Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus problem


  • This topic is locked This topic is locked
24 replies to this topic

#1 kelvan

kelvan

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 29 April 2012 - 05:42 AM

Hi,

I have been finding recently that when I search with google, bing, yahoo and select a link that I am redirected to a random page. Not related and not always the same. I also occassionally have pop-ups for surveys especially when hovering over randomly highlighted words on different webpages.

After doing a search I have attempted to use Malwarebytes which found malware (which I deleted) and continues to show it is blocking something from accessing my computer. I have also run spybot - search and destroy which found 4 errors and "fixed them" however I continue to have problems with search engines. I tried running both programs in safe mode but no luck either.

I have Windows 7 and run McAfee Anti-virus which suprise suprise thinks my computer is happy and healthy.

Am I heading down the wrong track with the malware and spybot. Please help as the internet is my primary use on this machine and frustration levels are high.

At this stage I can still get to pages by typing in addresses and can still download new programs e.g malwarebytes and spybot.

Thanks in advance for your help.

Sorry i attached the files not copied. Here are the results below.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Nicole at 20:26:44 on 2012-04-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3959.2030 [GMT 10:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\SysWOW64\nlssrv32.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\WINDOWS\System32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.271\SSScheduler.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\svchost.exe -k SDRSVC
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\DllHost.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ninemsn.com.au/?pc=skyp&ocid=skydhp
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120229192545.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Askcom] rundll32.exe C:\Users\Nicole\AppData\Local\Askcom\hgvdidgh.dll,CreateTzanShell
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [FAStartup]
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Nicole\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.271\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/AU/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/AU/Core/Player/2020PlayerAX_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{093FDDBF-D3A0-4713-984E-32F7734CF6FF} : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{093FDDBF-D3A0-4713-984E-32F7734CF6FF}\254533035323F51405 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{093FDDBF-D3A0-4713-984E-32F7734CF6FF}\F40545553544E4837324333483 : DhcpNameServer = 10.1.1.1
TCP: Interfaces\{683D2083-8841-4C4B-8B0D-D6CDE56590B7} : DhcpNameServer = 211.29.132.12 61.88.88.88
TCP: Interfaces\{C9759C42-2CB4-4BF6-9565-F5FCD7816461} : DhcpNameServer = 10.1.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli FAPassSync
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120229192545.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [FAStartup]
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-7-8 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-10 155648]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-2-21 2409800]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-8 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-29 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-22 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-22 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-22 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-22 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-7-8 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-7-8 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-7-8 161168]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\WINDOWS\System32\nlssrv32.exe [2009-6-7 61440]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-29 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-8 1692480]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys --> C:\windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-8 2320920]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\windows\system32\DRIVERS\bcmvwl64.sys --> C:\windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 FACAP;facap, FastAccess Video Capture;C:\windows\system32\DRIVERS\facap.sys --> C:\windows\system32\DRIVERS\facap.sys [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 ivusb;Initio Driver for USB Default Controller;C:\windows\system32\DRIVERS\ivusb.sys --> C:\windows\system32\DRIVERS\ivusb.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe [2012-3-14 237272]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\system32\DRIVERS\netaapl64.sys --> C:\windows\system32\DRIVERS\netaapl64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-3 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-22 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-29 08:28:47 -------- d-----w- C:\windows\pss
2012-04-29 07:01:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-29 07:01:23 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-29 03:16:34 -------- d-----w- C:\Users\Nicole\AppData\Roaming\Malwarebytes
2012-04-29 03:15:56 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-29 03:15:52 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-04-29 03:15:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-29 02:56:17 -------- d-----w- C:\ProgramData\McAfee Security Scan
2012-04-29 02:56:02 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-04-23 12:41:34 -------- d-----w- C:\Users\Nicole\AppData\Local\Askcom
2012-04-12 13:28:54 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-12 13:28:54 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-12 13:28:54 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-12 13:28:54 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-12 13:28:54 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-04-12 13:28:54 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-12 13:28:54 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-05 06:41:00 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared
.
==================== Find3M ====================
.
2012-03-26 07:10:22 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 06:53:37 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-14 02:09:44 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
2010-09-19 07:15:26 74840872 ----a-w- C:\Program Files\iTunesSetup.exe
.
============= FINISH: 20:28:39.39 ===============


*Edit: Moved topic from Windows 7 to the more appropriate forum. Merged DDS log into this post. Removed DDS attachment.~ Queen-Evie*

