Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error 0X80070424 Can't start Firewall


  • This topic is locked This topic is locked
14 replies to this topic

#1 Rotor head

Rotor head

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:08:14 PM

Posted 23 March 2012 - 11:52 AM

I don't know what is causing my issue, but whenever I try to put up my Windows Firewall I receive the message. "Update your firewall settings" a Box appears to [Use Recommended Settings] When I click on it I receive the message "Windows Firewall can't change some of your settings. error 0x80070424"
I have attempted to use the Microsoft "Fix it now" program without any change to my error.
I put the "Attach.txt" in a Zip file, but I can't figure out how to attach it to this message, so I added the text to this request. Thank You for any help I may receive.
Jim Barnard
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Jim at 12:32:59 on 2012-03-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.1627 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dldtcoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo Wi-Finder.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=type=W3i_SP,204,0_0,StartPage,20120312,16897,0,6,0
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Wisdom-soft ScreenHunter 6.0 Free] 0
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Google Update] "C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Exent_SDM] C:\Users\Jim\AppData\Local\Temp\SDM143\Free Ride Games.exe "l 'Startup' u 'http://www.freeridegames.com/do/SDMC?action=config&type=FULLSTARTUP&contentId=586350&sId=w3i_us_video_nolaunch' p '143' c '466550'"
uRun: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
mRun: [Boingo Wi-Finder] "C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: campmasters.org
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 74.128.17.114 74.128.19.102
TCP: Interfaces\{0797E24A-0F89-4D34-8316-43DFA61B945C} : DhcpNameServer = 192.168.1.10 208.67.222.222
TCP: Interfaces\{AA168052-E42B-4D38-AFEA-2BFF139A4667} : DhcpNameServer = 192.168.1.1 74.128.17.114 74.128.19.102
TCP: Interfaces\{AA168052-E42B-4D38-AFEA-2BFF139A4667}\055656445656243514 : DhcpNameServer = 172.17.108.2
TCP: Interfaces\{AA168052-E42B-4D38-AFEA-2BFF139A4667}\2456C6B696E6F5E4F575962756C6563737F5131343831473 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AA168052-E42B-4D38-AFEA-2BFF139A4667}\34F6D666F62747 : DhcpNameServer = 10.1.0.1
TCP: Interfaces\{AA168052-E42B-4D38-AFEA-2BFF139A4667}\34F6D666F6274794E6E675140543 : DhcpNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{AA168052-E42B-4D38-AFEA-2BFF139A4667}\36963736F63726 : DhcpNameServer = 192.168.1.10 208.67.222.222
TCP: Interfaces\{AA168052-E42B-4D38-AFEA-2BFF139A4667}\36F6D666F62747 : DhcpNameServer = 68.87.64.146 68.87.75.194 8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
mRun-x64: [Boingo Wi-Finder] "C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk"
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun-x64: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\cbjo3wlh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\Jim\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_197.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.id - 283ea62b00000000000000231415b849
FF - user.js: extensions.BabylonToolbar_i.hardId - 283ea62b00000000000000231415b849
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15389
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:09:31
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=
FF - user.js: extensions.funmoods_i.id - 283ea62b00000000000000231415b849
FF - user.js: extensions.funmoods_i.instlDay - 15416
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1612:12:22
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ironto
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2012-2-1 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 dldt_device;dldt_device;C:\Windows\system32\dldtcoms.exe -service --> C:\Windows\system32\dldtcoms.exe -service [?]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2011-11-6 60928]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-2 652360]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-4-22 25824]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2011-11-7 66560]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-6 2320920]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-3-2 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-6 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe --> C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-1-9 253600]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-6 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-18 129976]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-2-1 25072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-03-23 13:57:20 -------- d-----w- C:\Users\Jim\AppData\Local\Ilivid Player
2012-03-23 13:56:19 -------- d-----w- C:\Users\Jim\AppData\Local\RockMelt
2012-03-23 13:46:39 -------- d-----w- C:\Users\Jim\AppData\Local\ElevatedDiagnostics
2012-03-23 12:52:29 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-23 12:52:13 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A8196898-6EBB-4F3F-890C-C1DA0ED21F97}\mpengine.dll
2012-03-22 14:41:48 -------- d-----w- C:\ProgramData\MemeoCommon
2012-03-22 14:38:50 -------- d-----w- C:\Users\Jim\AppData\Roaming\Memeo
2012-03-22 14:38:37 -------- d-----w- C:\Users\Jim\AppData\Roaming\Seagate
2012-03-22 14:35:39 -------- d-----w- C:\Program Files (x86)\Common Files\Memeo
2012-03-22 14:35:34 -------- d-----w- C:\Program Files (x86)\Memeo
2012-03-22 14:34:46 -------- d-----w- C:\Program Files (x86)\Seagate
2012-03-21 21:25:41 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2012-03-21 21:21:58 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9AF0B223-BE1F-4D1A-83E4-B19B50C7A720}\gapaengine.dll
2012-03-21 21:14:01 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-03-21 21:13:58 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-03-21 17:53:24 -------- d-----w- C:\Windows\AutoKMS
2012-03-21 17:52:01 -------- d-----w- C:\Cracks
2012-03-21 16:59:20 -------- d-----w- C:\Program Files (x86)\Club Penguin
2012-03-21 16:58:18 -------- d-----w- C:\ProgramData\Symantec
2012-03-21 16:40:35 18944 ----a-r- C:\Users\Jim\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-03-20 13:54:09 -------- d-----w- C:\Program Files (x86)\BitTorrent
2012-03-18 10:58:00 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-03-18 10:57:58 145960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-03-18 10:57:58 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-03-17 20:32:32 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-03-17 20:31:58 -------- d-----w- C:\Windows\PCHEALTH
2012-03-17 20:31:58 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-17 20:30:10 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-03-17 20:29:25 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-03-17 16:12:17 -------- d-----w- C:\Program Files (x86)\Uncompressor
2012-03-17 14:00:23 -------- d-----w- C:\ProgramData\Tarma Installer
2012-03-14 13:37:16 -------- d-----w- C:\Users\Jim\AppData\Local\IsolatedStorage
2012-03-14 13:31:12 -------- d-----w- C:\Program Files (x86)\TurboTax
2012-03-14 13:25:36 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 13:25:36 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 13:25:35 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 19:45:10 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 19:45:08 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 19:45:08 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 19:44:29 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 19:44:29 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 19:44:29 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 19:44:27 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 19:44:27 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 19:44:26 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 19:44:26 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-12 02:51:23 -------- d-----w- C:\Users\Jim\AppData\Local\309A6C0D-A4DF-4CA8-9774-A3F326691C03.aplzod
2012-03-09 19:26:15 -------- d-----w- C:\Program Files\iPod
2012-03-09 19:26:14 -------- d-----w- C:\Program Files\iTunes
2012-03-09 19:26:14 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-07 01:01:35 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-03-07 01:01:35 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-03-07 01:01:35 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-03-07 01:00:33 -------- d-----w- C:\Program Files\Bonjour
2012-03-07 01:00:33 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-03-03 13:09:13 -------- d-----w- C:\Users\Jim\AppData\Local\Sunbelt Software
2012-03-02 23:14:06 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-03-02 20:40:09 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-03-02 20:34:50 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-03-02 20:34:39 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-02-29 03:17:31 -------- d-----w- C:\ProgramData\Brother
2012-02-23 18:05:53 -------- d-----w- C:\Users\Jim\AppData\Roaming\uTorrent
.
==================== Find3M ====================
.
2012-02-20 01:13:07 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-02-20 01:13:07 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2012-02-19 04:08:51 530488 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-05 18:02:20 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-05 18:02:20 417440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-28 17:10:56 48128 ----a-w- C:\Windows\SysWow64\ff_acm.acm
2012-01-25 19:21:20 913920 ----a-w- C:\Windows\SysWow64\lameACM.acm
2012-01-24 19:18:04 4794880 ----a-w- C:\Windows\SysWow64\x264vfw.dll
2012-01-10 12:41:21 8756384 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-01-06 14:59:52 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 12:33:18.88 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/5/2011 9:12:00 PM
System Uptime: 3/23/2012 8:53:53 AM (4 hours ago)
.
Motherboard: Dell Inc. | | 0NJWJR
Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz | U2E1 | 1450/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 132.206 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 828.055 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: KODAK 5000 Series AiO
Device ID: ROOT\IMAGE\0000
Manufacturer: Eastman Kodak
Name: KODAK 5000 Series AiO
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan
.
==== System Restore Points ===================
.
RP146: 3/17/2012 3:46:43 PM - Removed Microsoft Office Professional Plus 2010
RP147: 3/17/2012 4:28:32 PM - Installed Microsoft Office Professional Plus 2010
RP148: 3/18/2012 2:22:06 AM - Windows Update
RP149: 3/18/2012 7:28:57 AM - Windows Update
RP150: 3/19/2012 9:12:34 AM - Windows Update
RP151: 3/21/2012 12:40:07 PM - Installed WeatherBug
RP152: 3/21/2012 1:02:18 PM - Removed InstallIQ Updater
RP153: 3/21/2012 1:20:56 PM - Removed WeatherBug
RP154: 3/21/2012 1:21:30 PM - Removed NetAssistant
RP155: 3/21/2012 11:03:23 PM - Removed Infuzer
RP156: 3/22/2012 10:34:59 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP157: 3/23/2012 8:51:58 AM - Windows Update
.
==== Installed Programs ======================
.
Accelerometer
Ad-Aware
Adobe AIR
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
aioscnnr
Amazon Kindle
Apple Application Support
Apple Software Update
BitTorrent
Boingo Wi-Finder
C4USelfUpdater
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
center
CloneBuddy
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Webcam Central
DeLorme Street Atlas USA 2009
DVD-Ranger
DVD-Ranger Inspector
DVDneXtCOPYneXtTech
essentials
FileHippo.com Update Checker
Google Chrome
Google Earth Plug-in
Google Update Helper
IDT Audio
Intel® Management Engine Components
Internet TV for Windows Media Center
iSEEK AnswerWorks English Runtime
Itibiti RTC
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 30
KODAK AiO Software
LightScribe Applications
LightScribe Diagnostic Utility
LightScribe Public Windows SDK
LightScribe System Software
LightScribe Template Labeler
Malwarebytes Anti-Malware version 1.60.1.1000
Memeo Instant Backup
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Personal Folders Backup
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netflix in Windows Media Center
ocr
ODD Eject
OpenOffice.org 3.3
PowerDVD DX
PreReq
Quicken 2012
QuickTime
RICOH Media Driver ver.2.07.01.04
RICOH R5U8xx Media Driver ver.3.62.02
Roxio Burn
Roxio Update Manager
Safari
Seagate Dashboard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype™ 5.8
Sudoklue Pro
swMSM
TeamViewer 7
The Core Media Player 4.0
TouchpadPal 1.1
TurboTax 2010
TurboTax 2010 winiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 winiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Win7codecs
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
3/23/2012 8:55:32 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/23/2012 8:55:06 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
3/23/2012 8:54:49 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/23/2012 8:54:26 AM, Error: Service Control Manager [7000] - The StarWind AE Service service failed to start due to the following error: The system cannot find the file specified.
3/23/2012 8:54:25 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
3/23/2012 8:54:17 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
3/23/2012 8:54:16 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
3/23/2012 8:52:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
3/21/2012 9:51:47 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
3/21/2012 9:39:59 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/21/2012 5:21:59 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.
3/21/2012 5:21:52 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/21/2012 5:02:11 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/21/2012 11:49:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/21/2012 11:47:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/21/2012 11:22:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/21/2012 11:15:00 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 11:13:26 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 11:13:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/21/2012 11:13:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/21/2012 11:13:17 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
3/21/2012 11:13:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/21/2012 11:13:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/21/2012 11:13:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr sptd Wanarpv6
3/21/2012 11:12:59 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 11:12:35 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
3/21/2012 10:36:59 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/20/2012 6:25:55 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
3/20/2012 6:23:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/20/2012 5:22:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/19/2012 11:01:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
3/19/2012 10:51:20 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/18/2012 9:15:18 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/18/2012 2:22:41 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
3/17/2012 8:08:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/17/2012 3:55:18 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/17/2012 11:42:56 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/16/2012 9:54:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/16/2012 10:04:57 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:14 PM

Posted 23 March 2012 - 11:50 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Rotor head

Rotor head
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:08:14 PM

Posted 24 March 2012 - 09:13 AM

You are my hero! My firewall is now in place and that was my issue, I can't think of anything else to check. Here is my log. Now I will figure out how to donate because I appreciate what you have done so very much.

