Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect and browser failure IE9 and Firefox


  • This topic is locked This topic is locked
24 replies to this topic

#1 MTF5

MTF5

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 28 March 2012 - 03:46 AM

Have tried the usual removal tools but no sucess, constant redirecting in google and ocassionaly both browsers will not load at all.


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Owner at 9:25:02 on 2012-03-28
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3070.1025 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Brownie\BrStsWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\AirMac\APAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\System32\sdclt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\rundll32.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.performancesailing.co.nz/
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/imtoodownloadyoutube/{FCA226C2-B434-4BEB-954C-113B3B27A7DA}
uInternet Settings,ProxyOverride = *.local;<local>
mURLSearchHooks: H - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - f:\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - f:\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: ImTOO Download YouTube Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\imtoo download youtube toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [AdobeBridge]
uRun: [eyeBeam SIP Client]
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [VistaStartMenu] "d:\program files\vista start menu\VistaStartMenu.exe"
uRun: [SugarSync] "d:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DriveHQ FileManager] "c:\program files\drivehq\drivehq filemanager\FileManager.exe" autorun
uRun: [CAHeadless] d:\adobeelements\elements organizer 8.0\caheadless\ElementsAutoAnalyzer.exe
uRun: [UJ7J2I3XYGVF9FYEH] c:\sooi832.bin\CA0A4982125.exe /q
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Skytel] Skytel.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Everything] "c:\program files\everything\Everything.exe" -startup
mRun: [DVD or CD Sharing] "c:\program files\dvd or cd sharing\ODSAgent.exe"
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AirMac Base Station Agent] "c:\program files\airmac\APAgent.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - d:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\owner\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\fruitf~1.lnk - d:\program files\fruitfultime\fruitfultime bookmarkmanager\BookmarkManager.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\quickc~1.lnk - c:\users\owner\appdata\local\temp\rar$ex00.133\Quick Cliq.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\runlis~1.lnk - c:\program files\realvnc\vnc4\vncviewer.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\runvnc~1.lnk - c:\program files\realvnc\vnc4\winvnc4.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\phrase~1.lnk - c:\program files\phraseexpress\phraseexpress.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download with ImTOO Download YouTube Video - d:\program files\imtoo\download youtube video\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{6A303727-AD5F-4498-93D2-C16D1CB0B633} : DhcpNameServer = 192.168.1.254 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - c:\windows\system32\ieframe.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\9zgyec4m.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.performancesailing.co.nz
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\owner\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ImTOODownload YouTube Toolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-5-13 14448]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-10-26 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-10-26 41424]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-10-15 21504]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-2-22 1578400]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-5-13 182896]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-7-10 91472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-7-10 99472]
S1 SGFPUSB;SecuGen USB FRD Service03;c:\windows\system32\drivers\SGFu03d.sys [2011-3-29 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 joomlaApache;joomlaApache;"i:\progra~1\bitnam~1.12-\apache2\bin\httpd.exe" -k runservice --> i:\progra~1\bitnam~1.12-\apache2\bin\httpd.exe [?]
S2 joomlaMySQL;joomlaMySQL;"i:\program files\bitnami joomla 1.5.12-0 stack\mysql\bin\mysqld.exe" "--defaults-file=i:\program files\bitnami joomla 1.5.12-0 stack/mysql\my.ini" joomlamysql --> i:\program files\bitnami joomla 1.5.12-0 stack\mysql\bin\mysqld.exe [?]
S2 wordpressApache-1;wordpressApache-1;"g:\progra~1\bitnam~1\apache2\bin\httpd.exe" -k runservice --> g:\progra~1\bitnam~1\apache2\bin\httpd.exe [?]
S2 wordpressApache-2;wordpressApache-2;"g:\progra~1\bitnam~1\apache2\bin\httpd.exe" -k runservice --> g:\progra~1\bitnam~1\apache2\bin\httpd.exe [?]
S2 wordpressApache-3;wordpressApache-3;"g:\progra~1\bitnam~1\apache2\bin\httpd.exe" -k runservice --> g:\progra~1\bitnam~1\apache2\bin\httpd.exe [?]
S2 wordpressApache-4;wordpressApache-4;"e:\progra~1\bitnam~1\apache2\bin\httpd.exe" -k runservice --> e:\progra~1\bitnam~1\apache2\bin\httpd.exe [?]
S2 wordpressApache-5;wordpressApache-5;"e:\progra~1\bitnam~1\apache2\bin\httpd.exe" -k runservice --> e:\progra~1\bitnam~1\apache2\bin\httpd.exe [?]
S2 wordpressApache-6;wordpressApache-6;"e:\progra~2\bitnam~1\apache2\bin\httpd.exe" -k runservice --> e:\progra~2\bitnam~1\apache2\bin\httpd.exe [?]
S2 wordpressApache;wordpressApache;"g:\progra~1\bitnam~1\apache2\bin\httpd.exe" -k runservice --> g:\progra~1\bitnam~1\apache2\bin\httpd.exe [?]
S2 wordpressMySQL-1;wordpressMySQL-1;"g:\program files\bitnami wordpress stack\mysql\bin\mysqld.exe" "--defaults-file=g:\program files\bitnami wordpress stack/mysql\my.ini" wordpressmysql-1 --> g:\program files\bitnami wordpress stack\mysql\bin\mysqld.exe [?]
S2 wordpressMySQL-2;wordpressMySQL-2;"g:\program files\bitnami wordpress stack\mysql\bin\mysqld.exe" "--defaults-file=g:\program files\bitnami wordpress stack/mysql\my.ini" wordpressmysql-2 --> g:\program files\bitnami wordpress stack\mysql\bin\mysqld.exe [?]
S2 wordpressMySQL-3;wordpressMySQL-3;"g:\program files\bitnami wordpress stack\mysql\bin\mysqld.exe" "--defaults-file=g:\program files\bitnami wordpress stack/mysql\my.ini" wordpressmysql-3 --> g:\program files\bitnami wordpress stack\mysql\bin\mysqld.exe [?]
S2 wordpressMySQL-4;wordpressMySQL-4;"e:\program files\bitnami wordpress stack\mysql\bin\mysqld.exe" "--defaults-file=e:\program files\bitnami wordpress stack/mysql\my.ini" wordpressmysql-4 --> e:\program files\bitnami wordpress stack\mysql\bin\mysqld.exe [?]
S2 wordpressMySQL-5;wordpressMySQL-5;"e:\program files\bitnami wordpress stack\mysql\bin\mysqld.exe" --defaults-file="e:\program files\bitnami wordpress stack/mysql\my.ini" wordpressmysql-5 --> e:\program files\bitnami wordpress stack\mysql\bin\mysqld.exe [?]
S2 wordpressMySQL-6;wordpressMySQL-6;"e:\program files1\bitnami wordpress stack\mysql\bin\mysqld.exe" --defaults-file="e:\program files1\bitnami wordpress stack/mysql\my.ini" wordpressmysql-6 --> e:\program files1\bitnami wordpress stack\mysql\bin\mysqld.exe [?]
S2 wordpressMySQL;wordpressMySQL;"g:\program files\bitnami wordpress stack\mysql\bin\mysqld.exe" "--defaults-file=g:\program files\bitnami wordpress stack/mysql\my.ini" wordpressmysql --> g:\program files\bitnami wordpress stack\mysql\bin\mysqld.exe [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S4 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2011-4-10 5240168]
S4 DriveHQ FileManagerFun;DriveHQ FileManagerFun;c:\program files\drivehq\drivehq filemanager\DHQFMSvc.exe [2010-4-12 46080]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-03-28 08:22:18 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8ffa98b8-8aa3-4228-b254-c5c8bda10d9b}\offreg.dll
2012-03-27 13:56:10 -------- d-----w- c:\program files\HitmanPro
2012-03-27 13:55:18 -------- d-----w- c:\programdata\HitmanPro
2012-03-27 13:54:33 -------- d-----w- c:\programdata\Hitman Pro
2012-03-27 13:44:00 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-03-27 13:43:54 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-27 12:23:36 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{74251e13-3546-4a56-836a-2004ec496f4e}\gapaengine.dll
2012-03-27 12:23:24 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8ffa98b8-8aa3-4228-b254-c5c8bda10d9b}\mpengine.dll
2012-03-27 12:16:30 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-27 11:59:01 -------- d-----w- c:\programdata\LightScribe
2012-03-24 17:29:48 -------- d-----w- c:\program files\Lavasoft
2012-03-23 16:58:58 -------- d-----w- c:\windows\pss
2012-03-23 14:24:22 -------- d-----w- c:\users\owner\appdata\local\Threat Expert
2012-03-23 14:18:53 -------- d-----w- c:\users\owner\appdata\roaming\PCTools
2012-03-23 08:19:18 -------- d-----w- C:\New Folder (2)
2012-03-22 22:20:41 -------- d-----w- c:\users\owner\appdata\roaming\TestApp
2012-03-22 19:51:36 -------- d-----w- c:\program files\common files\PC Tools
2012-03-22 19:48:33 -------- d-----w- c:\programdata\PC Tools
2012-03-01 12:00:39 954752 ----a-w- c:\windows\system32\MFC40.bak
.
==================== Find3M ====================
.
2012-03-01 12:00:11 720896 ----a-w- c:\windows\iun6002.exe
2012-02-25 12:07:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 9:37:49.87 ===============

BC AdBot (Login to Remove)

 


#2 MTF5

MTF5
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 28 March 2012 - 03:58 AM

sorry file was not attached on my prevoius post

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:26 PM

Posted 29 March 2012 - 12:24 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 MTF5

MTF5
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 29 March 2012 - 05:18 AM

Thanks for the help its appreciated, have run combo fix report is below. Have checked google and am still getting redirected to other sites.