Attached Files


Edited by Queen-Evie, 29 April 2012 - 07:00 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 29 April 2012 - 07:35 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kelvan

kelvan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 29 April 2012 - 07:44 AM

Results of security check

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Ad-Aware Antivirus
McAfee Security Scan Plus
McAfee SecurityCenter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Spybot - Search & Destroy
Java™ 6 Update 32
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus Engine SBAMSvc.exe
``````````End of Log````````````

Will now run combo fix.

Thank you!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 29 April 2012 - 07:48 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kelvan

kelvan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 29 April 2012 - 04:47 PM

Here is the combo fix log, I also had an error when my machine re-started stating :

The instruction at 0x09616cb6 referenced memory at 0x200000. The memory could not be read. Click ok to terminate program.

The bar at the top read sysFader:iexploerer.exe

I am getting internet explorer has stopped working dialogue boxes now, however if i just click the x - it does not affect anything. This seems to pop up as frequently as before.

Search engine seems ok. Have only tried twice as off to work now. Will let you know if problems arises.


ComboFix 12-04-29.01 - Nicole 29/04/2012 23:07:29.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3959.2298 [GMT 10:00]
Running from: c:\users\Nicole\Downloads\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 13:20 . 2012-04-29 13:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-29 12:34 . 2012-04-29 12:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-29 12:32 . 2012-04-29 12:32 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-04-29 10:52 . 2012-04-29 10:52 -------- d-----w- c:\users\Nicole\AppData\Local\adaware
2012-04-29 10:52 . 2012-04-29 10:52 -------- d-----w- c:\users\Nicole\AppData\Local\Mozilla
2012-04-29 10:51 . 2011-05-17 08:36 45904 ----a-w- c:\windows\system32\sbbd.exe
2012-04-29 10:51 . 2011-04-29 04:15 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-04-29 10:51 . 2011-04-05 07:35 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-29 10:51 . 2011-04-05 07:35 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-29 10:51 . 2011-04-05 07:35 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-29 10:51 . 2011-02-07 23:14 84568 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-29 10:51 . 2012-04-29 10:51 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-04-29 10:51 . 2012-04-29 10:51 -------- d-----w- c:\programdata\Lavasoft
2012-04-29 10:50 . 2012-04-29 10:52 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-04-29 10:50 . 2012-04-29 10:50 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-04-29 10:50 . 2012-04-29 10:50 -------- d-----w- c:\program files (x86)\adawaretb
2012-04-29 10:49 . 2012-04-29 11:13 -------- d-----w- c:\users\Nicole\AppData\Roaming\Ad-Aware Antivirus
2012-04-29 10:48 . 2012-04-29 10:48 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-29 07:01 . 2012-04-29 07:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-29 07:01 . 2012-04-29 07:01 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-29 03:16 . 2012-04-29 03:16 -------- d-----w- c:\users\Nicole\AppData\Roaming\Malwarebytes
2012-04-29 03:15 . 2012-04-29 03:15 -------- d-----w- c:\programdata\Malwarebytes
2012-04-29 03:15 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 03:15 . 2012-04-29 03:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-29 02:56 . 2012-04-29 02:56 -------- d-----w- c:\programdata\McAfee Security Scan
2012-04-29 02:56 . 2012-04-29 02:56 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-04-23 12:41 . 2012-04-23 12:41 -------- d-----w- c:\users\Nicole\AppData\Local\Askcom
2012-04-23 10:13 . 2012-04-23 10:13 -------- d-----w- c:\users\Nicole\AppData\Roaming\dvdcss
2012-04-15 13:36 . 2012-04-15 13:36 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-12 13:28 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 13:28 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 13:28 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 13:28 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 13:28 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 13:28 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 13:28 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-05 06:41 . 2012-04-05 06:41 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-29 12:32 . 2011-07-29 04:59 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-26 07:10 . 2011-09-02 11:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-26 11:35 . 2012-02-26 11:35 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-26 11:35 . 2012-02-26 11:35 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-26 11:35 . 2012-02-26 11:35 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-26 11:35 . 2012-02-26 11:35 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-26 11:35 . 2012-02-26 11:35 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-26 11:35 . 2012-02-26 11:35 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-26 11:35 . 2012-02-26 11:35 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-26 11:35 . 2012-02-26 11:35 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-26 11:35 . 2012-02-26 11:35 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-26 11:35 . 2012-02-26 11:35 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-26 11:35 . 2012-02-26 11:35 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-26 11:35 . 2012-02-26 11:35 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-26 11:35 . 2012-02-26 11:35 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-26 11:35 . 2012-02-26 11:35 448512 ----a-w- c:\windows\system32\html.iec
