok
21:08:50.0271 5104 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:08:50.0271 5104 ACPI - ok
21:08:50.0380 5104 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:08:50.0380 5104 AcpiPmi - ok
21:08:50.0442 5104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:08:50.0442 5104 adp94xx - ok
21:08:50.0567 5104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:08:50.0583 5104 adpahci - ok
21:08:50.0692 5104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:08:50.0692 5104 adpu320 - ok
21:08:50.0739 5104 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:08:50.0739 5104 AeLookupSvc - ok
21:08:50.0864 5104 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
21:08:50.0864 5104 AESTFilters - ok
21:08:50.0988 5104 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
21:08:50.0988 5104 AFD - ok
21:08:51.0113 5104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:08:51.0113 5104 agp440 - ok
21:08:51.0176 5104 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:08:51.0176 5104 ALG - ok
21:08:51.0238 5104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:08:51.0238 5104 aliide - ok
21:08:51.0347 5104 AMD External Events Utility (c6469ced96fedef508aeb74553135cdc) C:\Windows\system32\atiesrxx.exe
21:08:51.0347 5104 AMD External Events Utility - ok
21:08:51.0394 5104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:08:51.0394 5104 amdide - ok
21:08:51.0488 5104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:08:51.0488 5104 AmdK8 - ok
21:08:51.0753 5104 amdkmdag (18ad9ad00ffad95dc820762fb7f4b80f) C:\Windows\system32\DRIVERS\atikmdag.sys
21:08:51.0909 5104 amdkmdag - ok
21:08:52.0018 5104 amdkmdap (dbf0db9a8b60a2c029eb70824afccbda) C:\Windows\system32\DRIVERS\atikmpag.sys
21:08:52.0034 5104 amdkmdap - ok
21:08:52.0158 5104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:08:52.0158 5104 AmdPPM - ok
21:08:52.0283 5104 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
21:08:52.0299 5104 amdsata - ok
21:08:52.0346 5104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:08:52.0346 5104 amdsbs - ok
21:08:52.0439 5104 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
21:08:52.0439 5104 amdxata - ok
21:08:52.0548 5104 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:08:52.0548 5104 AppID - ok
21:08:52.0580 5104 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:08:52.0595 5104 AppIDSvc - ok
21:08:52.0704 5104 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
21:08:52.0704 5104 Appinfo - ok
21:08:52.0829 5104 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:08:52.0829 5104 Apple Mobile Device - ok
21:08:52.0970 5104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:08:52.0970 5104 arc - ok
21:08:53.0001 5104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:08:53.0001 5104 arcsas - ok
21:08:53.0079 5104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:08:53.0079 5104 AsyncMac - ok
21:08:53.0110 5104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:08:53.0110 5104 atapi - ok
21:08:53.0391 5104 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
21:08:53.0391 5104 AtiHdmiService - ok
21:08:53.0516 5104 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:08:53.0516 5104 AtiPcie - ok
21:08:53.0625 5104 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:08:53.0656 5104 AudioEndpointBuilder - ok
21:08:53.0672 5104 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:08:53.0687 5104 AudioSrv - ok
21:08:53.0781 5104 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
21:08:53.0781 5104 AxInstSV - ok
21:08:53.0859 5104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:08:53.0874 5104 b06bdrv - ok
21:08:54.0015 5104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:08:54.0015 5104 b57nd60a - ok
21:08:54.0062 5104 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
21:08:54.0077 5104 BCM42RLY - ok
21:08:54.0171 5104 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:08:54.0186 5104 BCM43XX - ok
21:08:54.0311 5104 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
21:08:54.0311 5104 BcmVWL - ok
21:08:54.0327 5104 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:08:54.0327 5104 BDESVC - ok
21:08:54.0405 5104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:08:54.0405 5104 Beep - ok
21:08:54.0483 5104 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
21:08:54.0514 5104 BFE - ok
21:08:54.0639 5104 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20111124.011\BHDrvx64.sys
21:08:54.0670 5104 BHDrvx64 - ok
21:08:54.0764 5104 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
21:08:54.0779 5104 BITS - ok
21:08:54.0826 5104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:08:54.0842 5104 blbdrive - ok
21:08:54.0951 5104 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:08:54.0951 5104 Bonjour Service - ok
21:08:55.0060 5104 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:08:55.0076 5104 bowser - ok
21:08:55.0107 5104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:08:55.0107 5104 BrFiltLo - ok
21:08:55.0185 5104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:08:55.0185 5104 BrFiltUp - ok
21:08:55.0310 5104 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:08:55.0325 5104 BridgeMP - ok
21:08:55.0356 5104 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
21:08:55.0356 5104 Browser - ok
21:08:55.0419 5104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:08:55.0419 5104 Brserid - ok
21:08:55.0466 5104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:08:55.0466 5104 BrSerWdm - ok
21:08:55.0481 5104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:08:55.0481 5104 BrUsbMdm - ok
21:08:55.0497 5104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:08:55.0497 5104 BrUsbSer - ok
21:08:55.0528 5104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:08:55.0528 5104 BTHMODEM - ok
21:08:55.0575 5104 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:08:55.0575 5104 bthserv - ok
21:08:55.0700 5104 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:08:55.0715 5104 cdfs - ok
21:08:55.0840 5104 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:08:55.0840 5104 cdrom - ok
21:08:55.0965 5104 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:08:55.0965 5104 CertPropSvc - ok
21:08:56.0074 5104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:08:56.0074 5104 circlass - ok
21:08:56.0183 5104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:08:56.0183 5104 CLFS - ok
21:08:56.0277 5104 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:08:56.0277 5104 clr_optimization_v2.0.50727_32 - ok
21:08:56.0324 5104 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:08:56.0324 5104 clr_optimization_v2.0.50727_64 - ok
21:08:56.0433 5104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:08:56.0433 5104 CmBatt - ok
21:08:56.0480 5104 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:08:56.0480 5104 cmdide - ok
21:08:56.0558 5104 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
21:08:56.0573 5104 CNG - ok
21:08:56.0620 5104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:08:56.0620 5104 Compbatt - ok
21:08:56.0729 5104 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:08:56.0729 5104 CompositeBus - ok
21:08:56.0761 5104 COMSysApp - ok
21:08:56.0792 5104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:08:56.0807 5104 crcdisk - ok
