Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects to happili


  • This topic is locked This topic is locked
11 replies to this topic

#1 Trilz

Trilz

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 08 April 2012 - 01:15 AM

Hello, I have a Trojan.Agent that is located in svchost.exe according to malwarebytes.
I have run Mwb numerous times and it still keeps coming back.

I ran combofix and these are the logs:


ComboFix 12-04-07.03 - Brandon 04/07/2012 23:28:14.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.12279.9747 [GMT -4:00]
Running from: c:\users\Brandon\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\Brandon\Favorites\Videos.url
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 03:33 . 2012-04-08 03:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-07 15:11 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-07 12:44 . 2012-04-07 14:55 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-04-07 12:44 . 2012-04-07 14:55 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-04-07 12:44 . 2012-04-07 12:44 -------- d--h--w- c:\programdata\Common Files
2012-04-07 12:42 . 2012-04-07 14:55 -------- d-----w- c:\programdata\AVG2012
2012-04-07 12:42 . 2012-04-07 12:42 -------- d-----w- C:\$AVG
2012-04-06 04:41 . 2012-04-06 04:41 -------- d-----w- c:\program files (x86)\GUMCC24.tmp
2012-04-06 04:41 . 2012-04-06 04:41 3993600 ----a-w- c:\program files (x86)\GUTCC25.tmp
2012-04-06 04:28 . 2012-04-07 14:48 -------- d-----w- c:\program files\Google
2012-04-06 03:52 . 2012-04-07 14:47 -------- d-----w- c:\program files (x86)\Conduit
2012-04-06 03:52 . 2012-04-06 03:52 -------- d-----w- c:\program files (x86)\Yontoo
2012-04-05 16:17 . 2012-04-05 16:17 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync
2012-04-05 16:16 . 2012-04-07 14:48 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-04-05 16:16 . 2012-04-05 16:16 -------- d-----w- c:\windows\PCHEALTH
2012-04-05 16:14 . 2012-04-05 16:14 -------- d-----r- C:\MSOCache
2012-04-05 16:06 . 2012-04-05 16:06 -------- d-----w- c:\windows\Sun
2012-04-05 08:02 . 2012-04-05 08:02 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-05 08:02 . 2012-04-05 08:02 -------- d-----w- c:\windows\system32\Wat
2012-04-05 07:59 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-04-05 07:59 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-04-05 07:59 . 2012-04-05 09:03 -------- d-----w- C:\Emergency
2012-04-05 07:58 . 2012-04-05 07:58 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-05 07:57 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-04-05 07:57 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-04-05 07:57 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-04-05 07:57 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-04-05 07:57 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-04-05 07:57 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-04-05 07:57 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-04-05 07:57 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-04-05 07:57 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-04-05 07:57 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-04-05 07:49 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-05 07:48 . 2010-12-21 06:15 264192 ----a-w- c:\windows\system32\upnp.dll
2012-04-05 07:47 . 2011-02-19 06:36 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-04-05 07:46 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-05 07:43 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2012-04-05 07:43 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-04-05 07:43 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2012-04-05 07:43 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-04-05 07:43 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-04-05 07:43 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-04-05 07:43 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-04-05 07:43 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-04-05 07:43 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-04-05 07:43 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-04-05 07:43 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-04-05 07:43 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-05 07:42 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2012-04-05 07:42 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-04-05 07:39 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-05 07:39 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-05 07:05 . 2012-04-05 07:05 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-05 07:04 . 2012-04-07 12:53 -------- d-----w- c:\programdata\MFAData
2012-04-05 07:04 . 2012-04-05 07:04 -------- d-----w- c:\programdata\Malwarebytes
2012-04-05 07:04 . 2012-04-05 07:04 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-04-05 07:04 . 2012-04-05 07:04 -------- d-----w- c:\programdata\AVG Secure Search
2012-04-05 07:04 . 2012-04-05 07:04 -------- d-----w- c:\program files\iPod
2012-04-05 07:04 . 2012-04-05 07:04 -------- d-----w- c:\program files (x86)\iTunes
2012-04-05 07:04 . 2012-04-07 14:48 -------- d-----w- c:\program files (x86)\Vuze
2012-04-05 07:04 . 2012-04-05 07:04 -------- d-----w- c:\program files (x86)\Ventrilo
2012-04-05 07:00 . 2012-04-05 07:00 8738464 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-05 06:50 . 2012-04-05 06:50 -------- d-----w- c:\program files (x86)\StarCraft II
2012-04-05 06:50 . 2012-04-05 06:50 -------- d-----w- c:\program files (x86)\PS3 Media Server
2012-04-05 06:50 . 2012-04-05 06:50 -------- d-----w- c:\program files (x86)\NirSoft
2012-04-05 06:37 . 2012-04-06 06:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-05 06:37 . 2012-04-06 06:04 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-05 06:37 . 2012-04-07 14:49 -------- d-----w- c:\windows\system32\Macromed
2012-04-05 06:34 . 2012-04-07 14:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-05 06:33 . 2012-04-07 14:48 -------- d-----w- c:\program files (x86)\Java
2012-04-05 06:11 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-05 06:11 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-05 06:11 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-05 06:11 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-05 06:11 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-05 06:11 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-05 06:11 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-05 06:09 . 2012-04-08 01:14 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks
2012-04-05 06:08 . 2012-04-07 14:56 -------- d-----w- c:\users\Brandon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 06:33 . 2010-12-07 16:19 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-29 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-06 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-06 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-04 14648]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-10-27 117608]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-12-06 161168]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-08-18 1692480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AWOPFilterDriver;AWOPFilterDriver;c:\windows\system32\drivers\AWOPFilterDriver.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 06:04]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-06 04:28]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-06 04:28]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3951485521-2474660935-3320543124-1001Core.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-05 06:29]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3951485521-2474660935-3320543124-1001UA.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-05 06:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-04 61256]
"Thermal Controller"="c:\program files\Alienware\Command Center\ThermalController.exe" [2010-05-04 167736]
"Launch Keyboard CI"="c:\program files\Alienware\Alienware TactX Keyboard CI\txkbci.exe" [2009-05-28 3438088]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-(Default) - (no file)
AddRemove-World of Warcraft - c:\users\Public\Games\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\04\05\06\033+?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-07 23:35:40
ComboFix-quarantined-files.txt 2012-04-08 03:35
.
Pre-Run: 356,121,559,040 bytes free
Post-Run: 356,420,808,704 bytes free
.
- - End Of File - - 9AEFF3C8874872441969252030723E0C

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 08 April 2012 - 01:56 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Trilz

Trilz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 08 April 2012 - 02:20 AM

