Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bing / Google Redirect


  • This topic is locked This topic is locked
14 replies to this topic

#1 RCipra

RCipra

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix, AZ
  • Local time:01:36 AM

Posted 26 April 2012 - 09:29 PM

Within the last week I started having an issue when doing searches with Bing or Google where clicking on a link from any search result would be redirected to various unrelated websites. I have tried several thing before finding this forum. (Sorry if this is vague and a probably incomplete description of what I have done. I have been trying to resolve this on my own for about three days)

Ran quick and full scan using McAfee - No issue were found
Downloaded and ran TDSsKiller - Not sure if there is log file and unfortunatley I do not recall the results.
Downloaded and ran CCleaner - Numerouse files and registry entries removed.
Uninstalled and reinstalled and uninstalled IE 9.
Installed Malwarebytes: Ran Flash Scan, Quck Scan and Full Scan -
The following is a partial log from the Flash Scan. Quick and full scan returned no issues.
Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
(Trojan.Fraudpack) -> Quarantined and deleted successfully.
(Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Detected: 6
(Malware.Trace) -> Data: 1CAF0B75D18D3B0 -> Quarantined and deleted successfully.
(Trojan.Downloader) -> Data: C:\Users\Ray\AppData\Local\Temp\dscx675j.exe -> Quarantined and deleted successfully.
(Trojan.Downloader) -> Data: C:\Users\Ray\AppData\Local\Temp\system.exe -> Quarantined and deleted successfully.
(Rogue.AntivirusSuite.Gen) -> Data: C:\Users\Ray\AppData\Local\mkwtieiyr\pfegpqdtssd.exe -> Quarantined and deleted successfully.
(Rogue.AntivirusSuite.Gen) -> Data: C:\Users\Ray\AppData\Local\ryfsjgwcm\pebvlsytssd.exe -> Quarantined and deleted successfully.
(Trojan.Agent) -> Data: C:\cleansweep.exe\cleansweep.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Files Detected: 0
(No malicious items detected)



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19222 BrowserJavaVersion: 1.6.0_26
Run by Ray at 18:53:23 on 2012-04-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2440 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agr64svc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV64.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Windows\explorer.exe
C:\Users\Ray\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://ww2.cox.com/myconnection/arizona/today.cox
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120425195554.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [Adobe] rundll32.exe "C:\Users\Ray\AppData\Local\Apple\Adobe\txuivci.dll",DllRegisterServer
mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9DF84279-7CC0-41AB-944D-3439CBCD2EAC} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120425195554.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
mRun-x64: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\DRIVERS\Si3531.sys --> C:\Windows\system32\DRIVERS\Si3531.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-24 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2008-9-25 102608]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-1-27 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-1-27 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 253088]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60a.sys --> C:\Windows\system32\DRIVERS\b57nd60a.sys [?]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
S3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw4v64.sys --> C:\Windows\system32\DRIVERS\NETw4v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-04-26 03:21:06 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7D055D1F-FE7F-431C-8AD7-FE6A44E2A970}\gapaengine.dll
2012-04-26 03:20:59 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{37038A75-A40F-4D97-B906-EF83D28FFCA3}\mpengine.dll
2012-04-26 03:01:05 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-26 03:00:27 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-26 02:58:28 345984 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-04-25 05:07:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-25 04:51:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-25 04:51:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-25 04:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-25 04:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-25 04:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-25 04:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-25 04:51:48 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-04-25 04:15:18 -------- d-----w- C:\Program Files\CCleaner
2012-04-25 01:46:59 300544 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2012-04-24 23:42:38 -------- d-----w- C:\Users\Ray\AppData\Roaming\Malwarebytes
2012-04-24 23:42:14 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-24 23:42:12 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-24 23:42:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-24 05:59:18 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C55B0144-5B35-489F-A1AC-393F00D41BE0}\mpengine.dll
2012-04-24 05:08:32 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-04-24 02:20:00 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys
2012-04-13 18:09:06 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 10:04:04 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 10:03:50 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 10:03:50 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 10:03:50 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 10:03:50 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 10:03:50 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 10:03:50 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 10:03:50 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 03:12:21 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-04-11 03:12:21 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2012-04-01 18:25:19 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-13 18:09:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-20 20:11:30 162192 ----a-w- C:\Windows\System32\mfevtps.exe
2012-02-28 11:30:48 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 11:25:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-02-28 11:25:17 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 11:25:03 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-02-28 11:25:03 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-02-28 10:07:57 385024 ----a-w- C:\Windows\SysWow64\html.iec
2012-02-28 08:12:52 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-02-28 08:08:30 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-28 06:34:19 1147392 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:30:31 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2012-02-28 06:30:17 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:30:01 77312 ----a-w- C:\Windows\System32\iesetup.dll
2012-02-28 06:30:01 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2012-02-28 05:41:20 479232 ----a-w- C:\Windows\System32\html.iec
2012-02-28 05:00:09 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-02-28 04:58:53 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-22 20:29:46 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-02-22 20:29:46 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-02-22 20:29:46 647208 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-02-22 20:29:46 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-02-22 20:29:46 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-02-22 20:29:46 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-02-22 20:29:46 160792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-02-22 20:29:46 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-02-22 20:29:46 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 18:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 18:54:41.02 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 AM

Posted 26 April 2012 - 11:37 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 RCipra

RCipra
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix, AZ
  • Local time:01:36 AM

Posted 27 April 2012 - 07:20 PM

Gringo,
Everything appears to be working fine now. I have done several searches without issue.

Thanks Much for your assistance.

Results of screen317's Security Check version 0.99.32
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
McAfee Virtual Technician
McAfee SecurityCenter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Java version out of date!
Adobe Flash Player 10.0.22.87 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````


ComboFix 12-04-27.02 - Ray 04/27/2012 16:26:18.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1971 [GMT -7:00]
Running from: c:\users\Ray\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ray\AppData\Local\Apple\Adobe\txuivci.dll
c:\users\Ray\AppData\Local\Temp\ppcrlui_4552_2
c:\windows\security\Database\tmp.edb
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-27 16:33 . 2012-04-27 16:33 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37038A75-A40F-4D97-B906-EF83D28FFCA3}\offreg.dll
2012-04-26 03:21 . 2012-04-26 03:20 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D055D1F-FE7F-431C-8AD7-FE6A44E2A970}\gapaengine.dll
2012-04-26 03:20 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37038A75-A40F-4D97-B906-EF83D28FFCA3}\mpengine.dll
2012-04-26 03:01 . 2012-04-26 03:01 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-26 03:00 . 2012-04-26 03:02 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-26 02:58 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-25 05:07 . 2012-04-25 05:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-25 04:51 . 2012-04-25 04:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-25 04:51 . 2012-04-25 04:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-25 04:51 . 2012-04-25 04:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-25 04:51 . 2012-04-25 04:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-25 04:51 . 2012-04-25 04:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-25 04:51 . 2012-04-25 04:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-25 04:51 . 2012-04-25 04:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-04-25 04:50 . 2012-04-25 04:51 -------- d-----w- c:\program files (x86)\QuickTime
2012-04-25 04:15 . 2012-04-25 04:15 -------- d-----w- c:\program files\CCleaner
2012-04-24 23:42 . 2012-04-24 23:42 -------- d-----w- c:\users\Ray\AppData\Roaming\Malwarebytes
2012-04-24 23:42 . 2012-04-24 23:42 -------- d-----w- c:\programdata\Malwarebytes
2012-04-24 23:42 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-24 23:42 . 2012-04-24 23:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-24 05:59 . 2012-04-18 10:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C55B0144-5B35-489F-A1AC-393F00D41BE0}\mpengine.dll
2012-04-24 05:08 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-04-24 02:20 . 2012-01-12 16:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-13 18:09 . 2012-04-13 18:09 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 10:04 . 2012-03-06 06:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 10:03 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 10:03 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 10:03 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 10:03 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 10:03 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 10:03 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 10:03 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 03:12 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-04-11 03:12 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-01 18:25 . 2012-04-13 18:09 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 18:09 . 2011-05-23 22:51 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 03:44 . 2012-03-21 03:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2012-03-21 03:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-20 20:11 . 2011-01-27 22:02 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-02-22 20:29 . 2011-01-27 22:02 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 20:29 . 2011-01-27 22:02 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 20:29 . 2011-01-27 22:02 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 20:29 . 2011-01-27 22:02 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 20:29 . 2011-01-27 22:02 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 20:29 . 2011-01-27 22:02 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-22 20:29 . 2011-01-27 22:02 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 20:29 . 2008-08-17 02:27 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 20:29 . 2008-08-17 02:27 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-14 16:49 . 2012-03-14 02:50 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-14 02:50 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-14 02:50 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 02:50 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-14 02:50 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-14 02:50 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-14 02:50 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-14 02:50 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-14 02:50 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-14 02:50 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-02 15:34 . 2012-03-14 02:50 2765824 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-6 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 49633835
*Deregistered* - 49633835
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1220392]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2007-11-09 437760]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ww2.cox.com/myconnection/arizona/today.cox
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Adobe - c:\users\Ray\AppData\Local\Apple\Adobe\txuivci.dll
SafeBoot-32804089.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-987286777-748312672-3327065692-1000\Software\SecuROM\License information*]
"datasecu"=hex:da,05,58,7a,8b,2d,ad,c5,33,d1,7d,2e,d3,80,2d,98,d5,4f,c6,6a,02,
ef,fa,88,28,d7,b2,ed,57,df,6a,0e,b5,f9,c2,ef,76,de,db,94,a0,0c,11,51,81,ae,\
"rkeysecu"=hex:1c,29,1f,d8,10,b0,a7,2c,90,fa,ac,ba,4f,c0,8f,ae
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-04-27 16:47:06
ComboFix-quarantined-files.txt 2012-04-27 23:47
.
Pre-Run: 172,143,042,560 bytes free
Post-Run: 172,056,539,136 bytes free
.
- - End Of File - - 40D6CC43331C7B5DCEC7ECCD64A859F3