21:08:56.0854 5104 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
21:08:56.0870 5104 CryptSvc - ok
21:08:56.0979 5104 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:08:56.0995 5104 CtClsFlt - ok
21:08:57.0057 5104 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:08:57.0057 5104 DcomLaunch - ok
21:08:57.0135 5104 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:08:57.0135 5104 defragsvc - ok
21:08:57.0182 5104 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:08:57.0182 5104 DfsC - ok
21:08:57.0244 5104 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
21:08:57.0244 5104 Dhcp - ok
21:08:57.0307 5104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:08:57.0307 5104 discache - ok
21:08:57.0416 5104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:08:57.0416 5104 Disk - ok
21:08:57.0431 5104 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
21:08:57.0447 5104 Dnscache - ok
21:08:57.0541 5104 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
21:08:57.0541 5104 DockLoginService - ok
21:08:57.0619 5104 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
21:08:57.0634 5104 dot3svc - ok
21:08:57.0650 5104 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
21:08:57.0650 5104 DPS - ok
21:08:57.0775 5104 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:08:57.0775 5104 drmkaud - ok
21:08:57.0837 5104 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:08:57.0837 5104 DXGKrnl - ok
21:08:57.0931 5104 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:08:57.0931 5104 EapHost - ok
21:08:58.0071 5104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:08:58.0165 5104 ebdrv - ok
21:08:58.0258 5104 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
21:08:58.0258 5104 EFS - ok
21:08:58.0399 5104 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
21:08:58.0414 5104 ehRecvr - ok
21:08:58.0430 5104 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:08:58.0430 5104 ehSched - ok
21:08:58.0555 5104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:08:58.0555 5104 elxstor - ok
21:08:58.0679 5104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:08:58.0679 5104 ErrDev - ok
21:08:58.0820 5104 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:08:58.0820 5104 EventSystem - ok
21:08:58.0929 5104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:08:58.0929 5104 exfat - ok
21:08:59.0069 5104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:08:59.0069 5104 fastfat - ok
21:08:59.0194 5104 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
21:08:59.0225 5104 Fax - ok
21:08:59.0350 5104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:08:59.0350 5104 fdc - ok
21:08:59.0459 5104 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:08:59.0459 5104 fdPHost - ok
21:08:59.0491 5104 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:08:59.0491 5104 FDResPub - ok
21:08:59.0537 5104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:08:59.0537 5104 FileInfo - ok
21:08:59.0553 5104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:08:59.0569 5104 Filetrace - ok
21:08:59.0584 5104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:08:59.0584 5104 flpydisk - ok
21:08:59.0725 5104 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:08:59.0725 5104 FltMgr - ok
21:08:59.0849 5104 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
21:08:59.0896 5104 FontCache - ok
21:08:59.0974 5104 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:08:59.0974 5104 FontCache3.0.0.0 - ok
21:09:00.0052 5104 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:09:00.0052 5104 FsDepends - ok
21:09:00.0115 5104 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:09:00.0115 5104 Fs_Rec - ok
21:09:00.0177 5104 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
21:09:00.0177 5104 fvevol - ok
21:09:00.0302 5104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:09:00.0302 5104 gagp30kx - ok
21:09:00.0427 5104 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:09:00.0442 5104 GEARAspiWDM - ok
21:09:00.0505 5104 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
21:09:00.0505 5104 GoToAssist - ok
21:09:00.0629 5104 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
21:09:00.0661 5104 gpsvc - ok
21:09:00.0770 5104 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:09:00.0770 5104 gupdate - ok
21:09:00.0801 5104 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:09:00.0801 5104 gupdatem - ok
21:09:00.0941 5104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:09:00.0941 5104 hcw85cir - ok
21:09:01.0082 5104 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:09:01.0082 5104 HdAudAddService - ok
21:09:01.0207 5104 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:09:01.0222 5104 HDAudBus - ok
21:09:01.0347 5104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:09:01.0347 5104 HidBatt - ok
21:09:01.0472 5104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:09:01.0487 5104 HidBth - ok
21:09:01.0612 5104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:09:01.0612 5104 HidIr - ok
21:09:01.0706 5104 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:09:01.0721 5104 hidserv - ok
21:09:01.0862 5104 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:09:01.0862 5104 HidUsb - ok
21:09:01.0940 5104 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
21:09:01.0940 5104 hkmsvc - ok
21:09:01.0971 5104 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
21:09:01.0971 5104 HomeGroupListener - ok
21:09:02.0080 5104 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
21:09:02.0080 5104 HomeGroupProvider - ok
21:09:02.0174 5104 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:09:02.0174 5104 HpSAMD - ok
21:09:02.0330 5104 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:09:02.0361 5104 HTTP - ok
21:09:02.0486 5104 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:09:02.0486 5104 hwpolicy - ok
21:09:02.0564 5104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:09:02.0564 5104 i8042prt - ok
21:09:02.0704 5104 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
21:09:02.0704 5104 iaStorV - ok
21:09:02.0860 5104 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:09:02.0891 5104 idsvc - ok
21:09:03.0047 5104 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20111206.001\IDSvia64.sys
21:09:03.0047 5104 IDSVia64 - ok
21:09:03.0328 5104 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:09:03.0453 5104 igfx - ok
21:09:03.0562 5104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:09:03.0562 5104 iirsp - ok
21:09:03.0656 5104 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
21:09:03.0687 5104 IKEEXT - ok
21:09:03.0796 5104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:09:03.0812 5104 intelide - ok
21:09:03.0874 5104 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:09:03.0890 5104 intelppm - ok
21:09:03.0968 5104 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:09:03.0968 5104 IPBusEnum - ok
21:09:04.0015 5104 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:09:04.0015 5104 IpFilterDriver - ok
21:09:04.0077 5104 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
21:09:04.0108 5104 iphlpsvc - ok
21:09:04.0186 5104 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:09:04.0186 5104 IPMIDRV - ok