ComboFix 12-03-29.01 - Owner 29/03/2012 9:41.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3070.1504 [GMT 1:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ImTOO Download YouTube Toolbar\tbCOre3.dll
c:\sooi832.bin\CA0A4982125.exe
c:\users\Owner\AppData\Local\assembly\tmp
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3B5B.tmp
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB490.tmp
c:\users\Owner\AppData\Roaming\5BE2.ECE
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9zgyec4m.default\searchplugins\bing-zugo.xml
c:\windows\iun6002.exe
c:\windows\system32\aosmtp.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\odbcad32.exe
D:\install.exe
f:\documents\~WRL1786.tmp
F:\SETUP.EXE
.
Infected copy of c:\windows\ehome\ehvid.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.22670_none_4ba6b5206e120937\ehvid.exe
.
Infected copy of c:\windows\System32\Magnify.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-magnify_31bf3856ad364e35_6.0.6002.18005_none_7019507895d1ab0f\Magnify.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 09:28 . 2012-03-29 09:28 -------- d-----w- c:\users\marcus\AppData\Local\temp
2012-03-29 09:28 . 2012-03-29 09:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 04:57 . 2012-03-13 18:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-29 04:57 . 2012-03-13 18:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3C1BB83-5FBC-4F24-9819-6C53149E739B}\mpengine.dll
2012-03-27 13:56 . 2012-03-27 13:56 -------- d-----w- c:\program files\HitmanPro
2012-03-27 13:55 . 2012-03-27 13:56 -------- d-----w- c:\programdata\HitmanPro
2012-03-27 13:54 . 2012-03-27 13:54 -------- d-----w- c:\programdata\Hitman Pro
2012-03-27 13:44 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-03-27 13:44 . 2011-02-12 08:39 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-03-27 13:43 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-27 12:23 . 2012-03-27 12:22 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74251E13-3546-4A56-836A-2004EC496F4E}\gapaengine.dll
2012-03-27 12:16 . 2012-03-27 12:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-27 11:59 . 2012-03-27 11:59 -------- d-----w- c:\programdata\LightScribe
2012-03-24 17:29 . 2012-03-24 17:29 -------- d-----w- c:\program files\Lavasoft
2012-03-23 14:24 . 2012-03-23 14:24 -------- d-----w- c:\users\Owner\AppData\Local\Threat Expert
2012-03-23 14:18 . 2012-03-23 14:18 -------- d-----w- c:\users\Owner\AppData\Roaming\PCTools
2012-03-23 08:19 . 2012-03-23 08:19 -------- d-----w- C:\New Folder (2)
2012-03-22 22:20 . 2012-03-22 22:20 -------- d-----w- c:\users\Owner\AppData\Roaming\TestApp
2012-03-22 19:51 . 2012-03-27 11:54 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-22 19:48 . 2012-03-27 11:43 -------- d-----w- c:\programdata\PC Tools
2012-03-02 10:54 . 2012-03-02 10:54 5164704 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-03-01 12:00 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\MFC40.bak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 12:07 . 2011-06-13 19:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2009-10-15 23:06 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-03 18:47 365648 ----a-w- d:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-03 18:47 365648 ----a-w- d:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-03 18:47 365648 ----a-w- d:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-03 18:47 365648 ----a-w- d:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-16 39408]
"VistaStartMenu"="d:\program files\Vista Start Menu\VistaStartMenu.exe" [2010-04-27 2786176]
"SugarSync"="d:\program files\SugarSync\SugarSyncManager.exe" [2012-02-03 9401424]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-10-31 107000]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"DriveHQ FileManager"="c:\program files\DriveHQ\DriveHQ FileManager\FileManager.exe" [2009-12-15 1824768]
"CAHeadless"="d:\adobeelements\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-05 615808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-22 210216]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-09-23 210216]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-05 4669440]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-04-02 87336]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-30 328992]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-30 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-30 13535776]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-21 62760]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-16 122880]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"DVD or CD Sharing"="c:\program files\DVD or CD Sharing\ODSAgent.exe" [2008-02-20 619832]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-10 3618104]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-18 1089536]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"AirMac Base Station Agent"="c:\program files\AirMac\APAgent.exe" [2009-11-11 771360]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - d:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [N/A]
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
FruitfulTime BookmarkManager.lnk - d:\program files\FruitfulTime\FruitfulTime BookmarkManager\BookmarkManager.exe [N/A]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-11-25 333088]
Quick Cliq.lnk - c:\users\Owner\AppData\Local\Temp\Rar$EX00.133\Quick Cliq.exe [N/A]
Run Listening VNC Viewer.lnk - c:\program files\RealVNC\VNC4\vncviewer.exe [2009-10-16 582648]
Run VNC Server.lnk - c:\program files\RealVNC\VNC4\winvnc4.exe [2009-10-16 836600]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
PhraseExpress.lnk - c:\program files\PhraseExpress\phraseexpress.exe [2010-5-13 7346760]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [N/A]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2011-11-8 7070608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 04:28]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 04:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.performancesailing.co.nz/
mStart Page = hxxp://www.bigseekpro.com/imtoodownloadyoutube/{FCA226C2-B434-4BEB-954C-113B3B27A7DA}
uInternet Settings,ProxyOverride = *.local;<local>
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download with ImTOO Download YouTube Video - d:\program files\ImTOO\Download YouTube Video\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9zgyec4m.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.performancesailing.co.nz
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ImTOODownload YouTube Toolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-eyeBeam SIP Client - (no file)
HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
HKCU-Run-UJ7J2I3XYGVF9FYEH - c:\sooi832.bin\CA0A4982125.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-BankLinkBooks_is1 - c:\bk5\unins000.exe
AddRemove-BitNami WordPress Stack 2.8.2-0 - e:\program files\BitNami WordPress Stack\uninstall.exe
AddRemove-BitNami WordPress Stack 3.2.1-0 - e:\program files1\BitNami WordPress Stack\uninstall.exe
AddRemove-PDF-XChange 3_is1 - c:\program files\Mindjet\MindManager 9\PDF-XChange\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-29 10:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\CF11.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4472)
c:\program files\RocketDock\RocketDock.dll
c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
d:\program files\Vista Start Menu\VistaStartMenu.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\dlumd32.dll
c:\windows\system32\nvd3dum.dll
c:\program files\DriveHQ\DriveHQ FileManager\ShellCopyHookDLL.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2012-03-29 11:03:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-29 10:02
.
Pre-Run: 565,817,344 bytes free
Post-Run: 2,412,838,912 bytes free
.
- - End Of File - - BB097A1AA54D6DDF34200106CD2AB880

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:26 PM

Posted 29 March 2012 - 11:12 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 MTF5

MTF5
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 29 March 2012 - 02:00 PM

Hi, once again many thanks for the help

I have downloaded TDSSkiller and aswMBR to the desktop, have double clicked each one several times and nothing happens

Have switched off virus protection etc

still nothing

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:26 PM

Posted 29 March 2012 - 02:13 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 MTF5

MTF5
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 29 March 2012 - 02:33 PM

Hi
Ran Fix TDSS reported corrupt MBR and successfully corrected.