ComboFix 12-03-22.01 - Jim 03/24/2012 9:32.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2496 [GMT -4:00]
Running from: c:\users\Jim\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Shop to Win
c:\program files (x86)\Shop to Win\Test.htm
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setup.dll
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.dat
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.exe
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.ico
c:\recovered files\recovered from f\Unknown folder\desktop_1.ini
c:\recovered files\recovered from f\Unknown folder\desktop_2.ini
c:\users\Jim\Documents\~WRL0003.tmp
c:\users\Jim\Documents\~WRL0004.tmp
c:\users\Jim\Documents\~WRL0005.tmp
c:\users\Jim\Documents\~WRL0006.tmp
c:\users\Jim\GoToAssistDownloadHelper.exe
c:\windows\assembly\tmp\U
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2012-03-24 13:00 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28009269-8E68-4A95-8D8D-9DA5511DC741}\mpengine.dll
2012-03-23 13:57 . 2012-03-23 13:57 -------- d-----w- c:\users\Jim\AppData\Local\Ilivid Player
2012-03-23 13:56 . 2012-03-23 15:01 -------- d-----w- c:\users\Jim\AppData\Local\RockMelt
2012-03-23 13:46 . 2012-03-23 14:01 -------- d-----w- c:\users\Jim\AppData\Local\ElevatedDiagnostics
2012-03-23 12:52 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-22 14:41 . 2012-03-22 14:41 -------- d-----w- c:\programdata\MemeoCommon
2012-03-22 14:38 . 2012-03-22 14:38 -------- d-----w- c:\users\Jim\AppData\Roaming\Memeo
2012-03-22 14:38 . 2012-03-22 14:38 -------- d-----w- c:\users\Jim\AppData\Roaming\Seagate
2012-03-22 14:35 . 2012-03-22 14:35 -------- d-----w- c:\program files (x86)\Common Files\Memeo
2012-03-22 14:35 . 2012-03-22 14:35 -------- d-----w- c:\program files (x86)\Memeo
2012-03-22 14:34 . 2012-03-22 14:35 -------- d-----w- c:\program files (x86)\Seagate
2012-03-22 14:31 . 2012-03-22 14:31 -------- d-----w- c:\users\Jim\AppData\Roaming\Leadertech
2012-03-21 21:25 . 2012-03-22 02:38 -------- d-----w- c:\program files (x86)\Optimizer Pro
2012-03-21 21:21 . 2012-02-09 17:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9AF0B223-BE1F-4D1A-83E4-B19B50C7A720}\gapaengine.dll
2012-03-21 21:14 . 2012-03-21 21:14 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-21 21:13 . 2012-03-21 21:14 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-21 17:53 . 2012-03-21 20:59 -------- d-----w- c:\windows\AutoKMS
2012-03-21 17:52 . 2012-03-21 17:52 -------- d-----w- C:\Cracks
2012-03-21 16:59 . 2012-03-21 16:59 -------- d-----w- c:\program files (x86)\Club Penguin
2012-03-21 16:58 . 2012-03-21 16:58 -------- d-----w- c:\programdata\Symantec
2012-03-21 16:40 . 2012-03-21 16:40 18944 ----a-r- c:\users\Jim\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-03-20 13:54 . 2012-03-23 14:52 -------- d-----w- c:\program files (x86)\BitTorrent
2012-03-18 10:58 . 2012-03-24 13:19 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-03-18 10:57 . 2012-03-23 12:56 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-03-18 10:57 . 2012-03-23 12:56 145960 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-03-17 20:32 . 2012-03-17 20:32 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-03-17 20:31 . 2012-03-17 20:31 -------- d-----w- c:\windows\PCHEALTH
2012-03-17 20:31 . 2012-03-17 20:31 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-03-17 20:31 . 2012-03-17 20:31 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-03-17 20:30 . 2012-03-17 20:30 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-03-17 20:29 . 2012-03-17 20:29 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-03-17 20:28 . 2012-03-17 20:28 -------- d-----r- C:\MSOCache
2012-03-17 16:12 . 2012-03-17 16:12 -------- d-----w- c:\program files (x86)\Uncompressor
2012-03-14 13:37 . 2012-03-14 13:37 -------- d-----w- c:\users\Jim\AppData\Local\IsolatedStorage
2012-03-14 13:31 . 2012-03-16 15:34 -------- d-----w- c:\program files (x86)\TurboTax
2012-03-14 13:25 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 13:25 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 13:25 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 19:45 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 19:45 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 19:45 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 19:44 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 19:44 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 19:44 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 19:44 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 19:44 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 19:44 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 19:44 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-12 02:51 . 2012-03-23 12:34 -------- d-----w- c:\users\Jim\AppData\Local\309A6C0D-A4DF-4CA8-9774-A3F326691C03.aplzod
2012-03-09 19:26 . 2012-03-09 19:26 -------- d-----w- c:\program files\iPod
2012-03-09 19:26 . 2012-03-09 19:26 -------- d-----w- c:\program files\iTunes
2012-03-09 19:26 . 2012-03-09 19:26 -------- d-----w- c:\program files (x86)\iTunes
2012-03-09 19:20 . 2012-03-23 15:34 -------- d-----w- c:\program files (x86)\Safari
2012-03-07 01:01 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-07 01:01 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-03-07 01:01 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-03-07 01:00 . 2012-03-07 01:00 -------- d-----w- c:\program files\Bonjour
2012-03-07 01:00 . 2012-03-07 01:00 -------- d-----w- c:\program files (x86)\Bonjour
2012-03-03 13:09 . 2012-03-03 13:09 -------- d-----w- c:\users\Jim\AppData\Local\Sunbelt Software
2012-03-02 23:14 . 2012-03-02 20:40 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-02 21:16 . 2012-03-02 21:16 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-03-02 20:40 . 2012-03-02 20:40 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-02 20:34 . 2011-11-03 17:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-02 20:34 . 2012-03-02 20:34 -------- d-----w- c:\programdata\Lavasoft
2012-03-02 20:34 . 2012-03-02 20:34 -------- d-----w- c:\program files (x86)\Lavasoft
2012-02-29 03:17 . 2012-02-29 03:17 -------- d-----w- c:\programdata\Brother
2012-02-23 18:05 . 2012-02-23 18:05 -------- d-----w- c:\users\Jim\AppData\Roaming\uTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 11:06 . 2012-03-01 11:06 10 ----a-w- c:\windows\Fonts\wfonts.key
2012-02-29 02:49 . 2011-11-22 19:58 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-02-29 02:47 . 2011-11-22 19:58 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-29 02:03 . 2011-12-05 20:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-02-26 15:13 . 2011-12-05 20:47 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-02-26 15:13 . 2011-12-05 20:46 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-02-26 15:12 . 2011-11-22 19:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-26 15:12 . 2011-11-22 19:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-20 01:13 . 2012-01-06 18:34 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-20 01:13 . 2012-01-06 18:34 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-19 04:08 . 2012-02-19 04:08 530488 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-02-17 03:52 . 2011-12-05 20:45 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-05 18:02 . 2012-01-10 03:59 417440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-02-05 18:02 . 2011-11-06 19:52 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2011-11-06 17:37 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-28 17:10 . 2012-01-28 17:10 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm
2012-01-25 19:21 . 2012-01-25 19:21 913920 ----a-w- c:\windows\SysWow64\lameACM.acm
2012-01-24 19:18 . 2012-01-24 19:18 4794880 ----a-w- c:\windows\SysWow64\x264vfw.dll
2012-01-10 12:41 . 2012-01-10 12:41 8756384 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-01-06 14:59 . 2012-01-06 15:00 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-04 10:44 . 2012-02-15 23:43 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 23:43 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 23:43 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 23:43 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 23:43 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft ScreenHunter 6.0 Free"="0" [X]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Boingo Wi-Finder"="c:\program files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk" [2012-02-07 2429]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-05 253600]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-03-02 17152]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-03-23 129976]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-02-01 25072]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [x]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2010-11-22 66560]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 20:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-10 18:02]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 19:51]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 19:51]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4103786111-4144450326-3867851604-1000Core.job
- c:\users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-16 13:25]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4103786111-4144450326-3867851604-1000UA.job
- c:\users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-16 13:25]
.
2012-03-17 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-03-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-06-09 3216544]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=type=W3i_SP,204,0_0,StartPage,20120312,16897,0,6,0
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: campmasters.org
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1 74.128.17.114 74.128.19.102
FF - ProfilePath - c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\cbjo3wlh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.id - 283ea62b00000000000000231415b849
FF - user.js: extensions.BabylonToolbar_i.hardId - 283ea62b00000000000000231415b849
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15389
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:09
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=
FF - user.js: extensions.funmoods_i.id - 283ea62b00000000000000231415b849
FF - user.js: extensions.funmoods_i.instlDay - 15416
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1612:12
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ironto
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-10 - (no file)
Toolbar-{06C7AD57-B655-418D-9AB8-9526A6D2E052} - (no file)
Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\MF.exe
Wow6432Node-HKCU-Run-Itibiti.exe - c:\program files (x86)\Itibiti Soft Phone\Itibiti.exe
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Toolbar-10 - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_197_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_197_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_197.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_197.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_197.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_197.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\Boingo\Boingo Wi-Finder\Boingo Wi-Finder.exe
c:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files (x86)\Memeo\AutoBackup\InstantBackup.exe
c:\program files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-03-24 09:50:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-24 13:50
.
Pre-Run: 142,159,790,080 bytes free
Post-Run: 141,903,863,808 bytes free
.
- - End Of File - - 59CE875C2620255D38AE39F2C03FEAD5

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:14 PM

Posted 24 March 2012 - 10:03 AM

Greetings

I see other things that need to be fixed but at this time I want to make sure there are no rootkits onboard,

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Rotor head

Rotor head
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:08:14 PM

Posted 24 March 2012 - 11:23 AM

Here are the new reports. The aswMBR caused an "unexpected shutdown" on the first attempt. I ran it again and saved the log at various points, but it appears to have completed the scan.
I cannot detect any issues with my computer (It restarted my firewall and initiated a full scan using Windows Security essentials.) If I need to disable those for further steps, please advise me to do so.