21:09:04.0249 5104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:09:04.0249 5104 IPNAT - ok
21:09:04.0342 5104 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
21:09:04.0358 5104 iPod Service - ok
21:09:04.0467 5104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:09:04.0467 5104 IRENUM - ok
21:09:04.0561 5104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:09:04.0561 5104 isapnp - ok
21:09:04.0639 5104 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:09:04.0654 5104 iScsiPrt - ok
21:09:04.0717 5104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:09:04.0717 5104 kbdclass - ok
21:09:04.0826 5104 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:09:04.0826 5104 kbdhid - ok
21:09:04.0888 5104 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:09:04.0888 5104 KeyIso - ok
21:09:04.0919 5104 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
21:09:04.0919 5104 KSecDD - ok
21:09:04.0951 5104 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
21:09:04.0966 5104 KSecPkg - ok
21:09:04.0997 5104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:09:04.0997 5104 ksthunk - ok
21:09:05.0060 5104 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:09:05.0060 5104 KtmRm - ok
21:09:05.0138 5104 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
21:09:05.0153 5104 LanmanServer - ok
21:09:05.0294 5104 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
21:09:05.0294 5104 LanmanWorkstation - ok
21:09:05.0434 5104 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:09:05.0434 5104 lltdio - ok
21:09:05.0481 5104 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:09:05.0497 5104 lltdsvc - ok
21:09:05.0528 5104 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:09:05.0543 5104 lmhosts - ok
21:09:05.0590 5104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:09:05.0606 5104 LSI_FC - ok
21:09:05.0731 5104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:09:05.0731 5104 LSI_SAS - ok
21:09:05.0871 5104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:09:05.0871 5104 LSI_SAS2 - ok
21:09:05.0996 5104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:09:06.0011 5104 LSI_SCSI - ok
21:09:06.0136 5104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:09:06.0152 5104 luafv - ok
21:09:06.0277 5104 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
21:09:06.0292 5104 Mcx2Svc - ok
21:09:06.0370 5104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:09:06.0370 5104 megasas - ok
21:09:06.0511 5104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:09:06.0526 5104 MegaSR - ok
21:09:06.0635 5104 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:09:06.0635 5104 MMCSS - ok
21:09:06.0729 5104 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:09:06.0729 5104 Modem - ok
21:09:06.0869 5104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:09:06.0869 5104 monitor - ok
21:09:06.0994 5104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:09:06.0994 5104 mouclass - ok
21:09:07.0150 5104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:09:07.0150 5104 mouhid - ok
21:09:07.0197 5104 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:09:07.0197 5104 mountmgr - ok
21:09:07.0337 5104 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
21:09:07.0353 5104 MpFilter - ok
21:09:07.0462 5104 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:09:07.0462 5104 mpio - ok
21:09:07.0618 5104 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:09:07.0618 5104 MpNWMon - ok
21:09:07.0681 5104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:09:07.0681 5104 mpsdrv - ok
21:09:07.0743 5104 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
21:09:07.0774 5104 MpsSvc - ok
21:09:07.0915 5104 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:09:07.0915 5104 MRxDAV - ok
21:09:08.0039 5104 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:09:08.0039 5104 mrxsmb - ok
21:09:08.0164 5104 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:09:08.0164 5104 mrxsmb10 - ok
21:09:08.0227 5104 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:09:08.0227 5104 mrxsmb20 - ok
21:09:08.0273 5104 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
21:09:08.0273 5104 msahci - ok
21:09:08.0336 5104 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:09:08.0336 5104 msdsm - ok
21:09:08.0383 5104 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:09:08.0383 5104 MSDTC - ok
21:09:08.0523 5104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:09:08.0523 5104 Msfs - ok
21:09:08.0632 5104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:09:08.0632 5104 mshidkmdf - ok
21:09:08.0726 5104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:09:08.0726 5104 msisadrv - ok
21:09:08.0773 5104 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:09:08.0788 5104 MSiSCSI - ok
21:09:08.0851 5104 msiserver - ok
21:09:08.0929 5104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:09:08.0929 5104 MSKSSRV - ok
21:09:09.0022 5104 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
21:09:09.0022 5104 MsMpSvc - ok
21:09:09.0116 5104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:09:09.0131 5104 MSPCLOCK - ok
21:09:09.0194 5104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:09:09.0194 5104 MSPQM - ok
21:09:09.0241 5104 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:09:09.0256 5104 MsRPC - ok
21:09:09.0303 5104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:09:09.0303 5104 mssmbios - ok
21:09:09.0428 5104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:09:09.0428 5104 MSTEE - ok
21:09:09.0459 5104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:09:09.0459 5104 MTConfig - ok
21:09:09.0490 5104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:09:09.0490 5104 Mup - ok
21:09:09.0537 5104 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
21:09:09.0553 5104 napagent - ok
21:09:09.0709 5104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:09:09.0709 5104 NativeWifiP - ok
21:09:09.0802 5104 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:09:09.0818 5104 NDIS - ok
21:09:09.0943 5104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:09:09.0943 5104 NdisCap - ok
21:09:10.0067 5104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:09:10.0067 5104 NdisTapi - ok
21:09:10.0130 5104 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:09:10.0145 5104 Ndisuio - ok
21:09:10.0161 5104 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:09:10.0161 5104 NdisWan - ok
21:09:10.0177 5104 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:09:10.0192 5104 NDProxy - ok
21:09:10.0255 5104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:09:10.0255 5104 NetBIOS - ok
21:09:10.0395 5104 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:09:10.0395 5104 NetBT - ok
21:09:10.0520 5104 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:09:10.0520 5104 Netlogon - ok
21:09:10.0629 5104 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:09:10.0629 5104 Netman - ok
21:09:10.0676 5104 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:09:10.0676 5104 netprofm - ok
21:09:10.0754 5104 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:09:10.0754 5104 NetTcpPortSharing - ok
21:09:10.0863 5104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:09:10.0863 5104 nfrd960 - ok