Ok here are the logs:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Brandon at 3:10:53 on 2012-04-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.12279.9104 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\ThermalController.exe
C:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Alienware\Command Center\RemotingServiceController.exe
C:\Program Files\Alienware\Command Center\DoorController.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120407113051.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9F8B7E8D-6B2C-4348-87A9-0382A267CF17} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120407113051.dll
BHO-X64: scriptproxy - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-4 14648]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BPowMon;Broadcom Power monitoring service;C:\Program Files\Broadcom\BPowMon\BPowMon.exe [2009-10-27 117608]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-7 13336]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-4-5 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-4-5 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-4-5 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-12-7 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-12-7 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-12-7 161168]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2010-12-7 1692480]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AWOPFilterDriver;AWOPFilterDriver;\??\C:\Windows\system32\drivers\AWOPFilterDriver.sys --> C:\Windows\system32\drivers\AWOPFilterDriver.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-6 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 253600]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-6 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-4-5 249936]
.
=============== Created Last 30 ================
.
2012-04-08 04:58:47 20480 ----a-w- C:\Windows\svchost.exe
2012-04-08 03:43:37 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-08 03:21:13 98816 ----a-w- C:\Windows\sed.exe
2012-04-08 03:21:13 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-08 03:21:13 256000 ----a-w- C:\Windows\PEV.exe
2012-04-08 03:21:13 208896 ----a-w- C:\Windows\MBR.exe
2012-04-07 15:11:07 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-07 12:44:40 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-04-07 12:44:38 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-04-07 12:44:15 -------- d--h--w- C:\ProgramData\Common Files
2012-04-07 12:42:47 -------- d-----w- C:\ProgramData\AVG2012
2012-04-07 12:42:47 -------- d-----w- C:\$AVG
2012-04-06 04:41:16 3993600 ----a-w- C:\Program Files (x86)\GUTCC25.tmp
2012-04-06 04:41:16 -------- d-----w- C:\Program Files (x86)\GUMCC24.tmp
2012-04-06 03:53:09 -------- d-----w- C:\Users\Brandon\AppData\Local\I Want This
2012-04-06 03:52:38 -------- d-----w- C:\Users\Brandon\.swt
2012-04-06 03:52:26 -------- d-----w- C:\Program Files (x86)\Yontoo
2012-04-06 03:52:26 -------- d-----w- C:\Program Files (x86)\Conduit
2012-04-06 03:50:31 -------- d-----w- C:\Users\Brandon\AppData\Local\Conduit
2012-04-06 03:50:31 -------- d-----w- C:\Program Files (x86)\Vuze_Remote
2012-04-05 16:17:13 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
2012-04-05 16:16:25 -------- d-----w- C:\Windows\PCHEALTH
2012-04-05 08:02:00 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-05 08:02:00 -------- d-----w- C:\Windows\System32\Wat
2012-04-05 07:59:26 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-04-05 07:59:26 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-04-05 07:59:04 -------- d-----w- C:\Emergency
2012-04-05 07:58:43 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-04-05 07:57:36 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-04-05 07:57:36 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-04-05 07:57:36 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-04-05 07:57:36 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-04-05 07:57:36 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-04-05 07:57:36 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-04-05 07:57:36 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-04-05 07:57:36 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-04-05 07:57:36 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-04-05 07:57:36 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-04-05 07:49:59 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-04-05 07:48:52 264192 ----a-w- C:\Windows\System32\upnp.dll
2012-04-05 07:47:51 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-04-05 07:46:58 5510528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-05 07:43:37 720896 ----a-w- C:\Windows\System32\odbc32.dll
2012-04-05 07:43:36 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2012-04-05 07:43:36 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-04-05 07:43:35 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-04-05 07:43:35 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-04-05 07:43:34 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-04-05 07:43:33 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-04-05 07:43:33 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-04-05 07:43:32 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-04-05 07:43:32 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-04-05 07:43:08 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-04-05 07:43:06 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-04-05 07:42:27 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2012-04-05 07:42:25 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-04-05 07:39:49 77312 ----a-w- C:\Windows\System32\packager.dll
2012-04-05 07:39:49 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-04-05 07:08:11 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Tropico 4
2012-04-05 07:08:11 -------- d-----w- C:\Users\Brandon\AppData\Roaming\The Creative Assembly
2012-04-05 07:06:40 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Malwarebytes
2012-04-05 07:06:40 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Azureus
2012-04-05 07:06:40 -------- d-----w- C:\Users\Brandon\AppData\Roaming\.minecraft
2012-04-05 07:06:40 -------- d-----w- C:\Users\Brandon\AppData\Local\WinZip
2012-04-05 07:06:40 -------- d-----w- C:\Users\Brandon\AppData\Local\The Witcher
2012-04-05 07:06:33 -------- d-----w- C:\Users\Brandon\AppData\Local\Skyrim
2012-04-05 07:05:02 -------- d-----w- C:\Users\Brandon\AppData\Local\Akamai
2012-04-05 07:05:02 -------- d-----w- C:\Users\Brandon\AppData\Local\Adobe
2012-04-05 07:05:01 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-05 07:04:49 -------- d-----w- C:\ProgramData\MFAData
2012-04-05 07:04:49 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-05 07:04:49 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-04-05 07:04:48 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-04-05 07:04:48 -------- d-----w- C:\Program Files\iPod
2012-04-05 07:04:36 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-05 07:04:32 -------- d-----w- C:\Program Files (x86)\Vuze
2012-04-05 07:04:32 -------- d-----w- C:\Program Files (x86)\Ventrilo
2012-04-05 07:00:44 8738464 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-05 06:50:03 -------- d-----w- C:\Program Files (x86)\StarCraft II
2012-04-05 06:50:02 -------- d-----w- C:\Program Files (x86)\PS3 Media Server
2012-04-05 06:50:02 -------- d-----w- C:\Program Files (x86)\NirSoft
2012-04-05 06:37:29 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-05 06:37:29 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-05 06:29:53 -------- d-----w- C:\Users\Brandon\AppData\Local\Google
2012-04-05 06:29:05 -------- d-----w- C:\Users\Brandon\AppData\Local\Deployment
2012-04-05 06:29:05 -------- d-----w- C:\Users\Brandon\AppData\Local\Apps
2012-04-05 06:27:42 -------- d-----w- C:\Users\Brandon\My Backup Files
2012-04-05 06:11:32 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-05 06:11:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-05 06:11:32 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-05 06:11:32 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-05 06:11:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-05 06:11:31 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-05 06:11:31 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-05 06:10:36 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Intel Corporation
2012-04-05 06:10:35 -------- d-----w- C:\Users\Brandon\AppData\Local\ATI
2012-04-05 06:10:33 -------- d-----w- C:\Users\Brandon\AppData\Local\Broadcom
2012-04-05 06:10:23 -------- d-----w- C:\Users\Brandon\AppData\Local\Alienware
2012-04-05 06:09:24 -------- d-----w- C:\Users\Brandon\AppData\Local\VirtualStore
2012-04-05 06:09:00 -------- d-----w- C:\Users\Brandon\AppData\Local\SoftThinks
.
==================== Find3M ====================
.
2012-04-05 06:33:51 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 3:11:11.68 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 08 April 2012 - 02:25 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Trilz

Trilz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 08 April 2012 - 03:10 AM

Combofix logs:


ComboFix 12-04-07.03 - Brandon 04/08/2012 3:44.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.12279.10153 [GMT -4:00]
Running from: c:\users\Brandon\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 07:50 . 2012-04-08 07:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-07 15:11 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-07 12:44 . 2012-04-07 14:55 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-04-07 12:44 . 2012-04-07 14:55 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-04-07 12:44 . 2012-04-07 12:44 -------- d--h--w- c:\programdata\Common Files
2012-04-07 12:42 . 2012-04-07 14:55 -------- d-----w- c:\programdata\AVG2012
2012-04-07 12:42 . 2012-04-07 12:42 -------- d-----w- C:\$AVG
2012-04-06 04:41 . 2012-04-06 04:41 -------- d-----w- c:\program files (x86)\GUMCC24.tmp
2012-04-06 04:41 . 2012-04-06 04:41 3993600 ----a-w- c:\program files (x86)\GUTCC25.tmp
2012-04-06 04:28 . 2012-04-07 14:48 -------- d-----w- c:\program files\Google
2012-04-06 03:52 . 2012-04-07 14:47 -------- d-----w- c:\program files (x86)\Conduit
2012-04-06 03:52 . 2012-04-06 03:52 -------- d-----w- c:\program files (x86)\Yontoo
2012-04-05 16:17 . 2012-04-05 16:17 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync
2012-04-05 16:16 . 2012-04-07 14:48 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-04-05 16:16 . 2012-04-05 16:16 -------- d-----w- c:\windows\PCHEALTH
2012-04-05 16:14 . 2012-04-05 16:14 -------- d-----r- C:\MSOCache
2012-04-05 16:06 . 2012-04-05 16:06 -------- d-----w- c:\windows\Sun
2012-04-05 08:02 . 2012-04-05 08:02 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-05 08:02 . 2012-04-05 08:02 -------- d-----w- c:\windows\system32\Wat
2012-04-05 07:59 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-04-05 07:59 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-04-05 07:59 . 2012-04-05 09:03 -------- d-----w- C:\Emergency
2012-04-05 07:58 . 2012-04-05 07:58 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-05 07:57 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-04-05 07:57 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-04-05 07:57 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-04-05 07:57 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-04-05 07:57 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-04-05 07:57 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-04-05 07:57 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-04-05 07:57 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-04-05 07:57 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-04-05 07:57 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-04-05 07:49 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-05 07:48 . 2010-12-21 06:15 264192 ----a-w- c:\windows\system32\upnp.dll
2012-04-05 07:47 . 2011-02-19 06:36 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-04-05 07:46 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-05 07:43 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2012-04-05 07:43 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-04-05 07:43 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2012-04-05 07:43 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-04-05 07:43 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-04-05 07:43 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-04-05 07:43 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-04-05 07:43 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-04-05 07:43 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-04-05 07:43 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-04-05 07:43 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-04-05 07:43 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-05 07:42 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2012-04-05 07:42 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-04-05 07:39 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-05 07:39 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-05 07:05 . 2012-04-05 07:05 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-05 07:04 . 2012-04-07 12:53 -------- d-----w- c:\programdata\MFAData
2012-04-05 07:04 . 2012-04-05 07:04 -------- d-----w- c:\programdata\Malwarebytes
2012-04-05 07:04 . 2012-04-05 07:04 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-04-05 07:04 . 2012-04-05 07:04 -------- d-----w- c:\programdata\AVG Secure Search
2012-04-05 07:04 . 2012-04-05 07:04 -------- d-----w- c:\program files\iPod
2012-04-05 07:04 . 2012-04-05 07:04 -------- d-----w- c:\program files (x86)\iTunes
2012-04-05 07:04 . 2012-04-07 14:48 -------- d-----w- c:\program files (x86)\Vuze
2012-04-05 07:04 . 2012-04-05 07:04 -------- d-----w- c:\program files (x86)\Ventrilo
2012-04-05 07:00 . 2012-04-05 07:00 8738464 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-05 06:50 . 2012-04-05 06:50 -------- d-----w- c:\program files (x86)\StarCraft II
2012-04-05 06:50 . 2012-04-05 06:50 -------- d-----w- c:\program files (x86)\PS3 Media Server
2012-04-05 06:50 . 2012-04-05 06:50 -------- d-----w- c:\program files (x86)\NirSoft
2012-04-05 06:37 . 2012-04-06 06:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-05 06:37 . 2012-04-06 06:04 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-05 06:37 . 2012-04-07 14:49 -------- d-----w- c:\windows\system32\Macromed
2012-04-05 06:34 . 2012-04-07 14:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-05 06:33 . 2012-04-07 14:48 -------- d-----w- c:\program files (x86)\Java
2012-04-05 06:11 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-05 06:11 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-05 06:11 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-05 06:11 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-05 06:11 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-05 06:11 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-05 06:11 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-05 06:09 . 2012-04-08 04:58 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks
2012-04-05 06:08 . 2012-04-08 07:04 -------- d-----w- c:\users\Brandon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 06:33 . 2010-12-07 16:19 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-08_03.33.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-05 06:08 . 2012-04-08 07:17 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-04-05 06:08 . 2012-04-08 03:21 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-12-07 16:32 . 2012-04-08 04:59 40252 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-08 04:59 27100 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-05 09:03 . 2012-04-08 07:04 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-05 09:03 . 2012-04-08 03:17 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-05 09:03 . 2012-04-08 03:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-05 09:03 . 2012-04-08 07:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-08 07:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-08 03:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-05 09:02 . 2012-04-08 04:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-05 09:02 . 2012-04-08 01:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-05 09:02 . 2012-04-08 04:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-04-05 09:02 . 2012-04-08 01:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-05 09:02 . 2012-04-08 04:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-05 09:02 . 2012-04-08 01:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-05 06:17 . 2012-04-08 04:59 7696 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3951485521-2474660935-3320543124-1001_UserData.bin
- 2012-04-08 01:14 . 2012-04-08 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-08 04:57 . 2012-04-08 04:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-08 04:57 . 2012-04-08 04:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-08 01:14 . 2012-04-08 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-05 06:07 . 2012-04-08 03:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-04-05 06:07 . 2012-04-08 07:43 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-04-08 07:43 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-04-08 01:12 254452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-08 04:56 254452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-04-08 07:43 4931584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-08 03:27 4931584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-05 08:35 . 2012-04-08 04:56 1201650 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3951485521-2474660935-3320543124-1001-8192.dat
+ 2012-04-05 09:10 . 2012-04-08 03:41 7626608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3951485521-2474660935-3320543124-1001-4096.dat
- 2012-04-05 09:10 . 2012-04-08 01:12 7626608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3951485521-2474660935-3320543124-1001-4096.dat
- 2012-04-05 08:35 . 2012-04-08 01:12 8652636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-04-05 08:35 . 2012-04-08 04:56 8652636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-04-08 07:43 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-08 03:27 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-04-08 01:27 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-04-08 07:10 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-04-08 03:40 . 2012-03-04 21:19 56297240 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-29 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-06 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-06 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-04 14648]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-10-27 117608]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-12-06 161168]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-08-18 1692480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AWOPFilterDriver;AWOPFilterDriver;c:\windows\system32\drivers\AWOPFilterDriver.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 06:04]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-06 04:28]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-06 04:28]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3951485521-2474660935-3320543124-1001Core.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-05 06:29]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3951485521-2474660935-3320543124-1001UA.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-05 06:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-04 61256]
"Thermal Controller"="c:\program files\Alienware\Command Center\ThermalController.exe" [2010-05-04 167736]
"Launch Keyboard CI"="c:\program files\Alienware\Alienware TactX Keyboard CI\txkbci.exe" [2009-05-28 3438088]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\04\05\06\033+?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-08 03:52:30
ComboFix-quarantined-files.txt 2012-04-08 07:52
ComboFix2.txt 2012-04-08 03:35
.
Pre-Run: 357,799,600,128 bytes free
Post-Run: 357,449,089,024 bytes free
.
- - End Of File - - F7A0A2FECAC6C7F268FA4B22356118CA




After runnung combofix i am still being randomly redirected to happili during google searches.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 08 April 2012 - 03:18 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Trilz

Trilz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 08 April 2012 - 04:00 AM

TDSkiller logs:




04:29:12.0317 5136 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
04:29:12.0730 5136 ============================================================
04:29:12.0730 5136 Current date / time: 2012/04/08 04:29:12.0730
04:29:12.0730 5136 SystemInfo:
04:29:12.0730 5136
04:29:12.0730 5136 OS Version: 6.1.7600 ServicePack: 0.0
04:29:12.0730 5136 Product type: Workstation
04:29:12.0730 5136 ComputerName: BRANDON-PC
04:29:12.0730 5136 UserName: Brandon
04:29:12.0730 5136 Windows directory: C:\Windows
04:29:12.0730 5136 System windows directory: C:\Windows
04:29:12.0730 5136 Running under WOW64
04:29:12.0730 5136 Processor architecture: Intel x64
04:29:12.0730 5136 Number of processors: 8
04:29:12.0730 5136 Page size: 0x1000
04:29:12.0730 5136 Boot type: Normal boot
04:29:12.0730 5136 ============================================================
04:29:13.0253 5136 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:29:13.0266 5136 \Device\Harddisk0\DR0:
04:29:13.0266 5136 MBR used
04:29:13.0266 5136 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x19F5000
04:29:13.0266 5136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A09000, BlocksNum 0x48E4E800
04:29:13.0294 5136 Initialize success
04:29:13.0294 5136 ============================================================
04:29:40.0456 6344 ============================================================
04:29:40.0456 6344 Scan started
04:29:40.0456 6344 Mode: Manual;
04:29:40.0456 6344 ============================================================
04:29:43.0138 6344 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
04:29:43.0140 6344 1394ohci - ok
04:29:43.0233 6344 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
04:29:43.0237 6344 ACPI - ok
04:29:43.0435 6344 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
04:29:43.0467 6344 AcpiPmi - ok
04:29:43.0569 6344 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
04:29:43.0571 6344 AdobeFlashPlayerUpdateSvc - ok
04:29:43.0660 6344 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
04:29:43.0696 6344 adp94xx - ok
04:29:43.0904 6344 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
04:29:43.0912 6344 adpahci - ok
04:29:44.0047 6344 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
04:29:44.0052 6344 adpu320 - ok
04:29:44.0174 6344 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
04:29:44.0175 6344 AeLookupSvc - ok
04:29:44.0285 6344 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
04:29:44.0289 6344 AFD - ok
04:29:44.0379 6344 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
04:29:44.0382 6344 agp440 - ok
04:29:44.0486 6344 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
04:29:44.0490 6344 ALG - ok
04:29:44.0594 6344 AlienFusionService (ce91b46da6d4199655fdf330373920d7) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
04:29:44.0595 6344 AlienFusionService - ok
04:29:44.0704 6344 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
04:29:44.0708 6344 aliide - ok
04:29:44.0845 6344 AMD External Events Utility (3dc106c903c1bd42e2acc3d5deff9367) C:\Windows\system32\atiesrxx.exe
04:29:44.0846 6344 AMD External Events Utility - ok
04:29:44.0938 6344 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
04:29:44.0939 6344 amdide - ok
04:29:45.0056 6344 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
04:29:45.0059 6344 AmdK8 - ok
04:29:45.0263 6344 amdkmdag (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
04:29:45.0497 6344 amdkmdag - ok
04:29:45.0616 6344 amdkmdap (cba35ff4092b91e105d93ed11a0250b6) C:\Windows\system32\DRIVERS\atikmpag.sys
04:29:45.0649 6344 amdkmdap - ok
04:29:45.0707 6344 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
04:29:45.0710 6344 AmdPPM - ok
04:29:45.0764 6344 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
04:29:45.0796 6344 amdsata - ok
04:29:45.0840 6344 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
04:29:45.0845 6344 amdsbs - ok
04:29:45.0861 6344 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
04:29:45.0892 6344 amdxata - ok
04:29:45.0932 6344 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
04:29:45.0936 6344 AppID - ok
04:29:45.0990 6344 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
04:29:45.0993 6344 AppIDSvc - ok
04:29:46.0092 6344 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
04:29:46.0094 6344 Appinfo - ok
04:29:46.0209 6344 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
04:29:46.0211 6344 arc - ok
04:29:46.0320 6344 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
04:29:46.0324 6344 arcsas - ok
04:29:46.0416 6344 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
04:29:46.0419 6344 AsyncMac - ok
04:29:46.0512 6344 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
04:29:46.0514 6344 atapi - ok
04:29:46.0662 6344 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
04:29:46.0688 6344 athr - ok
04:29:46.0845 6344 AtiHDAudioService (fda1e117a7e880bff5540d180c06ea87) C:\Windows\system32\drivers\AtihdW76.sys
04:29:46.0876 6344 AtiHDAudioService - ok
04:29:46.0971 6344 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
04:29:46.0993 6344 AudioEndpointBuilder - ok
04:29:47.0001 6344 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
04:29:47.0003 6344 AudioSrv - ok
04:29:47.0065 6344 AWOPFilterDriver (5b64b0d162aabde795b3f7a7234f2fe1) C:\Windows\system32\drivers\AWOPFilterDriver.sys
04:29:47.0096 6344 AWOPFilterDriver - ok
04:29:47.0145 6344 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
04:29:47.0148 6344 AxInstSV - ok
04:29:47.0193 6344 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
04:29:47.0201 6344 b06bdrv - ok
04:29:47.0219 6344 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
04:29:47.0225 6344 b57nd60a - ok
04:29:47.0273 6344 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
04:29:47.0276 6344 BDESVC - ok
04:29:47.0316 6344 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
04:29:47.0319 6344 Beep - ok
04:29:47.0358 6344 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
04:29:47.0380 6344 BFE - ok
04:29:47.0408 6344 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
04:29:47.0412 6344 BITS - ok
04:29:47.0457 6344 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
04:29:47.0461 6344 blbdrive - ok
04:29:47.0494 6344 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
04:29:47.0525 6344 bowser - ok
04:29:47.0578 6344 BPowMon (cd6d4b6583f56f03f9c6971cff159314) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
04:29:47.0579 6344 BPowMon - ok
04:29:47.0634 6344 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:29:47.0638 6344 BrFiltLo - ok
04:29:47.0659 6344 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:29:47.0662 6344 BrFiltUp - ok
04:29:47.0689 6344 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
04:29:47.0692 6344 BridgeMP - ok
04:29:47.0739 6344 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
04:29:47.0743 6344 Browser - ok
04:29:47.0772 6344 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
04:29:47.0777 6344 Brserid - ok
04:29:47.0802 6344 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
04:29:47.0806 6344 BrSerWdm - ok
04:29:47.0832 6344 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:29:47.0835 6344 BrUsbMdm - ok
04:29:47.0842 6344 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
04:29:47.0845 6344 BrUsbSer - ok
04:29:47.0898 6344 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
04:29:47.0901 6344 BthEnum - ok
04:29:47.0923 6344 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
04:29:47.0925 6344 BTHMODEM - ok
04:29:47.0957 6344 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
04:29:47.0960 6344 BthPan - ok
04:29:47.0984 6344 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys
04:29:48.0022 6344 BTHPORT - ok
04:29:48.0092 6344 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
04:29:48.0093 6344 bthserv - ok
04:29:48.0111 6344 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys
04:29:48.0141 6344 BTHUSB - ok
04:29:48.0200 6344 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
04:29:48.0231 6344 btwaudio - ok
04:29:48.0271 6344 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
04:29:48.0303 6344 btwavdt - ok
04:29:48.0345 6344 btwdins (d65aa164acd0f6706dbcfbbcc9731584) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
04:29:48.0349 6344 btwdins - ok
04:29:48.0366 6344 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
04:29:48.0396 6344 btwl2cap - ok
04:29:48.0442 6344 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
04:29:48.0473 6344 btwrchid - ok
04:29:48.0506 6344 catchme - ok
04:29:48.0533 6344 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
04:29:48.0537 6344 cdfs - ok
04:29:48.0560 6344 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
04:29:48.0562 6344 cdrom - ok
04:29:48.0596 6344 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
04:29:48.0600 6344 CertPropSvc - ok
04:29:48.0654 6344 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
04:29:48.0655 6344 cfwids - ok
04:29:48.0704 6344 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
04:29:48.0706 6344 circlass - ok
04:29:48.0734 6344 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
04:29:48.0738 6344 CLFS - ok
04:29:48.0783 6344 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:29:48.0784 6344 clr_optimization_v2.0.50727_32 - ok
04:29:48.0829 6344 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:29:48.0830 6344 clr_optimization_v2.0.50727_64 - ok
04:29:48.0906 6344 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
04:29:48.0908 6344 CmBatt - ok
04:29:48.0939 6344 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
04:29:48.0941 6344 cmdide - ok
04:29:48.0989 6344 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
04:29:49.0016 6344 CNG - ok
04:29:49.0050 6344 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
04:29:49.0053 6344 Compbatt - ok
04:29:49.0095 6344 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
04:29:49.0098 6344 CompositeBus - ok
04:29:49.0113 6344 COMSysApp - ok
04:29:49.0122 6344 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
04:29:49.0124 6344 crcdisk - ok
04:29:49.0152 6344 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
04:29:49.0155 6344 CryptSvc - ok
04:29:49.0180 6344 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
04:29:49.0185 6344 DcomLaunch - ok
04:29:49.0202 6344 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
04:29:49.0209 6344 defragsvc - ok
04:29:49.0287 6344 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
04:29:49.0316 6344 DfsC - ok
04:29:49.0357 6344 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
04:29:49.0362 6344 Dhcp - ok
04:29:49.0388 6344 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
04:29:49.0389 6344 discache - ok
04:29:49.0402 6344 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
04:29:49.0405 6344 Disk - ok
04:29:49.0438 6344 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
04:29:49.0462 6344 Dnscache - ok
04:29:49.0511 6344 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
04:29:49.0516 6344 dot3svc - ok
04:29:49.0548 6344 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
04:29:49.0550 6344 DPS - ok
04:29:49.0581 6344 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
04:29:49.0585 6344 drmkaud - ok
04:29:49.0630 6344 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
04:29:49.0686 6344 DXGKrnl - ok
04:29:49.0735 6344 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
04:29:49.0738 6344 EapHost - ok
04:29:49.0810 6344 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
04:29:49.0912 6344 ebdrv - ok
04:29:49.0954 6344 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
04:29:49.0955 6344 EFS - ok
04:29:50.0012 6344 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
04:29:50.0016 6344 ehRecvr - ok
04:29:50.0078 6344 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
04:29:50.0079 6344 ehSched - ok
04:29:50.0174 6344 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
04:29:50.0191 6344 elxstor - ok
04:29:50.0288 6344 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
04:29:50.0291 6344 ErrDev - ok