11:26:13.0473 6108 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
11:26:13.0801 6108 ============================================================
11:26:13.0801 6108 Current date / time: 2012/03/24 11:26:13.0801
11:26:13.0801 6108 SystemInfo:
11:26:13.0801 6108
11:26:13.0801 6108 OS Version: 6.1.7601 ServicePack: 1.0
11:26:13.0801 6108 Product type: Workstation
11:26:13.0801 6108 ComputerName: JIM-PC
11:26:13.0801 6108 UserName: Jim
11:26:13.0801 6108 Windows directory: C:\Windows
11:26:13.0801 6108 System windows directory: C:\Windows
11:26:13.0801 6108 Running under WOW64
11:26:13.0801 6108 Processor architecture: Intel x64
11:26:13.0816 6108 Number of processors: 4
11:26:13.0816 6108 Page size: 0x1000
11:26:13.0816 6108 Boot type: Normal boot
11:26:13.0816 6108 ============================================================
11:26:15.0704 6108 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:26:15.0719 6108 Drive \Device\Harddisk1\DR1 - Size: 0x753EEE00 (1.83 Gb), SectorSize: 0x200, Cylinders: 0xEF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:26:15.0719 6108 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB5E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9264F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x1, Type 'W'
11:26:20.0368 6108 \Device\Harddisk0\DR0:
11:26:20.0446 6108 MBR used
11:26:20.0446 6108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
11:26:20.0446 6108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x236CE8EB
11:26:20.0446 6108 \Device\Harddisk1\DR1:
11:26:20.0446 6108 MBR used
11:26:20.0446 6108 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x89, BlocksNum 0x3A9F77
11:26:20.0446 6108 \Device\Harddisk2\DR2:
11:26:20.0446 6108 MBR used
11:26:20.0446 6108 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
11:26:20.0509 6108 Initialize success
11:26:20.0509 6108 ============================================================
11:26:25.0111 4140 ============================================================
11:26:25.0111 4140 Scan started
11:26:25.0111 4140 Mode: Manual;
11:26:25.0111 4140 ============================================================
11:26:28.0059 4140 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:26:28.0059 4140 1394ohci - ok
11:26:28.0121 4140 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
11:26:28.0121 4140 Acceler - ok
11:26:28.0184 4140 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:26:28.0199 4140 ACPI - ok
11:26:28.0231 4140 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:26:28.0231 4140 AcpiPmi - ok
11:26:28.0605 4140 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:26:28.0605 4140 AdobeARMservice - ok
11:26:28.0699 4140 AdobeFlashPlayerUpdateSvc (c53f35aad8fcfba79754d393ecedad38) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:26:28.0699 4140 AdobeFlashPlayerUpdateSvc - ok
11:26:28.0745 4140 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:26:28.0761 4140 adp94xx - ok
11:26:28.0808 4140 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:26:28.0823 4140 adpahci - ok
11:26:28.0886 4140 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:26:28.0886 4140 adpu320 - ok
11:26:28.0948 4140 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:26:28.0948 4140 AeLookupSvc - ok
11:26:29.0073 4140 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
11:26:29.0073 4140 AESTFilters - ok
11:26:29.0135 4140 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:26:29.0151 4140 AFD - ok
11:26:29.0229 4140 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:26:29.0229 4140 agp440 - ok
11:26:29.0260 4140 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:26:29.0260 4140 ALG - ok
11:26:29.0276 4140 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:26:29.0276 4140 aliide - ok
11:26:29.0323 4140 AMD External Events Utility (388e79af1c9e4d84a8559fa77f804cf6) C:\Windows\system32\atiesrxx.exe
11:26:29.0323 4140 AMD External Events Utility - ok
11:26:29.0338 4140 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:26:29.0338 4140 amdide - ok
11:26:29.0369 4140 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:26:29.0369 4140 AmdK8 - ok
11:26:29.0619 4140 amdkmdag (79a11cb10ff02a8425dabbb040249f7d) C:\Windows\system32\DRIVERS\atikmdag.sys
11:26:29.0775 4140 amdkmdag - ok
11:26:29.0837 4140 amdkmdap (6f6d47246fbb0cf65619684a0f89179e) C:\Windows\system32\DRIVERS\atikmpag.sys
11:26:29.0837 4140 amdkmdap - ok
11:26:29.0900 4140 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:26:29.0900 4140 AmdPPM - ok
11:26:29.0947 4140 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:26:29.0947 4140 amdsata - ok
11:26:29.0962 4140 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:26:29.0978 4140 amdsbs - ok
11:26:30.0009 4140 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:26:30.0009 4140 amdxata - ok
11:26:30.0071 4140 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:26:30.0071 4140 AppID - ok
11:26:30.0118 4140 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:26:30.0118 4140 AppIDSvc - ok
11:26:30.0181 4140 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:26:30.0181 4140 Appinfo - ok
11:26:30.0337 4140 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:26:30.0337 4140 Apple Mobile Device - ok
11:26:30.0383 4140 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:26:30.0383 4140 arc - ok
11:26:30.0430 4140 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:26:30.0430 4140 arcsas - ok
11:26:30.0461 4140 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:26:30.0461 4140 AsyncMac - ok
11:26:30.0508 4140 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:26:30.0508 4140 atapi - ok
11:26:30.0867 4140 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
11:26:30.0867 4140 AtiHdmiService - ok
11:26:31.0054 4140 atikmdag (79a11cb10ff02a8425dabbb040249f7d) C:\Windows\system32\DRIVERS\atikmdag.sys
11:26:31.0085 4140 atikmdag - ok
11:26:31.0195 4140 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:26:31.0210 4140 AudioEndpointBuilder - ok
11:26:31.0226 4140 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:26:31.0226 4140 AudioSrv - ok
11:26:31.0304 4140 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:26:31.0304 4140 AxInstSV - ok
11:26:31.0366 4140 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:26:31.0382 4140 b06bdrv - ok
11:26:31.0444 4140 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:26:31.0460 4140 b57nd60a - ok
11:26:31.0507 4140 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:26:31.0507 4140 BDESVC - ok
11:26:31.0553 4140 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:26:31.0553 4140 Beep - ok
11:26:31.0647 4140 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:26:31.0694 4140 BFE - ok
11:26:31.0741 4140 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:26:31.0787 4140 BITS - ok
11:26:31.0850 4140 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:26:31.0850 4140 blbdrive - ok
11:26:31.0943 4140 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:26:31.0943 4140 Bonjour Service - ok
11:26:32.0053 4140 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:26:32.0053 4140 bowser - ok
11:26:32.0084 4140 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:26:32.0084 4140 BrFiltLo - ok
11:26:32.0099 4140 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:26:32.0099 4140 BrFiltUp - ok
11:26:32.0099 4140 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:26:32.0115 4140 BridgeMP - ok
11:26:32.0162 4140 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:26:32.0162 4140 Browser - ok
11:26:32.0209 4140 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:26:32.0209 4140 Brserid - ok
11:26:32.0224 4140 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:26:32.0224 4140 BrSerWdm - ok
11:26:32.0240 4140 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:26:32.0240 4140 BrUsbMdm - ok
11:26:32.0255 4140 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:26:32.0255 4140 BrUsbSer - ok
11:26:32.0255 4140 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:26:32.0271 4140 BTHMODEM - ok
11:26:32.0302 4140 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:26:32.0302 4140 bthserv - ok
11:26:32.0318 4140 catchme - ok
11:26:32.0349 4140 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:26:32.0349 4140 cdfs - ok
11:26:32.0411 4140 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:26:32.0411 4140 cdrom - ok
11:26:32.0474 4140 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:26:32.0474 4140 CertPropSvc - ok
11:26:32.0583 4140 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:26:32.0583 4140 circlass - ok
11:26:32.0614 4140 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:26:32.0614 4140 CLFS - ok
11:26:32.0708 4140 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:26:32.0708 4140 clr_optimization_v2.0.50727_32 - ok
11:26:32.0786 4140 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:26:32.0786 4140 clr_optimization_v2.0.50727_64 - ok
11:26:33.0129 4140 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:26:33.0145 4140 clr_optimization_v4.0.30319_32 - ok
11:26:33.0207 4140 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:26:33.0223 4140 clr_optimization_v4.0.30319_64 - ok
11:26:33.0269 4140 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:26:33.0269 4140 CmBatt - ok
11:26:33.0332 4140 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:26:33.0332 4140 cmdide - ok
11:26:33.0410 4140 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:26:33.0425 4140 CNG - ok
11:26:33.0550 4140 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:26:33.0550 4140 Compbatt - ok
11:26:33.0613 4140 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:26:33.0613 4140 CompositeBus - ok
11:26:33.0628 4140 COMSysApp - ok
11:26:33.0675 4140 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:26:33.0675 4140 crcdisk - ok
11:26:33.0722 4140 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:26:33.0722 4140 CryptSvc - ok
11:26:33.0769 4140 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
11:26:33.0769 4140 CtClsFlt - ok
11:26:33.0815 4140 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
11:26:33.0815 4140 dc3d - ok
11:26:33.0862 4140 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:26:33.0878 4140 DcomLaunch - ok
11:26:33.0925 4140 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:26:33.0925 4140 defragsvc - ok
11:26:33.0971 4140 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:26:33.0971 4140 DfsC - ok
11:26:34.0081 4140 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:26:34.0096 4140 Dhcp - ok
11:26:34.0143 4140 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:26:34.0143 4140 discache - ok
11:26:34.0205 4140 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:26:34.0205 4140 Disk - ok
11:26:34.0252 4140 dldt_device - ok
11:26:34.0315 4140 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:26:34.0315 4140 Dnscache - ok
11:26:34.0361 4140 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:26:34.0361 4140 dot3svc - ok
11:26:34.0424 4140 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:26:34.0424 4140 DPS - ok
11:26:34.0471 4140 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:26:34.0471 4140 drmkaud - ok
11:26:34.0627 4140 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:26:34.0642 4140 DXGKrnl - ok
11:26:34.0720 4140 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:26:34.0720 4140 EapHost - ok
11:26:34.0907 4140 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:26:35.0032 4140 ebdrv - ok
11:26:35.0063 4140 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:26:35.0063 4140 EFS - ok
11:26:35.0297 4140 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:26:35.0313 4140 ehRecvr - ok
11:26:35.0344 4140 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:26:35.0344 4140 ehSched - ok