21:09:11.0035 5104 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:09:11.0035 5104 NisDrv - ok
21:09:11.0175 5104 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
21:09:11.0175 5104 NisSrv - ok
21:09:11.0284 5104 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
21:09:11.0284 5104 NlaSvc - ok
21:09:11.0409 5104 nmservice (cd2fe9c33cfd0fe0af124e05907e5c3d) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
21:09:11.0425 5104 nmservice - ok
21:09:11.0534 5104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:09:11.0534 5104 Npfs - ok
21:09:11.0659 5104 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:09:11.0659 5104 nsi - ok
21:09:11.0752 5104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:09:11.0752 5104 nsiproxy - ok
21:09:11.0846 5104 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
21:09:11.0846 5104 Ntfs - ok
21:09:11.0877 5104 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:09:11.0877 5104 Null - ok
21:09:11.0893 5104 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
21:09:11.0908 5104 nvraid - ok
21:09:11.0939 5104 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
21:09:11.0939 5104 nvstor - ok
21:09:11.0955 5104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:09:11.0971 5104 nv_agp - ok
21:09:12.0095 5104 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:09:12.0095 5104 odserv - ok
21:09:12.0220 5104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:09:12.0220 5104 ohci1394 - ok
21:09:12.0329 5104 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:09:12.0345 5104 ose - ok
21:09:12.0439 5104 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:09:12.0454 5104 p2pimsvc - ok
21:09:12.0532 5104 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:09:12.0548 5104 p2psvc - ok
21:09:12.0626 5104 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:09:12.0641 5104 Parport - ok
21:09:12.0766 5104 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:09:12.0766 5104 partmgr - ok
21:09:12.0860 5104 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:09:12.0875 5104 PcaSvc - ok
21:09:12.0969 5104 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:09:12.0969 5104 pci - ok
21:09:13.0094 5104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:09:13.0094 5104 pciide - ok
21:09:13.0172 5104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:09:13.0172 5104 pcmcia - ok
21:09:13.0219 5104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:09:13.0219 5104 pcw - ok
21:09:13.0265 5104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:09:13.0281 5104 PEAUTH - ok
21:09:13.0390 5104 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:09:13.0390 5104 PerfHost - ok
21:09:13.0515 5104 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
21:09:13.0562 5104 pla - ok
21:09:13.0702 5104 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
21:09:13.0718 5104 PlugPlay - ok
21:09:13.0858 5104 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
21:09:13.0858 5104 pnarp - ok
21:09:13.0952 5104 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:09:13.0967 5104 PNRPAutoReg - ok
21:09:14.0014 5104 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:09:14.0030 5104 PNRPsvc - ok
21:09:14.0139 5104 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
21:09:14.0155 5104 PolicyAgent - ok
21:09:14.0248 5104 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:09:14.0248 5104 Power - ok
21:09:14.0389 5104 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:09:14.0389 5104 PptpMiniport - ok
21:09:14.0513 5104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:09:14.0513 5104 Processor - ok
21:09:14.0591 5104 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
21:09:14.0591 5104 ProfSvc - ok
21:09:14.0623 5104 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:09:14.0623 5104 ProtectedStorage - ok
21:09:14.0763 5104 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:09:14.0779 5104 Psched - ok
21:09:14.0919 5104 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys
21:09:14.0919 5104 purendis - ok
21:09:15.0044 5104 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:09:15.0044 5104 PxHlpa64 - ok
21:09:15.0169 5104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:09:15.0215 5104 ql2300 - ok
21:09:15.0309 5104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:09:15.0309 5104 ql40xx - ok
21:09:15.0418 5104 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:09:15.0434 5104 QWAVE - ok
21:09:15.0512 5104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:09:15.0512 5104 QWAVEdrv - ok
21:09:15.0621 5104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:09:15.0637 5104 RasAcd - ok
21:09:15.0777 5104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:09:15.0777 5104 RasAgileVpn - ok
21:09:15.0855 5104 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:09:15.0855 5104 RasAuto - ok
21:09:15.0902 5104 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:09:15.0902 5104 Rasl2tp - ok
21:09:16.0027 5104 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
21:09:16.0042 5104 RasMan - ok
21:09:16.0183 5104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:09:16.0183 5104 RasPppoe - ok
21:09:16.0323 5104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:09:16.0323 5104 RasSstp - ok
21:09:16.0385 5104 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:09:16.0401 5104 rdbss - ok
21:09:16.0448 5104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:09:16.0448 5104 rdpbus - ok
21:09:16.0495 5104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:09:16.0495 5104 RDPCDD - ok
21:09:16.0604 5104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:09:16.0604 5104 RDPENCDD - ok
21:09:16.0729 5104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:09:16.0729 5104 RDPREFMP - ok
21:09:16.0869 5104 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
21:09:16.0885 5104 RDPWD - ok
21:09:16.0978 5104 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:09:16.0994 5104 rdyboost - ok
21:09:17.0025 5104 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:09:17.0025 5104 RemoteAccess - ok
21:09:17.0134 5104 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:09:17.0150 5104 RemoteRegistry - ok
21:09:17.0197 5104 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:09:17.0197 5104 RpcEptMapper - ok
21:09:17.0243 5104 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:09:17.0259 5104 RpcLocator - ok
21:09:17.0306 5104 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:09:17.0321 5104 RpcSs - ok
21:09:17.0446 5104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:09:17.0446 5104 rspndr - ok
21:09:17.0587 5104 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:09:17.0602 5104 RTL8167 - ok
21:09:17.0696 5104 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:09:17.0696 5104 SamSs - ok
21:09:17.0789 5104 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:09:17.0805 5104 sbp2port - ok
21:09:17.0867 5104 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:09:17.0883 5104 SCardSvr - ok
21:09:17.0930 5104 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:09:17.0930 5104 scfilter - ok
21:09:17.0992 5104 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
21:09:18.0008 5104 Schedule - ok