04:29:50.0397 6344 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
04:29:50.0401 6344 EventSystem - ok
04:29:50.0503 6344 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
04:29:50.0508 6344 exfat - ok
04:29:50.0600 6344 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
04:29:50.0602 6344 fastfat - ok
04:29:50.0687 6344 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
04:29:50.0700 6344 Fax - ok
04:29:50.0791 6344 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
04:29:50.0794 6344 fdc - ok
04:29:50.0886 6344 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
04:29:50.0887 6344 fdPHost - ok
04:29:50.0961 6344 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
04:29:50.0963 6344 FDResPub - ok
04:29:51.0042 6344 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
04:29:51.0045 6344 FileInfo - ok
04:29:51.0135 6344 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
04:29:51.0137 6344 Filetrace - ok
04:29:51.0215 6344 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
04:29:51.0219 6344 FLEXnet Licensing Service - ok
04:29:51.0310 6344 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
04:29:51.0313 6344 flpydisk - ok
04:29:51.0429 6344 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
04:29:51.0435 6344 FltMgr - ok
04:29:51.0524 6344 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
04:29:51.0528 6344 FontCache - ok
04:29:51.0587 6344 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:29:51.0587 6344 FontCache3.0.0.0 - ok
04:29:51.0676 6344 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
04:29:51.0679 6344 FsDepends - ok
04:29:51.0793 6344 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
04:29:51.0795 6344 Fs_Rec - ok
04:29:51.0929 6344 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
04:29:51.0931 6344 fvevol - ok
04:29:52.0203 6344 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
04:29:52.0207 6344 gagp30kx - ok
04:29:52.0299 6344 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
04:29:52.0321 6344 gpsvc - ok
04:29:52.0478 6344 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:29:52.0479 6344 gupdate - ok
04:29:52.0503 6344 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:29:52.0504 6344 gupdatem - ok
04:29:52.0592 6344 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
04:29:52.0593 6344 gusvc - ok
04:29:52.0695 6344 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
04:29:52.0697 6344 hcw85cir - ok
04:29:52.0807 6344 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:29:52.0808 6344 HDAudBus - ok
04:29:52.0898 6344 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
04:29:52.0900 6344 HidBatt - ok
04:29:53.0017 6344 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
04:29:53.0019 6344 HidBth - ok
04:29:53.0228 6344 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
04:29:53.0230 6344 HidIr - ok
04:29:53.0325 6344 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
04:29:53.0326 6344 hidserv - ok
04:29:53.0426 6344 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
04:29:53.0427 6344 HidUsb - ok
04:29:53.0512 6344 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
04:29:53.0516 6344 hkmsvc - ok
04:29:53.0596 6344 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
04:29:53.0599 6344 HomeGroupListener - ok
04:29:53.0683 6344 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
04:29:53.0686 6344 HomeGroupProvider - ok
04:29:53.0914 6344 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
04:29:53.0917 6344 HpSAMD - ok
04:29:54.0193 6344 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
04:29:54.0207 6344 HTTP - ok
04:29:54.0299 6344 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
04:29:54.0300 6344 hwpolicy - ok
04:29:54.0416 6344 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
04:29:54.0420 6344 i8042prt - ok
04:29:54.0532 6344 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
04:29:54.0565 6344 iaStor - ok
04:29:54.0650 6344 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
04:29:54.0651 6344 IAStorDataMgrSvc - ok
04:29:54.0748 6344 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
04:29:54.0785 6344 iaStorV - ok
04:29:54.0887 6344 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:29:54.0890 6344 idsvc - ok
04:29:54.0942 6344 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
04:29:54.0945 6344 iirsp - ok
04:29:55.0008 6344 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
04:29:55.0026 6344 IKEEXT - ok
04:29:55.0131 6344 IntcAzAudAddService (697c927e0de2abaf1a5f455033f687cd) C:\Windows\system32\drivers\RTKVHD64.sys
04:29:55.0198 6344 IntcAzAudAddService - ok
04:29:55.0301 6344 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
04:29:55.0302 6344 intelide - ok
04:29:55.0367 6344 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
04:29:55.0368 6344 intelppm - ok
04:29:55.0407 6344 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
04:29:55.0411 6344 IPBusEnum - ok
04:29:55.0419 6344 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:29:55.0422 6344 IpFilterDriver - ok
04:29:55.0454 6344 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
04:29:55.0465 6344 iphlpsvc - ok
04:29:55.0505 6344 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
04:29:55.0509 6344 IPMIDRV - ok
04:29:55.0518 6344 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
04:29:55.0522 6344 IPNAT - ok
04:29:55.0552 6344 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
04:29:55.0555 6344 IRENUM - ok
04:29:55.0592 6344 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
04:29:55.0594 6344 isapnp - ok
04:29:55.0626 6344 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
04:29:55.0629 6344 iScsiPrt - ok
04:29:55.0662 6344 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
04:29:55.0693 6344 JRAID - ok
04:29:55.0747 6344 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
04:29:55.0750 6344 k57nd60a - ok
04:29:55.0767 6344 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
04:29:55.0771 6344 kbdclass - ok
04:29:55.0780 6344 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
04:29:55.0782 6344 kbdhid - ok
04:29:55.0845 6344 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
04:29:55.0846 6344 KeyIso - ok
04:29:55.0859 6344 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
04:29:55.0883 6344 KSecDD - ok
04:29:55.0917 6344 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
04:29:55.0949 6344 KSecPkg - ok
04:29:56.0012 6344 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
04:29:56.0014 6344 ksthunk - ok
04:29:56.0105 6344 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
04:29:56.0112 6344 KtmRm - ok
04:29:56.0261 6344 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
04:29:56.0287 6344 LanmanServer - ok
04:29:56.0358 6344 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
04:29:56.0363 6344 LanmanWorkstation - ok
04:29:56.0413 6344 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
04:29:56.0417 6344 lltdio - ok
04:29:56.0455 6344 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
04:29:56.0460 6344 lltdsvc - ok
04:29:56.0489 6344 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
04:29:56.0493 6344 lmhosts - ok
04:29:56.0549 6344 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
04:29:56.0552 6344 LSI_FC - ok
04:29:56.0561 6344 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
04:29:56.0563 6344 LSI_SAS - ok
04:29:56.0573 6344 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:29:56.0575 6344 LSI_SAS2 - ok
04:29:56.0596 6344 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:29:56.0600 6344 LSI_SCSI - ok
04:29:56.0631 6344 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
04:29:56.0633 6344 luafv - ok
04:29:56.0694 6344 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
04:29:56.0695 6344 McMPFSvc - ok
04:29:56.0704 6344 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
04:29:56.0705 6344 mcmscsvc - ok
04:29:56.0709 6344 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
04:29:56.0710 6344 McNaiAnn - ok
04:29:56.0714 6344 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
04:29:56.0715 6344 McNASvc - ok
04:29:56.0779 6344 McODS (b3914a7c97a81acb1e9befe07e4c387f) C:\Program Files\mcafee\VirusScan\mcods.exe
04:29:56.0781 6344 McODS - ok
04:29:56.0797 6344 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
04:29:56.0798 6344 McOobeSv - ok
04:29:56.0801 6344 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
04:29:56.0802 6344 McProxy - ok
04:29:56.0843 6344 McShield (4a463d645b48bb487ca7df12ba5d1602) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
04:29:56.0845 6344 McShield - ok
04:29:56.0926 6344 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
04:29:56.0929 6344 Mcx2Svc - ok
04:29:56.0992 6344 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
04:29:56.0995 6344 megasas - ok
04:29:57.0039 6344 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
04:29:57.0057 6344 MegaSR - ok
04:29:57.0148 6344 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
04:29:57.0150 6344 mfeapfk - ok
04:29:57.0183 6344 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
04:29:57.0216 6344 mfeavfk - ok
04:29:57.0252 6344 mfeavfk01 - ok
04:29:57.0332 6344 mfefire (c53b7aba204d9f7e9568ec147a1485c5) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
04:29:57.0334 6344 mfefire - ok
04:29:57.0400 6344 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
04:29:57.0435 6344 mfefirek - ok
04:29:57.0485 6344 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
04:29:57.0535 6344 mfehidk - ok
04:29:57.0574 6344 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
04:29:57.0605 6344 mfenlfk - ok
04:29:57.0650 6344 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
04:29:57.0681 6344 mferkdet - ok
04:29:57.0765 6344 mfevtp (8f3b3c3625e3aaa11d6d4db8423e1721) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
04:29:57.0766 6344 mfevtp - ok
04:29:57.0785 6344 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
04:29:57.0818 6344 mfewfpk - ok
04:29:57.0852 6344 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:29:57.0853 6344 MMCSS - ok
04:29:57.0890 6344 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
04:29:57.0891 6344 Modem - ok
04:29:57.0923 6344 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
04:29:57.0924 6344 monitor - ok
04:29:57.0939 6344 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
04:29:57.0942 6344 mouclass - ok
04:29:58.0191 6344 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
04:29:58.0194 6344 mouhid - ok
04:29:58.0333 6344 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
04:29:58.0335 6344 mountmgr - ok
04:29:58.0439 6344 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
04:29:58.0443 6344 mpio - ok
04:29:58.0567 6344 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
04:29:58.0571 6344 mpsdrv - ok
04:29:58.0699 6344 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
04:29:58.0722 6344 MpsSvc - ok
04:29:58.0843 6344 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
04:29:58.0847 6344 MRxDAV - ok
04:29:58.0952 6344 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:29:58.0982 6344 mrxsmb - ok
04:29:59.0103 6344 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:29:59.0137 6344 mrxsmb10 - ok
04:29:59.0225 6344 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:29:59.0257 6344 mrxsmb20 - ok
04:29:59.0301 6344 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
04:29:59.0331 6344 msahci - ok
04:29:59.0340 6344 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
04:29:59.0344 6344 msdsm - ok
04:29:59.0393 6344 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
04:29:59.0397 6344 MSDTC - ok
04:29:59.0451 6344 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
04:29:59.0453 6344 Msfs - ok
04:29:59.0477 6344 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
04:29:59.0480 6344 mshidkmdf - ok
04:29:59.0488 6344 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
04:29:59.0490 6344 msisadrv - ok
04:29:59.0535 6344 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
04:29:59.0539 6344 MSiSCSI - ok