11:26:35.0407 4140 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:26:35.0422 4140 elxstor - ok
11:26:35.0469 4140 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:26:35.0469 4140 ErrDev - ok
11:26:35.0516 4140 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:26:35.0531 4140 EventSystem - ok
11:26:35.0641 4140 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:26:35.0687 4140 EvtEng - ok
11:26:35.0719 4140 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:26:35.0734 4140 exfat - ok
11:26:35.0750 4140 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:26:35.0750 4140 fastfat - ok
11:26:35.0812 4140 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:26:35.0828 4140 Fax - ok
11:26:35.0843 4140 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:26:35.0843 4140 fdc - ok
11:26:35.0906 4140 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:26:35.0906 4140 fdPHost - ok
11:26:35.0921 4140 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:26:35.0937 4140 FDResPub - ok
11:26:35.0953 4140 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:26:35.0953 4140 FileInfo - ok
11:26:35.0984 4140 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:26:35.0984 4140 Filetrace - ok
11:26:35.0984 4140 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:26:35.0999 4140 flpydisk - ok
11:26:36.0046 4140 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:26:36.0046 4140 FltMgr - ok
11:26:36.0109 4140 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:26:36.0140 4140 FontCache - ok
11:26:36.0280 4140 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:26:36.0280 4140 FontCache3.0.0.0 - ok
11:26:36.0343 4140 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:26:36.0343 4140 FsDepends - ok
11:26:36.0374 4140 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:26:36.0374 4140 Fs_Rec - ok
11:26:36.0436 4140 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:26:36.0436 4140 fvevol - ok
11:26:36.0483 4140 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:26:36.0483 4140 gagp30kx - ok
11:26:36.0608 4140 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:26:36.0608 4140 GEARAspiWDM - ok
11:26:36.0733 4140 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:26:36.0748 4140 gpsvc - ok
11:26:36.0935 4140 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:26:36.0935 4140 gupdate - ok
11:26:36.0967 4140 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:26:36.0967 4140 gupdatem - ok
11:26:37.0029 4140 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:26:37.0045 4140 hcw85cir - ok
11:26:37.0091 4140 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:26:37.0107 4140 HdAudAddService - ok
11:26:37.0185 4140 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:26:37.0185 4140 HDAudBus - ok
11:26:37.0232 4140 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
11:26:37.0247 4140 HECIx64 - ok
11:26:37.0247 4140 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:26:37.0247 4140 HidBatt - ok
11:26:37.0481 4140 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:26:37.0481 4140 HidBth - ok
11:26:37.0528 4140 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:26:37.0528 4140 HidIr - ok
11:26:37.0559 4140 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:26:37.0559 4140 hidserv - ok
11:26:37.0575 4140 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:26:37.0575 4140 HidUsb - ok
11:26:37.0622 4140 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:26:37.0622 4140 hkmsvc - ok
11:26:37.0715 4140 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:26:37.0731 4140 HomeGroupListener - ok
11:26:37.0762 4140 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:26:37.0778 4140 HomeGroupProvider - ok
11:26:37.0793 4140 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:26:37.0793 4140 HpSAMD - ok
11:26:37.0871 4140 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:26:37.0903 4140 HTTP - ok
11:26:37.0949 4140 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:26:37.0949 4140 hwpolicy - ok
11:26:37.0996 4140 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:26:38.0012 4140 i8042prt - ok
11:26:38.0059 4140 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:26:38.0059 4140 iaStorV - ok
11:26:38.0152 4140 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:26:38.0168 4140 IDriverT - ok
11:26:38.0277 4140 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:26:38.0293 4140 idsvc - ok
11:26:38.0355 4140 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:26:38.0355 4140 iirsp - ok
11:26:38.0433 4140 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:26:38.0449 4140 IKEEXT - ok
11:26:38.0527 4140 InstallFilterService (fd5ef1d0210cb9c0773bba7ca360d762) C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
11:26:38.0527 4140 InstallFilterService - ok
11:26:38.0589 4140 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:26:38.0589 4140 intelide - ok
11:26:38.0605 4140 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:26:38.0620 4140 intelppm - ok
11:26:38.0714 4140 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
11:26:38.0714 4140 IntuitUpdateService - ok
11:26:38.0839 4140 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
11:26:38.0839 4140 IntuitUpdateServiceV4 - ok
11:26:38.0885 4140 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:26:38.0885 4140 IPBusEnum - ok
11:26:38.0948 4140 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:26:38.0963 4140 IpFilterDriver - ok
11:26:39.0041 4140 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:26:39.0057 4140 iphlpsvc - ok
11:26:39.0104 4140 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:26:39.0119 4140 IPMIDRV - ok
11:26:39.0182 4140 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:26:39.0182 4140 IPNAT - ok
11:26:39.0275 4140 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
11:26:39.0322 4140 iPod Service - ok
11:26:39.0369 4140 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:26:39.0369 4140 IRENUM - ok
11:26:39.0400 4140 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:26:39.0400 4140 isapnp - ok
11:26:39.0447 4140 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:26:39.0463 4140 iScsiPrt - ok
11:26:39.0806 4140 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
11:26:39.0806 4140 ivusb - ok
11:26:39.0837 4140 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:26:39.0837 4140 kbdclass - ok
11:26:39.0884 4140 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:26:39.0884 4140 kbdhid - ok
11:26:39.0931 4140 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:39.0931 4140 KeyIso - ok
11:26:40.0087 4140 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
11:26:40.0087 4140 Kodak AiO Network Discovery Service - ok
11:26:40.0305 4140 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:26:40.0305 4140 KSecDD - ok
11:26:40.0352 4140 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:26:40.0367 4140 KSecPkg - ok
11:26:40.0399 4140 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:26:40.0399 4140 ksthunk - ok
11:26:40.0445 4140 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:26:40.0461 4140 KtmRm - ok
11:26:40.0523 4140 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:26:40.0539 4140 LanmanServer - ok
11:26:40.0601 4140 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:26:40.0601 4140 LanmanWorkstation - ok
11:26:40.0867 4140 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
11:26:40.0913 4140 Lavasoft Ad-Aware Service - ok
11:26:41.0038 4140 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
11:26:41.0038 4140 Lavasoft Kernexplorer - ok
11:26:41.0194 4140 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
11:26:41.0194 4140 Lbd - ok
11:26:41.0288 4140 LightScribeService (71c6a95a5f0ccc87298c4dd0f2c3635a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:26:41.0288 4140 LightScribeService - ok
11:26:41.0350 4140 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:26:41.0350 4140 lltdio - ok
11:26:41.0444 4140 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:26:41.0444 4140 lltdsvc - ok
11:26:41.0475 4140 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:26:41.0475 4140 lmhosts - ok
11:26:41.0756 4140 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:26:41.0771 4140 LMS - ok
11:26:42.0099 4140 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:26:42.0115 4140 LSI_FC - ok
11:26:42.0161 4140 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:26:42.0161 4140 LSI_SAS - ok
11:26:42.0208 4140 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:26:42.0208 4140 LSI_SAS2 - ok
11:26:42.0255 4140 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:26:42.0255 4140 LSI_SCSI - ok
11:26:42.0302 4140 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:26:42.0302 4140 luafv - ok
11:26:42.0364 4140 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
11:26:42.0364 4140 MBAMProtector - ok
11:26:42.0427 4140 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:26:42.0442 4140 MBAMService - ok
11:26:42.0505 4140 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:26:42.0505 4140 Mcx2Svc - ok
11:26:42.0567 4140 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:26:42.0567 4140 megasas - ok
11:26:42.0598 4140 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:26:42.0598 4140 MegaSR - ok
11:26:42.0707 4140 MemeoBackgroundService (9547f37d0e899fd71b52b2afd4437c79) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
11:26:42.0707 4140 MemeoBackgroundService - ok
11:26:42.0832 4140 Microsoft SharePoint Workspace Audit Service - ok
11:26:42.0910 4140 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:26:42.0910 4140 MMCSS - ok
11:26:42.0941 4140 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:26:42.0941 4140 Modem - ok
11:26:42.0988 4140 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:26:42.0988 4140 monitor - ok
11:26:43.0051 4140 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:26:43.0051 4140 mouclass - ok
11:26:43.0082 4140 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:26:43.0082 4140 mouhid - ok
11:26:43.0144 4140 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:26:43.0144 4140 mountmgr - ok
11:26:43.0222 4140 MozillaMaintenance (65f455520aeaaccfb1bdf47f8ab308ee) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:26:43.0222 4140 MozillaMaintenance - ok
11:26:43.0285 4140 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
11:26:43.0285 4140 MpFilter - ok
11:26:43.0363 4140 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:26:43.0363 4140 mpio - ok
11:26:43.0394 4140 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
11:26:43.0394 4140 MpNWMon - ok
11:26:43.0441 4140 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:26:43.0441 4140 mpsdrv - ok
11:26:43.0550 4140 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:26:43.0581 4140 MpsSvc - ok
11:26:43.0643 4140 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:26:43.0643 4140 MRxDAV - ok
11:26:43.0690 4140 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:26:43.0690 4140 mrxsmb - ok
11:26:43.0768 4140 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:26:43.0768 4140 mrxsmb10 - ok
11:26:43.0815 4140 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:26:43.0815 4140 mrxsmb20 - ok
11:26:43.0877 4140 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:26:43.0877 4140 msahci - ok
11:26:44.0205 4140 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:26:44.0205 4140 msdsm - ok
11:26:44.0236 4140 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:26:44.0236 4140 MSDTC - ok
11:26:44.0299 4140 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:26:44.0299 4140 Msfs - ok
11:26:44.0314 4140 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:26:44.0330 4140 mshidkmdf - ok
11:26:44.0361 4140 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:26:44.0361 4140 msisadrv - ok