21:09:18.0133 5104 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:09:18.0133 5104 SCPolicySvc - ok
21:09:18.0211 5104 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
21:09:18.0211 5104 SDRSVC - ok
21:09:18.0335 5104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:09:18.0335 5104 secdrv - ok
21:09:18.0445 5104 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
21:09:18.0460 5104 seclogon - ok
21:09:18.0523 5104 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:09:18.0538 5104 SENS - ok
21:09:18.0647 5104 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:09:18.0663 5104 SensrSvc - ok
21:09:18.0772 5104 SepMasterService - ok
21:09:18.0881 5104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:09:18.0881 5104 Serenum - ok
21:09:19.0022 5104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:09:19.0022 5104 Serial - ok
21:09:19.0147 5104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:09:19.0147 5104 sermouse - ok
21:09:19.0225 5104 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
21:09:19.0240 5104 SessionEnv - ok
21:09:19.0287 5104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:09:19.0287 5104 sffdisk - ok
21:09:19.0334 5104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:09:19.0334 5104 sffp_mmc - ok
21:09:19.0349 5104 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:09:19.0349 5104 sffp_sd - ok
21:09:19.0381 5104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:09:19.0381 5104 sfloppy - ok
21:09:19.0521 5104 SftService (cf53dcce55e500f51089774e851e7363) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
21:09:19.0537 5104 SftService - ok
21:09:19.0693 5104 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:09:19.0693 5104 SharedAccess - ok
21:09:19.0802 5104 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
21:09:19.0817 5104 ShellHWDetection - ok
21:09:19.0942 5104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:09:19.0942 5104 SiSRaid2 - ok
21:09:20.0051 5104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:09:20.0067 5104 SiSRaid4 - ok
21:09:20.0192 5104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:09:20.0207 5104 Smb - ok
21:09:20.0332 5104 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:09:20.0332 5104 SNMPTRAP - ok
21:09:20.0410 5104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:09:20.0410 5104 spldr - ok
21:09:20.0488 5104 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
21:09:20.0504 5104 Spooler - ok
21:09:20.0629 5104 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
21:09:20.0753 5104 sppsvc - ok
21:09:20.0878 5104 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:09:20.0878 5104 sppuinotify - ok
21:09:20.0972 5104 sprtsvc_DellComms (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
21:09:20.0972 5104 sprtsvc_DellComms - ok
21:09:21.0019 5104 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
21:09:21.0034 5104 sprtsvc_DellSupportCenter - ok
21:09:21.0190 5104 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:09:21.0206 5104 srv - ok
21:09:21.0331 5104 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:09:21.0346 5104 srv2 - ok
21:09:21.0455 5104 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:09:21.0471 5104 srvnet - ok
21:09:21.0565 5104 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:09:21.0580 5104 SSDPSRV - ok
21:09:21.0658 5104 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:09:21.0658 5104 SstpSvc - ok
21:09:21.0799 5104 STacSV (da7702025dfd169b909c4da3126762cc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
21:09:21.0799 5104 STacSV - ok
21:09:21.0908 5104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:09:21.0908 5104 stexstor - ok
21:09:22.0079 5104 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
21:09:22.0095 5104 STHDA - ok
21:09:22.0220 5104 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
21:09:22.0235 5104 stisvc - ok
21:09:22.0391 5104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:09:22.0391 5104 swenum - ok
21:09:22.0501 5104 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:09:22.0516 5104 swprv - ok
21:09:22.0703 5104 SymDS (f017987b177f7bbc989318d59309d091) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS
21:09:22.0703 5104 SymDS - ok
21:09:22.0906 5104 SymEFA (ba589e090506aae847f128aa6bbb376a) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS
21:09:22.0937 5104 SymEFA - ok
21:09:23.0109 5104 SymIRON (66b80d43191ba671a9bb8254e8236eb7) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS
21:09:23.0125 5104 SymIRON - ok
21:09:23.0281 5104 SYMNETS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS
21:09:23.0296 5104 SYMNETS - ok
21:09:23.0483 5104 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
21:09:23.0499 5104 SynTP - ok
21:09:23.0686 5104 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
21:09:23.0749 5104 SysMain - ok
21:09:23.0889 5104 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
21:09:23.0905 5104 TabletInputService - ok
21:09:24.0045 5104 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
21:09:24.0045 5104 TapiSrv - ok
21:09:24.0201 5104 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:09:24.0201 5104 TBS - ok
21:09:24.0388 5104 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
21:09:24.0404 5104 Tcpip - ok
21:09:24.0607 5104 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
21:09:24.0622 5104 TCPIP6 - ok
21:09:24.0778 5104 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:09:24.0778 5104 tcpipreg - ok
21:09:24.0950 5104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:09:24.0950 5104 TDPIPE - ok
21:09:25.0059 5104 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
21:09:25.0075 5104 TDTCP - ok
21:09:25.0153 5104 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:09:25.0153 5104 tdx - ok
21:09:25.0262 5104 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:09:25.0262 5104 TermDD - ok
21:09:25.0418 5104 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
21:09:25.0433 5104 TermService - ok
21:09:25.0574 5104 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:09:25.0589 5104 Themes - ok
21:09:25.0730 5104 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:09:25.0730 5104 THREADORDER - ok
21:09:25.0886 5104 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:09:25.0886 5104 TrkWks - ok
21:09:25.0979 5104 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
21:09:25.0979 5104 TrustedInstaller - ok
21:09:26.0073 5104 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:09:26.0089 5104 tssecsrv - ok
21:09:26.0276 5104 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:09:26.0276 5104 tunnel - ok
21:09:26.0432 5104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:09:26.0432 5104 uagp35 - ok
21:09:26.0603 5104 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
21:09:26.0603 5104 udfs - ok
21:09:26.0759 5104 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:09:26.0759 5104 UI0Detect - ok
21:09:26.0931 5104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:09:26.0931 5104 uliagpkx - ok
21:09:27.0103 5104 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:09:27.0103 5104 umbus - ok
21:09:27.0259 5104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:09:27.0259 5104 UmPass - ok
21:09:27.0399 5104 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:09:27.0415 5104 upnphost - ok