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 AM

Posted 27 April 2012 - 08:06 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 RCipra

RCipra
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix, AZ
  • Local time:01:36 AM

Posted 27 April 2012 - 09:32 PM

Gringo,
Here are the log files. While running aswMBR I encountered a blue screen, unfortunatly the system rebooted before I could read the screen. Once the system was back up. I disabled all my anit virus software and reran aswMBR.


18:25:20.0103 4196 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
18:25:21.0255 4196 ============================================================
18:25:21.0255 4196 Current date / time: 2012/04/27 18:25:21.0255
18:25:21.0255 4196 SystemInfo:
18:25:21.0255 4196
18:25:21.0256 4196 OS Version: 6.0.6002 ServicePack: 2.0
18:25:21.0256 4196 Product type: Workstation
18:25:21.0256 4196 ComputerName: RAY-PC
18:25:21.0256 4196 UserName: Ray
18:25:21.0256 4196 Windows directory: C:\Windows
18:25:21.0256 4196 System windows directory: C:\Windows
18:25:21.0256 4196 Running under WOW64
18:25:21.0256 4196 Processor architecture: Intel x64
18:25:21.0256 4196 Number of processors: 2
18:25:21.0256 4196 Page size: 0x1000
18:25:21.0256 4196 Boot type: Normal boot
18:25:21.0256 4196 ============================================================
18:25:23.0324 4196 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:25:23.0334 4196 ============================================================
18:25:23.0334 4196 \Device\Harddisk0\DR0:
18:25:23.0334 4196 MBR partitions:
18:25:23.0334 4196 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D7E106
18:25:23.0334 4196 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E145, BlocksNum 0x236AF57C
18:25:23.0334 4196 ============================================================
18:25:23.0336 4196 C: <-> \Device\Harddisk0\DR0\Partition1
18:25:23.0354 4196 D: <-> \Device\Harddisk0\DR0\Partition0
18:25:23.0354 4196 ============================================================
18:25:23.0354 4196 Initialize success
18:25:23.0354 4196 ============================================================
18:25:36.0869 3568 ============================================================
18:25:36.0869 3568 Scan started
18:25:36.0870 3568 Mode: Manual;
18:25:36.0870 3568 ============================================================
18:25:37.0349 3568 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
18:25:37.0372 3568 ACPI - ok
18:25:37.0481 3568 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:25:37.0551 3568 AdobeFlashPlayerUpdateSvc - ok
18:25:37.0617 3568 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
18:25:37.0637 3568 adp94xx - ok
18:25:37.0695 3568 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
18:25:37.0719 3568 adpahci - ok
18:25:37.0749 3568 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
18:25:37.0755 3568 adpu160m - ok
18:25:37.0777 3568 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
18:25:37.0792 3568 adpu320 - ok
18:25:37.0840 3568 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
18:25:37.0844 3568 AeLookupSvc - ok
18:25:37.0911 3568 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
18:25:37.0938 3568 AFD - ok
18:25:37.0978 3568 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
18:25:37.0979 3568 AgereModemAudio - ok
18:25:38.0081 3568 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
18:25:38.0170 3568 AgereSoftModem - ok
18:25:38.0204 3568 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
18:25:38.0207 3568 agp440 - ok
18:25:38.0248 3568 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
18:25:38.0251 3568 aic78xx - ok
18:25:38.0279 3568 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
18:25:38.0282 3568 ALG - ok
18:25:38.0306 3568 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
18:25:38.0310 3568 aliide - ok
18:25:38.0327 3568 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
18:25:38.0331 3568 amdide - ok
18:25:38.0349 3568 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
18:25:38.0352 3568 AmdK8 - ok
18:25:38.0402 3568 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
18:25:38.0408 3568 Appinfo - ok
18:25:38.0446 3568 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
18:25:38.0452 3568 arc - ok
18:25:38.0482 3568 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
18:25:38.0488 3568 arcsas - ok
18:25:38.0608 3568 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:25:38.0683 3568 aspnet_state - ok
18:25:38.0719 3568 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
18:25:38.0725 3568 AsyncMac - ok
18:25:38.0761 3568 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
18:25:38.0762 3568 atapi - ok
18:25:38.0848 3568 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
18:25:38.0856 3568 AudioEndpointBuilder - ok
18:25:38.0863 3568 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
18:25:38.0867 3568 AudioSrv - ok
18:25:38.0997 3568 Automatic LiveUpdate Scheduler (7c813eb232c7aefa627a12a104dda221) C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
18:25:39.0084 3568 Automatic LiveUpdate Scheduler - ok
18:25:39.0305 3568 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:25:39.0310 3568 b57nd60a - ok
18:25:39.0363 3568 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:25:39.0385 3568 BCM43XV - ok
18:25:39.0402 3568 Beep - ok
18:25:39.0468 3568 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
18:25:39.0493 3568 BFE - ok
18:25:39.0605 3568 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
18:25:39.0653 3568 BITS - ok
18:25:39.0694 3568 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
18:25:39.0699 3568 blbdrive - ok
18:25:39.0730 3568 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
18:25:39.0732 3568 bowser - ok
18:25:39.0775 3568 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
18:25:39.0782 3568 BrFiltLo - ok
18:25:39.0794 3568 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
18:25:39.0796 3568 BrFiltUp - ok
18:25:39.0842 3568 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
18:25:39.0846 3568 Browser - ok
18:25:39.0887 3568 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
18:25:39.0895 3568 Brserid - ok
18:25:39.0927 3568 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
18:25:39.0934 3568 BrSerWdm - ok
18:25:39.0950 3568 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
18:25:39.0955 3568 BrUsbMdm - ok
18:25:39.0978 3568 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
18:25:39.0982 3568 BrUsbSer - ok
18:25:40.0025 3568 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
18:25:40.0031 3568 BthEnum - ok
18:25:40.0049 3568 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
18:25:40.0056 3568 BTHMODEM - ok
18:25:40.0089 3568 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
18:25:40.0092 3568 BthPan - ok
18:25:40.0189 3568 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys
18:25:40.0248 3568 BTHPORT - ok
18:25:40.0295 3568 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
18:25:40.0300 3568 BthServ - ok
18:25:40.0310 3568 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys
18:25:40.0388 3568 BTHUSB - ok
18:25:40.0428 3568 btwaudio (32c0db90e550cff54895aae39f30c223) C:\Windows\system32\drivers\btwaudio.sys
18:25:40.0486 3568 btwaudio - ok
18:25:40.0513 3568 btwavdt (73b4341807e3398dac73102e4709ecb0) C:\Windows\system32\drivers\btwavdt.sys
18:25:40.0589 3568 btwavdt - ok
18:25:40.0619 3568 btwrchid (da0386aed062087147a4a9e09a23f6f1) C:\Windows\system32\DRIVERS\btwrchid.sys
18:25:40.0700 3568 btwrchid - ok
18:25:40.0712 3568 catchme - ok
18:25:40.0742 3568 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
18:25:40.0748 3568 cdfs - ok
18:25:40.0794 3568 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
18:25:40.0799 3568 cdrom - ok
18:25:40.0846 3568 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
18:25:40.0850 3568 CertPropSvc - ok
18:25:40.0911 3568 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
18:25:40.0965 3568 cfwids - ok
18:25:40.0989 3568 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
18:25:40.0995 3568 circlass - ok
18:25:41.0051 3568 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
18:25:41.0072 3568 CLFS - ok
18:25:41.0149 3568 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:25:41.0153 3568 clr_optimization_v2.0.50727_32 - ok
18:25:41.0217 3568 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:25:41.0224 3568 clr_optimization_v2.0.50727_64 - ok
18:25:41.0312 3568 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:25:41.0314 3568 clr_optimization_v4.0.30319_32 - ok
18:25:41.0375 3568 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:25:41.0455 3568 clr_optimization_v4.0.30319_64 - ok
18:25:41.0486 3568 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
18:25:41.0491 3568 CmBatt - ok
18:25:41.0508 3568 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
18:25:41.0511 3568 cmdide - ok
18:25:41.0532 3568 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
18:25:41.0537 3568 Compbatt - ok
18:25:41.0542 3568 COMSysApp - ok
18:25:41.0550 3568 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
18:25:41.0552 3568 crcdisk - ok
18:25:41.0598 3568 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
18:25:41.0600 3568 CryptSvc - ok
18:25:41.0685 3568 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
18:25:41.0693 3568 DcomLaunch - ok
18:25:41.0735 3568 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
18:25:41.0738 3568 DfsC - ok
18:25:42.0019 3568 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
18:25:42.0067 3568 DFSR - ok
18:25:42.0256 3568 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
18:25:42.0263 3568 Dhcp - ok
18:25:42.0296 3568 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
18:25:42.0299 3568 disk - ok
18:25:42.0357 3568 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