Ran tdsskiller report below

20:22:57.0719 3388 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
20:22:57.0902 3388 ============================================================
20:22:57.0902 3388 Current date / time: 2012/03/29 20:22:57.0902
20:22:57.0902 3388 SystemInfo:
20:22:57.0902 3388
20:22:57.0902 3388 OS Version: 6.0.6002 ServicePack: 2.0
20:22:57.0902 3388 Product type: Workstation
20:22:57.0902 3388 ComputerName: MARCUS-PC
20:22:57.0903 3388 UserName: Owner
20:22:57.0903 3388 Windows directory: C:\Windows
20:22:57.0903 3388 System windows directory: C:\Windows
20:22:57.0903 3388 Processor architecture: Intel x86
20:22:57.0903 3388 Number of processors: 2
20:22:57.0903 3388 Page size: 0x1000
20:22:57.0903 3388 Boot type: Normal boot
20:22:57.0903 3388 ============================================================
20:23:01.0011 3388 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:23:01.0111 3388 Drive \Device\Harddisk2\DR1 - Size: 0x77800000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:23:01.0113 3388 Drive \Device\Harddisk3\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:23:01.0485 3388 Drive \Device\Harddisk4\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:23:01.0489 3388 Drive \Device\Harddisk5\DR4 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:23:01.0498 3388 \Device\Harddisk0\DR0:
20:23:01.0631 3388 MBR used
20:23:01.0631 3388 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC740000
20:23:01.0631 3388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC740800, BlocksNum 0x16E22800
20:23:01.0631 3388 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23563000, BlocksNum 0x16E22800
20:23:01.0631 3388 \Device\Harddisk2\DR1:
20:23:01.0632 3388 MBR used
20:23:01.0632 3388 \Device\Harddisk2\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BBFE0
20:23:01.0632 3388 \Device\Harddisk3\DR2:
20:23:01.0673 3388 MBR used
20:23:01.0673 3388 \Device\Harddisk3\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542E2B0
20:23:01.0673 3388 \Device\Harddisk4\DR3:
20:23:01.0674 3388 MBR used
20:23:01.0674 3388 \Device\Harddisk4\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
20:23:01.0674 3388 \Device\Harddisk5\DR4:
20:23:01.0681 3388 MBR used
20:23:01.0681 3388 \Device\Harddisk5\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
20:23:03.0596 3388 Initialize success
20:23:03.0596 3388 ============================================================
20:25:33.0490 2360 ============================================================
20:25:33.0490 2360 Scan started
20:25:33.0490 2360 Mode: Manual;
20:25:33.0490 2360 ============================================================
20:25:34.0418 2360 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:25:34.0419 2360 ACPI - ok
20:25:34.0582 2360 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:25:34.0586 2360 AdobeARMservice - ok
20:25:34.0890 2360 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:25:34.0899 2360 adp94xx - ok
20:25:34.0994 2360 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:25:35.0002 2360 adpahci - ok
20:25:35.0027 2360 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:25:35.0030 2360 adpu160m - ok
20:25:35.0070 2360 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:25:35.0072 2360 adpu320 - ok
20:25:35.0123 2360 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:25:35.0125 2360 AeLookupSvc - ok
20:25:35.0244 2360 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
20:25:35.0287 2360 AFD - ok
20:25:35.0334 2360 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
20:25:35.0341 2360 agp440 - ok
20:25:35.0394 2360 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:25:35.0397 2360 aic78xx - ok
20:25:35.0472 2360 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:25:35.0492 2360 ALG - ok
20:25:35.0583 2360 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
20:25:35.0585 2360 aliide - ok
20:25:35.0720 2360 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
20:25:35.0729 2360 amdagp - ok
20:25:35.0804 2360 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
20:25:35.0806 2360 amdide - ok
20:25:35.0864 2360 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:25:35.0866 2360 AmdK7 - ok
20:25:35.0966 2360 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
20:25:35.0968 2360 AmdK8 - ok
20:25:36.0465 2360 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:25:36.0479 2360 Appinfo - ok
20:25:36.0770 2360 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:25:36.0774 2360 Apple Mobile Device - ok
20:25:37.0186 2360 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
20:25:37.0188 2360 AppMgmt - ok
20:25:37.0367 2360 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:25:37.0372 2360 arc - ok
20:25:37.0557 2360 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:25:37.0563 2360 arcsas - ok
20:25:38.0121 2360 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:25:38.0124 2360 aspnet_state - ok
20:25:38.0337 2360 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:25:38.0341 2360 AsyncMac - ok
20:25:38.0470 2360 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:25:38.0470 2360 atapi - ok
20:25:38.0676 2360 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:25:38.0734 2360 AudioEndpointBuilder - ok
20:25:38.0741 2360 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:25:38.0743 2360 Audiosrv - ok
20:25:39.0187 2360 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:25:39.0191 2360 Beep - ok
20:25:39.0503 2360 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:25:39.0561 2360 BFE - ok
20:25:39.0805 2360 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
20:25:40.0193 2360 BITS - ok
20:25:40.0384 2360 blbdrive - ok
20:25:40.0855 2360 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:25:41.0086 2360 Bonjour Service - ok
20:25:41.0340 2360 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
20:25:41.0344 2360 bowser - ok
20:25:41.0421 2360 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:25:41.0423 2360 BrFiltLo - ok
20:25:41.0469 2360 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:25:41.0510 2360 BrFiltUp - ok
20:25:41.0541 2360 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:25:41.0544 2360 Browser - ok
20:25:41.0565 2360 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:25:41.0568 2360 Brserid - ok
20:25:41.0586 2360 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:25:41.0589 2360 BrSerWdm - ok
20:25:41.0606 2360 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:25:41.0608 2360 BrUsbMdm - ok
20:25:41.0631 2360 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:25:41.0633 2360 BrUsbSer - ok
20:25:41.0666 2360 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
20:25:41.0668 2360 BthEnum - ok
20:25:41.0702 2360 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
20:25:41.0704 2360 BTHMODEM - ok
20:25:41.0765 2360 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
20:25:41.0768 2360 BthPan - ok
20:25:41.0832 2360 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
20:25:41.0842 2360 BTHPORT - ok
20:25:41.0884 2360 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
20:25:41.0890 2360 BthServ - ok
20:25:41.0910 2360 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
20:25:41.0917 2360 BTHUSB - ok
20:25:42.0295 2360 catchme - ok
20:25:42.0535 2360 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:25:42.0538 2360 cdfs - ok
20:25:42.0716 2360 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:25:42.0719 2360 cdrom - ok
20:25:42.0793 2360 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:25:42.0795 2360 CertPropSvc - ok
20:25:42.0844 2360 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:25:42.0846 2360 circlass - ok
20:25:42.0883 2360 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:25:42.0888 2360 CLFS - ok
20:25:43.0110 2360 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:25:43.0117 2360 clr_optimization_v2.0.50727_32 - ok
20:25:43.0506 2360 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:25:43.0509 2360 clr_optimization_v4.0.30319_32 - ok
20:25:43.0604 2360 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:25:43.0606 2360 CmBatt - ok
20:25:43.0634 2360 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
20:25:43.0636 2360 cmdide - ok
20:25:43.0675 2360 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:25:43.0676 2360 Compbatt - ok
20:25:43.0686 2360 COMSysApp - ok
20:25:43.0733 2360 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:25:43.0733 2360 crcdisk - ok
20:25:43.0767 2360 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:25:43.0770 2360 Crusoe - ok
20:25:43.0810 2360 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
20:25:43.0814 2360 CryptSvc - ok
20:25:43.0875 2360 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
20:25:43.0900 2360 CSC - ok
20:25:43.0923 2360 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
20:25:43.0949 2360 CscService - ok
20:25:44.0273 2360 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:25:44.0289 2360 DcomLaunch - ok
20:25:44.0453 2360 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
20:25:44.0462 2360 DfsC - ok
20:25:44.0872 2360 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:25:44.0929 2360 DFSR - ok
20:25:45.0334 2360 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:25:45.0339 2360 Dhcp - ok
20:25:45.0452 2360 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:25:45.0454 2360 disk - ok
20:25:45.0926 2360 DisplayLinkService (3404bb885d265549c2fcc7cb24b4828d) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
20:25:46.0394 2360 DisplayLinkService - ok
20:25:46.0533 2360 dlkmd (b19e212ef403999dadd5f337746dd21d) C:\Windows\system32\drivers\dlkmd.sys
20:25:46.0534 2360 dlkmd - ok
20:25:46.0579 2360 dlkmdldr (4b9c06a5a539a46aaaface8bdb65218c) C:\Windows\system32\drivers\dlkmdldr.sys
20:25:46.0580 2360 dlkmdldr - ok
20:25:46.0665 2360 Dnscache (30a08728740e71947ae1e073b5ce69b4) C:\Windows\System32\dnsrslvr.dll
20:25:46.0671 2360 Dnscache - ok
20:25:46.0692 2360 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:25:46.0697 2360 dot3svc - ok
20:25:46.0736 2360 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:25:46.0753 2360 DPS - ok
20:25:46.0830 2360 DriveHQ FileManagerFun (f6600791802df573c80ff36f9897ed85) C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
20:25:46.0832 2360 DriveHQ FileManagerFun - ok
20:25:46.0868 2360 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:25:46.0870 2360 drmkaud - ok
20:25:46.0935 2360 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:25:46.0939 2360 DXGKrnl - ok
20:25:47.0050 2360 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:25:47.0056 2360 E1G60 - ok
20:25:47.0232 2360 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:25:47.0235 2360 EapHost - ok
20:25:47.0282 2360 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:25:47.0284 2360 Ecache - ok
20:25:47.0487 2360 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:25:47.0503 2360 ehRecvr - ok
20:25:47.0524 2360 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:25:47.0527 2360 ehSched - ok
20:25:47.0543 2360 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:25:47.0544 2360 ehstart - ok
20:25:47.0653 2360 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:25:47.0683 2360 elxstor - ok
20:25:47.0795 2360 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:25:47.0832 2360 EMDMgmt - ok
20:25:47.0884 2360 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:25:47.0890 2360 EventSystem - ok
20:25:47.0923 2360 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:25:47.0928 2360 exfat - ok
20:25:47.0984 2360 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:25:47.0988 2360 fastfat - ok
20:25:48.0030 2360 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
20:25:48.0039 2360 Fax - ok
20:25:48.0095 2360 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
20:25:48.0097 2360 fdc - ok
20:25:48.0142 2360 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:25:48.0143 2360 fdPHost - ok
20:25:48.0291 2360 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:25:48.0296 2360 FDResPub - ok
20:25:48.0414 2360 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:25:48.0422 2360 FileInfo - ok