21:09:27.0586 5104 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:09:27.0586 5104 USBAAPL64 - ok
21:09:27.0680 5104 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
21:09:27.0680 5104 usbccgp - ok
21:09:27.0820 5104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:09:27.0820 5104 usbcir - ok
21:09:27.0929 5104 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
21:09:27.0929 5104 usbehci - ok
21:09:28.0085 5104 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
21:09:28.0085 5104 usbfilter - ok
21:09:28.0273 5104 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
21:09:28.0288 5104 usbhub - ok
21:09:28.0460 5104 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:09:28.0460 5104 usbohci - ok
21:09:28.0631 5104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:09:28.0647 5104 usbprint - ok
21:09:28.0725 5104 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:09:28.0741 5104 USBSTOR - ok
21:09:28.0803 5104 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:09:28.0803 5104 usbuhci - ok
21:09:28.0943 5104 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
21:09:28.0959 5104 usbvideo - ok
21:09:29.0099 5104 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:09:29.0099 5104 UxSms - ok
21:09:29.0240 5104 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:09:29.0240 5104 VaultSvc - ok
21:09:29.0411 5104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:09:29.0427 5104 vdrvroot - ok
21:09:29.0536 5104 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
21:09:29.0552 5104 vds - ok
21:09:29.0723 5104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:09:29.0723 5104 vga - ok
21:09:29.0879 5104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:09:29.0879 5104 VgaSave - ok
21:09:30.0051 5104 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:09:30.0051 5104 vhdmp - ok
21:09:30.0207 5104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:09:30.0207 5104 viaide - ok
21:09:30.0301 5104 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:09:30.0301 5104 volmgr - ok
21:09:30.0441 5104 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:09:30.0457 5104 volmgrx - ok
21:09:30.0628 5104 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:09:30.0628 5104 volsnap - ok
21:09:30.0800 5104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:09:30.0800 5104 vsmraid - ok
21:09:30.0987 5104 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
21:09:31.0034 5104 VSS - ok
21:09:31.0190 5104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:09:31.0190 5104 vwifibus - ok
21:09:31.0361 5104 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:09:31.0361 5104 vwififlt - ok
21:09:31.0502 5104 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:09:31.0517 5104 W32Time - ok
21:09:31.0673 5104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:09:31.0689 5104 WacomPen - ok
21:09:31.0876 5104 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:09:31.0876 5104 WANARP - ok
21:09:31.0907 5104 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:09:31.0907 5104 Wanarpv6 - ok
21:09:32.0095 5104 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:09:32.0141 5104 WatAdminSvc - ok
21:09:32.0297 5104 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
21:09:32.0344 5104 wbengine - ok
21:09:32.0453 5104 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:09:32.0469 5104 WbioSrvc - ok
21:09:32.0609 5104 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
21:09:32.0609 5104 wcncsvc - ok
21:09:32.0765 5104 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:09:32.0781 5104 WcsPlugInService - ok
21:09:32.0937 5104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:09:32.0937 5104 Wd - ok
21:09:33.0093 5104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:09:33.0109 5104 Wdf01000 - ok
21:09:33.0218 5104 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:09:33.0233 5104 WdiServiceHost - ok
21:09:33.0233 5104 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:09:33.0249 5104 WdiSystemHost - ok
21:09:33.0358 5104 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
21:09:33.0374 5104 WebClient - ok
21:09:33.0483 5104 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:09:33.0483 5104 Wecsvc - ok
21:09:33.0592 5104 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:09:33.0608 5104 wercplsupport - ok
21:09:33.0733 5104 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:09:33.0733 5104 WerSvc - ok
21:09:33.0873 5104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:09:33.0889 5104 WfpLwf - ok
21:09:33.0951 5104 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
21:09:33.0967 5104 WimFltr - ok
21:09:34.0029 5104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:09:34.0029 5104 WIMMount - ok
21:09:34.0076 5104 WinDefend - ok
21:09:34.0091 5104 WinHttpAutoProxySvc - ok
21:09:34.0216 5104 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:09:34.0216 5104 Winmgmt - ok
21:09:34.0388 5104 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
21:09:34.0466 5104 WinRM - ok
21:09:34.0669 5104 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
21:09:34.0669 5104 WinUsb - ok
21:09:34.0778 5104 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:09:34.0825 5104 Wlansvc - ok
21:09:34.0887 5104 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
21:09:34.0887 5104 wltrysvc - ok
21:09:35.0043 5104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:09:35.0043 5104 WmiAcpi - ok
21:09:35.0183 5104 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:09:35.0199 5104 wmiApSrv - ok
21:09:35.0277 5104 WMPNetworkSvc - ok
21:09:35.0402 5104 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:09:35.0402 5104 WPCSvc - ok
21:09:35.0511 5104 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
21:09:35.0511 5104 WPDBusEnum - ok
21:09:35.0651 5104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:09:35.0651 5104 ws2ifsl - ok
21:09:35.0745 5104 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:09:35.0745 5104 wscsvc - ok
21:09:35.0807 5104 WSearch - ok
21:09:35.0917 5104 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
21:09:36.0010 5104 wuauserv - ok
21:09:36.0166 5104 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
21:09:36.0166 5104 WudfPf - ok
21:09:36.0338 5104 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:09:36.0338 5104 WUDFRd - ok
21:09:36.0478 5104 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
21:09:36.0494 5104 wudfsvc - ok
21:09:36.0619 5104 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:09:36.0634 5104 WwanSvc - ok
21:09:36.0790 5104 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
21:09:36.0806 5104 yukonw7 - ok
21:09:36.0853 5104 MBR (0x1B8) (c3220eb08add62e3ed9f72a1f4e4b1bb) \Device\Harddisk0\DR0
21:09:36.0915 5104 \Device\Harddisk0\DR0 - ok
21:09:36.0915 5104 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
21:09:36.0931 5104 \Device\Harddisk0\DR0\Partition0 - ok
21:09:36.0946 5104 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1
21:09:36.0946 5104 \Device\Harddisk0\DR0\Partition1 - ok
21:09:36.0946 5104 ============================================================
21:09:36.0946 5104 Scan finished
21:09:36.0946 5104 ============================================================
21:09:36.0962 1240 Detected object count: 0