18:25:42.0424 3568 Dnscache - ok
18:25:42.0476 3568 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
18:25:42.0483 3568 dot3svc - ok
18:25:42.0540 3568 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
18:25:42.0544 3568 DPS - ok
18:25:42.0578 3568 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
18:25:42.0581 3568 drmkaud - ok
18:25:42.0696 3568 dump_wmimmc - ok
18:25:42.0795 3568 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
18:25:42.0876 3568 DXGKrnl - ok
18:25:42.0929 3568 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:25:42.0935 3568 E1G60 - ok
18:25:42.0977 3568 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
18:25:42.0982 3568 EapHost - ok
18:25:43.0037 3568 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
18:25:43.0052 3568 Ecache - ok
18:25:43.0157 3568 eeCtrl (f23907764448cbde58fd9a74c87c43f2) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:25:43.0228 3568 eeCtrl - ok
18:25:43.0300 3568 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
18:25:43.0309 3568 ehRecvr - ok
18:25:43.0327 3568 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
18:25:43.0328 3568 ehSched - ok
18:25:43.0358 3568 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
18:25:43.0363 3568 ehstart - ok
18:25:43.0425 3568 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
18:25:43.0450 3568 elxstor - ok
18:25:43.0503 3568 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
18:25:43.0507 3568 EMDMgmt - ok
18:25:43.0523 3568 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
18:25:43.0526 3568 ErrDev - ok
18:25:43.0591 3568 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
18:25:43.0608 3568 EventSystem - ok
18:25:43.0654 3568 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
18:25:43.0669 3568 exfat - ok
18:25:43.0710 3568 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
18:25:43.0725 3568 fastfat - ok
18:25:43.0756 3568 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
18:25:43.0762 3568 fdc - ok
18:25:43.0797 3568 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
18:25:43.0803 3568 fdPHost - ok
18:25:43.0815 3568 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
18:25:43.0823 3568 FDResPub - ok
18:25:43.0839 3568 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
18:25:43.0845 3568 FileInfo - ok
18:25:43.0864 3568 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
18:25:43.0866 3568 Filetrace - ok
18:25:43.0884 3568 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:25:43.0887 3568 flpydisk - ok
18:25:43.0940 3568 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
18:25:43.0951 3568 FltMgr - ok
18:25:44.0094 3568 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
18:25:44.0126 3568 FontCache - ok
18:25:44.0208 3568 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:25:44.0213 3568 FontCache3.0.0.0 - ok
18:25:44.0276 3568 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
18:25:44.0278 3568 fssfltr - ok
18:25:44.0432 3568 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:25:44.0444 3568 fsssvc - ok
18:25:44.0570 3568 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
18:25:44.0643 3568 Fs_Rec - ok
18:25:44.0675 3568 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
18:25:44.0677 3568 gagp30kx - ok
18:25:44.0774 3568 GameConsoleService (18d33bf4e02a6c243613357d1719d913) C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
18:25:44.0863 3568 GameConsoleService - ok
18:25:44.0944 3568 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
18:25:44.0969 3568 gpsvc - ok
18:25:45.0018 3568 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
18:25:45.0029 3568 HdAudAddService - ok
18:25:45.0133 3568 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:25:45.0165 3568 HDAudBus - ok
18:25:45.0206 3568 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
18:25:45.0208 3568 HidBth - ok
18:25:45.0228 3568 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
18:25:45.0234 3568 HidIr - ok
18:25:45.0295 3568 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
18:25:45.0299 3568 hidserv - ok
18:25:45.0333 3568 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
18:25:45.0335 3568 HidUsb - ok
18:25:45.0373 3568 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
18:25:45.0381 3568 hkmsvc - ok
18:25:45.0422 3568 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
18:25:45.0426 3568 HpCISSs - ok
18:25:45.0490 3568 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
18:25:45.0514 3568 HTTP - ok
18:25:45.0532 3568 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
18:25:45.0534 3568 i2omp - ok
18:25:45.0566 3568 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
18:25:45.0569 3568 i8042prt - ok
18:25:45.0657 3568 IAANTMON (582f2d900a3ac34c98fbdc2c0abef6b9) C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
18:25:45.0806 3568 IAANTMON - ok
18:25:45.0850 3568 iaStor (2ee127d5407da3957ee54711c9aed6ec) C:\Windows\system32\DRIVERS\iaStor.sys
18:25:45.0933 3568 iaStor - ok
18:25:45.0965 3568 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
18:25:45.0981 3568 iaStorV - ok
18:25:46.0094 3568 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:25:46.0101 3568 idsvc - ok
18:25:46.0121 3568 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
18:25:46.0127 3568 iirsp - ok
18:25:46.0190 3568 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
18:25:46.0203 3568 IKEEXT - ok
18:25:46.0236 3568 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
18:25:46.0238 3568 intelide - ok
18:25:46.0258 3568 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
18:25:46.0264 3568 intelppm - ok
18:25:46.0315 3568 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
18:25:46.0319 3568 IPBusEnum - ok
18:25:46.0355 3568 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:25:46.0358 3568 IpFilterDriver - ok
18:25:46.0411 3568 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
18:25:46.0423 3568 iphlpsvc - ok
18:25:46.0428 3568 IpInIp - ok
18:25:46.0454 3568 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
18:25:46.0462 3568 IPMIDRV - ok
18:25:46.0486 3568 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
18:25:46.0492 3568 IPNAT - ok
18:25:46.0515 3568 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
18:25:46.0520 3568 IRENUM - ok
18:25:46.0551 3568 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
18:25:46.0556 3568 isapnp - ok
18:25:46.0620 3568 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
18:25:46.0639 3568 iScsiPrt - ok
18:25:46.0663 3568 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
18:25:46.0668 3568 iteatapi - ok
18:25:46.0711 3568 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
18:25:46.0717 3568 iteraid - ok
18:25:46.0738 3568 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
18:25:46.0742 3568 kbdclass - ok
18:25:46.0760 3568 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:25:46.0762 3568 kbdhid - ok
18:25:46.0798 3568 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:25:46.0854 3568 KeyIso - ok
18:25:46.0892 3568 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
18:25:46.0905 3568 KSecDD - ok
18:25:46.0919 3568 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
18:25:46.0925 3568 ksthunk - ok
18:25:46.0982 3568 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
18:25:47.0002 3568 KtmRm - ok
18:25:47.0046 3568 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
18:25:47.0122 3568 LanmanServer - ok
18:25:47.0184 3568 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
18:25:47.0197 3568 LanmanWorkstation - ok
18:25:47.0291 3568 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
18:25:47.0359 3568 LBTServ - ok
18:25:47.0403 3568 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:25:47.0457 3568 LHidFilt - ok
18:25:47.0714 3568 LiveUpdate (63ed50a6ed61829c2def5b733d258a05) C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
18:25:47.0833 3568 LiveUpdate - ok
18:25:48.0040 3568 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
18:25:48.0046 3568 lltdio - ok
18:25:48.0081 3568 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
18:25:48.0092 3568 lltdsvc - ok
18:25:48.0109 3568 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
18:25:48.0112 3568 lmhosts - ok
18:25:48.0147 3568 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:25:48.0203 3568 LMouFilt - ok
18:25:48.0226 3568 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
18:25:48.0232 3568 LSI_FC - ok
18:25:48.0259 3568 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
18:25:48.0265 3568 LSI_SAS - ok
18:25:48.0314 3568 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
18:25:48.0319 3568 LSI_SCSI - ok
18:25:48.0341 3568 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
18:25:48.0344 3568 luafv - ok
18:25:48.0385 3568 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
18:25:48.0441 3568 MBAMProtector - ok
18:25:48.0568 3568 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:25:48.0661 3568 MBAMService - ok
18:25:48.0763 3568 McAfee SiteAdvisor Service (02aa4f6f30605c72faab7a2858735c11) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
18:25:48.0829 3568 McAfee SiteAdvisor Service - ok
18:25:48.0928 3568 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:25:48.0931 3568 McMPFSvc - ok
18:25:48.0937 3568 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:25:48.0940 3568 mcmscsvc - ok
18:25:48.0946 3568 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:25:48.0949 3568 McNaiAnn - ok
18:25:48.0962 3568 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:25:48.0965 3568 McNASvc - ok
18:25:49.0113 3568 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\McAfee\VirusScan\mcods.exe
18:25:49.0118 3568 McODS - ok
18:25:49.0124 3568 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:25:49.0127 3568 McProxy - ok
18:25:49.0213 3568 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:25:49.0216 3568 McShield - ok