04:29:59.0545 6344 msiserver - ok
04:29:59.0584 6344 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
04:29:59.0587 6344 MSKSSRV - ok
04:29:59.0636 6344 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
04:29:59.0640 6344 MSPCLOCK - ok
04:29:59.0747 6344 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
04:29:59.0749 6344 MSPQM - ok
04:29:59.0776 6344 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
04:29:59.0783 6344 MsRPC - ok
04:29:59.0818 6344 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
04:29:59.0819 6344 mssmbios - ok
04:29:59.0853 6344 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
04:29:59.0855 6344 MSTEE - ok
04:29:59.0875 6344 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
04:29:59.0878 6344 MTConfig - ok
04:29:59.0885 6344 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
04:29:59.0890 6344 Mup - ok
04:29:59.0932 6344 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
04:29:59.0938 6344 napagent - ok
04:30:00.0361 6344 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
04:30:00.0414 6344 NativeWifiP - ok
04:30:00.0520 6344 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
04:30:00.0538 6344 NDIS - ok
04:30:00.0690 6344 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
04:30:00.0694 6344 NdisCap - ok
04:30:00.0820 6344 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
04:30:00.0822 6344 NdisTapi - ok
04:30:00.0928 6344 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
04:30:00.0931 6344 Ndisuio - ok
04:30:01.0028 6344 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
04:30:01.0033 6344 NdisWan - ok
04:30:01.0121 6344 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
04:30:01.0123 6344 NDProxy - ok
04:30:01.0204 6344 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
04:30:01.0208 6344 Nero BackItUp Scheduler 4.0 - ok
04:30:01.0354 6344 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
04:30:01.0358 6344 NetBIOS - ok
04:30:01.0456 6344 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
04:30:01.0459 6344 NetBT - ok
04:30:01.0563 6344 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
04:30:01.0563 6344 Netlogon - ok
04:30:01.0647 6344 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
04:30:01.0653 6344 Netman - ok
04:30:01.0750 6344 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
04:30:01.0755 6344 netprofm - ok
04:30:01.0818 6344 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:30:01.0818 6344 NetTcpPortSharing - ok
04:30:01.0911 6344 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
04:30:01.0913 6344 nfrd960 - ok
04:30:02.0446 6344 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
04:30:02.0447 6344 NlaSvc - ok
04:30:02.0551 6344 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
04:30:02.0553 6344 Npfs - ok
04:30:02.0634 6344 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
04:30:02.0636 6344 nsi - ok
04:30:02.0738 6344 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
04:30:02.0738 6344 nsiproxy - ok
04:30:02.0869 6344 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
04:30:02.0960 6344 Ntfs - ok
04:30:03.0099 6344 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
04:30:03.0103 6344 Null - ok
04:30:03.0145 6344 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
04:30:03.0177 6344 nvraid - ok
04:30:03.0220 6344 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
04:30:03.0252 6344 nvstor - ok
04:30:03.0331 6344 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
04:30:03.0335 6344 nv_agp - ok
04:30:03.0342 6344 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
04:30:03.0346 6344 ohci1394 - ok
04:30:03.0411 6344 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:30:03.0412 6344 ose - ok
04:30:03.0438 6344 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:30:03.0441 6344 p2pimsvc - ok
04:30:03.0475 6344 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
04:30:03.0479 6344 p2psvc - ok
04:30:03.0532 6344 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
04:30:03.0535 6344 Parport - ok
04:30:03.0573 6344 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
04:30:03.0576 6344 partmgr - ok
04:30:03.0591 6344 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
04:30:03.0596 6344 PcaSvc - ok
04:30:03.0604 6344 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
04:30:03.0606 6344 pci - ok
04:30:03.0646 6344 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
04:30:03.0649 6344 pciide - ok
04:30:03.0668 6344 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
04:30:03.0673 6344 pcmcia - ok
04:30:03.0681 6344 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
04:30:03.0684 6344 pcw - ok
04:30:03.0702 6344 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
04:30:03.0721 6344 PEAUTH - ok
04:30:03.0782 6344 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
04:30:03.0782 6344 PerfHost - ok
04:30:03.0869 6344 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
04:30:03.0912 6344 pla - ok
04:30:03.0980 6344 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
04:30:04.0006 6344 PlugPlay - ok
04:30:04.0033 6344 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
04:30:04.0038 6344 PNRPAutoReg - ok
04:30:04.0071 6344 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:30:04.0073 6344 PNRPsvc - ok
04:30:04.0100 6344 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
04:30:04.0106 6344 PolicyAgent - ok
04:30:04.0133 6344 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
04:30:04.0138 6344 Power - ok
04:30:04.0188 6344 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
04:30:04.0191 6344 PptpMiniport - ok
04:30:04.0215 6344 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
04:30:04.0218 6344 Processor - ok
04:30:04.0249 6344 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
04:30:04.0255 6344 ProfSvc - ok
04:30:04.0288 6344 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
04:30:04.0288 6344 ProtectedStorage - ok
04:30:04.0314 6344 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
04:30:04.0316 6344 Psched - ok
04:30:04.0367 6344 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
04:30:04.0410 6344 ql2300 - ok
04:30:04.0473 6344 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
04:30:04.0475 6344 ql40xx - ok
04:30:04.0534 6344 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
04:30:04.0539 6344 QWAVE - ok
04:30:04.0547 6344 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
04:30:04.0550 6344 QWAVEdrv - ok
04:30:04.0558 6344 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
04:30:04.0560 6344 RasAcd - ok
04:30:04.0630 6344 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:30:04.0632 6344 RasAgileVpn - ok
04:30:04.0687 6344 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
04:30:04.0692 6344 RasAuto - ok
04:30:04.0744 6344 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:30:04.0748 6344 Rasl2tp - ok
04:30:04.0795 6344 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
04:30:04.0802 6344 RasMan - ok
04:30:04.0832 6344 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
04:30:04.0836 6344 RasPppoe - ok
04:30:04.0874 6344 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
04:30:04.0876 6344 RasSstp - ok
04:30:04.0909 6344 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
04:30:04.0918 6344 rdbss - ok
04:30:04.0948 6344 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
04:30:04.0951 6344 rdpbus - ok
04:30:04.0989 6344 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:30:04.0990 6344 RDPCDD - ok
04:30:05.0014 6344 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
04:30:05.0015 6344 RDPENCDD - ok
04:30:05.0031 6344 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
04:30:05.0033 6344 RDPREFMP - ok
04:30:05.0059 6344 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
04:30:05.0090 6344 RDPWD - ok
04:30:05.0144 6344 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
04:30:05.0149 6344 rdyboost - ok
04:30:05.0206 6344 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
04:30:05.0210 6344 RemoteAccess - ok
04:30:05.0260 6344 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
04:30:05.0264 6344 RemoteRegistry - ok
04:30:05.0323 6344 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
04:30:05.0327 6344 RFCOMM - ok
04:30:05.0355 6344 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
04:30:05.0359 6344 RpcEptMapper - ok
04:30:05.0397 6344 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
04:30:05.0401 6344 RpcLocator - ok
04:30:05.0447 6344 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
04:30:05.0450 6344 RpcSs - ok
04:30:05.0494 6344 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
04:30:05.0496 6344 rspndr - ok
04:30:05.0529 6344 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
04:30:05.0530 6344 SamSs - ok
04:30:05.0554 6344 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
04:30:05.0558 6344 sbp2port - ok
04:30:05.0613 6344 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
04:30:05.0618 6344 SCardSvr - ok
04:30:05.0627 6344 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
04:30:05.0631 6344 scfilter - ok
04:30:05.0692 6344 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
04:30:05.0735 6344 Schedule - ok
04:30:05.0789 6344 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
04:30:05.0792 6344 SCPolicySvc - ok
04:30:05.0833 6344 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
04:30:05.0837 6344 SDRSVC - ok
04:30:05.0892 6344 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:30:05.0894 6344 secdrv - ok
04:30:05.0908 6344 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
04:30:05.0912 6344 seclogon - ok
04:30:05.0944 6344 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
04:30:05.0947 6344 SENS - ok
04:30:05.0992 6344 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
04:30:05.0995 6344 SensrSvc - ok
04:30:06.0050 6344 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
04:30:06.0053 6344 Serenum - ok
04:30:06.0062 6344 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
04:30:06.0064 6344 Serial - ok
04:30:06.0112 6344 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
04:30:06.0114 6344 sermouse - ok
04:30:06.0156 6344 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
04:30:06.0160 6344 SessionEnv - ok
04:30:06.0168 6344 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
04:30:06.0170 6344 sffdisk - ok
04:30:06.0180 6344 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
04:30:06.0183 6344 sffp_mmc - ok
04:30:06.0192 6344 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
04:30:06.0221 6344 sffp_sd - ok
04:30:06.0230 6344 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
04:30:06.0232 6344 sfloppy - ok
04:30:06.0323 6344 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\AlienRespawn\sftservice.EXE
04:30:06.0329 6344 SftService - ok
04:30:06.0377 6344 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
04:30:06.0384 6344 SharedAccess - ok
04:30:06.0427 6344 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
04:30:06.0432 6344 ShellHWDetection - ok
04:30:06.0486 6344 SI3132 (0f498dee92fd73dd999bae4d506367f5) C:\Windows\system32\DRIVERS\SI3132.sys
04:30:06.0487 6344 SI3132 - ok
04:30:06.0500 6344 SiFilter (127ce10e01f53f2edaca7fe42e5631ea) C:\Windows\system32\DRIVERS\SiWinAcc.sys
04:30:06.0530 6344 SiFilter - ok
04:30:06.0571 6344 SiRemFil (b742c37002b8ebef6e230df9b4b28546) C:\Windows\system32\DRIVERS\SiRemFil.sys
04:30:06.0601 6344 SiRemFil - ok
04:30:06.0664 6344 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:30:06.0668 6344 SiSRaid2 - ok
04:30:06.0677 6344 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
04:30:06.0680 6344 SiSRaid4 - ok
04:30:06.0704 6344 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
04:30:06.0708 6344 Smb - ok
04:30:06.0775 6344 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
04:30:06.0779 6344 SNMPTRAP - ok
04:30:06.0820 6344 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
04:30:06.0823 6344 spldr - ok
04:30:06.0863 6344 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
04:30:06.0866 6344 Spooler - ok