21:09:36.0962 1240 Actual detected object count: 0

And here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-27 21:11:51
-----------------------------
21:11:51.373 OS Version: Windows x64 6.1.7600
21:11:51.373 Number of processors: 3 586 0x503
21:11:51.373 ComputerName: CURTIS-PC UserName: Curtis
21:11:54.227 Initialize success
21:12:50.498 AVAST engine defs: 12032702
21:13:02.541 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:13:02.541 Disk 0 Vendor: WDC_WD5000BEVT-75A0RT0 01.01A01 Size: 476940MB BusType: 11
21:13:02.588 Disk 0 MBR read successfully
21:13:02.588 Disk 0 MBR scan
21:13:02.588 Disk 0 Windows 7 default MBR code
21:13:02.619 Disk 0 Partition 1 00 DE Dell Utility RECOVERY 100 MB offset 2048
21:13:02.635 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
21:13:02.650 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
21:13:02.681 Disk 0 scanning C:\Windows\system32\drivers
21:13:14.756 Service scanning
21:14:16.610 Modules scanning
21:14:16.625 Disk 0 trace - called modules:
21:14:16.641 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:14:16.657 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c276b0]
21:14:16.657 3 CLASSPNP.SYS[fffff8800103b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b97060]
21:14:20.120 AVAST engine scan C:\Windows
21:14:25.517 AVAST engine scan C:\Windows\system32
21:18:05.043 AVAST engine scan C:\Windows\system32\drivers
21:18:20.503 AVAST engine scan C:\Users\Curtis
21:19:53.885 File: C:\Users\Curtis\AppData\Local\Temp\_av4_\data\aswar0.dll **INFECTED** Win32:Malware-gen
21:19:54.135 File: C:\Users\Curtis\AppData\Local\Temp\_av4_\data\updldr0.bin **INFECTED** Win32:Malware-gen
21:21:54.879 AVAST engine scan C:\ProgramData
21:23:28.730 Scan finished successfully
21:23:56.858 Disk 0 MBR has been saved successfully to "C:\Users\Curtis\Desktop\MBR.dat"
21:23:56.858 The log file has been saved successfully to "C:\Users\Curtis\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 27 March 2012 - 10:56 PM

Hello


I want you to uninstall FireFox and if asked about user Data remove that also - then reinstall it and let me know if you are still redirected


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 tenacious89c

tenacious89c
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 27 March 2012 - 11:12 PM

I have uninstalled and reinstalled firefox. It does not appear to be doing the redirect anymore. Nor did it do it for internet explorer.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 27 March 2012 - 11:38 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 tenacious89c

tenacious89c
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 28 March 2012 - 12:50 AM

Gringo,

The computer appears to still be running fine after the script. Here is the log:

ComboFix 12-03-27.03 - Curtis 03/27/2012 23:18:24.2.3 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2182 [GMT -6:00]
Running from: c:\users\Curtis\Desktop\ComboFix.exe
Command switches used :: c:\users\Curtis\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 05:27 . 2012-03-28 05:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-27 04:39 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E614B08-B82E-4E81-889A-2CBACE600DDE}\mpengine.dll
2012-03-22 03:45 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-22 03:45 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 00:48 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 00:48 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-08 16:31 . 2012-03-08 16:31 -------- d-----w- c:\program files\R
2012-03-04 18:32 . 2012-03-04 18:32 -------- d-----w- c:\program files\iPod
2012-03-04 18:32 . 2012-03-04 18:33 -------- d-----w- c:\program files\iTunes
2012-03-04 18:32 . 2012-03-04 18:33 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 03:27 . 2012-01-09 04:20 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-26 10:03 . 2012-02-26 10:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-26 10:03 . 2012-02-26 10:03 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-26 10:03 . 2012-02-26 10:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-26 10:03 . 2012-02-26 10:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-26 10:03 . 2012-02-26 10:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-26 10:03 . 2012-02-26 10:03 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-26 10:03 . 2012-02-26 10:03 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-26 10:03 . 2012-02-26 10:03 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-26 10:03 . 2012-02-26 10:03 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-26 10:03 . 2012-02-26 10:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-26 10:03 . 2012-02-26 10:03 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-26 10:03 . 2012-02-26 10:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-26 10:03 . 2012-02-26 10:03 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-26 10:03 . 2012-02-26 10:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-26 10:03 . 2012-02-26 10:03 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-26 10:03 . 2012-02-26 10:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-26 10:03 . 2012-02-26 10:03 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-26 10:03 . 2012-02-26 10:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-26 10:03 . 2012-02-26 10:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-26 10:03 . 2012-02-26 10:03 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-26 10:03 . 2012-02-26 10:03 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-26 10:03 . 2012-02-26 10:03 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-26 10:03 . 2012-02-26 10:03 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-26 10:03 . 2012-02-26 10:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-26 10:03 . 2012-02-26 10:03 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-02-26 10:03 . 2012-02-26 10:03 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-26 10:03 . 2012-02-26 10:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-26 10:03 . 2012-02-26 10:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-26 10:03 . 2012-02-26 10:03 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-26 10:03 . 2012-02-26 10:03 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-26 10:02 . 2012-02-26 10:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-26 10:02 . 2012-02-26 10:02 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-26 10:02 . 2012-02-26 10:02 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-26 10:02 . 2012-02-26 10:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-26 10:02 . 2012-02-26 10:02 448512 ----a-w- c:\windows\system32\html.iec
2012-02-26 10:02 . 2012-02-26 10:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-26 10:02 . 2012-02-26 10:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-26 10:02 . 2012-02-26 10:02 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-26 10:02 . 2012-02-26 10:02 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-26 10:02 . 2012-02-26 10:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-26 10:02 . 2012-02-26 10:02 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-26 10:02 . 2012-02-26 10:02 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-26 10:01 . 2012-02-26 10:01 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-02-26 10:01 . 2012-02-26 10:01 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-02-26 10:01 . 2012-02-26 10:01 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-02-26 10:01 . 2012-02-26 10:01 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-02-26 10:01 . 2012-02-26 10:01 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2012-02-26 10:01 . 2012-02-26 10:01 144384 ----a-w- c:\windows\system32\cdd.dll