20:25:48.0466 2360 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:25:48.0470 2360 Filetrace - ok
20:25:48.0642 2360 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:25:48.0691 2360 FLEXnet Licensing Service - ok
20:25:48.0883 2360 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:25:48.0885 2360 flpydisk - ok
20:25:48.0963 2360 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:25:48.0969 2360 FltMgr - ok
20:25:49.0196 2360 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:25:49.0435 2360 FontCache - ok
20:25:49.0522 2360 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:25:49.0525 2360 FontCache3.0.0.0 - ok
20:25:49.0640 2360 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:25:49.0643 2360 Fs_Rec - ok
20:25:49.0705 2360 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
20:25:49.0708 2360 fvevol - ok
20:25:49.0763 2360 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:25:49.0771 2360 gagp30kx - ok
20:25:49.0837 2360 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:25:49.0838 2360 GEARAspiWDM - ok
20:25:49.0982 2360 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:25:49.0996 2360 gpsvc - ok
20:25:50.0104 2360 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:25:50.0106 2360 gupdate - ok
20:25:50.0169 2360 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:25:50.0170 2360 gupdatem - ok
20:25:50.0467 2360 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:25:50.0483 2360 gusvc - ok
20:25:50.0567 2360 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:25:50.0572 2360 HdAudAddService - ok
20:25:50.0676 2360 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:25:50.0702 2360 HDAudBus - ok
20:25:50.0747 2360 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:25:50.0754 2360 HidBth - ok
20:25:50.0796 2360 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:25:50.0798 2360 HidIr - ok
20:25:50.0858 2360 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
20:25:50.0861 2360 hidserv - ok
20:25:50.0992 2360 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:25:50.0996 2360 HidUsb - ok
20:25:51.0050 2360 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:25:51.0054 2360 hkmsvc - ok
20:25:51.0083 2360 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:25:51.0085 2360 HpCISSs - ok
20:25:51.0140 2360 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:25:51.0287 2360 HTTP - ok
20:25:51.0442 2360 hwdatacard (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:25:51.0445 2360 hwdatacard - ok
20:25:51.0500 2360 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:25:51.0502 2360 i2omp - ok
20:25:51.0589 2360 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:25:51.0592 2360 i8042prt - ok
20:25:51.0636 2360 iaStor (5df93509037399b53d3ecaa8a67b6c58) C:\Windows\system32\DRIVERS\iaStor.sys
20:25:51.0638 2360 iaStor - ok
20:25:51.0668 2360 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:25:51.0673 2360 iaStorV - ok
20:25:51.0797 2360 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:25:51.0805 2360 IDriverT - ok
20:25:51.0923 2360 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:25:51.0965 2360 idsvc - ok
20:25:52.0119 2360 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:25:52.0123 2360 iirsp - ok
20:25:52.0202 2360 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:25:52.0409 2360 IKEEXT - ok
20:25:52.0625 2360 IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys
20:25:52.0635 2360 IntcAzAudAddService - ok
20:25:52.0696 2360 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:25:52.0697 2360 intelide - ok
20:25:52.0763 2360 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:25:52.0764 2360 intelppm - ok
20:25:52.0811 2360 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:25:52.0815 2360 IPBusEnum - ok
20:25:52.0855 2360 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:25:52.0857 2360 IpFilterDriver - ok
20:25:52.0901 2360 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:25:52.0907 2360 iphlpsvc - ok
20:25:52.0917 2360 IpInIp - ok
20:25:52.0950 2360 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:25:52.0952 2360 IPMIDRV - ok
20:25:52.0975 2360 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:25:52.0979 2360 IPNAT - ok
20:25:53.0070 2360 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
20:25:53.0092 2360 iPod Service - ok
20:25:53.0128 2360 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:25:53.0130 2360 IRENUM - ok
20:25:53.0152 2360 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
20:25:53.0154 2360 isapnp - ok
20:25:53.0232 2360 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:25:53.0233 2360 iScsiPrt - ok
20:25:53.0259 2360 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:25:53.0264 2360 iteatapi - ok
20:25:53.0390 2360 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:25:53.0394 2360 iteraid - ok
20:25:53.0587 2360 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\Windows\system32\DRIVERS\JGOGO.sys
20:25:53.0587 2360 JGOGO - ok
20:25:53.0614 2360 joomlaApache - ok
20:25:53.0619 2360 joomlaMySQL - ok
20:25:53.0641 2360 JRAID (f5bf72eabc7e160bb6624168aad52dfe) C:\Windows\system32\DRIVERS\jraid.sys
20:25:53.0642 2360 JRAID - ok
20:25:53.0689 2360 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:25:53.0689 2360 kbdclass - ok
20:25:53.0734 2360 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:25:53.0736 2360 kbdhid - ok
20:25:53.0764 2360 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
20:25:53.0766 2360 KeyIso - ok
20:25:53.0794 2360 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:25:53.0802 2360 KSecDD - ok
20:25:53.0845 2360 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:25:53.0852 2360 KtmRm - ok
20:25:53.0904 2360 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
20:25:53.0909 2360 LanmanServer - ok
20:25:53.0948 2360 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:25:53.0956 2360 LanmanWorkstation - ok
20:25:53.0992 2360 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:25:53.0994 2360 lltdio - ok
20:25:54.0024 2360 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:25:54.0031 2360 lltdsvc - ok
20:25:54.0062 2360 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:25:54.0065 2360 lmhosts - ok
20:25:54.0103 2360 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:25:54.0106 2360 LSI_FC - ok
20:25:54.0141 2360 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:25:54.0144 2360 LSI_SAS - ok
20:25:54.0168 2360 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:25:54.0171 2360 LSI_SCSI - ok
20:25:54.0256 2360 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:25:54.0262 2360 luafv - ok
20:25:54.0574 2360 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
20:25:54.0580 2360 McciCMService - ok
20:25:54.0659 2360 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
20:25:54.0664 2360 McComponentHostService - ok
20:25:54.0736 2360 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:25:54.0740 2360 Mcx2Svc - ok
20:25:54.0774 2360 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:25:54.0776 2360 megasas - ok
20:25:54.0805 2360 MEMSWEEP2 - ok
20:25:54.0843 2360 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:25:54.0847 2360 MMCSS - ok
20:25:54.0891 2360 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:25:54.0892 2360 Modem - ok
20:25:54.0926 2360 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
20:25:54.0936 2360 MODEMCSA - ok
20:25:54.0984 2360 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:25:54.0985 2360 monitor - ok
20:25:55.0025 2360 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:25:55.0026 2360 mouclass - ok
20:25:55.0042 2360 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:25:55.0044 2360 mouhid - ok
20:25:55.0072 2360 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:25:55.0074 2360 MountMgr - ok
20:25:55.0125 2360 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
20:25:55.0126 2360 MpFilter - ok
20:25:55.0166 2360 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:25:55.0169 2360 mpio - ok
20:25:55.0207 2360 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:25:55.0209 2360 MpNWMon - ok
20:25:55.0406 2360 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:25:55.0412 2360 mpsdrv - ok
20:25:55.0625 2360 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:25:55.0641 2360 MpsSvc - ok
20:25:55.0695 2360 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:25:55.0697 2360 Mraid35x - ok
20:25:55.0771 2360 MREMP50 - ok
20:25:55.0781 2360 MREMPR5 - ok
20:25:55.0786 2360 MRENDIS5 - ok
20:25:55.0797 2360 MRESP50 - ok
20:25:55.0900 2360 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:25:55.0903 2360 MRxDAV - ok
20:25:55.0979 2360 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:25:55.0982 2360 mrxsmb - ok
20:25:56.0050 2360 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:25:56.0055 2360 mrxsmb10 - ok
20:25:56.0099 2360 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:25:56.0106 2360 mrxsmb20 - ok
20:25:56.0178 2360 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
20:25:56.0179 2360 msahci - ok
20:25:56.0215 2360 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:25:56.0222 2360 msdsm - ok
20:25:56.0553 2360 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:25:56.0558 2360 MSDTC - ok
20:25:56.0716 2360 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:25:56.0723 2360 Msfs - ok
20:25:56.0785 2360 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:25:56.0786 2360 msisadrv - ok
20:25:56.0867 2360 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:25:56.0870 2360 MSiSCSI - ok
20:25:56.0894 2360 msiserver - ok
20:25:57.0005 2360 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:25:57.0012 2360 MSKSSRV - ok
20:25:57.0109 2360 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
20:25:57.0110 2360 MsMpSvc - ok
20:25:57.0287 2360 msoidsvc (ca18d76444b5fdd0d69444ac3fa700b2) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
20:25:57.0606 2360 msoidsvc - ok
20:25:57.0790 2360 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:25:57.0795 2360 MSPCLOCK - ok
20:25:57.0863 2360 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:25:57.0868 2360 MSPQM - ok
20:25:57.0934 2360 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:25:57.0938 2360 MsRPC - ok
20:25:57.0991 2360 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:25:57.0991 2360 mssmbios - ok
20:25:58.0090 2360 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:25:58.0094 2360 MSTEE - ok
20:25:58.0176 2360 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
20:25:58.0178 2360 MTsensor - ok
20:25:58.0232 2360 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:25:58.0238 2360 Mup - ok
20:25:58.0442 2360 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:25:58.0478 2360 napagent - ok
20:25:58.0688 2360 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:25:58.0694 2360 NativeWifiP - ok
20:25:58.0892 2360 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:25:58.0895 2360 NDIS - ok
20:25:59.0081 2360 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:25:59.0089 2360 NdisTapi - ok
20:25:59.0211 2360 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:25:59.0213 2360 Ndisuio - ok
20:25:59.0519 2360 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:25:59.0523 2360 NdisWan - ok
20:25:59.0864 2360 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:25:59.0867 2360 NDProxy - ok
20:25:59.0931 2360 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:25:59.0934 2360 NetBIOS - ok
20:25:59.0985 2360 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:25:59.0992 2360 netbt - ok
20:26:00.0050 2360 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
20:26:00.0051 2360 Netlogon - ok
20:26:00.0238 2360 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:26:00.0254 2360 Netman - ok
20:26:00.0301 2360 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:26:00.0306 2360 netprofm - ok
20:26:00.0378 2360 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:26:00.0385 2360 NetTcpPortSharing - ok
20:26:00.0709 2360 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
20:26:00.0758 2360 NETw4v32 - ok
20:26:00.0798 2360 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:26:00.0800 2360 nfrd960 - ok