2012-02-26 11:35 . 2012-02-26 11:35 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-26 11:35 . 2012-02-26 11:35 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-26 11:35 . 2012-02-26 11:35 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-26 11:35 . 2012-02-26 11:35 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-26 11:35 . 2012-02-26 11:35 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-26 11:35 . 2012-02-26 11:35 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-26 11:35 . 2012-02-26 11:35 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-26 11:35 . 2012-02-26 11:35 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-26 11:35 . 2012-02-26 11:35 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-26 11:35 . 2012-02-26 11:35 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-26 11:35 . 2012-02-26 11:35 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-26 11:35 . 2012-02-26 11:35 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-26 11:35 . 2012-02-26 11:35 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-26 11:35 . 2012-02-26 11:35 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-26 11:35 . 2012-02-26 11:35 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-26 11:35 . 2012-02-26 11:35 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-26 11:35 . 2012-02-26 11:35 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-26 11:35 . 2012-02-26 11:35 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-26 11:35 . 2012-02-26 11:35 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-26 11:35 . 2012-02-26 11:35 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-17 06:38 . 2012-03-14 09:22 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 09:22 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 09:22 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 09:22 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 02:09 . 2012-02-14 02:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-14 09:23 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 09:23 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 09:23 3145728 ----a-w- c:\windows\system32\win32k.sys
2010-09-19 07:15 . 2010-09-19 07:15 74840872 ----a-w- c:\program files\iTunesSetup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-03-06 19:16 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 11:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-03-06 87440]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-28 17148552]
"Askcom"="c:\users\Nicole\AppData\Local\Askcom\hgvdidgh.dll" [2011-10-26 472360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-21 95560]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2010-08-19 522736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-24 102400]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-01-31 892928]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-10 559616]
.
c:\users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.271\SSScheduler.exe [2012-3-14 274328]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-02-21 12:51 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-28 158856]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe [2012-03-13 237272]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-03-17 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-21 2409800]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-17 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 02:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ninemsn.com.au/?pc=skyp&ocid=skydhp
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/AU/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\z6gbbgyg.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-FAStartup - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-29 23:40:49
ComboFix-quarantined-files.txt 2012-04-29 13:40
.
Pre-Run: 293,045,039,104 bytes free
Post-Run: 292,983,701,504 bytes free
.
- - End Of File - - F5C12957FC7208F546C07793B675C5E4

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 29 April 2012 - 05:10 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.





tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kelvan

kelvan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 30 April 2012 - 03:22 AM

Hi,

I have un-installed the additional anti-virus software (it was only installed since I have been having problems but thank you for being so thorough).
Here is the TDSSKiller log.
18:18:08.0411 8264 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
18:18:10.0440 8264 ============================================================
18:18:10.0440 8264 Current date / time: 2012/04/30 18:18:10.0440
18:18:10.0440 8264 SystemInfo:
18:18:10.0440 8264