11:26:44.0423 4140 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:26:44.0423 4140 MSiSCSI - ok
11:26:44.0423 4140 msiserver - ok
11:26:44.0486 4140 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:26:44.0486 4140 MSKSSRV - ok
11:26:44.0689 4140 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
11:26:44.0689 4140 MsMpSvc - ok
11:26:44.0720 4140 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:26:44.0720 4140 MSPCLOCK - ok
11:26:44.0735 4140 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:26:44.0735 4140 MSPQM - ok
11:26:44.0782 4140 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:26:44.0782 4140 MsRPC - ok
11:26:44.0860 4140 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:26:44.0860 4140 mssmbios - ok
11:26:44.0876 4140 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:26:44.0876 4140 MSTEE - ok
11:26:44.0891 4140 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:26:44.0891 4140 MTConfig - ok
11:26:44.0954 4140 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:26:44.0954 4140 Mup - ok
11:26:45.0079 4140 MyWiFiDHCPDNS (d285d0539016be299a55ff997b44da33) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
11:26:45.0079 4140 MyWiFiDHCPDNS - ok
11:26:45.0141 4140 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:26:45.0157 4140 napagent - ok
11:26:45.0266 4140 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:26:45.0266 4140 NativeWifiP - ok
11:26:45.0375 4140 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:26:45.0422 4140 NDIS - ok
11:26:45.0453 4140 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:26:45.0453 4140 NdisCap - ok
11:26:45.0484 4140 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:26:45.0484 4140 NdisTapi - ok
11:26:45.0531 4140 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:26:45.0547 4140 Ndisuio - ok
11:26:45.0578 4140 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:26:45.0578 4140 NdisWan - ok
11:26:45.0656 4140 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:26:45.0656 4140 NDProxy - ok
11:26:45.0703 4140 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:26:45.0703 4140 NetBIOS - ok
11:26:45.0765 4140 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:26:45.0765 4140 NetBT - ok
11:26:45.0796 4140 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:45.0796 4140 Netlogon - ok
11:26:45.0859 4140 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:26:45.0921 4140 Netman - ok
11:26:45.0968 4140 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:26:45.0968 4140 netprofm - ok
11:26:46.0093 4140 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:26:46.0093 4140 NetTcpPortSharing - ok
11:26:46.0529 4140 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
11:26:46.0717 4140 NETw5s64 - ok
11:26:46.0763 4140 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:26:46.0763 4140 nfrd960 - ok
11:26:46.0810 4140 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:26:46.0810 4140 NisDrv - ok
11:26:47.0231 4140 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
11:26:47.0231 4140 NisSrv - ok
11:26:47.0356 4140 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:26:47.0356 4140 NlaSvc - ok
11:26:47.0434 4140 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\SysWOW64\nlssrv32.exe
11:26:47.0434 4140 nlsX86cc - ok
11:26:47.0497 4140 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:26:47.0497 4140 Npfs - ok
11:26:47.0559 4140 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:26:47.0559 4140 nsi - ok
11:26:47.0575 4140 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:26:47.0575 4140 nsiproxy - ok
11:26:47.0653 4140 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:26:47.0731 4140 Ntfs - ok
11:26:47.0809 4140 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
11:26:47.0809 4140 NuidFltr - ok
11:26:47.0824 4140 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:26:47.0840 4140 Null - ok
11:26:47.0887 4140 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:26:47.0887 4140 nvraid - ok
11:26:47.0918 4140 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:26:47.0933 4140 nvstor - ok
11:26:47.0949 4140 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:26:47.0949 4140 nv_agp - ok
11:26:48.0027 4140 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:26:48.0027 4140 ohci1394 - ok
11:26:48.0089 4140 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:26:48.0089 4140 ose - ok
11:26:48.0370 4140 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:26:48.0479 4140 osppsvc - ok
11:26:48.0947 4140 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:26:48.0963 4140 p2pimsvc - ok
11:26:49.0041 4140 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:26:49.0057 4140 p2psvc - ok
11:26:49.0150 4140 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:26:49.0150 4140 Parport - ok
11:26:49.0197 4140 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:26:49.0197 4140 partmgr - ok
11:26:49.0244 4140 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:26:49.0244 4140 PcaSvc - ok
11:26:49.0337 4140 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
11:26:49.0415 4140 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
11:26:49.0447 4140 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:26:49.0447 4140 pci - ok
11:26:49.0462 4140 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:26:49.0462 4140 pciide - ok
11:26:49.0493 4140 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:26:49.0493 4140 pcmcia - ok
11:26:49.0525 4140 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:26:49.0526 4140 pcw - ok
11:26:49.0572 4140 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:26:49.0588 4140 PEAUTH - ok
11:26:49.0650 4140 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:26:49.0650 4140 PerfHost - ok
11:26:49.0760 4140 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:26:49.0791 4140 pla - ok
11:26:49.0838 4140 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:26:49.0853 4140 PlugPlay - ok
11:26:49.0884 4140 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:26:49.0884 4140 PNRPAutoReg - ok
11:26:49.0962 4140 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:26:49.0962 4140 PNRPsvc - ok
11:26:50.0056 4140 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
11:26:50.0056 4140 Point64 - ok
11:26:50.0103 4140 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:26:50.0118 4140 PolicyAgent - ok
11:26:50.0165 4140 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:26:50.0181 4140 Power - ok
11:26:50.0228 4140 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:26:50.0243 4140 PptpMiniport - ok
11:26:50.0306 4140 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:26:50.0306 4140 Processor - ok
11:26:50.0337 4140 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:26:50.0352 4140 ProfSvc - ok
11:26:50.0384 4140 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:50.0384 4140 ProtectedStorage - ok
11:26:50.0446 4140 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:26:50.0446 4140 Psched - ok
11:26:50.0508 4140 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
11:26:50.0508 4140 PxHlpa64 - ok
11:26:50.0603 4140 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:26:50.0634 4140 ql2300 - ok
11:26:50.0697 4140 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:26:50.0868 4140 ql40xx - ok
11:26:50.0977 4140 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:26:50.0977 4140 QWAVE - ok
11:26:51.0009 4140 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:26:51.0009 4140 QWAVEdrv - ok
11:26:51.0071 4140 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:26:51.0071 4140 RasAcd - ok
11:26:51.0133 4140 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:26:51.0133 4140 RasAgileVpn - ok
11:26:51.0149 4140 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:26:51.0165 4140 RasAuto - ok
11:26:51.0211 4140 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:26:51.0211 4140 Rasl2tp - ok
11:26:51.0274 4140 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:26:51.0274 4140 RasMan - ok
11:26:51.0336 4140 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:26:51.0336 4140 RasPppoe - ok
11:26:51.0352 4140 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:26:51.0352 4140 RasSstp - ok
11:26:51.0399 4140 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:26:51.0414 4140 rdbss - ok
11:26:51.0445 4140 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:26:51.0445 4140 rdpbus - ok
11:26:51.0461 4140 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:26:51.0461 4140 RDPCDD - ok
11:26:51.0492 4140 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:26:51.0492 4140 RDPENCDD - ok
11:26:51.0508 4140 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:26:51.0508 4140 RDPREFMP - ok
11:26:51.0556 4140 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:26:51.0556 4140 RDPWD - ok
11:26:51.0602 4140 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:26:51.0602 4140 rdyboost - ok
11:26:51.0727 4140 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:26:51.0758 4140 RegSrvc - ok
11:26:51.0868 4140 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:26:51.0868 4140 RemoteAccess - ok
11:26:51.0899 4140 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:26:51.0914 4140 RemoteRegistry - ok
11:26:51.0961 4140 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
11:26:51.0961 4140 rimspci - ok
11:26:51.0992 4140 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys
11:26:51.0992 4140 risdpcie - ok
11:26:52.0070 4140 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
11:26:52.0070 4140 rixdpcie - ok
11:26:52.0102 4140 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:26:52.0102 4140 RpcEptMapper - ok
11:26:52.0164 4140 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:26:52.0164 4140 RpcLocator - ok
11:26:52.0211 4140 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:26:52.0211 4140 RpcSs - ok
11:26:52.0258 4140 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:26:52.0273 4140 rspndr - ok
11:26:52.0351 4140 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:26:52.0367 4140 RTL8167 - ok
11:26:52.0414 4140 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:52.0414 4140 SamSs - ok
11:26:52.0538 4140 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:26:52.0554 4140 sbp2port - ok
11:26:52.0601 4140 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:26:52.0601 4140 SCardSvr - ok
11:26:52.0663 4140 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:26:52.0663 4140 scfilter - ok
11:26:52.0726 4140 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:26:52.0772 4140 Schedule - ok
11:26:52.0835 4140 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:26:52.0835 4140 SCPolicySvc - ok
11:26:52.0928 4140 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
11:26:53.0116 4140 sdbus - ok
11:26:53.0162 4140 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:26:53.0162 4140 SDRSVC - ok
11:26:53.0287 4140 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
11:26:53.0287 4140 SeagateDashboardService - ok
11:26:53.0350 4140 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:26:53.0365 4140 secdrv - ok
11:26:53.0412 4140 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:26:53.0412 4140 seclogon - ok
11:26:53.0474 4140 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:26:53.0474 4140 SENS - ok
11:26:53.0521 4140 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:26:53.0521 4140 SensrSvc - ok
11:26:53.0568 4140 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:26:53.0568 4140 Serenum - ok
11:26:53.0630 4140 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:26:53.0630 4140 Serial - ok
11:26:53.0693 4140 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:26:53.0693 4140 sermouse - ok
11:26:53.0755 4140 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:26:53.0755 4140 SessionEnv - ok