20:26:00.0841 2360 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:26:00.0844 2360 NisDrv - ok
20:26:01.0012 2360 NisSrv (a5cb074f34bbd89948e34a630d459c0c) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
20:26:01.0048 2360 NisSrv - ok
20:26:01.0087 2360 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:26:01.0091 2360 NlaSvc - ok
20:26:01.0144 2360 nmwcd - ok
20:26:01.0202 2360 nmwcdc - ok
20:26:01.0281 2360 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:26:01.0286 2360 Npfs - ok
20:26:01.0339 2360 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:26:01.0344 2360 nsi - ok
20:26:01.0373 2360 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:26:01.0380 2360 nsiproxy - ok
20:26:01.0690 2360 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:26:01.0715 2360 Ntfs - ok
20:26:01.0853 2360 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:26:01.0855 2360 ntrigdigi - ok
20:26:01.0910 2360 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
20:26:01.0912 2360 NuidFltr - ok
20:26:01.0956 2360 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:26:01.0959 2360 Null - ok
20:26:02.0749 2360 nvlddmkm (340c9a91d457e4ae849f42b2688800e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:26:02.0886 2360 nvlddmkm - ok
20:26:03.0311 2360 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:26:03.0314 2360 nvraid - ok
20:26:03.0451 2360 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:26:03.0459 2360 nvstor - ok
20:26:03.0668 2360 nvsvc (094db57d79db133d97b6d4fccd1cbcd8) C:\Windows\system32\nvvsvc.exe
20:26:03.0674 2360 nvsvc - ok
20:26:03.0744 2360 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
20:26:03.0753 2360 nv_agp - ok
20:26:03.0784 2360 NwlnkFlt - ok
20:26:03.0834 2360 NwlnkFwd - ok
20:26:03.0986 2360 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:26:03.0998 2360 odserv - ok
20:26:04.0127 2360 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:26:04.0127 2360 ohci1394 - ok
20:26:04.0226 2360 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:26:04.0231 2360 ose - ok
20:26:04.0837 2360 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:26:04.0942 2360 osppsvc - ok
20:26:05.0132 2360 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:26:05.0149 2360 p2pimsvc - ok
20:26:05.0169 2360 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:26:05.0174 2360 p2psvc - ok
20:26:05.0243 2360 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:26:05.0245 2360 Parport - ok
20:26:05.0295 2360 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:26:05.0297 2360 partmgr - ok
20:26:05.0332 2360 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:26:05.0335 2360 Parvdm - ok
20:26:05.0382 2360 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:26:05.0386 2360 PcaSvc - ok
20:26:05.0426 2360 pccsmcfd - ok
20:26:05.0480 2360 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:26:05.0483 2360 pci - ok
20:26:05.0688 2360 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
20:26:05.0696 2360 pciide - ok
20:26:05.0874 2360 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:26:05.0879 2360 pcmcia - ok
20:26:05.0944 2360 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:26:05.0969 2360 PEAUTH - ok
20:26:06.0074 2360 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:26:06.0107 2360 pla - ok
20:26:06.0161 2360 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:26:06.0168 2360 PlugPlay - ok
20:26:06.0213 2360 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:26:06.0219 2360 PNRPAutoReg - ok
20:26:06.0234 2360 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:26:06.0239 2360 PNRPsvc - ok
20:26:06.0305 2360 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:26:06.0313 2360 PolicyAgent - ok
20:26:06.0360 2360 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:26:06.0363 2360 PptpMiniport - ok
20:26:06.0395 2360 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:26:06.0397 2360 Processor - ok
20:26:06.0443 2360 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:26:06.0448 2360 ProfSvc - ok
20:26:06.0501 2360 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
20:26:06.0503 2360 ProtectedStorage - ok
20:26:06.0621 2360 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:26:06.0622 2360 PSched - ok
20:26:06.0781 2360 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
20:26:06.0788 2360 PxHelp20 - ok
20:26:07.0017 2360 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:26:07.0039 2360 ql2300 - ok
20:26:07.0077 2360 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:26:07.0082 2360 ql40xx - ok
20:26:07.0153 2360 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:26:07.0161 2360 QWAVE - ok
20:26:07.0219 2360 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:26:07.0221 2360 QWAVEdrv - ok
20:26:07.0265 2360 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:26:07.0267 2360 RasAcd - ok
20:26:07.0320 2360 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:26:07.0328 2360 RasAuto - ok
20:26:07.0359 2360 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:26:07.0363 2360 Rasl2tp - ok
20:26:07.0421 2360 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:26:07.0430 2360 RasMan - ok
20:26:07.0463 2360 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:26:07.0465 2360 RasPppoe - ok
20:26:07.0507 2360 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:26:07.0513 2360 RasSstp - ok
20:26:07.0573 2360 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:26:07.0579 2360 rdbss - ok
20:26:07.0659 2360 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:26:07.0664 2360 RDPCDD - ok
20:26:07.0816 2360 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
20:26:07.0821 2360 rdpdr - ok
20:26:07.0932 2360 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:26:07.0937 2360 RDPENCDD - ok
20:26:07.0999 2360 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:26:08.0014 2360 RDPWD - ok
20:26:08.0096 2360 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:26:08.0103 2360 RemoteAccess - ok
20:26:08.0144 2360 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:26:08.0149 2360 RemoteRegistry - ok
20:26:08.0242 2360 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
20:26:08.0248 2360 RFCOMM - ok
20:26:08.0384 2360 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
20:26:08.0390 2360 RichVideo - ok
20:26:08.0505 2360 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
20:26:08.0508 2360 rimmptsk - ok
20:26:08.0579 2360 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:26:08.0583 2360 rimsptsk - ok
20:26:09.0001 2360 RimUsb - ok
20:26:09.0450 2360 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
20:26:09.0453 2360 RimVSerPort - ok
20:26:09.0530 2360 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
20:26:09.0532 2360 rismxdp - ok
20:26:09.0662 2360 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
20:26:09.0666 2360 ROOTMODEM - ok
20:26:09.0851 2360 RoxLiveShare9 - ok
20:26:09.0892 2360 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:26:09.0895 2360 RpcLocator - ok
20:26:09.0965 2360 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:26:09.0970 2360 RpcSs - ok
20:26:10.0136 2360 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:26:10.0144 2360 rspndr - ok
20:26:10.0179 2360 RTL8169 (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:26:10.0182 2360 RTL8169 - ok
20:26:10.0214 2360 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
20:26:10.0215 2360 SamSs - ok
20:26:10.0268 2360 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:26:10.0276 2360 sbp2port - ok
20:26:10.0312 2360 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:26:10.0316 2360 SCardSvr - ok
20:26:10.0375 2360 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:26:10.0392 2360 Schedule - ok
20:26:10.0420 2360 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:26:10.0421 2360 SCPolicySvc - ok
20:26:10.0456 2360 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:26:10.0459 2360 sdbus - ok
20:26:10.0505 2360 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:26:10.0510 2360 SDRSVC - ok
20:26:10.0583 2360 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:26:10.0590 2360 secdrv - ok
20:26:10.0717 2360 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:26:10.0723 2360 seclogon - ok
20:26:10.0770 2360 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:26:10.0773 2360 SENS - ok
20:26:10.0811 2360 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:26:10.0814 2360 Serenum - ok
20:26:10.0885 2360 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:26:10.0891 2360 Serial - ok
20:26:10.0928 2360 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:26:10.0930 2360 sermouse - ok
20:26:10.0969 2360 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:26:10.0974 2360 SessionEnv - ok
20:26:11.0009 2360 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
20:26:11.0011 2360 sffdisk - ok
20:26:11.0043 2360 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
20:26:11.0045 2360 sffp_mmc - ok
20:26:11.0066 2360 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:26:11.0067 2360 sffp_sd - ok
20:26:11.0090 2360 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:26:11.0093 2360 sfloppy - ok
20:26:11.0143 2360 SGFPUSB (26e7fcc7332aee307666a7ee314f7074) C:\Windows\system32\DRIVERS\SGFu03d.sys
20:26:11.0145 2360 SGFPUSB - ok
20:26:11.0205 2360 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:26:11.0211 2360 SharedAccess - ok
20:26:11.0259 2360 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:26:11.0266 2360 ShellHWDetection - ok
20:26:11.0291 2360 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
20:26:11.0293 2360 sisagp - ok
20:26:11.0318 2360 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:26:11.0321 2360 SiSRaid2 - ok
20:26:11.0347 2360 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:26:11.0350 2360 SiSRaid4 - ok
20:26:11.0520 2360 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:26:11.0595 2360 slsvc - ok
20:26:11.0912 2360 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:26:11.0916 2360 SLUINotify - ok
20:26:12.0068 2360 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:26:12.0072 2360 Smb - ok
20:26:12.0172 2360 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
20:26:12.0222 2360 smserial - ok
20:26:12.0275 2360 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:26:12.0280 2360 SNMPTRAP - ok
20:26:12.0351 2360 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:26:12.0352 2360 spldr - ok
20:26:12.0499 2360 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:26:12.0504 2360 Spooler - ok
20:26:12.0608 2360 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
20:26:12.0773 2360 srv - ok
20:26:13.0064 2360 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
20:26:13.0068 2360 srv2 - ok
20:26:13.0138 2360 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
20:26:13.0141 2360 srvnet - ok
20:26:13.0241 2360 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:26:13.0275 2360 SSDPSRV - ok
20:26:13.0304 2360 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:26:13.0309 2360 SstpSvc - ok
20:26:13.0430 2360 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:26:13.0453 2360 stisvc - ok
20:26:13.0495 2360 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:26:13.0496 2360 swenum - ok
20:26:13.0828 2360 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:26:13.0943 2360 SwitchBoard - ok
20:26:14.0303 2360 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:26:14.0342 2360 swprv - ok
20:26:14.0538 2360 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:26:14.0540 2360 Symc8xx - ok
20:26:14.0580 2360 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:26:14.0583 2360 Sym_hi - ok
20:26:14.0621 2360 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:26:14.0624 2360 Sym_u3 - ok
20:26:14.0965 2360 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
20:26:14.0967 2360 SynTP - ok
20:26:15.0346 2360 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:26:15.0393 2360 SysMain - ok
20:26:15.0518 2360 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:26:15.0523 2360 TabletInputService - ok
20:26:15.0582 2360 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:26:15.0589 2360 TapiSrv - ok