2012-02-26 10:01 . 2012-02-26 10:01 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-26 10:01 . 2012-02-26 10:01 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-02-26 10:01 . 2012-02-26 10:01 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-02-26 10:01 . 2012-02-26 10:01 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-02-26 10:01 . 2012-02-26 10:01 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-02-26 10:01 . 2012-02-26 10:01 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-02-26 10:01 . 2012-02-26 10:01 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-02-26 10:01 . 2012-02-26 10:01 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-02-26 10:01 . 2012-02-26 10:01 4068864 ----a-w- c:\windows\system32\mf.dll
2012-02-26 10:01 . 2012-02-26 10:01 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2012-02-26 10:01 . 2012-02-26 10:01 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-02-26 10:01 . 2012-02-26 10:01 206848 ----a-w- c:\windows\system32\mfps.dll
2012-02-26 10:01 . 2012-02-26 10:01 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-02-10 17:04 . 2012-02-10 17:05 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0143FE48-71D1-4806-BA10-95DC2D034068}\gapaengine.dll
2012-01-31 12:44 . 2011-12-19 16:53 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-28_01.39.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-03-28 01:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-28 05:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-28 01:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-28 05:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-28 05:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-28 01:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-03-28 05:30 51812 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-12 02:45 . 2012-03-28 04:00 49152 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-12 02:45 . 2012-03-21 01:02 49152 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-12 02:45 . 2012-03-21 01:02 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-12 02:45 . 2012-03-28 04:00 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-28 04:00 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-21 01:02 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-12 02:45 . 2012-03-28 04:00 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-12 02:45 . 2012-03-21 01:02 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-12 02:45 . 2012-03-28 04:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-12 02:45 . 2012-03-21 01:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-28 04:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-21 01:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-28 01:37 . 2012-03-28 01:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-28 05:28 . 2012-03-28 05:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-28 05:28 . 2012-03-28 05:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-28 01:37 . 2012-03-28 01:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-12 18:35 . 2012-03-28 04:28 282898 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-03-28 01:42 617460 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-03-28 01:16 617460 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-03-28 01:16 104702 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-28 01:42 104702 c:\windows\system64\perfc009.dat
+ 2011-02-12 18:35 . 2012-03-28 04:28 282898 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-03-28 01:42 617460 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-28 01:16 617460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-28 01:42 104702 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-28 01:16 104702 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-03-28 05:28 390320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-28 01:37 390320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-17 01:13 . 2012-03-28 01:37 453928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2137565588-1469526704-2723889808-1001-8192.dat
+ 2011-05-17 01:13 . 2012-03-28 05:28 453928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2137565588-1469526704-2723889808-1001-8192.dat
+ 2012-03-28 05:28 . 2012-03-28 05:28 1426992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2137565588-1469526704-2723889808-1001-4096.dat
+ 2009-07-14 02:34 . 2012-03-28 01:52 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-03-28 01:28 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-03-28 01:28 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-28 01:52 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-28 102400]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-05-21 165184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SEP]
c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20111124.011\BHDrvx64.sys [2011-11-15 1156216]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [x]
R1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [x]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20111206.001\IDSvia64.sys [2011-12-04 488568]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-03-17 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 00:19]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 00:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Curtis\AppData\Roaming\Mozilla\Firefox\Profiles\l8ih2rth.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-03-27 23:47:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-28 05:47
ComboFix2.txt 2012-03-28 01:57
.
Pre-Run: 412,254,711,808 bytes free
Post-Run: 412,449,161,216 bytes free
.
- - End Of File - - 1EB252058BB572A38E22331AD82A8364

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 28 March 2012 - 02:09 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 tenacious89c

tenacious89c
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 28 March 2012 - 09:23 AM

Here is the report you asked for:

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Best Buy pc app
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco Network Magic
Cisco PEAP Module
Command & Conquer The First Decade
Dell Communications (Support Software)
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
Google Earth Plug-in
Google Update Helper
GoToAssist 8.0.0.514
Java Auto Updater
Java™ 6 Update 26
Junk Mail filter update
Live! Cam Avatar Creator
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
Network Magic
Pure Networks Platform
QuickTime
Roxio Burn
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
WebEx Support Manager for Internet Explorer
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 28 March 2012 - 02:36 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 26 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users