11:26:53.0802 4140 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:26:53.0818 4140 sffdisk - ok
11:26:53.0833 4140 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:26:53.0833 4140 sffp_mmc - ok
11:26:53.0880 4140 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:26:53.0880 4140 sffp_sd - ok
11:26:53.0880 4140 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:26:53.0880 4140 sfloppy - ok
11:26:53.0942 4140 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:26:53.0958 4140 SharedAccess - ok
11:26:54.0020 4140 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:26:54.0020 4140 ShellHWDetection - ok
11:26:54.0052 4140 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:26:54.0052 4140 SiSRaid2 - ok
11:26:54.0067 4140 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:26:54.0067 4140 SiSRaid4 - ok
11:26:54.0239 4140 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:26:54.0239 4140 SkypeUpdate - ok
11:26:54.0301 4140 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:26:54.0317 4140 Smb - ok
11:26:54.0395 4140 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:26:54.0395 4140 SNMPTRAP - ok
11:26:54.0442 4140 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:26:54.0442 4140 spldr - ok
11:26:54.0551 4140 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:26:54.0566 4140 Spooler - ok
11:26:54.0738 4140 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:26:54.0847 4140 sppsvc - ok
11:26:54.0878 4140 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:26:54.0878 4140 sppuinotify - ok
11:26:54.0941 4140 sptd - ok
11:26:55.0003 4140 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:26:55.0019 4140 srv - ok
11:26:55.0050 4140 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:26:55.0066 4140 srv2 - ok
11:26:55.0097 4140 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:26:55.0097 4140 srvnet - ok
11:26:55.0300 4140 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:26:55.0315 4140 SSDPSRV - ok
11:26:55.0331 4140 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:26:55.0331 4140 SstpSvc - ok
11:26:55.0487 4140 STacSV (da7702025dfd169b909c4da3126762cc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
11:26:55.0502 4140 STacSV - ok
11:26:55.0565 4140 StarWindServiceAE - ok
11:26:55.0596 4140 stdflt (c48e0745d33897c7a73394214f2b9b4f) C:\Windows\system32\DRIVERS\stdflt.sys
11:26:55.0596 4140 stdflt - ok
11:26:55.0643 4140 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:26:55.0643 4140 stexstor - ok
11:26:55.0736 4140 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
11:26:55.0752 4140 STHDA - ok
11:26:55.0846 4140 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:26:55.0877 4140 stisvc - ok
11:26:55.0939 4140 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:26:55.0939 4140 swenum - ok
11:26:56.0095 4140 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:26:56.0111 4140 swprv - ok
11:26:56.0189 4140 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys
11:26:56.0189 4140 SynTP - ok
11:26:56.0282 4140 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:26:56.0345 4140 SysMain - ok
11:26:56.0376 4140 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:26:56.0376 4140 TabletInputService - ok
11:26:56.0438 4140 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:26:56.0454 4140 TapiSrv - ok
11:26:56.0501 4140 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:26:56.0501 4140 TBS - ok
11:26:56.0672 4140 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:26:56.0782 4140 Tcpip - ok
11:26:56.0844 4140 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:26:56.0860 4140 TCPIP6 - ok
11:26:56.0906 4140 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:26:56.0906 4140 tcpipreg - ok
11:26:56.0922 4140 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:26:56.0938 4140 TDPIPE - ok
11:26:56.0969 4140 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:26:56.0984 4140 TDTCP - ok
11:26:57.0031 4140 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:26:57.0031 4140 tdx - ok
11:26:57.0203 4140 TeamViewer7 (de09282b3abef632917ebedc4dcdfb56) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
11:26:57.0218 4140 TeamViewer7 - ok
11:26:57.0281 4140 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:26:57.0281 4140 TermDD - ok
11:26:57.0515 4140 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:26:57.0530 4140 TermService - ok
11:26:57.0562 4140 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:26:57.0562 4140 Themes - ok
11:26:57.0608 4140 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:26:57.0624 4140 THREADORDER - ok
11:26:57.0640 4140 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:26:57.0640 4140 TrkWks - ok
11:26:57.0749 4140 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:26:57.0749 4140 TrustedInstaller - ok
11:26:57.0827 4140 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:26:57.0827 4140 tssecsrv - ok
11:26:57.0874 4140 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:26:57.0889 4140 TsUsbFlt - ok
11:26:57.0952 4140 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:26:57.0952 4140 tunnel - ok
11:26:57.0998 4140 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:26:58.0014 4140 uagp35 - ok
11:26:58.0045 4140 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:26:58.0061 4140 udfs - ok
11:26:58.0108 4140 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:26:58.0108 4140 UI0Detect - ok
11:26:58.0139 4140 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:26:58.0154 4140 uliagpkx - ok
11:26:58.0232 4140 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:26:58.0248 4140 umbus - ok
11:26:58.0279 4140 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:26:58.0279 4140 UmPass - ok
11:26:58.0420 4140 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:26:58.0482 4140 UNS - ok
11:26:58.0560 4140 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:26:58.0654 4140 upnphost - ok
11:26:58.0732 4140 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
11:26:58.0732 4140 USBAAPL64 - ok
11:26:58.0794 4140 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:26:58.0794 4140 usbaudio - ok
11:26:58.0872 4140 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:26:58.0872 4140 usbccgp - ok
11:26:58.0919 4140 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:26:58.0919 4140 usbcir - ok
11:26:58.0966 4140 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:26:58.0966 4140 usbehci - ok
11:26:58.0981 4140 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:26:58.0997 4140 usbhub - ok
11:26:59.0028 4140 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:26:59.0028 4140 usbohci - ok
11:26:59.0059 4140 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:26:59.0059 4140 usbprint - ok
11:26:59.0122 4140 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:26:59.0122 4140 usbscan - ok
11:26:59.0168 4140 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:26:59.0168 4140 USBSTOR - ok
11:26:59.0200 4140 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:26:59.0200 4140 usbuhci - ok
11:26:59.0278 4140 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:26:59.0293 4140 usbvideo - ok
11:26:59.0309 4140 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:26:59.0324 4140 UxSms - ok
11:26:59.0371 4140 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:59.0371 4140 VaultSvc - ok
11:26:59.0418 4140 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
11:26:59.0418 4140 VClone - ok
11:26:59.0480 4140 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:26:59.0480 4140 vdrvroot - ok
11:26:59.0777 4140 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:26:59.0808 4140 vds - ok
11:26:59.0855 4140 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:26:59.0855 4140 vga - ok
11:26:59.0902 4140 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:26:59.0902 4140 VgaSave - ok
11:26:59.0948 4140 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:26:59.0964 4140 vhdmp - ok
11:26:59.0995 4140 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:26:59.0995 4140 viaide - ok
11:27:00.0042 4140 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:27:00.0042 4140 volmgr - ok
11:27:00.0104 4140 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:27:00.0104 4140 volmgrx - ok
11:27:00.0151 4140 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:27:00.0151 4140 volsnap - ok
11:27:00.0198 4140 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:27:00.0198 4140 vsmraid - ok
11:27:00.0292 4140 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:27:00.0354 4140 VSS - ok
11:27:00.0385 4140 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:27:00.0385 4140 vwifibus - ok
11:27:00.0448 4140 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:27:00.0448 4140 vwififlt - ok
11:27:00.0494 4140 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:27:00.0494 4140 vwifimp - ok
11:27:00.0541 4140 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:27:00.0604 4140 W32Time - ok
11:27:00.0650 4140 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:27:00.0650 4140 WacomPen - ok
11:27:00.0713 4140 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:27:00.0713 4140 WANARP - ok
11:27:00.0744 4140 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:27:00.0744 4140 Wanarpv6 - ok
11:27:01.0165 4140 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:27:01.0212 4140 WatAdminSvc - ok
11:27:01.0742 4140 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:27:02.0008 4140 wbengine - ok
11:27:02.0086 4140 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:27:02.0101 4140 WbioSrvc - ok
11:27:02.0164 4140 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:27:02.0179 4140 wcncsvc - ok
11:27:02.0226 4140 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:27:02.0226 4140 WcsPlugInService - ok
11:27:02.0335 4140 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:27:02.0335 4140 Wd - ok
11:27:02.0382 4140 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:27:02.0398 4140 Wdf01000 - ok
11:27:02.0429 4140 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:27:02.0429 4140 WdiServiceHost - ok
11:27:02.0429 4140 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:27:02.0429 4140 WdiSystemHost - ok
11:27:02.0491 4140 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:27:02.0491 4140 WebClient - ok
11:27:02.0600 4140 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:27:02.0616 4140 Wecsvc - ok
11:27:02.0663 4140 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:27:02.0663 4140 wercplsupport - ok
11:27:02.0726 4140 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:27:02.0742 4140 WerSvc - ok
11:27:02.0757 4140 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:27:02.0757 4140 WfpLwf - ok
11:27:02.0789 4140 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:27:02.0789 4140 WIMMount - ok
11:27:02.0804 4140 WinDefend - ok
11:27:02.0851 4140 WinHttpAutoProxySvc - ok
11:27:02.0929 4140 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:27:02.0929 4140 Winmgmt - ok
11:27:03.0054 4140 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:27:03.0132 4140 WinRM - ok
11:27:03.0194 4140 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:27:03.0194 4140 WinUsb - ok
11:27:03.0272 4140 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:27:03.0303 4140 Wlansvc - ok
11:27:03.0350 4140 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:27:03.0350 4140 WmiAcpi - ok
11:27:03.0444 4140 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:27:03.0459 4140 wmiApSrv - ok
11:27:03.0506 4140 WMPNetworkSvc - ok
11:27:03.0553 4140 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:27:03.0569 4140 WPCSvc - ok
11:27:03.0631 4140 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:27:03.0631 4140 WPDBusEnum - ok
11:27:03.0662 4140 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:27:03.0662 4140 ws2ifsl - ok