20:26:15.0623 2360 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:26:15.0626 2360 TBS - ok
20:26:15.0987 2360 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
20:26:16.0007 2360 Tcpip - ok
20:26:16.0111 2360 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
20:26:16.0116 2360 Tcpip6 - ok
20:26:16.0205 2360 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:26:16.0208 2360 tcpipreg - ok
20:26:16.0262 2360 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:26:16.0264 2360 TDPIPE - ok
20:26:16.0303 2360 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:26:16.0305 2360 TDTCP - ok
20:26:16.0395 2360 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:26:16.0399 2360 tdx - ok
20:26:16.0471 2360 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:26:16.0472 2360 TermDD - ok
20:26:16.0516 2360 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:26:16.0526 2360 TermService - ok
20:26:16.0582 2360 TfFsMon - ok
20:26:16.0621 2360 TfNetMon - ok
20:26:16.0647 2360 TFSysMon - ok
20:26:17.0083 2360 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:26:17.0086 2360 Themes - ok
20:26:17.0357 2360 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:26:17.0358 2360 THREADORDER - ok
20:26:17.0528 2360 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:26:17.0532 2360 TrkWks - ok
20:26:17.0573 2360 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:26:17.0575 2360 TrustedInstaller - ok
20:26:17.0625 2360 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:26:17.0627 2360 tssecsrv - ok
20:26:17.0667 2360 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:26:17.0668 2360 tunmp - ok
20:26:18.0123 2360 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:26:18.0127 2360 tunnel - ok
20:26:18.0279 2360 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:26:18.0282 2360 uagp35 - ok
20:26:18.0341 2360 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:26:18.0347 2360 udfs - ok
20:26:18.0384 2360 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:26:18.0392 2360 UI0Detect - ok
20:26:18.0422 2360 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
20:26:18.0424 2360 uliagpkx - ok
20:26:18.0479 2360 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:26:18.0488 2360 uliahci - ok
20:26:18.0514 2360 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:26:18.0517 2360 UlSata - ok
20:26:18.0548 2360 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:26:18.0552 2360 ulsata2 - ok
20:26:18.0583 2360 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:26:18.0586 2360 umbus - ok
20:26:18.0630 2360 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
20:26:18.0637 2360 UmRdpService - ok
20:26:18.0686 2360 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:26:18.0708 2360 upnphost - ok
20:26:18.0860 2360 upperdev - ok
20:26:19.0069 2360 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
20:26:19.0071 2360 USBAAPL - ok
20:26:19.0109 2360 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:26:19.0113 2360 usbaudio - ok
20:26:19.0157 2360 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:26:19.0164 2360 usbccgp - ok
20:26:19.0206 2360 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:26:19.0209 2360 usbcir - ok
20:26:19.0287 2360 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:26:19.0290 2360 usbehci - ok
20:26:19.0360 2360 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:26:19.0365 2360 usbhub - ok
20:26:19.0405 2360 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:26:19.0407 2360 usbohci - ok
20:26:19.0445 2360 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:26:19.0448 2360 usbprint - ok
20:26:19.0511 2360 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:26:19.0515 2360 usbscan - ok
20:26:19.0550 2360 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
20:26:19.0552 2360 usbser - ok
20:26:19.0564 2360 UsbserFilt - ok
20:26:19.0628 2360 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:26:19.0635 2360 USBSTOR - ok
20:26:19.0672 2360 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:26:19.0675 2360 usbuhci - ok
20:26:19.0705 2360 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:26:19.0709 2360 usbvideo - ok
20:26:19.0824 2360 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:26:19.0827 2360 UxSms - ok
20:26:20.0029 2360 VBoxDrv (d2ae7537116853e43081d96bdacf832b) C:\Windows\system32\DRIVERS\VBoxDrv.sys
20:26:20.0031 2360 VBoxDrv - ok
20:26:20.0120 2360 VBoxNetAdp (8154f6f948179f88c9bf08edce1fb06e) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
20:26:20.0121 2360 VBoxNetAdp - ok
20:26:20.0147 2360 VBoxNetFlt (1d2a48eed491f768d569b673da882811) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
20:26:20.0148 2360 VBoxNetFlt - ok
20:26:20.0178 2360 VBoxUSBMon (5a7fad7bc0dd64c2359c83171f10cb7a) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
20:26:20.0178 2360 VBoxUSBMon - ok
20:26:20.0269 2360 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:26:20.0281 2360 vds - ok
20:26:20.0332 2360 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:26:20.0334 2360 vga - ok
20:26:20.0383 2360 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:26:20.0386 2360 VgaSave - ok
20:26:20.0417 2360 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
20:26:20.0419 2360 viaagp - ok
20:26:20.0453 2360 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:26:20.0457 2360 ViaC7 - ok
20:26:20.0498 2360 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
20:26:20.0500 2360 viaide - ok
20:26:20.0567 2360 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:26:20.0569 2360 volmgr - ok
20:26:20.0625 2360 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:26:20.0631 2360 volmgrx - ok
20:26:20.0691 2360 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:26:20.0696 2360 volsnap - ok
20:26:20.0724 2360 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:26:20.0727 2360 vsmraid - ok
20:26:20.0904 2360 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:26:21.0071 2360 VSS - ok
20:26:21.0213 2360 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:26:21.0236 2360 W32Time - ok
20:26:21.0294 2360 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:26:21.0296 2360 WacomPen - ok
20:26:21.0300 2360 wampapache - ok
20:26:21.0304 2360 wampmysqld - ok
20:26:21.0366 2360 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:26:21.0371 2360 Wanarp - ok
20:26:21.0375 2360 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:26:21.0376 2360 Wanarpv6 - ok
20:26:21.0423 2360 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
20:26:21.0448 2360 wbengine - ok
20:26:21.0502 2360 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:26:21.0513 2360 wcncsvc - ok
20:26:21.0562 2360 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:26:21.0565 2360 WcsPlugInService - ok
20:26:21.0605 2360 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:26:21.0608 2360 Wd - ok
20:26:21.0647 2360 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:26:21.0657 2360 Wdf01000 - ok
20:26:21.0694 2360 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:26:21.0699 2360 WdiServiceHost - ok
20:26:21.0703 2360 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:26:21.0706 2360 WdiSystemHost - ok
20:26:21.0760 2360 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:26:21.0766 2360 WebClient - ok
20:26:21.0941 2360 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:26:21.0946 2360 Wecsvc - ok
20:26:22.0033 2360 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:26:22.0042 2360 wercplsupport - ok
20:26:22.0124 2360 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:26:22.0129 2360 WerSvc - ok
20:26:22.0207 2360 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:26:22.0229 2360 WinDefend - ok
20:26:22.0235 2360 WinHttpAutoProxySvc - ok
20:26:22.0329 2360 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:26:22.0332 2360 Winmgmt - ok
20:26:22.0406 2360 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:26:22.0434 2360 WinRM - ok
20:26:22.0499 2360 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:26:22.0515 2360 Wlansvc - ok
20:26:22.0696 2360 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:26:22.0743 2360 wlidsvc - ok
20:26:22.0985 2360 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
20:26:22.0987 2360 WmiAcpi - ok
20:26:23.0181 2360 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:26:23.0184 2360 wmiApSrv - ok
20:26:23.0292 2360 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:26:23.0309 2360 WMPNetworkSvc - ok
20:26:23.0331 2360 wordpressApache - ok
20:26:23.0338 2360 wordpressApache-1 - ok
20:26:23.0354 2360 wordpressApache-2 - ok
20:26:23.0363 2360 wordpressApache-3 - ok
20:26:23.0373 2360 wordpressApache-4 - ok
20:26:23.0380 2360 wordpressApache-5 - ok
20:26:23.0391 2360 wordpressApache-6 - ok
20:26:23.0406 2360 wordpressMySQL - ok
20:26:23.0419 2360 wordpressMySQL-1 - ok
20:26:23.0423 2360 wordpressMySQL-2 - ok
20:26:23.0430 2360 wordpressMySQL-3 - ok
20:26:23.0439 2360 wordpressMySQL-4 - ok
20:26:23.0446 2360 wordpressMySQL-5 - ok
20:26:23.0455 2360 wordpressMySQL-6 - ok
20:26:23.0551 2360 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:26:23.0557 2360 WPCSvc - ok
20:26:23.0602 2360 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:26:23.0607 2360 WPDBusEnum - ok
20:26:23.0669 2360 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:26:23.0672 2360 WpdUsb - ok
20:26:24.0044 2360 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:26:24.0124 2360 WPFFontCache_v0400 - ok
20:26:24.0224 2360 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:26:24.0226 2360 ws2ifsl - ok
20:26:24.0286 2360 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
20:26:24.0290 2360 wscsvc - ok
20:26:24.0306 2360 WSearch - ok
20:26:24.0501 2360 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:26:24.0543 2360 wuauserv - ok
20:26:24.0614 2360 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
20:26:24.0616 2360 WudfPf - ok
20:26:24.0662 2360 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:26:24.0667 2360 WUDFRd - ok
20:26:24.0709 2360 wudfsvc (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
20:26:24.0714 2360 wudfsvc - ok
20:26:24.0764 2360 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:26:24.0841 2360 \Device\Harddisk0\DR0 - ok
20:26:24.0848 2360 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR1
20:26:27.0616 2360 \Device\Harddisk2\DR1 - ok
20:26:27.0625 2360 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR2
20:26:27.0628 2360 \Device\Harddisk3\DR2 - ok
20:26:28.0025 2360 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR3
20:26:28.0029 2360 \Device\Harddisk4\DR3 - ok
20:26:28.0055 2360 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR4
20:26:28.0058 2360 \Device\Harddisk5\DR4 - ok
20:26:28.0091 2360 Boot (0x1200) (5ee9df10fd6b143abfd8e573930845f7) \Device\Harddisk0\DR0\Partition0
20:26:28.0098 2360 \Device\Harddisk0\DR0\Partition0 - ok
20:26:28.0199 2360 Boot (0x1200) (dce5fb10efd7cd8f8c645d4cf571bfc1) \Device\Harddisk0\DR0\Partition1
20:26:28.0201 2360 \Device\Harddisk0\DR0\Partition1 - ok
20:26:28.0219 2360 Boot (0x1200) (e5b1c7a7847ef14743cd5e9597256a74) \Device\Harddisk0\DR0\Partition2
20:26:28.0221 2360 \Device\Harddisk0\DR0\Partition2 - ok
20:26:28.0228 2360 Boot (0x1200) (7afadc2194645fe786960f4360b86020) \Device\Harddisk2\DR1\Partition0
20:26:28.0229 2360 \Device\Harddisk2\DR1\Partition0 - ok
20:26:28.0234 2360 Boot (0x1200) (2948599a38ec9213754e441d49dc783c) \Device\Harddisk3\DR2\Partition0
20:26:28.0236 2360 \Device\Harddisk3\DR2\Partition0 - ok
20:26:28.0241 2360 Boot (0x1200) (b6f7646efd95f7c102e30b934a22ea35) \Device\Harddisk4\DR3\Partition0
20:26:28.0244 2360 \Device\Harddisk4\DR3\Partition0 - ok
20:26:28.0249 2360 Boot (0x1200) (0e5221bfdef92dc566149b9055083f70) \Device\Harddisk5\DR4\Partition0
20:26:28.0251 2360 \Device\Harddisk5\DR4\Partition0 - ok
20:26:28.0251 2360 ============================================================
20:26:28.0251 2360 Scan finished
20:26:28.0251 2360 ============================================================
20:26:28.0265 5640 Detected object count: 0
20:26:28.0265 5640 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:26 PM