04:30:06.0917 6344 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
04:30:06.0929 6344 sppsvc - ok
04:30:06.0962 6344 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
04:30:06.0966 6344 sppuinotify - ok
04:30:07.0021 6344 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
04:30:07.0057 6344 srv - ok
04:30:07.0109 6344 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
04:30:07.0142 6344 srv2 - ok
04:30:07.0203 6344 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
04:30:07.0234 6344 srvnet - ok
04:30:07.0273 6344 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
04:30:07.0278 6344 SSDPSRV - ok
04:30:07.0326 6344 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
04:30:07.0330 6344 SstpSvc - ok
04:30:07.0361 6344 Steam Client Service - ok
04:30:07.0397 6344 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
04:30:07.0400 6344 stexstor - ok
04:30:07.0455 6344 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
04:30:07.0473 6344 stisvc - ok
04:30:07.0500 6344 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
04:30:07.0502 6344 swenum - ok
04:30:07.0520 6344 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
04:30:07.0539 6344 swprv - ok
04:30:07.0616 6344 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
04:30:07.0622 6344 SysMain - ok
04:30:07.0631 6344 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
04:30:07.0635 6344 TabletInputService - ok
04:30:07.0657 6344 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
04:30:07.0663 6344 TapiSrv - ok
04:30:07.0692 6344 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
04:30:07.0695 6344 TBS - ok
04:30:07.0756 6344 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
04:30:07.0975 6344 Tcpip - ok
04:30:08.0054 6344 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
04:30:08.0060 6344 TCPIP6 - ok
04:30:08.0132 6344 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
04:30:08.0134 6344 tcpipreg - ok
04:30:08.0143 6344 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
04:30:08.0147 6344 TDPIPE - ok
04:30:08.0194 6344 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
04:30:08.0223 6344 TDTCP - ok
04:30:08.0259 6344 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
04:30:08.0262 6344 tdx - ok
04:30:08.0272 6344 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
04:30:08.0276 6344 TermDD - ok
04:30:08.0347 6344 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
04:30:08.0364 6344 TermService - ok
04:30:08.0397 6344 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
04:30:08.0401 6344 Themes - ok
04:30:08.0445 6344 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:30:08.0446 6344 THREADORDER - ok
04:30:08.0462 6344 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
04:30:08.0467 6344 TrkWks - ok
04:30:08.0493 6344 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
04:30:08.0494 6344 TrustedInstaller - ok
04:30:08.0520 6344 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:30:08.0522 6344 tssecsrv - ok
04:30:08.0569 6344 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
04:30:08.0574 6344 tunnel - ok
04:30:08.0607 6344 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
04:30:08.0611 6344 uagp35 - ok
04:30:08.0623 6344 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
04:30:08.0668 6344 udfs - ok
04:30:08.0690 6344 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
04:30:08.0693 6344 UI0Detect - ok
04:30:08.0727 6344 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
04:30:08.0730 6344 uliagpkx - ok
04:30:08.0758 6344 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
04:30:08.0761 6344 umbus - ok
04:30:08.0784 6344 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
04:30:08.0786 6344 UmPass - ok
04:30:08.0812 6344 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
04:30:08.0816 6344 upnphost - ok
04:30:08.0850 6344 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
04:30:08.0879 6344 usbccgp - ok
04:30:08.0930 6344 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
04:30:08.0934 6344 usbcir - ok
04:30:08.0967 6344 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
04:30:08.0998 6344 usbehci - ok
04:30:09.0044 6344 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
04:30:09.0077 6344 usbhub - ok
04:30:09.0097 6344 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
04:30:09.0127 6344 usbohci - ok
04:30:09.0158 6344 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
04:30:09.0159 6344 usbprint - ok
04:30:09.0199 6344 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
04:30:09.0230 6344 USBSTOR - ok
04:30:09.0271 6344 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
04:30:09.0302 6344 usbuhci - ok
04:30:09.0346 6344 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
04:30:09.0349 6344 UxSms - ok
04:30:09.0387 6344 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
04:30:09.0388 6344 VaultSvc - ok
04:30:09.0412 6344 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
04:30:09.0416 6344 vdrvroot - ok
04:30:09.0438 6344 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
04:30:09.0460 6344 vds - ok
04:30:09.0468 6344 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
04:30:09.0471 6344 vga - ok
04:30:09.0479 6344 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
04:30:09.0482 6344 VgaSave - ok
04:30:09.0509 6344 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
04:30:09.0515 6344 vhdmp - ok
04:30:09.0524 6344 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
04:30:09.0527 6344 viaide - ok
04:30:09.0536 6344 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
04:30:09.0538 6344 volmgr - ok
04:30:09.0577 6344 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
04:30:09.0580 6344 volmgrx - ok
04:30:09.0591 6344 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
04:30:09.0597 6344 volsnap - ok
04:30:09.0623 6344 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
04:30:09.0628 6344 vsmraid - ok
04:30:09.0683 6344 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
04:30:09.0734 6344 VSS - ok
04:30:09.0742 6344 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
04:30:09.0744 6344 vwifibus - ok
04:30:09.0754 6344 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
04:30:09.0758 6344 vwififlt - ok
04:30:09.0821 6344 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
04:30:09.0829 6344 W32Time - ok
04:30:09.0839 6344 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
04:30:09.0842 6344 WacomPen - ok
04:30:09.0885 6344 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
04:30:09.0888 6344 WANARP - ok
04:30:09.0890 6344 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
04:30:09.0891 6344 Wanarpv6 - ok
04:30:09.0955 6344 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
04:30:10.0019 6344 WatAdminSvc - ok
04:30:10.0069 6344 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
04:30:10.0127 6344 wbengine - ok
04:30:10.0158 6344 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
04:30:10.0163 6344 WbioSrvc - ok
04:30:10.0203 6344 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
04:30:10.0229 6344 wcncsvc - ok
04:30:10.0258 6344 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
04:30:10.0261 6344 WcsPlugInService - ok
04:30:10.0319 6344 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
04:30:10.0322 6344 Wd - ok
04:30:10.0359 6344 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:30:10.0382 6344 Wdf01000 - ok
04:30:10.0410 6344 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:30:10.0412 6344 WdiServiceHost - ok
04:30:10.0415 6344 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:30:10.0416 6344 WdiSystemHost - ok
04:30:10.0461 6344 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
04:30:10.0487 6344 WebClient - ok
04:30:10.0518 6344 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
04:30:10.0524 6344 Wecsvc - ok
04:30:10.0557 6344 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
04:30:10.0558 6344 wercplsupport - ok
04:30:10.0580 6344 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
04:30:10.0581 6344 WerSvc - ok
04:30:10.0605 6344 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
04:30:10.0607 6344 WfpLwf - ok
04:30:10.0643 6344 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
04:30:10.0675 6344 WimFltr - ok
04:30:10.0702 6344 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
04:30:10.0704 6344 WIMMount - ok
04:30:10.0773 6344 WinDefend - ok
04:30:10.0776 6344 WinHttpAutoProxySvc - ok
04:30:10.0836 6344 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
04:30:10.0841 6344 Winmgmt - ok
04:30:10.0915 6344 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
04:30:10.0964 6344 WinRM - ok
04:30:11.0016 6344 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
04:30:11.0033 6344 Wlansvc - ok
04:30:11.0074 6344 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
04:30:11.0077 6344 WmiAcpi - ok
04:30:11.0139 6344 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
04:30:11.0144 6344 wmiApSrv - ok
04:30:11.0194 6344 WMPNetworkSvc - ok
04:30:11.0232 6344 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
04:30:11.0235 6344 WPCSvc - ok
04:30:11.0258 6344 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
04:30:11.0260 6344 WPDBusEnum - ok
04:30:11.0286 6344 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
04:30:11.0287 6344 ws2ifsl - ok
04:30:11.0331 6344 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
04:30:11.0333 6344 wscsvc - ok
04:30:11.0339 6344 WSearch - ok
04:30:11.0384 6344 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
04:30:11.0397 6344 wuauserv - ok
04:30:11.0410 6344 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
04:30:11.0441 6344 WudfPf - ok
04:30:11.0462 6344 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:30:11.0492 6344 WUDFRd - ok
04:30:11.0504 6344 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
04:30:11.0527 6344 wudfsvc - ok
04:30:11.0558 6344 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
04:30:11.0564 6344 WwanSvc - ok
04:30:11.0603 6344 MBR (0x1B8) (faf3db026c90f586e5993588661e2612) \Device\Harddisk0\DR0
04:30:11.0639 6344 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
04:30:11.0639 6344 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
04:30:11.0665 6344 Boot (0x1200) (feab055c56a09c79d7e5c58c54ba23c4) \Device\Harddisk0\DR0\Partition0
04:30:11.0666 6344 \Device\Harddisk0\DR0\Partition0 - ok
04:30:11.0668 6344 Boot (0x1200) (3c8f6fd141f0677f27c016224725facc) \Device\Harddisk0\DR0\Partition1
04:30:11.0669 6344 \Device\Harddisk0\DR0\Partition1 - ok
04:30:11.0669 6344 ============================================================
04:30:11.0669 6344 Scan finished
04:30:11.0669 6344 ============================================================
04:30:11.0675 7780 Detected object count: 1
04:30:11.0675 7780 Actual detected object count: 1
04:31:02.0205 7780 \Device\Harddisk0\DR0\# - copied to quarantine
04:31:02.0207 7780 \Device\Harddisk0\DR0 - copied to quarantine
04:31:02.0252 7780 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
04:31:06.0557 7780 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
04:31:10.0584 7780 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
04:31:10.0669 7780 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
04:31:10.0723 7780 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
04:31:10.0808 7780 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
04:31:10.0905 7780 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
04:31:10.0908 7780 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
04:31:10.0912 7780 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
04:31:10.0917 7780 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
04:31:14.0910 7780 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
04:31:18.0963 7780 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
04:31:18.0976 7780 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
04:31:18.0977 7780 \Device\Harddisk0\DR0 - ok
04:31:19.0105 7780 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
04:31:43.0028 9532 Deinitialize success