18:25:49.0364 3568 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
18:25:49.0368 3568 Mcx2Svc - ok
18:25:49.0401 3568 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
18:25:49.0404 3568 megasas - ok
18:25:49.0444 3568 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
18:25:49.0471 3568 MegaSR - ok
18:25:49.0531 3568 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
18:25:49.0595 3568 mfeapfk - ok
18:25:49.0638 3568 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
18:25:49.0650 3568 mfeavfk - ok
18:25:49.0655 3568 mfeavfk01 - ok
18:25:49.0701 3568 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:25:49.0704 3568 mfefire - ok
18:25:49.0773 3568 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
18:25:49.0847 3568 mfefirek - ok
18:25:49.0933 3568 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
18:25:50.0038 3568 mfehidk - ok
18:25:50.0093 3568 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
18:25:50.0201 3568 mfenlfk - ok
18:25:50.0356 3568 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
18:25:50.0436 3568 mferkdet - ok
18:25:50.0460 3568 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
18:25:50.0538 3568 mferkdk - ok
18:25:50.0575 3568 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
18:25:50.0577 3568 mfesmfk - ok
18:25:50.0615 3568 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
18:25:50.0672 3568 mfevtp - ok
18:25:50.0728 3568 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
18:25:50.0805 3568 mfewfpk - ok
18:25:50.0837 3568 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
18:25:50.0839 3568 MMCSS - ok
18:25:50.0880 3568 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
18:25:50.0885 3568 Modem - ok
18:25:50.0902 3568 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
18:25:50.0904 3568 monitor - ok
18:25:50.0928 3568 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
18:25:50.0931 3568 mouclass - ok
18:25:50.0945 3568 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
18:25:50.0951 3568 mouhid - ok
18:25:50.0973 3568 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
18:25:50.0975 3568 MountMgr - ok
18:25:51.0036 3568 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
18:25:51.0120 3568 MpFilter - ok
18:25:51.0158 3568 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
18:25:51.0167 3568 mpio - ok
18:25:51.0190 3568 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
18:25:51.0193 3568 mpsdrv - ok
18:25:51.0269 3568 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
18:25:51.0295 3568 MpsSvc - ok
18:25:51.0311 3568 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
18:25:51.0317 3568 Mraid35x - ok
18:25:51.0365 3568 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
18:25:51.0384 3568 MRxDAV - ok
18:25:51.0420 3568 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:25:51.0437 3568 mrxsmb - ok
18:25:51.0471 3568 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:25:51.0528 3568 mrxsmb10 - ok
18:25:51.0538 3568 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:25:51.0592 3568 mrxsmb20 - ok
18:25:51.0618 3568 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
18:25:51.0621 3568 msahci - ok
18:25:51.0651 3568 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
18:25:51.0654 3568 msdsm - ok
18:25:51.0693 3568 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
18:25:51.0702 3568 MSDTC - ok
18:25:51.0722 3568 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
18:25:51.0729 3568 Msfs - ok
18:25:51.0751 3568 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
18:25:51.0753 3568 msisadrv - ok
18:25:51.0789 3568 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
18:25:51.0805 3568 MSiSCSI - ok
18:25:51.0810 3568 msiserver - ok
18:25:51.0840 3568 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
18:25:51.0843 3568 MSKSSRV - ok
18:25:51.0938 3568 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:25:51.0939 3568 MsMpSvc - ok
18:25:51.0960 3568 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
18:25:51.0962 3568 MSPCLOCK - ok
18:25:51.0984 3568 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
18:25:51.0990 3568 MSPQM - ok
18:25:52.0050 3568 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
18:25:52.0064 3568 MsRPC - ok
18:25:52.0080 3568 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
18:25:52.0082 3568 mssmbios - ok
18:25:52.0104 3568 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
18:25:52.0111 3568 MSTEE - ok
18:25:52.0128 3568 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
18:25:52.0136 3568 Mup - ok
18:25:52.0195 3568 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
18:25:52.0212 3568 napagent - ok
18:25:52.0268 3568 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
18:25:52.0281 3568 NativeWifiP - ok
18:25:52.0381 3568 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
18:25:52.0400 3568 NDIS - ok
18:25:52.0430 3568 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
18:25:52.0433 3568 NdisTapi - ok
18:25:52.0450 3568 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
18:25:52.0452 3568 Ndisuio - ok
18:25:52.0495 3568 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
18:25:52.0509 3568 NdisWan - ok
18:25:52.0521 3568 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
18:25:52.0528 3568 NDProxy - ok
18:25:52.0549 3568 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
18:25:52.0554 3568 NetBIOS - ok
18:25:52.0606 3568 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
18:25:52.0621 3568 netbt - ok
18:25:52.0639 3568 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:25:52.0696 3568 Netlogon - ok
18:25:52.0739 3568 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
18:25:52.0761 3568 Netman - ok
18:25:52.0845 3568 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:25:52.0847 3568 NetMsmqActivator - ok
18:25:52.0852 3568 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:25:52.0854 3568 NetPipeActivator - ok
18:25:52.0908 3568 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
18:25:52.0917 3568 netprofm - ok
18:25:52.0922 3568 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:25:52.0924 3568 NetTcpActivator - ok
18:25:52.0930 3568 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:25:52.0932 3568 NetTcpPortSharing - ok
18:25:53.0138 3568 NETw4v64 (520d367b45b12a75022b0070fff2b937) C:\Windows\system32\DRIVERS\NETw4v64.sys
18:25:53.0228 3568 NETw4v64 - ok
18:25:53.0707 3568 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
18:25:53.0817 3568 NETw5v64 - ok
18:25:53.0955 3568 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
18:25:53.0960 3568 nfrd960 - ok
18:25:53.0999 3568 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:25:54.0002 3568 NisDrv - ok
18:25:54.0105 3568 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
18:25:54.0192 3568 NisSrv - ok
18:25:54.0244 3568 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
18:25:54.0261 3568 NlaSvc - ok
18:25:54.0301 3568 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
18:25:54.0305 3568 Npfs - ok
18:25:54.0311 3568 NPPTNT2 - ok
18:25:54.0326 3568 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
18:25:54.0332 3568 nsi - ok
18:25:54.0340 3568 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
18:25:54.0343 3568 nsiproxy - ok
18:25:54.0484 3568 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
18:25:54.0523 3568 Ntfs - ok
18:25:54.0632 3568 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
18:25:54.0637 3568 Null - ok
18:25:55.0445 3568 nvlddmkm (325520227cc568052ae1d7ad49d90951) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:25:55.0634 3568 nvlddmkm - ok
18:25:55.0769 3568 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
18:25:55.0773 3568 nvraid - ok
18:25:55.0793 3568 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
18:25:55.0798 3568 nvstor - ok
18:25:55.0863 3568 nvsvc (4dffb8ddba4a0e8222e0e8d2cd590803) C:\Windows\system32\nvvsvc.exe
18:25:55.0938 3568 nvsvc - ok
18:25:55.0961 3568 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
18:25:55.0964 3568 nv_agp - ok
18:25:55.0969 3568 NwlnkFlt - ok
18:25:55.0977 3568 NwlnkFwd - ok
18:25:56.0108 3568 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:25:56.0217 3568 odserv - ok
18:25:56.0247 3568 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
18:25:56.0253 3568 ohci1394 - ok
18:25:56.0289 3568 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:25:56.0291 3568 ose - ok
18:25:56.0388 3568 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:25:56.0413 3568 p2pimsvc - ok
18:25:56.0424 3568 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:25:56.0432 3568 p2psvc - ok
18:25:56.0471 3568 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
18:25:56.0477 3568 Parport - ok
18:25:56.0524 3568 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
18:25:56.0532 3568 partmgr - ok
18:25:56.0560 3568 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
18:25:56.0564 3568 PcaSvc - ok
18:25:56.0593 3568 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
18:25:56.0609 3568 pci - ok
18:25:56.0642 3568 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
18:25:56.0648 3568 pciide - ok
18:25:56.0698 3568 pcmcia (a2d6b9c3f532baa27cb0c158d8ef4da6) C:\Windows\system32\DRIVERS\pcmcia.sys
18:25:56.0710 3568 pcmcia - ok
18:25:56.0784 3568 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
18:25:56.0806 3568 PEAUTH - ok
18:25:56.0883 3568 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
18:25:56.0886 3568 PerfHost - ok
18:25:57.0040 3568 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
18:25:57.0085 3568 pla - ok
18:25:57.0142 3568 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
18:25:57.0165 3568 PlugPlay - ok
18:25:57.0266 3568 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:25:57.0274 3568 PNRPAutoReg - ok