Posted 29 March 2012 - 02:39 PM

Hello


Now i would like you to run aswMBR for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 MTF5

MTF5
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 29 March 2012 - 03:03 PM

HI Gringo

please find the aswMBR log file below

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-29 20:29:35
-----------------------------
20:29:35.174 OS Version: Windows 6.0.6002 Service Pack 2
20:29:35.174 Number of processors: 2 586 0xF0B
20:29:35.175 ComputerName: MARCUS-PC UserName: Owner
20:29:48.993 Initialize success
20:33:13.923 AVAST engine defs: 12032901
20:33:19.674 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:33:19.676 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
20:33:19.683 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
20:33:19.685 Disk 1 Vendor: ( Size: 7656MB BusType: 12
20:33:19.699 Disk 0 MBR read successfully
20:33:19.703 Disk 0 MBR scan
20:33:19.707 Disk 0 Windows VISTA default MBR code
20:33:19.716 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102016 MB offset 2048
20:33:19.734 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 187461 MB offset 208930816
20:33:19.762 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 187461 MB offset 592850944
20:33:19.770 Disk 0 scanning sectors +976773152
20:33:19.813 Disk 0 scanning C:\Windows\system32\drivers
20:33:32.503 Service scanning
20:33:42.608 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:33:58.796 Modules scanning
20:34:06.534 Disk 0 trace - called modules:
20:34:06.573 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
20:34:06.577 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88245ac8]
20:34:06.582 3 CLASSPNP.SYS[8bfcc8b3] -> nt!IofCallDriver -> [0x871b06b8]
20:34:06.585 5 acpi.sys[8068a6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x871ba030]
20:34:07.952 AVAST engine scan C:\Windows
20:34:11.821 AVAST engine scan C:\Windows\system32
20:37:31.215 AVAST engine scan C:\Windows\system32\drivers
20:37:48.028 AVAST engine scan C:\Users\Owner
20:46:21.017 File: C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\778218b0-125fdb65 **INFECTED** Win32:MalOb-JW [Cryp]
20:54:01.733 AVAST engine scan C:\ProgramData
20:58:14.111 Scan finished successfully
21:01:18.426 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
21:01:18.433 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:26 PM

Posted 29 March 2012 - 04:44 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 MTF5

MTF5
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 29 March 2012 - 05:36 PM