18:18:10.0440 8264 OS Version: 6.1.7601 ServicePack: 1.0
18:18:10.0440 8264 Product type: Workstation
18:18:10.0440 8264 ComputerName: MIKE
18:18:10.0440 8264 UserName: Nicole
18:18:10.0440 8264 Windows directory: C:\windows
18:18:10.0440 8264 System windows directory: C:\windows
18:18:10.0440 8264 Running under WOW64
18:18:10.0440 8264 Processor architecture: Intel x64
18:18:10.0440 8264 Number of processors: 4
18:18:10.0440 8264 Page size: 0x1000
18:18:10.0440 8264 Boot type: Normal boot
18:18:10.0440 8264 ============================================================
18:18:12.0000 8264 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:18:12.0000 8264 ============================================================
18:18:12.0000 8264 \Device\Harddisk0\DR0:
18:18:12.0000 8264 MBR partitions:
18:18:12.0000 8264 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
18:18:12.0000 8264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
18:18:12.0000 8264 ============================================================
18:18:12.0093 8264 C: <-> \Device\Harddisk0\DR0\Partition1
18:18:12.0093 8264 ============================================================
18:18:12.0093 8264 Initialize success
18:18:12.0093 8264 ============================================================
18:18:13.0942 7680 ============================================================
18:18:13.0942 7680 Scan started
18:18:13.0942 7680 Mode: Manual;
18:18:13.0942 7680 ============================================================
18:18:17.0272 7680 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
18:18:17.0282 7680 1394ohci - ok
18:18:17.0762 7680 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
18:18:17.0792 7680 ACPI - ok
18:18:17.0912 7680 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
18:18:17.0912 7680 AcpiPmi - ok
18:18:18.0667 7680 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
18:18:18.0707 7680 adp94xx - ok
18:18:19.0057 7680 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
18:18:19.0137 7680 adpahci - ok
18:18:19.0366 7680 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
18:18:19.0377 7680 adpu320 - ok
18:18:19.0491 7680 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
18:18:19.0493 7680 AeLookupSvc - ok
18:18:19.0848 7680 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
18:18:19.0862 7680 AESTFilters - ok
18:18:20.0105 7680 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
18:18:20.0125 7680 AFD - ok
18:18:20.0244 7680 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
18:18:20.0247 7680 agp440 - ok
18:18:20.0359 7680 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
18:18:20.0366 7680 ALG - ok
18:18:20.0396 7680 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
18:18:20.0397 7680 aliide - ok
18:18:20.0530 7680 AMD External Events Utility (2115fb360c02a4b4c3696bf8e9524bdb) C:\windows\system32\atiesrxx.exe
18:18:20.0546 7680 AMD External Events Utility - ok
18:18:20.0564 7680 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
18:18:20.0566 7680 amdide - ok
18:18:20.0668 7680 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
18:18:20.0685 7680 AmdK8 - ok
18:18:24.0999 7680 amdkmdag (d212e021f43891fbd0669dd8457d455c) C:\windows\system32\DRIVERS\atikmdag.sys
18:18:25.0132 7680 amdkmdag - ok
18:18:25.0849 7680 amdkmdap (1c2421393cdc5a97269109fb352ddf1a) C:\windows\system32\DRIVERS\atikmpag.sys
18:18:25.0852 7680 amdkmdap - ok
18:18:25.0953 7680 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
18:18:25.0958 7680 AmdPPM - ok
18:18:26.0092 7680 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
18:18:26.0101 7680 amdsata - ok
18:18:26.0130 7680 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
18:18:26.0141 7680 amdsbs - ok
18:18:26.0193 7680 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
18:18:26.0193 7680 amdxata - ok
18:18:26.0325 7680 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
18:18:26.0332 7680 AppID - ok
18:18:26.0410 7680 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
18:18:26.0422 7680 AppIDSvc - ok
18:18:26.0607 7680 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
18:18:26.0608 7680 Appinfo - ok
18:18:26.0825 7680 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:18:26.0838 7680 Apple Mobile Device - ok
18:18:27.0090 7680 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
18:18:27.0131 7680 arc - ok
18:18:27.0284 7680 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
18:18:27.0301 7680 arcsas - ok
18:18:27.0359 7680 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
18:18:27.0361 7680 AsyncMac - ok
18:18:27.0535 7680 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
18:18:27.0536 7680 atapi - ok
18:18:27.0846 7680 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\windows\system32\drivers\AtiHdmi.sys
18:18:27.0848 7680 AtiHdmiService - ok
18:18:28.0017 7680 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
18:18:28.0040 7680 AudioEndpointBuilder - ok
18:18:28.0047 7680 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
18:18:28.0051 7680 AudioSrv - ok
18:18:28.0349 7680 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
18:18:28.0351 7680 AxInstSV - ok
18:18:28.0406 7680 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
18:18:28.0435 7680 b06bdrv - ok
18:18:28.0515 7680 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