18:25:57.0285 3568 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:25:57.0293 3568 PNRPsvc - ok
18:25:57.0367 3568 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
18:25:57.0389 3568 PolicyAgent - ok
18:25:57.0467 3568 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
18:25:57.0474 3568 PptpMiniport - ok
18:25:57.0507 3568 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
18:25:57.0514 3568 Processor - ok
18:25:57.0567 3568 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
18:25:57.0586 3568 ProfSvc - ok
18:25:57.0625 3568 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:25:57.0680 3568 ProtectedStorage - ok
18:25:57.0721 3568 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
18:25:57.0724 3568 PSched - ok
18:25:57.0827 3568 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
18:25:57.0880 3568 ql2300 - ok
18:25:57.0902 3568 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
18:25:57.0905 3568 ql40xx - ok
18:25:57.0959 3568 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
18:25:57.0973 3568 QWAVE - ok
18:25:57.0985 3568 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
18:25:57.0986 3568 QWAVEdrv - ok
18:25:58.0206 3568 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
18:25:58.0271 3568 R300 - ok
18:25:58.0401 3568 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
18:25:58.0405 3568 RasAcd - ok
18:25:58.0462 3568 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
18:25:58.0466 3568 RasAuto - ok
18:25:58.0509 3568 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:25:58.0517 3568 Rasl2tp - ok
18:25:58.0548 3568 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
18:25:58.0569 3568 RasMan - ok
18:25:58.0615 3568 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
18:25:58.0617 3568 RasPppoe - ok
18:25:58.0651 3568 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
18:25:58.0658 3568 RasSstp - ok
18:25:58.0705 3568 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
18:25:58.0719 3568 rdbss - ok
18:25:58.0735 3568 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:25:58.0737 3568 RDPCDD - ok
18:25:58.0781 3568 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
18:25:58.0791 3568 rdpdr - ok
18:25:58.0797 3568 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
18:25:58.0801 3568 RDPENCDD - ok
18:25:58.0845 3568 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
18:25:58.0928 3568 RDPWD - ok
18:25:58.0989 3568 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
18:25:58.0993 3568 RemoteAccess - ok
18:25:59.0043 3568 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
18:25:59.0056 3568 RemoteRegistry - ok
18:25:59.0114 3568 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
18:25:59.0131 3568 RFCOMM - ok
18:25:59.0154 3568 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
18:25:59.0156 3568 RpcLocator - ok
18:25:59.0238 3568 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
18:25:59.0246 3568 RpcSs - ok
18:25:59.0282 3568 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
18:25:59.0289 3568 rspndr - ok
18:25:59.0347 3568 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
18:25:59.0450 3568 RTL8169 - ok
18:25:59.0485 3568 RTSTOR (4ad8464fece8ebe276d4a7d75e418452) C:\Windows\system32\drivers\RTSTOR64.SYS
18:25:59.0541 3568 RTSTOR - ok
18:25:59.0582 3568 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:25:59.0636 3568 SamSs - ok
18:25:59.0656 3568 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
18:25:59.0661 3568 sbp2port - ok
18:25:59.0713 3568 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
18:25:59.0734 3568 SCardSvr - ok
18:25:59.0827 3568 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
18:25:59.0880 3568 Schedule - ok
18:25:59.0922 3568 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
18:25:59.0925 3568 SCPolicySvc - ok
18:25:59.0967 3568 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
18:25:59.0971 3568 sdbus - ok
18:26:00.0009 3568 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
18:26:00.0012 3568 SDRSVC - ok
18:26:00.0031 3568 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:26:00.0035 3568 secdrv - ok
18:26:00.0055 3568 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
18:26:00.0062 3568 seclogon - ok
18:26:00.0076 3568 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
18:26:00.0079 3568 SENS - ok
18:26:00.0097 3568 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
18:26:00.0099 3568 Serenum - ok
18:26:00.0121 3568 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
18:26:00.0129 3568 Serial - ok
18:26:00.0143 3568 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
18:26:00.0150 3568 sermouse - ok
18:26:00.0188 3568 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
18:26:00.0198 3568 SessionEnv - ok
18:26:00.0221 3568 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
18:26:00.0223 3568 sffdisk - ok
18:26:00.0245 3568 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
18:26:00.0250 3568 sffp_mmc - ok
18:26:00.0264 3568 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
18:26:00.0268 3568 sffp_sd - ok
18:26:00.0287 3568 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
18:26:00.0288 3568 sfloppy - ok
18:26:00.0338 3568 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
18:26:00.0342 3568 SharedAccess - ok
18:26:00.0410 3568 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
18:26:00.0481 3568 ShellHWDetection - ok
18:26:00.0537 3568 Si3531 (1b731ae02fc0c1ccdc4b7d32fcc95660) C:\Windows\system32\DRIVERS\Si3531.sys
18:26:00.0638 3568 Si3531 - ok
18:26:00.0678 3568 SiFilter (8574809375c8147cc9b6a62822018fd6) C:\Windows\system32\DRIVERS\SiWinAcc.sys
18:26:00.0748 3568 SiFilter - ok
18:26:00.0764 3568 SiRemFil (e7b586131c8c417691e303c511c3563b) C:\Windows\system32\DRIVERS\SiRemFil.sys
18:26:00.0821 3568 SiRemFil - ok
18:26:00.0870 3568 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
18:26:00.0875 3568 SiSRaid2 - ok
18:26:00.0898 3568 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
18:26:00.0901 3568 SiSRaid4 - ok
18:26:01.0097 3568 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
18:26:01.0117 3568 slsvc - ok
18:26:01.0254 3568 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
18:26:01.0258 3568 SLUINotify - ok
18:26:01.0306 3568 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
18:26:01.0313 3568 Smb - ok
18:26:01.0352 3568 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
18:26:01.0360 3568 SNMPTRAP - ok
18:26:01.0392 3568 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
18:26:01.0396 3568 spldr - ok
18:26:01.0448 3568 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
18:26:01.0453 3568 Spooler - ok
18:26:01.0519 3568 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
18:26:01.0533 3568 srv - ok
18:26:01.0578 3568 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
18:26:01.0660 3568 srv2 - ok
18:26:01.0704 3568 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
18:26:01.0771 3568 srvnet - ok
18:26:01.0797 3568 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
18:26:01.0811 3568 SSDPSRV - ok
18:26:01.0850 3568 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
18:26:01.0872 3568 SstpSvc - ok
18:26:01.0915 3568 STacSV (71d8b1d5b51392a6ac88ce67f7dbff83) C:\Windows\system32\STacSV64.exe
18:26:01.0919 3568 STacSV - ok
18:26:01.0975 3568 STHDA (d3ed333e89e1fdfa6de170a12bb87e11) C:\Windows\system32\DRIVERS\stwrt64.sys
18:26:01.0991 3568 STHDA - ok
18:26:02.0062 3568 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
18:26:02.0088 3568 stisvc - ok
18:26:02.0122 3568 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
18:26:02.0127 3568 swenum - ok
18:26:02.0188 3568 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
18:26:02.0201 3568 swprv - ok
18:26:02.0228 3568 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
18:26:02.0234 3568 Symc8xx - ok
18:26:02.0241 3568 SymIMMP - ok
18:26:02.0264 3568 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
18:26:02.0266 3568 Sym_hi - ok
18:26:02.0281 3568 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
18:26:02.0286 3568 Sym_u3 - ok
18:26:02.0344 3568 SynTP (b432c6063d4c621241c2b6e05ca0c3e3) C:\Windows\system32\DRIVERS\SynTP.sys
18:26:02.0445 3568 SynTP - ok
18:26:02.0548 3568 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
18:26:02.0568 3568 SysMain - ok
18:26:02.0596 3568 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
18:26:02.0600 3568 TabletInputService - ok
18:26:02.0645 3568 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
18:26:02.0666 3568 TapiSrv - ok
18:26:02.0684 3568 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
18:26:02.0688 3568 TBS - ok
18:26:02.0835 3568 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
18:26:02.0876 3568 Tcpip - ok
18:26:03.0067 3568 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
18:26:03.0078 3568 Tcpip6 - ok
18:26:03.0162 3568 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
18:26:03.0164 3568 tcpipreg - ok
18:26:03.0200 3568 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
18:26:03.0202 3568 TDPIPE - ok
18:26:03.0218 3568 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
18:26:03.0221 3568 TDTCP - ok
18:26:03.0268 3568 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
18:26:03.0271 3568 tdx - ok
18:26:03.0308 3568 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
18:26:03.0315 3568 TermDD - ok
18:26:03.0377 3568 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
18:26:03.0399 3568 TermService - ok
18:26:03.0456 3568 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
18:26:03.0500 3568 Themes - ok
18:26:03.0532 3568 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
18:26:03.0534 3568 THREADORDER - ok
18:26:03.0567 3568 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
18:26:03.0587 3568 TrkWks - ok
18:26:03.0639 3568 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
18:26:03.0640 3568 TrustedInstaller - ok