11:27:03.0693 4140 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:27:03.0693 4140 wscsvc - ok
11:27:03.0757 4140 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
11:27:03.0757 4140 WSDPrintDevice - ok
11:27:03.0772 4140 WSearch - ok
11:27:03.0866 4140 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:27:03.0928 4140 wuauserv - ok
11:27:04.0240 4140 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:27:04.0240 4140 WudfPf - ok
11:27:04.0272 4140 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:27:04.0272 4140 WUDFRd - ok
11:27:04.0334 4140 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:27:04.0334 4140 wudfsvc - ok
11:27:04.0396 4140 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:27:04.0412 4140 WwanSvc - ok
11:27:04.0490 4140 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:27:04.0568 4140 \Device\Harddisk0\DR0 - ok
11:27:04.0584 4140 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
11:27:04.0630 4140 \Device\Harddisk1\DR1 - ok
11:27:04.0646 4140 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
11:27:04.0662 4140 \Device\Harddisk2\DR2 - ok
11:27:04.0662 4140 Boot (0x1200) (bdd62490c278e7782d92ba2f92230c77) \Device\Harddisk0\DR0\Partition0
11:27:04.0662 4140 \Device\Harddisk0\DR0\Partition0 - ok
11:27:04.0771 4140 Boot (0x1200) (f4b21c7f984992df28d61a576a630230) \Device\Harddisk0\DR0\Partition1
11:27:04.0771 4140 \Device\Harddisk0\DR0\Partition1 - ok
11:27:04.0771 4140 Boot (0x1200) (c79a0a7354cd01b04522c150cd34f8df) \Device\Harddisk1\DR1\Partition0
11:27:04.0771 4140 \Device\Harddisk1\DR1\Partition0 - ok
11:27:04.0786 4140 Boot (0x1200) (b5e670c2f0c73703d1e485b25e851094) \Device\Harddisk2\DR2\Partition0
11:27:04.0786 4140 \Device\Harddisk2\DR2\Partition0 - ok
11:27:04.0786 4140 ============================================================
11:27:04.0786 4140 Scan finished
11:27:04.0786 4140 ============================================================
11:27:04.0802 5876 Detected object count: 0
11:27:04.0802 5876 Actual detected object count: 0
11:28:39.0962 6132 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-24 11:49:02
-----------------------------
11:49:02.849 OS Version: Windows x64 6.1.7601 Service Pack 1
11:49:02.849 Number of processors: 4 586 0x2502
11:49:02.865 ComputerName: JIM-PC UserName: Jim
11:49:05.860 Initialize success
11:49:12.943 AVAST engine defs: 12032400
11:49:20.540 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:49:20.555 Disk 0 Vendor: WDC_WD3200BEKT-75F3T0 11.01A11 Size: 305245MB BusType: 11
11:49:20.555 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000073
11:49:20.555 Disk 1 Vendor: RICOH 01 Size: 1875MB BusType: 0
11:49:20.602 Disk 0 MBR read successfully
11:49:20.602 Disk 0 MBR scan
11:49:20.618 Disk 0 Windows 7 default MBR code
11:49:20.618 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:49:20.680 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
11:49:20.711 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290205 MB offset 30800325
11:49:20.836 Disk 0 scanning C:\Windows\system32\drivers
11:49:59.259 Service scanning
11:51:46.665 Modules scanning
11:51:47.180 Disk 0 trace - called modules:
11:51:47.196 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:51:47.211 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800520a060]
11:51:47.211 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800508cc40]
11:51:47.211 5 stdflt.sys[fffff8800197da4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004f58060]
11:51:48.600 AVAST engine scan C:\Windows
11:51:51.486 AVAST engine scan C:\Windows\system32
11:55:26.323 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
11:55:26.323 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-24 11:49:02
-----------------------------
11:49:02.849 OS Version: Windows x64 6.1.7601 Service Pack 1
11:49:02.849 Number of processors: 4 586 0x2502
11:49:02.865 ComputerName: JIM-PC UserName: Jim
11:49:05.860 Initialize success
11:49:12.943 AVAST engine defs: 12032400
11:49:20.540 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:49:20.555 Disk 0 Vendor: WDC_WD3200BEKT-75F3T0 11.01A11 Size: 305245MB BusType: 11
11:49:20.555 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000073
11:49:20.555 Disk 1 Vendor: RICOH 01 Size: 1875MB BusType: 0
11:49:20.602 Disk 0 MBR read successfully
11:49:20.602 Disk 0 MBR scan
11:49:20.618 Disk 0 Windows 7 default MBR code
11:49:20.618 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:49:20.680 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
11:49:20.711 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290205 MB offset 30800325
11:49:20.836 Disk 0 scanning C:\Windows\system32\drivers
11:49:59.259 Service scanning
11:51:46.665 Modules scanning
11:51:47.180 Disk 0 trace - called modules:
11:51:47.196 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:51:47.211 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800520a060]
11:51:47.211 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800508cc40]
11:51:47.211 5 stdflt.sys[fffff8800197da4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004f58060]
11:51:48.600 AVAST engine scan C:\Windows
11:51:51.486 AVAST engine scan C:\Windows\system32
11:55:26.323 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
11:55:26.323 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"
11:56:33.369 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
11:56:33.385 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-24 11:49:02
-----------------------------
11:49:02.849 OS Version: Windows x64 6.1.7601 Service Pack 1
11:49:02.849 Number of processors: 4 586 0x2502
11:49:02.865 ComputerName: JIM-PC UserName: Jim
11:49:05.860 Initialize success
11:49:12.943 AVAST engine defs: 12032400
11:49:20.540 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:49:20.555 Disk 0 Vendor: WDC_WD3200BEKT-75F3T0 11.01A11 Size: 305245MB BusType: 11
11:49:20.555 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000073
11:49:20.555 Disk 1 Vendor: RICOH 01 Size: 1875MB BusType: 0
11:49:20.602 Disk 0 MBR read successfully
11:49:20.602 Disk 0 MBR scan
11:49:20.618 Disk 0 Windows 7 default MBR code
11:49:20.618 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:49:20.680 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
11:49:20.711 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290205 MB offset 30800325
11:49:20.836 Disk 0 scanning C:\Windows\system32\drivers
11:49:59.259 Service scanning
11:51:46.665 Modules scanning
11:51:47.180 Disk 0 trace - called modules:
11:51:47.196 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:51:47.211 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800520a060]
11:51:47.211 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800508cc40]
11:51:47.211 5 stdflt.sys[fffff8800197da4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004f58060]
11:51:48.600 AVAST engine scan C:\Windows
11:51:51.486 AVAST engine scan C:\Windows\system32
11:55:26.323 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
11:55:26.323 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"
11:56:33.369 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
11:56:33.385 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"
11:57:34.877 AVAST engine scan C:\Windows\system32\drivers
11:58:03.550 AVAST engine scan C:\Users\Jim
11:58:46.966 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
11:58:46.966 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-24 11:49:02
-----------------------------
11:49:02.849 OS Version: Windows x64 6.1.7601 Service Pack 1
11:49:02.849 Number of processors: 4 586 0x2502
11:49:02.865 ComputerName: JIM-PC UserName: Jim
11:49:05.860 Initialize success
11:49:12.943 AVAST engine defs: 12032400
11:49:20.540 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:49:20.555 Disk 0 Vendor: WDC_WD3200BEKT-75F3T0 11.01A11 Size: 305245MB BusType: 11
11:49:20.555 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000073
11:49:20.555 Disk 1 Vendor: RICOH 01 Size: 1875MB BusType: 0
11:49:20.602 Disk 0 MBR read successfully
11:49:20.602 Disk 0 MBR scan
11:49:20.618 Disk 0 Windows 7 default MBR code
11:49:20.618 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:49:20.680 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
11:49:20.711 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290205 MB offset 30800325
11:49:20.836 Disk 0 scanning C:\Windows\system32\drivers
11:49:59.259 Service scanning
11:51:46.665 Modules scanning
11:51:47.180 Disk 0 trace - called modules:
11:51:47.196 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:51:47.211 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800520a060]
11:51:47.211 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800508cc40]
11:51:47.211 5 stdflt.sys[fffff8800197da4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004f58060]
11:51:48.600 AVAST engine scan C:\Windows
11:51:51.486 AVAST engine scan C:\Windows\system32
11:55:26.323 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
11:55:26.323 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"
11:56:33.369 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
11:56:33.385 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"
11:57:34.877 AVAST engine scan C:\Windows\system32\drivers
11:58:03.550 AVAST engine scan C:\Users\Jim
11:58:46.966 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
11:58:46.966 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"
12:10:40.866 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
12:10:40.960 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-24 11:49:02
-----------------------------
11:49:02.849 OS Version: Windows x64 6.1.7601 Service Pack 1
11:49:02.849 Number of processors: 4 586 0x2502
11:49:02.865 ComputerName: JIM-PC UserName: Jim
11:49:05.860 Initialize success
11:49:12.943 AVAST engine defs: 12032400
11:49:20.540 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:49:20.555 Disk 0 Vendor: WDC_WD3200BEKT-75F3T0 11.01A11 Size: 305245MB BusType: 11
11:49:20.555 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000073
11:49:20.555 Disk 1 Vendor: RICOH 01 Size: 1875MB BusType: 0
11:49:20.602 Disk 0 MBR read successfully
11:49:20.602 Disk 0 MBR scan
11:49:20.618 Disk 0 Windows 7 default MBR code
11:49:20.618 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:49:20.680 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
11:49:20.711 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290205 MB offset 30800325
11:49:20.836 Disk 0 scanning C:\Windows\system32\drivers
11:49:59.259 Service scanning
11:51:46.665 Modules scanning
11:51:47.180 Disk 0 trace - called modules:
11:51:47.196 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:51:47.211 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800520a060]
11:51:47.211 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800508cc40]
11:51:47.211 5 stdflt.sys[fffff8800197da4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004f58060]
11:51:48.600 AVAST engine scan C:\Windows
11:51:51.486 AVAST engine scan C:\Windows\system32
11:55:26.323 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
11:55:26.323 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"
11:56:33.369 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
11:56:33.385 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"
11:57:34.877 AVAST engine scan C:\Windows\system32\drivers
11:58:03.550 AVAST engine scan C:\Users\Jim
11:58:46.966 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
11:58:46.966 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"
12:10:40.866 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
12:10:40.960 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"
12:13:02.817 Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
12:13:02.817 The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:14 PM