18:18:28.0529 7680 b57nd60a - ok
18:18:28.0558 7680 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\windows\system32\drivers\BCM42RLY.sys
18:18:28.0559 7680 BCM42RLY - ok
18:18:29.0296 7680 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\windows\system32\DRIVERS\bcmwl664.sys
18:18:29.0310 7680 BCM43XX - ok
18:18:29.0540 7680 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\windows\system32\DRIVERS\bcmvwl64.sys
18:18:29.0541 7680 BcmVWL - ok
18:18:29.0751 7680 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
18:18:29.0753 7680 BDESVC - ok
18:18:29.0799 7680 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
18:18:29.0801 7680 Beep - ok
18:18:30.0163 7680 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
18:18:30.0183 7680 BFE - ok
18:18:30.0350 7680 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
18:18:30.0368 7680 BITS - ok
18:18:30.0484 7680 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
18:18:30.0493 7680 blbdrive - ok
18:18:30.0738 7680 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:18:30.0743 7680 Bonjour Service - ok
18:18:30.0799 7680 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
18:18:30.0802 7680 bowser - ok
18:18:30.0824 7680 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
18:18:30.0826 7680 BrFiltLo - ok
18:18:30.0850 7680 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
18:18:30.0852 7680 BrFiltUp - ok
18:18:30.0874 7680 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
18:18:30.0882 7680 BridgeMP - ok
18:18:31.0003 7680 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
18:18:31.0016 7680 Browser - ok
18:18:31.0055 7680 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
18:18:31.0071 7680 Brserid - ok
18:18:31.0093 7680 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
18:18:31.0096 7680 BrSerWdm - ok
18:18:31.0112 7680 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
18:18:31.0116 7680 BrUsbMdm - ok
18:18:31.0122 7680 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
18:18:31.0124 7680 BrUsbSer - ok
18:18:31.0180 7680 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
18:18:31.0183 7680 BthEnum - ok
18:18:31.0201 7680 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
18:18:31.0204 7680 BTHMODEM - ok
18:18:31.0223 7680 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
18:18:31.0226 7680 BthPan - ok
18:18:31.0259 7680 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
18:18:31.0276 7680 BTHPORT - ok
18:18:31.0310 7680 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
18:18:31.0313 7680 bthserv - ok
18:18:31.0332 7680 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
18:18:31.0335 7680 BTHUSB - ok
18:18:31.0363 7680 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\windows\system32\drivers\btwaudio.sys
18:18:31.0364 7680 btwaudio - ok
18:18:31.0402 7680 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\windows\system32\DRIVERS\btwavdt.sys
18:18:31.0403 7680 btwavdt - ok
18:18:31.0786 7680 btwdins (d65aa164acd0f6706dbcfbbcc9731584) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:18:31.0805 7680 btwdins - ok
18:18:31.0838 7680 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys
18:18:31.0839 7680 btwl2cap - ok
18:18:31.0851 7680 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\windows\system32\DRIVERS\btwrchid.sys
18:18:31.0852 7680 btwrchid - ok
18:18:31.0901 7680 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
18:18:31.0905 7680 cdfs - ok
18:18:32.0071 7680 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
18:18:32.0075 7680 cdrom - ok
18:18:32.0153 7680 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
18:18:32.0155 7680 CertPropSvc - ok
18:18:32.0207 7680 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\windows\system32\drivers\cfwids.sys
18:18:32.0208 7680 cfwids - ok
18:18:32.0246 7680 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
18:18:32.0250 7680 circlass - ok
18:18:32.0293 7680 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
18:18:32.0305 7680 CLFS - ok
18:18:32.0414 7680 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:18:32.0422 7680 clr_optimization_v2.0.50727_32 - ok
18:18:32.0549 7680 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:18:32.0565 7680 clr_optimization_v2.0.50727_64 - ok
18:18:32.0838 7680 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:18:32.0949 7680 clr_optimization_v4.0.30319_32 - ok
18:18:33.0187 7680 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:18:33.0190 7680 clr_optimization_v4.0.30319_64 - ok
18:18:33.0216 7680 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
18:18:33.0218 7680 CmBatt - ok
18:18:33.0278 7680 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
18:18:33.0280 7680 cmdide - ok
18:18:33.0894 7680 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
18:18:33.0906 7680 CNG - ok
18:18:33.0956 7680 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
18:18:33.0956 7680 Compbatt - ok
18:18:34.0027 7680 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
18:18:34.0029 7680 CompositeBus - ok
18:18:34.0039 7680 COMSysApp - ok
18:18:34.0081 7680 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
18:18:34.0083 7680 crcdisk - ok
18:18:34.0161 7680 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
18:18:34.0165 7680 CryptSvc - ok