18:26:03.0680 3568 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:26:03.0684 3568 tssecsrv - ok
18:26:03.0717 3568 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
18:26:03.0719 3568 tunmp - ok
18:26:03.0764 3568 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
18:26:03.0768 3568 tunnel - ok
18:26:03.0787 3568 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
18:26:03.0791 3568 uagp35 - ok
18:26:03.0836 3568 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
18:26:03.0871 3568 udfs - ok
18:26:03.0916 3568 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
18:26:03.0920 3568 UI0Detect - ok
18:26:03.0942 3568 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
18:26:03.0949 3568 uliagpkx - ok
18:26:03.0983 3568 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
18:26:03.0993 3568 uliahci - ok
18:26:04.0022 3568 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
18:26:04.0040 3568 UlSata - ok
18:26:04.0067 3568 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
18:26:04.0086 3568 ulsata2 - ok
18:26:04.0110 3568 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
18:26:04.0112 3568 umbus - ok
18:26:04.0132 3568 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
18:26:04.0134 3568 UMPass - ok
18:26:04.0170 3568 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
18:26:04.0188 3568 upnphost - ok
18:26:04.0245 3568 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
18:26:04.0248 3568 usbccgp - ok
18:26:04.0276 3568 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
18:26:04.0279 3568 usbcir - ok
18:26:04.0315 3568 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
18:26:04.0318 3568 usbehci - ok
18:26:04.0348 3568 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
18:26:04.0361 3568 usbhub - ok
18:26:04.0383 3568 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
18:26:04.0385 3568 usbohci - ok
18:26:04.0403 3568 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
18:26:04.0409 3568 usbprint - ok
18:26:04.0448 3568 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:26:04.0454 3568 USBSTOR - ok
18:26:04.0487 3568 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
18:26:04.0491 3568 usbuhci - ok
18:26:04.0511 3568 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
18:26:04.0529 3568 usbvideo - ok
18:26:04.0557 3568 UVCFTR (fa3ca291f80ee13a1ac210492a7dfbb9) C:\Windows\system32\Drivers\UVCFTR_S.SYS
18:26:04.0628 3568 UVCFTR - ok
18:26:04.0663 3568 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
18:26:04.0666 3568 UxSms - ok
18:26:04.0724 3568 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
18:26:04.0738 3568 vds - ok
18:26:04.0754 3568 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
18:26:04.0761 3568 vga - ok
18:26:04.0768 3568 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
18:26:04.0775 3568 VgaSave - ok
18:26:04.0797 3568 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
18:26:04.0799 3568 viaide - ok
18:26:04.0825 3568 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
18:26:04.0832 3568 volmgr - ok
18:26:04.0902 3568 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
18:26:04.0924 3568 volmgrx - ok
18:26:04.0975 3568 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
18:26:04.0986 3568 volsnap - ok
18:26:05.0011 3568 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
18:26:05.0029 3568 vsmraid - ok
18:26:05.0167 3568 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
18:26:05.0179 3568 VSS - ok
18:26:05.0339 3568 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
18:26:05.0356 3568 W32Time - ok
18:26:05.0396 3568 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
18:26:05.0398 3568 WacomPen - ok
18:26:05.0439 3568 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:26:05.0444 3568 Wanarp - ok
18:26:05.0449 3568 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:26:05.0453 3568 Wanarpv6 - ok
18:26:05.0506 3568 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
18:26:05.0533 3568 wcncsvc - ok
18:26:05.0566 3568 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
18:26:05.0571 3568 WcsPlugInService - ok
18:26:05.0590 3568 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
18:26:05.0592 3568 Wd - ok
18:26:05.0664 3568 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:26:05.0688 3568 Wdf01000 - ok
18:26:05.0707 3568 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
18:26:05.0715 3568 WdiServiceHost - ok
18:26:05.0721 3568 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
18:26:05.0725 3568 WdiSystemHost - ok
18:26:05.0753 3568 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
18:26:05.0767 3568 WebClient - ok
18:26:05.0823 3568 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
18:26:05.0858 3568 Wecsvc - ok
18:26:05.0874 3568 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
18:26:05.0880 3568 wercplsupport - ok
18:26:05.0901 3568 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
18:26:05.0920 3568 WerSvc - ok
18:26:05.0960 3568 WinDefend - ok
18:26:05.0973 3568 WinHttpAutoProxySvc - ok
18:26:06.0054 3568 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
18:26:06.0062 3568 Winmgmt - ok
18:26:06.0276 3568 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
18:26:06.0327 3568 WinRM - ok
18:26:06.0466 3568 winusb (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\winusb.sys
18:26:06.0471 3568 winusb - ok
18:26:06.0538 3568 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
18:26:06.0550 3568 Wlansvc - ok
18:26:06.0613 3568 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:26:06.0669 3568 wlcrasvc - ok
18:26:06.0855 3568 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:26:06.0914 3568 wlidsvc - ok
18:26:07.0064 3568 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:26:07.0068 3568 WmiAcpi - ok
18:26:07.0141 3568 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
18:26:07.0149 3568 wmiApSrv - ok
18:26:07.0181 3568 WMPNetworkSvc - ok
18:26:07.0304 3568 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
18:26:07.0365 3568 WMZuneComm - ok
18:26:07.0400 3568 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
18:26:07.0414 3568 WPCSvc - ok
18:26:07.0453 3568 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
18:26:07.0458 3568 WPDBusEnum - ok
18:26:07.0649 3568 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:26:07.0756 3568 WPFFontCache_v0400 - ok
18:26:07.0813 3568 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
18:26:07.0820 3568 ws2ifsl - ok
18:26:07.0855 3568 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
18:26:07.0865 3568 wscsvc - ok
18:26:07.0871 3568 WSearch - ok
18:26:08.0064 3568 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
18:26:08.0114 3568 wuauserv - ok
18:26:08.0263 3568 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:26:08.0272 3568 WudfPf - ok
18:26:08.0331 3568 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:26:08.0349 3568 WUDFRd - ok
18:26:08.0368 3568 wudfsvc (3dcc7bf5afa921b479e622bd999121f3) C:\Windows\System32\WUDFSvc.dll
18:26:08.0372 3568 wudfsvc - ok
18:26:08.0501 3568 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:26:08.0611 3568 YahooAUService - ok
18:26:09.0306 3568 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
18:26:09.0435 3568 ZuneNetworkSvc - ok
18:26:09.0552 3568 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
18:26:09.0620 3568 ZuneWlanCfgSvc - ok
18:26:09.0671 3568 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:26:09.0704 3568 \Device\Harddisk0\DR0 - ok
18:26:09.0710 3568 Boot (0x1200) (f37d0cb6228736ad99bdbe5559458ad9) \Device\Harddisk0\DR0\Partition0
18:26:09.0712 3568 \Device\Harddisk0\DR0\Partition0 - ok
18:26:09.0716 3568 Boot (0x1200) (70024ddc2f01c3b51911fce28747e5d0) \Device\Harddisk0\DR0\Partition1
18:26:09.0718 3568 \Device\Harddisk0\DR0\Partition1 - ok
18:26:09.0720 3568 ============================================================
18:26:09.0720 3568 Scan finished
18:26:09.0720 3568 ============================================================
18:26:09.0797 4740 Detected object count: 0
18:26:09.0797 4740 Actual detected object count: 0
18:26:26.0618 4412 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-27 18:52:31
-----------------------------
18:52:31.732 OS Version: Windows x64 6.0.6002 Service Pack 2
18:52:31.732 Number of processors: 2 586 0xF0D
18:52:31.732 ComputerName: RAY-PC UserName: Ray
18:52:34.244 Initialize success
18:52:52.886 AVAST engine defs: 12042701
18:53:00.967 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
18:53:00.967 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3
18:53:00.982 Disk 0 MBR read successfully
18:53:00.982 Disk 0 MBR scan
18:53:00.998 Disk 0 Windows VISTA default MBR code
18:53:00.998 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 15100 MB offset 63
18:53:01.045 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 290142 MB offset 30925125
18:53:01.076 Disk 0 scanning C:\Windows\system32\drivers
18:53:20.045 Service scanning
18:53:50.653 Modules scanning
18:53:50.653 Disk 0 trace - called modules:
18:53:50.684 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
18:53:50.684 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fc2060]
18:53:51.199 3 CLASSPNP.SYS[fffffa60012aac33] -> nt!IofCallDriver -> [0xfffffa8004bad520]
18:53:51.199 5 acpi.sys[fffffa60008ccfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8004baa060]
18:53:52.993 AVAST engine scan C:\Windows
18:53:57.517 AVAST engine scan C:\Windows\system32
18:58:52.887 AVAST engine scan C:\Windows\system32\drivers
18:59:15.647 AVAST engine scan C:\Users\Ray
19:05:03.871 AVAST engine scan C:\ProgramData
19:27:28.060 Scan finished successfully
19:27:47.981 Disk 0 MBR has been saved successfully to "C:\Users\Ray\Desktop\MBR.dat"
19:27:47.997 The log file has been saved successfully to "C:\Users\Ray\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 AM