Hi Gringo , once again many thanks for the help and support

I have run the script throgh combofix below id the report

ComboFix 12-03-29.01 - Owner 29/03/2012 23:01:16.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3070.1629 [GMT 1:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
G:\Autorun.inf
.----- File Replicators -----
.
g:\mflpro\Setup7010\CanFre\Setup.exe
g:\mflpro\Setup7010\Chn\Setup.exe
g:\mflpro\Setup7010\Cze\Setup.exe
g:\mflpro\Setup7010\Dan\Setup.exe
g:\mflpro\Setup7010\Dut\Setup.exe
g:\mflpro\Setup7010\Eng\Setup.exe
g:\mflpro\Setup7010\Fre\Setup.exe
g:\mflpro\Setup7010\Ger\Setup.exe
g:\mflpro\Setup7010\Hun\Setup.exe
g:\mflpro\Setup7010\Ita\Setup.exe
g:\mflpro\Setup7010\Nor\Setup.exe
g:\mflpro\Setup7010\Pol\Setup.exe
g:\mflpro\Setup7010\Por\Setup.exe
g:\mflpro\Setup7010\Rus\Setup.exe
g:\mflpro\Setup7010\Spa\Setup.exe
g:\mflpro\Setup7010\Swe\Setup.exe
g:\mflpro\Setup7010\Usa\Setup.exe
g:\mflpro\Setup7025\CanFre\Setup.exe
g:\mflpro\Setup7025\Chn\Setup.exe
g:\mflpro\Setup7025\Cze\Setup.exe
g:\mflpro\Setup7025\Dan\Setup.exe
g:\mflpro\Setup7025\Dut\Setup.exe
g:\mflpro\Setup7025\Eng\Setup.exe
g:\mflpro\Setup7025\Fre\Setup.exe
g:\mflpro\Setup7025\Ger\Setup.exe
g:\mflpro\Setup7025\Hun\Setup.exe
g:\mflpro\Setup7025\Ita\Setup.exe
g:\mflpro\Setup7025\Nor\Setup.exe
g:\mflpro\Setup7025\Pol\Setup.exe
g:\mflpro\Setup7025\Por\Setup.exe
g:\mflpro\Setup7025\Rus\Setup.exe
g:\mflpro\Setup7025\Spa\Setup.exe
g:\mflpro\Setup7025\Swe\Setup.exe
g:\mflpro\Setup7025\Usa\Setup.exe
g:\mflpro\Setup7225N\CanFre\Setup.exe
g:\mflpro\Setup7225N\Chn\Setup.exe
g:\mflpro\Setup7225N\Cze\Setup.exe
g:\mflpro\Setup7225N\Dan\Setup.exe
g:\mflpro\Setup7225N\Dut\Setup.exe
g:\mflpro\Setup7225N\Eng\Setup.exe
g:\mflpro\Setup7225N\Fre\Setup.exe
g:\mflpro\Setup7225N\Ger\Setup.exe
g:\mflpro\Setup7225N\Hun\Setup.exe
g:\mflpro\Setup7225N\Ita\Setup.exe
g:\mflpro\Setup7225N\Nor\Setup.exe
g:\mflpro\Setup7225N\Pol\Setup.exe
g:\mflpro\Setup7225N\Por\Setup.exe
g:\mflpro\Setup7225N\Rus\Setup.exe
g:\mflpro\Setup7225N\Spa\Setup.exe
g:\mflpro\Setup7225N\Swe\Setup.exe
g:\mflpro\Setup7225N\Usa\Setup.exe
g:\mflpro\Setup7420\CanFre\Setup.exe
g:\mflpro\Setup7420\Chn\Setup.exe
g:\mflpro\Setup7420\Cze\Setup.exe
g:\mflpro\Setup7420\Dan\Setup.exe
g:\mflpro\Setup7420\Dut\Setup.exe
g:\mflpro\Setup7420\Eng\Setup.exe
g:\mflpro\Setup7420\Fre\Setup.exe
g:\mflpro\Setup7420\Ger\Setup.exe
g:\mflpro\Setup7420\Hun\Setup.exe
g:\mflpro\Setup7420\Ita\Setup.exe
g:\mflpro\Setup7420\Nor\Setup.exe
g:\mflpro\Setup7420\Pol\Setup.exe
g:\mflpro\Setup7420\Por\Setup.exe
g:\mflpro\Setup7420\Rus\Setup.exe
g:\mflpro\Setup7420\Spa\Setup.exe
g:\mflpro\Setup7420\Swe\Setup.exe
g:\mflpro\Setup7420\Usa\Setup.exe
g:\mflpro\Setup7820N\CanFre\Setup.exe
g:\mflpro\Setup7820N\Chn\Setup.exe
g:\mflpro\Setup7820N\Cze\Setup.exe
g:\mflpro\Setup7820N\Dan\Setup.exe
g:\mflpro\Setup7820N\Dut\Setup.exe
g:\mflpro\Setup7820N\Eng\Setup.exe
g:\mflpro\Setup7820N\Fre\Setup.exe
g:\mflpro\Setup7820N\Ger\Setup.exe
g:\mflpro\Setup7820N\Hun\Setup.exe
g:\mflpro\Setup7820N\Ita\Setup.exe
g:\mflpro\Setup7820N\Nor\Setup.exe
g:\mflpro\Setup7820N\Pol\Setup.exe
g:\mflpro\Setup7820N\Por\Setup.exe
g:\mflpro\Setup7820N\Rus\Setup.exe
g:\mflpro\Setup7820N\Spa\Setup.exe
g:\mflpro\Setup7820N\Swe\Setup.exe
g:\mflpro\Setup7820N\Usa\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 22:11 . 2012-03-29 22:23 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-03-29 22:11 . 2012-03-29 22:11 -------- d-----w- c:\users\marcus\AppData\Local\temp
2012-03-29 22:11 . 2012-03-29 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 21:57 . 2012-03-29 21:57 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB9EC6B0-E874-45E6-A0F7-0F9FA7B37D78}\MpKslfbc383aa.sys
2012-03-29 20:36 . 2012-03-13 18:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB9EC6B0-E874-45E6-A0F7-0F9FA7B37D78}\mpengine.dll
2012-03-29 19:29 . 2012-03-29 19:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 04:57 . 2012-03-13 18:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-27 13:55 . 2012-03-27 13:56 -------- d-----w- c:\programdata\HitmanPro
2012-03-27 13:54 . 2012-03-27 13:54 -------- d-----w- c:\programdata\Hitman Pro
2012-03-27 13:44 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-03-27 13:44 . 2011-02-12 08:39 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-03-27 13:43 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-27 12:23 . 2012-03-27 12:22 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74251E13-3546-4A56-836A-2004EC496F4E}\gapaengine.dll
2012-03-27 12:16 . 2012-03-27 12:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-27 11:59 . 2012-03-27 11:59 -------- d-----w- c:\programdata\LightScribe
2012-03-24 17:29 . 2012-03-24 17:29 -------- d-----w- c:\program files\Lavasoft
2012-03-23 14:24 . 2012-03-23 14:24 -------- d-----w- c:\users\Owner\AppData\Local\Threat Expert
2012-03-23 14:18 . 2012-03-23 14:18 -------- d-----w- c:\users\Owner\AppData\Roaming\PCTools
2012-03-23 08:19 . 2012-03-23 08:19 -------- d-----w- C:\New Folder (2)
2012-03-22 22:20 . 2012-03-22 22:20 -------- d-----w- c:\users\Owner\AppData\Roaming\TestApp
2012-03-22 19:51 . 2012-03-27 11:54 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-22 19:48 . 2012-03-27 11:43 -------- d-----w- c:\programdata\PC Tools
2012-03-02 10:54 . 2012-03-02 10:54 5164704 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-03-01 12:00 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\MFC40.bak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 12:07 . 2011-06-13 19:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2009-10-15 23:06 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-03 18:47 365648 ----a-w- d:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-03 18:47 365648 ----a-w- d:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-03 18:47 365648 ----a-w- d:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-03 18:47 365648 ----a-w- d:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-16 39408]
"VistaStartMenu"="d:\program files\Vista Start Menu\VistaStartMenu.exe" [2010-04-27 2786176]
"SugarSync"="d:\program files\SugarSync\SugarSyncManager.exe" [2012-02-03 9401424]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-10-31 107000]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"DriveHQ FileManager"="c:\program files\DriveHQ\DriveHQ FileManager\FileManager.exe" [2009-12-15 1824768]
"CAHeadless"="d:\adobeelements\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-05 615808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-22 210216]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-09-23 210216]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-24 210472]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-05 4669440]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-04-02 87336]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-30 328992]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-30 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-30 13535776]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-02-21 62760]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-16 122880]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"DVD or CD Sharing"="c:\program files\DVD or CD Sharing\ODSAgent.exe" [2008-02-20 619832]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-10 3618104]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-18 1089536]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"AirMac Base Station Agent"="c:\program files\AirMac\APAgent.exe" [2009-11-11 771360]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - d:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [N/A]
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
FruitfulTime BookmarkManager.lnk - d:\program files\FruitfulTime\FruitfulTime BookmarkManager\BookmarkManager.exe [N/A]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-11-25 333088]
Quick Cliq.lnk - c:\users\Owner\AppData\Local\Temp\Rar$EX00.133\Quick Cliq.exe [N/A]
Run Listening VNC Viewer.lnk - c:\program files\RealVNC\VNC4\vncviewer.exe [2009-10-16 582648]
Run VNC Server.lnk - c:\program files\RealVNC\VNC4\winvnc4.exe [2009-10-16 836600]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
PhraseExpress.lnk - c:\program files\PhraseExpress\phraseexpress.exe [2010-5-13 7346760]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [N/A]
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2011-11-8 7070608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 04:28]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 04:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.performancesailing.co.nz/
mStart Page = hxxp://www.bigseekpro.com/imtoodownloadyoutube/{FCA226C2-B434-4BEB-954C-113B3B27A7DA}
uInternet Settings,ProxyOverride = *.local;<local>
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download with ImTOO Download YouTube Video - d:\program files\ImTOO\Download YouTube Video\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9zgyec4m.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.performancesailing.co.nz
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ImTOODownload YouTube Toolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-29 23:22
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\CF11.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3928)
c:\program files\RocketDock\RocketDock.dll
c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
d:\program files\Vista Start Menu\VistaStartMenu.dll
c:\program files\DriveHQ\DriveHQ FileManager\ShellCopyHookDLL.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\conime.exe
c:\windows\system32\DllHost.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\TechSmith\Snagit 10\TSCHelp.exe
c:\program files\TechSmith\Snagit 10\SnagPriv.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files\TechSmith\Snagit 10\snagiteditor.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-03-29 23:32:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-29 22:31
ComboFix2.txt 2012-03-29 10:03
.
Pre-Run: 1,341,870,080 bytes free
Post-Run: 1,538,170,880 bytes free
.
- - End Of File - - 4E38684901DDF5240070319D3833AE38

#13 MTF5

MTF5
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 29 March 2012 - 05:48 PM

Hi Gringo

Google is now behaving as normal with no redirect, have tried a variety searches. Both IE and Firefox are working as they should

thanks for your help, do i need to do any tidying up ?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:26 PM

Posted 29 March 2012 - 05:59 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 29
McAfee Security Scan Plus
MP3 Rocket
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 MTF5

MTF5
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 30 March 2012 - 08:22 AM

Hi Gringo ,

Ok got through the list to the last two items Mbam and Hijackthis. On running Mbam computer rebooted its self and i had problems getting it to boot to a login screen. Several hard boots later all now working except that I have access issues in C:\documents and setting with folders not accessible and access denied. At the same time I have lost copy and paste in all programmes ? As a result I attcahed the log files sorry will work on the copy and paste isse unless you have a solution?

Many thanks

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users