Posted 24 March 2012 - 11:46 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::

Firefox::
FF - ProfilePath - c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\cbjo3wlh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.id - 283ea62b00000000000000231415b849
FF - user.js: extensions.BabylonToolbar_i.hardId - 283ea62b00000000000000231415b849
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15389
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:09
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=
FF - user.js: extensions.funmoods_i.id - 283ea62b00000000000000231415b849
FF - user.js: extensions.funmoods_i.instlDay - 15416
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1612:12
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ironto
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Rotor head

Rotor head
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:08:14 PM

Posted 24 March 2012 - 12:40 PM

Here is ComboFix report. Computer does not present any issues that I can detect. No problems running the last instructions.

ComboFix 12-03-22.01 - Jim 03/24/2012 13:18:16.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2064 [GMT -4:00]
Running from: c:\users\Jim\Downloads\ComboFix.exe
Command switches used :: c:\users\Jim\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
E:\Autorun.inf
E:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2012-03-24 17:26 . 2012-03-24 17:26 -------- d-----w- c:\users\Test\AppData\Local\temp
2012-03-24 17:26 . 2012-03-24 17:26 -------- d-----w- c:\users\Non-Administrator\AppData\Local\temp
2012-03-24 17:26 . 2012-03-24 17:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-24 14:01 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70AAA0C6-91BC-4EBE-8A51-53242AD03377}\mpengine.dll
2012-03-23 13:57 . 2012-03-23 13:57 -------- d-----w- c:\users\Jim\AppData\Local\Ilivid Player
2012-03-23 13:56 . 2012-03-23 15:01 -------- d-----w- c:\users\Jim\AppData\Local\RockMelt
2012-03-23 13:46 . 2012-03-23 14:01 -------- d-----w- c:\users\Jim\AppData\Local\ElevatedDiagnostics
2012-03-23 12:52 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-22 14:41 . 2012-03-22 14:41 -------- d-----w- c:\programdata\MemeoCommon
2012-03-22 14:38 . 2012-03-22 14:38 -------- d-----w- c:\users\Jim\AppData\Roaming\Memeo
2012-03-22 14:38 . 2012-03-22 14:38 -------- d-----w- c:\users\Jim\AppData\Roaming\Seagate
2012-03-22 14:35 . 2012-03-22 14:35 -------- d-----w- c:\program files (x86)\Common Files\Memeo
2012-03-22 14:35 . 2012-03-22 14:35 -------- d-----w- c:\program files (x86)\Memeo
2012-03-22 14:34 . 2012-03-22 14:35 -------- d-----w- c:\program files (x86)\Seagate
2012-03-22 14:31 . 2012-03-22 14:31 -------- d-----w- c:\users\Jim\AppData\Roaming\Leadertech
2012-03-21 21:25 . 2012-03-22 02:38 -------- d-----w- c:\program files (x86)\Optimizer Pro
2012-03-21 21:21 . 2012-02-09 17:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9AF0B223-BE1F-4D1A-83E4-B19B50C7A720}\gapaengine.dll
2012-03-21 21:14 . 2012-03-21 21:14 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-21 21:13 . 2012-03-21 21:14 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-21 17:53 . 2012-03-21 20:59 -------- d-----w- c:\windows\AutoKMS
2012-03-21 17:52 . 2012-03-21 17:52 -------- d-----w- C:\Cracks
2012-03-21 16:59 . 2012-03-21 16:59 -------- d-----w- c:\program files (x86)\Club Penguin
2012-03-21 16:58 . 2012-03-21 16:58 -------- d-----w- c:\programdata\Symantec
2012-03-21 16:40 . 2012-03-21 16:40 18944 ----a-r- c:\users\Jim\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-03-20 13:54 . 2012-03-23 14:52 -------- d-----w- c:\program files (x86)\BitTorrent
2012-03-18 10:58 . 2012-03-24 13:19 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-03-18 10:57 . 2012-03-23 12:56 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-03-18 10:57 . 2012-03-23 12:56 145960 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-03-17 20:32 . 2012-03-17 20:32 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-03-17 20:31 . 2012-03-17 20:31 -------- d-----w- c:\windows\PCHEALTH
2012-03-17 20:31 . 2012-03-17 20:31 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-03-17 20:31 . 2012-03-17 20:31 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-03-17 20:30 . 2012-03-17 20:30 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-03-17 20:29 . 2012-03-17 20:29 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-03-17 20:28 . 2012-03-17 20:28 -------- d-----r- C:\MSOCache
2012-03-17 16:12 . 2012-03-17 16:12 -------- d-----w- c:\program files (x86)\Uncompressor
2012-03-14 13:37 . 2012-03-14 13:37 -------- d-----w- c:\users\Jim\AppData\Local\IsolatedStorage
2012-03-14 13:31 . 2012-03-16 15:34 -------- d-----w- c:\program files (x86)\TurboTax
2012-03-14 13:25 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 13:25 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 13:25 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 19:45 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 19:45 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 19:45 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 19:44 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 19:44 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 19:44 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 19:44 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 19:44 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 19:44 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 19:44 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-12 02:51 . 2012-03-23 12:34 -------- d-----w- c:\users\Jim\AppData\Local\309A6C0D-A4DF-4CA8-9774-A3F326691C03.aplzod
2012-03-09 19:26 . 2012-03-09 19:26 -------- d-----w- c:\program files\iPod
2012-03-09 19:26 . 2012-03-09 19:26 -------- d-----w- c:\program files\iTunes
2012-03-09 19:26 . 2012-03-09 19:26 -------- d-----w- c:\program files (x86)\iTunes
2012-03-09 19:20 . 2012-03-23 15:34 -------- d-----w- c:\program files (x86)\Safari
2012-03-07 01:01 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-07 01:01 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-03-07 01:01 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-03-07 01:00 . 2012-03-07 01:00 -------- d-----w- c:\program files\Bonjour
2012-03-07 01:00 . 2012-03-07 01:00 -------- d-----w- c:\program files (x86)\Bonjour
2012-03-03 13:09 . 2012-03-03 13:09 -------- d-----w- c:\users\Jim\AppData\Local\Sunbelt Software
2012-03-02 23:14 . 2012-03-02 20:40 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-02 21:16 . 2012-03-02 21:16 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-03-02 20:40 . 2012-03-02 20:40 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-02 20:34 . 2011-11-03 17:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-02 20:34 . 2012-03-02 20:34 -------- d-----w- c:\programdata\Lavasoft
2012-03-02 20:34 . 2012-03-02 20:34 -------- d-----w- c:\program files (x86)\Lavasoft
2012-02-29 03:17 . 2012-02-29 03:17 -------- d-----w- c:\programdata\Brother
2012-02-23 18:05 . 2012-02-23 18:05 -------- d-----w- c:\users\Jim\AppData\Roaming\uTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 11:06 . 2012-03-01 11:06 10 ----a-w- c:\windows\Fonts\wfonts.key
2012-02-29 02:49 . 2011-11-22 19:58 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-02-29 02:47 . 2011-11-22 19:58 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-29 02:03 . 2011-12-05 20:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-02-26 15:13 . 2011-12-05 20:47 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-02-26 15:13 . 2011-12-05 20:46 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-02-26 15:12 . 2011-11-22 19:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-26 15:12 . 2011-11-22 19:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-20 01:13 . 2012-01-06 18:34 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-20 01:13 . 2012-01-06 18:34 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-19 04:08 . 2012-02-19 04:08 530488 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-02-17 03:52 . 2011-12-05 20:45 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-05 18:02 . 2012-01-10 03:59 417440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-02-05 18:02 . 2011-11-06 19:52 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2011-11-06 17:37 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-28 17:10 . 2012-01-28 17:10 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm
2012-01-25 19:21 . 2012-01-25 19:21 913920 ----a-w- c:\windows\SysWow64\lameACM.acm
2012-01-24 19:18 . 2012-01-24 19:18 4794880 ----a-w- c:\windows\SysWow64\x264vfw.dll
2012-01-10 12:41 . 2012-01-10 12:41 8756384 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-01-06 14:59 . 2012-01-06 15:00 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-04 10:44 . 2012-02-15 23:43 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 23:43 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 23:43 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 23:43 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 23:43 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-24_13.45.49 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-03-23 19:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-24 14:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-23 19:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-24 14:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-23 19:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-24 14:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-06 18:19 . 2012-03-24 15:21 67742 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-24 15:47 33996 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-06 17:19 . 2012-03-24 15:47 18732 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4103786111-4144450326-3867851604-1000_UserData.bin
- 2012-03-24 13:44 . 2012-03-24 13:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-24 17:27 . 2012-03-24 17:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-24 13:44 . 2012-03-24 13:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-24 17:27 . 2012-03-24 17:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-03-24 15:44 396364 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-03-24 17:26 444100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-24 13:43 444100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:36 . 2012-03-24 15:44 1455266 c:\windows\system32\perfh009.dat
+ 2011-11-06 19:33 . 2012-03-24 17:26 3301680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-11-06 19:33 . 2012-03-24 13:18 3301680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-08 09:22 . 2012-03-24 17:26 9606072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4103786111-4144450326-3867851604-1000-12288.dat
+ 2012-03-20 02:34 . 2012-03-20 02:34 4506112 c:\windows\Installer\135ee8.msp
+ 2012-03-20 02:37 . 2012-03-20 02:37 3444224 c:\windows\Installer\135e56.msp
+ 2012-03-24 14:16 . 2012-03-24 14:16 1923920 c:\windows\Installer\{E463E171-4082-4744-A466-F7CBE8502789}\TurboTax.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft ScreenHunter 6.0 Free"="0" [X]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Boingo Wi-Finder"="c:\program files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk" [2012-02-07 2429]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"Conime"="c:\windows\system32\conime.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-05 253600]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-03-02 17152]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-03-23 129976]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-02-01 25072]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [x]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2010-11-22 66560]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 20:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-10 18:02]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 19:51]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 19:51]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4103786111-4144450326-3867851604-1000Core.job
- c:\users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-16 13:25]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4103786111-4144450326-3867851604-1000UA.job
- c:\users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-16 13:25]
.
2012-03-17 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-03-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=type=W3i_SP,204,0_0,StartPage,20120312,16897,0,6,0
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: campmasters.org
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1 74.128.17.114 74.128.19.102
FF - ProfilePath - c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\cbjo3wlh.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-{06C7AD57-B655-418D-9AB8-9526A6D2E052} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_197_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_197_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_197.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_197.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_197.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_197.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Boingo\Boingo Wi-Finder\Boingo Wi-Finder.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files (x86)\Memeo\AutoBackup\InstantBackup.exe
c:\program files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
c:\program files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-03-24 13:33:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-24 17:33
ComboFix2.txt 2012-03-24 13:50
.
Pre-Run: 141,717,614,592 bytes free
Post-Run: 141,208,223,744 bytes free
.
- - End Of File - - 0B2E1F919E3249DFD71992C4D544A0F0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:14 PM

Posted 24 March 2012 - 01:26 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

BitTorrent
Java™ 6 Update 22
Java™ 6 Update 30
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Rotor head

Rotor head
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:08:14 PM

Posted 24 March 2012 - 08:39 PM

Here are the logs. No problems detected and thanks for the peer 2 peer articles.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:27:18 PM, on 3/24/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.24.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jim :: JIM-PC [administrator] Protection: Disabled 3/24/2012 9:12:59 PM mbam-log-2012-03-24 (21-12-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 243460 Time elapsed: 3 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
Running processes:
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo Wi-Finder.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=type=W3i_SP,204,0_0,StartPage,20120312,16897,0,6,0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - (no file)
O4 - HKLM\..\Run: [Boingo Wi-Finder] "C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 6.0 Free] 0
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.campmasters.org
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldt_device - Unknown owner - C:\Windows\system32\dldtcoms.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12462 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:14 PM

Posted 24 March 2012 - 08:47 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
      O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 6.0 Free] 0
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
      O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Rotor head

Rotor head
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:08:14 PM

Posted 25 March 2012 - 06:30 AM

Computer seems to be working normally. No problems encountered on last step. Here is the requested log.

C:\Program Files (x86)\FoxTabFLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Users\Jim\AppData\Local\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application
C:\Users\Jim\Downloads\cnet2_InstallRARFileOpenKnife_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Jim\Downloads\cnet2_ISOBuddy1113_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Jim\Downloads\cnet_ISOBuddy1113_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Jim\Downloads\CNET_TechTracker_2_0_4_Setup.exe Win32/OpenCandy application
C:\Users\Jim\Downloads\cnet_udfread_v5_1_1_213_inst_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Jim\Downloads\InstallRARFileOpenKnife.exe Win32/OpenCandy application
C:\Users\Jim\Downloads\microsoft_office_professional_plus_keygen_may_updates_included_downloader.exe a variant of Win32/ExpressFiles application
C:\Users\Jim\Downloads\Miro_Installer.exe Win32/OpenCandy application
C:\Users\Jim\Downloads\XvidSetup.exe Win32/Toolbar.Zugo application
C:\Users\Jim\Downloads\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Jim\Music\Downloads\cbrunscannerregistrybooster.exe Win32/RegistryBooster application
C:\Users\Jim\Music\Downloads\fsx_boeing_737_800_manual.exe probably a variant of Win32/MediaGet application
C:\Users\Jim\Music\Downloads\Maddog 2008 Professional.rar Win32/HackTool.Patcher.A application
C:\Users\jstauffer\Downloads\cnet2_InstallRARFileOpenKnife_exe.exe a variant of Win32/InstallCore.D application

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:14 PM

Posted 25 March 2012 - 12:23 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Program Files (x86)\FoxTabFLVPlayer\FLVPlayer.exe"
    del /f /s /q "C:\Users\Jim\AppData\Local\Babylon\Setup\Setup.exe"
    del /f /s /q "C:\Users\Jim\Downloads\cnet2_InstallRARFileOpenKnife_exe.exe"
    del /f /s /q "C:\Users\Jim\Downloads\cnet2_ISOBuddy1113_exe.exe"
    del /f /s /q "C:\Users\Jim\Downloads\cnet_ISOBuddy1113_exe.exe"
    del /f /s /q "C:\Users\Jim\Downloads\CNET_TechTracker_2_0_4_Setup.exe"
    del /f /s /q "C:\Users\Jim\Downloads\cnet_udfread_v5_1_1_213_inst_exe.exe"
    del /f /s /q "C:\Users\Jim\Downloads\InstallRARFileOpenKnife.exe"
    del /f /s /q "C:\Users\Jim\Downloads\microsoft_office_professional_plus_keygen_may_updates_included_downloader.exe"
    del /f /s /q "C:\Users\Jim\Downloads\Miro_Installer.exe"
    del /f /s /q "C:\Users\Jim\Downloads\XvidSetup.exe Win32/Toolbar.Zugo application"
    del /f /s /q "C:\Users\Jim\Downloads\YouTubeDownloaderSetup34.exe"
    del /f /s /q "C:\Users\Jim\Music\Downloads\cbrunscannerregistrybooster.exe"
    del /f /s /q "C:\Users\Jim\Music\Downloads\fsx_boeing_737_800_manual.exe"
    del /f /s /q "C:\Users\Jim\Music\Downloads\Maddog 2008 Professional.rar"
    del /f /s /q "C:\Users\jstauffer\Downloads\cnet2_InstallRARFileOpenKnife_exe.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop.

:DeFogger:

Note** This only needs to be run if it was run before - If not then skip it.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Rotor head

Rotor head
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:08:14 PM

Posted 25 March 2012 - 01:48 PM

Thank you again!!!! I have accomplished the final actions up to the suggestions to make my computer more safe in the future. (Which I will do right away.) You have been a life saver and I hope my small $30 donation helps you save another persons "bacon" like you did mine. Have a wonderful rest of the day and I want you to know how much I appreciate your unselfish willingness to help people like me.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:14 PM

Posted 25 March 2012 - 07:06 PM

Thank you very much and you are more than welcome



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:14 PM

Posted 27 March 2012 - 11:53 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users