Posted 27 April 2012 - 09:41 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 RCipra

RCipra
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix, AZ
  • Local time:01:36 AM

Posted 27 April 2012 - 10:19 PM

Gringo,
Everything looks good. No problems noted during running Combofix and not having issues with the redirect. Run several searches and all looks good.

ComboFix 12-04-27.02 - Ray 04/27/2012 19:50:17.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2467 [GMT -7:00]
Running from: c:\users\Ray\Desktop\ComboFix.exe
Command switches used :: c:\users\Ray\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ray\AppData\Local\Temp\ppcrlui_2952_2
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-28 03:06 . 2012-04-28 03:06 -------- d-----w- c:\users\Ray\AppData\Local\temp
2012-04-28 03:06 . 2012-04-28 03:06 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-04-28 03:06 . 2012-04-28 03:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-28 00:10 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCFEA09E-C436-4958-85BD-BAFB3778D3A8}\mpengine.dll
2012-04-26 03:21 . 2012-04-26 03:20 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D055D1F-FE7F-431C-8AD7-FE6A44E2A970}\gapaengine.dll
2012-04-26 03:20 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-26 03:01 . 2012-04-26 03:01 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-26 03:00 . 2012-04-26 03:02 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-26 02:58 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-25 05:07 . 2012-04-25 05:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-25 04:51 . 2012-04-25 04:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-25 04:51 . 2012-04-25 04:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-25 04:51 . 2012-04-25 04:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-25 04:51 . 2012-04-25 04:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-25 04:51 . 2012-04-25 04:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-25 04:51 . 2012-04-25 04:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-25 04:51 . 2012-04-25 04:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-04-25 04:50 . 2012-04-25 04:51 -------- d-----w- c:\program files (x86)\QuickTime
2012-04-25 04:15 . 2012-04-25 04:15 -------- d-----w- c:\program files\CCleaner
2012-04-25 01:47 . 2011-08-13 05:11 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2012-04-25 01:47 . 2011-08-13 04:43 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2012-04-24 23:42 . 2012-04-24 23:42 -------- d-----w- c:\users\Ray\AppData\Roaming\Malwarebytes
2012-04-24 23:42 . 2012-04-24 23:42 -------- d-----w- c:\programdata\Malwarebytes
2012-04-24 23:42 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-24 23:42 . 2012-04-24 23:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-24 05:59 . 2012-04-18 10:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C55B0144-5B35-489F-A1AC-393F00D41BE0}\mpengine.dll
2012-04-24 05:08 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-04-24 02:20 . 2012-01-12 16:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-13 18:09 . 2012-04-13 18:09 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 10:04 . 2012-03-06 06:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 10:03 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 10:03 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 10:03 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 10:03 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 10:03 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 10:03 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 10:03 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 03:12 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-04-11 03:12 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-01 18:25 . 2012-04-13 18:09 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 18:09 . 2011-05-23 22:51 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 03:44 . 2012-03-21 03:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2012-03-21 03:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-20 20:11 . 2011-01-27 22:02 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-02-22 20:29 . 2011-01-27 22:02 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 20:29 . 2011-01-27 22:02 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 20:29 . 2011-01-27 22:02 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 20:29 . 2011-01-27 22:02 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 20:29 . 2011-01-27 22:02 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 20:29 . 2011-01-27 22:02 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-22 20:29 . 2011-01-27 22:02 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 20:29 . 2008-08-17 02:27 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 20:29 . 2008-08-17 02:27 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-14 16:49 . 2012-03-14 02:50 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-14 02:50 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-14 02:50 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 02:50 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-14 02:50 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-14 02:50 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-14 02:50 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-14 02:50 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-14 02:50 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-14 02:50 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-02 15:34 . 2012-03-14 02:50 2765824 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-27_23.43.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-28 00:02 . 2012-04-28 00:02 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2012-04-28 00:02 . 2012-04-28 00:02 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2012-04-28 00:02 . 2012-04-28 00:02 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 11776 c:\windows\SysWOW64\mshta.exe
+ 2012-04-28 00:02 . 2012-04-28 00:02 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2012-04-28 00:02 . 2012-04-28 00:02 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 78848 c:\windows\SysWOW64\inseng.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 35840 c:\windows\SysWOW64\imgutil.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 74752 c:\windows\SysWOW64\iesetup.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 31744 c:\windows\SysWOW64\iernonce.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2012-04-28 00:02 . 2012-04-28 00:02 66048 c:\windows\SysWOW64\icardie.dll
- 2008-01-21 03:20 . 2012-04-27 20:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-04-28 02:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-04-28 02:00 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-04-27 20:45 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-04-28 02:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-04-27 20:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-04-28 00:08 70534 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-04-28 01:45 87220 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-14 00:11 . 2012-04-28 01:45 17312 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-987286777-748312672-3327065692-1000_UserData.bin
+ 2012-04-28 00:02 . 2012-04-28 00:02 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2012-04-28 00:02 . 2012-04-28 00:02 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2012-04-28 00:02 . 2012-04-28 00:02 65024 c:\windows\system32\pngfilt.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 48640 c:\windows\system32\mshtmler.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 96256 c:\windows\system32\mshtmled.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 12288 c:\windows\system32\mshta.exe
+ 2012-04-28 00:02 . 2012-04-28 00:02 10752 c:\windows\system32\msfeedssync.exe
+ 2012-04-28 00:02 . 2012-04-28 00:02 55296 c:\windows\system32\msfeedsbs.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 30720 c:\windows\system32\licmgr10.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 85504 c:\windows\system32\jsproxy.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 49664 c:\windows\system32\imgutil.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 85504 c:\windows\system32\iesetup.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 39936 c:\windows\system32\iernonce.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 89088 c:\windows\system32\ie4uinit.exe
+ 2012-04-28 00:02 . 2012-04-28 00:02 82432 c:\windows\system32\icardie.dll