aswMBR logs:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-08 04:48:24
-----------------------------
04:48:24.840 OS Version: Windows x64 6.1.7600
04:48:24.840 Number of processors: 8 586 0x1A05
04:48:24.840 ComputerName: BRANDON-PC UserName: Brandon
04:48:26.564 Initialize success
04:49:34.171 AVAST engine defs: 12040800
04:49:53.032 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
04:49:53.034 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
04:49:53.043 Disk 0 MBR read successfully
04:49:53.044 Disk 0 MBR scan
04:49:53.047 Disk 0 Windows VISTA default MBR code
04:49:53.048 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
04:49:53.052 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13290 MB offset 81920
04:49:53.082 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 597149 MB offset 27299840
04:49:53.101 Disk 0 scanning C:\Windows\system32\drivers
04:49:59.199 Service scanning
04:50:11.690 Modules scanning
04:50:11.695 Disk 0 trace - called modules:
04:50:11.718 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
04:50:11.721 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800afb1060]
04:50:11.724 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa800ab79050]
04:50:13.442 AVAST engine scan C:\Windows
04:50:15.713 AVAST engine scan C:\Windows\system32
04:51:52.875 AVAST engine scan C:\Windows\system32\drivers
04:51:59.558 AVAST engine scan C:\Users\Brandon
04:55:41.275 AVAST engine scan C:\ProgramData
04:56:03.193 Scan finished successfully
04:56:15.298 Disk 0 MBR has been saved successfully to "C:\Users\Brandon\Documents\MBR.dat"
04:56:15.298 The log file has been saved successfully to "C:\Users\Brandon\Documents\aswMBR.txt"

#8 Trilz

Trilz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 08 April 2012 - 04:02 AM

Also like to add that i ran the tdskiller without disabling my mcafee firewall. Should i redo it without that?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 08 April 2012 - 11:34 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files (x86)\Conduit
c:\program files (x86)\Yontoo
c:\program files (x86)\Vuze_Remote

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 11 April 2012 - 05:37 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 13 April 2012 - 11:53 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 16 April 2012 - 11:21 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users