18:18:34.0192 7680 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\windows\system32\DRIVERS\CtClsFlt.sys
18:18:34.0195 7680 CtClsFlt - ok
18:18:34.0285 7680 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:18:34.0296 7680 DcomLaunch - ok
18:18:34.0415 7680 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
18:18:34.0422 7680 defragsvc - ok
18:18:34.0555 7680 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
18:18:34.0556 7680 DfsC - ok
18:18:34.0635 7680 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
18:18:34.0645 7680 Dhcp - ok
18:18:34.0682 7680 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
18:18:34.0684 7680 discache - ok
18:18:34.0779 7680 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
18:18:34.0780 7680 Disk - ok
18:18:34.0828 7680 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
18:18:34.0837 7680 Dnscache - ok
18:18:34.0884 7680 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
18:18:34.0894 7680 DockLoginService - ok
18:18:34.0948 7680 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
18:18:34.0958 7680 dot3svc - ok
18:18:35.0007 7680 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys
18:18:35.0017 7680 Dot4 - ok
18:18:35.0067 7680 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\windows\system32\drivers\Dot4Prt.sys
18:18:35.0069 7680 Dot4Print - ok
18:18:35.0095 7680 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys
18:18:35.0098 7680 dot4usb - ok
18:18:35.0144 7680 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
18:18:35.0148 7680 DPS - ok
18:18:35.0183 7680 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
18:18:35.0185 7680 drmkaud - ok
18:18:35.0444 7680 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
18:18:35.0452 7680 DXGKrnl - ok
18:18:35.0506 7680 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
18:18:35.0511 7680 EapHost - ok
18:18:35.0909 7680 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
18:18:35.0990 7680 ebdrv - ok
18:18:36.0361 7680 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
18:18:36.0361 7680 EFS - ok
18:18:37.0896 7680 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
18:18:37.0944 7680 ehRecvr - ok
18:18:38.0222 7680 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
18:18:38.0263 7680 ehSched - ok
18:18:39.0317 7680 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
18:18:39.0391 7680 elxstor - ok
18:18:39.0431 7680 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
18:18:39.0432 7680 ErrDev - ok
18:18:40.0243 7680 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
18:18:40.0278 7680 EventSystem - ok
18:18:40.0333 7680 ewusbnet - ok
18:18:40.0815 7680 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
18:18:40.0818 7680 exfat - ok
18:18:41.0341 7680 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\windows\system32\DRIVERS\facap.sys
18:18:41.0400 7680 FACAP - ok
18:18:45.0980 7680 FAService (cf3c4bc3c771242593d5392fa54c040e) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
18:18:45.0993 7680 FAService - ok
18:18:47.0926 7680 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
18:18:47.0931 7680 fastfat - ok
18:18:49.0203 7680 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
18:18:49.0236 7680 Fax - ok
18:18:49.0333 7680 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
18:18:49.0361 7680 fdc - ok
18:18:49.0406 7680 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
18:18:49.0411 7680 fdPHost - ok
18:18:49.0471 7680 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
18:18:49.0473 7680 FDResPub - ok
18:18:49.0598 7680 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
18:18:49.0626 7680 FileInfo - ok
18:18:49.0686 7680 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
18:18:49.0716 7680 Filetrace - ok
18:18:49.0801 7680 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
18:18:49.0801 7680 flpydisk - ok
18:18:50.0361 7680 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
18:18:50.0421 7680 FltMgr - ok
18:18:51.0061 7680 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
18:18:51.0101 7680 FontCache - ok
18:18:51.0331 7680 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:18:51.0361 7680 FontCache3.0.0.0 - ok
18:18:51.0541 7680 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
18:18:51.0541 7680 FsDepends - ok
18:18:51.0661 7680 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
18:18:51.0681 7680 fssfltr - ok
18:18:53.0957 7680 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:18:54.0010 7680 fsssvc - ok
18:18:55.0364 7680 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
18:18:55.0365 7680 Fs_Rec - ok
18:18:55.0882 7680 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
18:18:55.0922 7680 fvevol - ok
18:18:56.0078 7680 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
18:18:56.0137 7680 gagp30kx - ok
18:18:56.0276 7680 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
18:18:56.0277 7680 GEARAspiWDM - ok
18:18:56.0477 7680 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
18:18:56.0502 7680 GoToAssist - ok
18:18:57.0076 7680 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
18:18:57.0097 7680 gpsvc - ok
18:18:57.0392 7680 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:18:57.0399 7680 gusvc - ok
18:18:57.0433 7680 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
18:18:57.0445 7680 hcw85cir - ok
18:18:57.0956 7680 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