- 2008-06-14 00:06 . 2012-04-27 18:43 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-14 00:06 . 2012-04-28 02:35 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-14 00:06 . 2012-04-27 18:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-14 00:06 . 2012-04-28 02:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-14 00:06 . 2012-04-28 02:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-14 00:06 . 2012-04-27 18:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-27 00:48 . 2012-04-27 00:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-28 00:06 . 2012-04-28 01:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-27 00:48 . 2012-04-27 00:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-28 00:06 . 2012-04-28 01:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-28 00:02 . 2012-04-28 00:02 152064 c:\windows\SysWOW64\wextract.exe
+ 2012-04-28 00:02 . 2012-04-28 00:02 203776 c:\windows\SysWOW64\webcheck.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 420864 c:\windows\SysWOW64\vbscript.dll
- 2011-04-15 20:57 . 2011-02-17 06:23 420864 c:\windows\SysWOW64\vbscript.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 231936 c:\windows\SysWOW64\url.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 123392 c:\windows\SysWOW64\occache.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 162304 c:\windows\SysWOW64\msrating.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 161792 c:\windows\SysWOW64\msls31.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 580608 c:\windows\SysWOW64\msfeeds.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 150528 c:\windows\SysWOW64\iexpress.exe
+ 2012-04-28 00:02 . 2012-04-28 00:02 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-04-28 00:02 . 2012-04-28 00:02 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 118784 c:\windows\SysWOW64\iepeers.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 434176 c:\windows\SysWOW64\ieapfltr.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 163840 c:\windows\SysWOW64\ieakui.dll
- 2009-05-03 14:11 . 2009-03-08 11:32 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 114176 c:\windows\SysWOW64\advpack.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 101888 c:\windows\SysWOW64\admparse.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 160256 c:\windows\system32\wextract.exe
+ 2012-04-28 00:02 . 2012-04-28 00:02 249344 c:\windows\system32\webcheck.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 603648 c:\windows\system32\vbscript.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 237056 c:\windows\system32\url.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 149504 c:\windows\system32\occache.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 197120 c:\windows\system32\msrating.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 222208 c:\windows\system32\msls31.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 697344 c:\windows\system32\msfeeds.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 818688 c:\windows\system32\jscript.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 103936 c:\windows\system32\inseng.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 165888 c:\windows\system32\iexpress.exe
+ 2012-04-28 00:02 . 2012-04-28 00:02 173056 c:\windows\system32\ieUnatt.exe
+ 2012-04-28 00:02 . 2012-04-28 00:02 248320 c:\windows\system32\ieui.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 111616 c:\windows\system32\iesysprep.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 145920 c:\windows\system32\iepeers.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 403248 c:\windows\system32\iedkcs32.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 534528 c:\windows\system32\ieapfltr.dll
- 2009-05-03 14:11 . 2009-03-08 11:39 163840 c:\windows\system32\ieakui.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 163840 c:\windows\system32\ieakui.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 267776 c:\windows\system32\ieaksie.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 160256 c:\windows\system32\ieakeng.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 135168 c:\windows\system32\IEAdvpack.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 282112 c:\windows\system32\dxtrans.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 452608 c:\windows\system32\dxtmsft.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 136192 c:\windows\system32\advpack.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 114176 c:\windows\system32\admparse.dll
- 2011-02-15 00:44 . 2012-04-26 23:55 289632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-15 00:44 . 2012-04-28 00:04 289632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-28 00:02 . 2012-04-28 00:02 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 1798656 c:\windows\SysWOW64\jscript9.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 9705472 c:\windows\SysWOW64\ieframe.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 3695416 c:\windows\SysWOW64\ieapfltr.dat
+ 2012-04-28 00:02 . 2012-04-28 00:02 1390080 c:\windows\system32\wininet.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 1345536 c:\windows\system32\urlmon.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 2308096 c:\windows\system32\jscript9.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 2144256 c:\windows\system32\iertutil.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 3695416 c:\windows\system32\ieapfltr.dat
+ 2012-04-28 00:02 . 2012-04-28 00:02 12282368 c:\windows\SysWOW64\mshtml.dll
+ 2006-11-02 12:33 . 2012-04-28 00:07 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 12:33 . 2012-04-27 01:11 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-04-28 00:02 . 2012-04-28 00:02 17790464 c:\windows\system32\mshtml.dll
+ 2012-04-28 00:02 . 2012-04-28 00:02 10887168 c:\windows\system32\ieframe.dll
+ 2011-05-09 23:09 . 2012-04-28 00:04 10052082 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-987286777-748312672-3327065692-1000-8192.dat
- 2011-05-09 23:09 . 2012-04-26 23:55 10052082 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-987286777-748312672-3327065692-1000-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-6 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1220392]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2007-11-09 437760]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ww2.cox.com/myconnection/arizona/today.cox
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-987286777-748312672-3327065692-1000\Software\SecuROM\License information*]
"datasecu"=hex:da,05,58,7a,8b,2d,ad,c5,33,d1,7d,2e,d3,80,2d,98,d5,4f,c6,6a,02,
ef,fa,88,28,d7,b2,ed,57,df,6a,0e,b5,f9,c2,ef,76,de,db,94,a0,0c,11,51,81,ae,\
"rkeysecu"=hex:1c,29,1f,d8,10,b0,a7,2c,90,fa,ac,ba,4f,c0,8f,ae
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-04-27 20:10:42
ComboFix-quarantined-files.txt 2012-04-28 03:10
ComboFix2.txt 2012-04-27 23:47
.
Pre-Run: 170,394,107,904 bytes free
Post-Run: 170,435,854,336 bytes free
.
- - End Of File - - E39BB41301DAC2EC5CB35DF54C3B8DA9

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 AM

Posted 27 April 2012 - 10:26 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Java™ 6 Update 26
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 RCipra

RCipra
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix, AZ
  • Local time:01:36 AM

Posted 27 April 2012 - 11:07 PM

Here are the logs from MBAM and HiJackThis

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.28.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Ray :: RAY-PC [administrator]

Protection: Disabled

4/27/2012 8:51:34 PM
mbam-log-2012-04-27 (20-51-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 222174
Time elapsed: 2 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:09 PM, on 4/27/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww2.cox.com/myconnection/arizona/today.cox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120425195554.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\system32\STacSV64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11865 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 AM

Posted 27 April 2012 - 11:14 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - Global Startup: Logitech SetPoint.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 RCipra

RCipra
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix, AZ
  • Local time:01:36 AM

Posted 28 April 2012 - 01:31 AM

Scan results

C:\Qoobox\Quarantine\C\Users\Ray\AppData\Local\Apple\Adobe\txuivci.dll.vir a variant of Win32/Kryptik.AEVS trojan
C:\Users\Ray\AppData\Local\Apple\Adobe\gdvhniu.dll a variant of Win32/Kryptik.AEVS trojan

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 AM

Posted 28 April 2012 - 02:06 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Ray\AppData\Local\Apple\Adobe\gdvhniu.dll"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 RCipra

RCipra
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix, AZ
  • Local time:01:36 AM

Posted 28 April 2012 - 10:12 AM

Gringo,
Thanks so much for all the help.

Thanks
Ray

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 AM

Posted 28 April 2012 - 12:01 PM

You are more than welcome


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 AM

Posted 30 April 2012 - 11:19 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users