18:18:57.0988 7680 HdAudAddService - ok
18:18:58.0021 7680 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
18:18:58.0024 7680 HDAudBus - ok
18:18:58.0068 7680 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
18:18:58.0069 7680 HECIx64 - ok
18:18:58.0088 7680 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
18:18:58.0091 7680 HidBatt - ok
18:18:58.0108 7680 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
18:18:58.0111 7680 HidBth - ok
18:18:58.0127 7680 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
18:18:58.0130 7680 HidIr - ok
18:18:58.0157 7680 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
18:18:58.0159 7680 hidserv - ok
18:18:58.0199 7680 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
18:18:58.0201 7680 HidUsb - ok
18:18:58.0280 7680 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
18:18:58.0284 7680 hkmsvc - ok
18:18:58.0394 7680 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
18:18:58.0424 7680 HomeGroupListener - ok
18:18:58.0484 7680 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
18:18:58.0495 7680 HomeGroupProvider - ok
18:18:58.0656 7680 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:18:58.0666 7680 hpqcxs08 - ok
18:18:58.0734 7680 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:18:58.0756 7680 hpqddsvc - ok
18:18:58.0888 7680 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
18:18:58.0898 7680 HpSAMD - ok
18:18:58.0968 7680 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
18:18:58.0988 7680 HTTP - ok
18:18:59.0025 7680 hwdatacard - ok
18:18:59.0078 7680 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
18:18:59.0080 7680 hwpolicy - ok
18:18:59.0150 7680 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
18:18:59.0155 7680 i8042prt - ok
18:18:59.0205 7680 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\windows\system32\DRIVERS\iaStor.sys
18:18:59.0210 7680 iaStor - ok
18:18:59.0297 7680 IAStorDataMgrSvc (48362e5db5cb2c000c514ee1f3890acd) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:18:59.0297 7680 IAStorDataMgrSvc - ok
18:18:59.0362 7680 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
18:18:59.0382 7680 iaStorV - ok
18:18:59.0960 7680 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:19:00.0009 7680 idsvc - ok
18:19:02.0047 7680 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
18:19:02.0164 7680 igfx - ok
18:19:02.0616 7680 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
18:19:02.0620 7680 iirsp - ok
18:19:02.0700 7680 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
18:19:02.0755 7680 IKEEXT - ok
18:19:02.0793 7680 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
18:19:02.0795 7680 intelide - ok
18:19:02.0828 7680 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
18:19:02.0829 7680 intelppm - ok
18:19:02.0862 7680 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
18:19:02.0876 7680 IPBusEnum - ok
18:19:02.0919 7680 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:19:02.0921 7680 IpFilterDriver - ok
18:19:02.0963 7680 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
18:19:02.0978 7680 iphlpsvc - ok
18:19:03.0020 7680 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
18:19:03.0023 7680 IPMIDRV - ok
18:19:03.0043 7680 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
18:19:03.0047 7680 IPNAT - ok
18:19:03.0180 7680 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
18:19:03.0205 7680 iPod Service - ok
18:19:03.0226 7680 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
18:19:03.0228 7680 IRENUM - ok
18:19:03.0242 7680 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
18:19:03.0244 7680 isapnp - ok
18:19:03.0267 7680 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
18:19:03.0280 7680 iScsiPrt - ok
18:19:03.0334 7680 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\windows\system32\DRIVERS\ivusb.sys
18:19:03.0336 7680 ivusb - ok
18:19:03.0364 7680 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
18:19:03.0365 7680 kbdclass - ok
18:19:03.0380 7680 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
18:19:03.0383 7680 kbdhid - ok
18:19:03.0438 7680 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:19:03.0439 7680 KeyIso - ok
18:19:03.0461 7680 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
18:19:03.0470 7680 KSecDD - ok
18:19:03.0487 7680 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
18:19:03.0489 7680 KSecPkg - ok
18:19:03.0517 7680 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
18:19:03.0520 7680 ksthunk - ok
18:19:03.0564 7680 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
18:19:03.0577 7680 KtmRm - ok
18:19:03.0643 7680 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
18:19:03.0647 7680 LanmanServer - ok
18:19:03.0702 7680 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
18:19:03.0718 7680 LanmanWorkstation - ok
18:19:03.0758 7680 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
18:19:03.0760 7680 lltdio - ok
18:19:03.0787 7680 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
18:19:03.0803 7680 lltdsvc - ok
18:19:03.0822 7680 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
18:19:03.0826 7680 lmhosts - ok
18:19:04.0184 7680 LMS (5460828f8951d310b42b442877603b8d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:19:04.0188 7680 LMS - ok
18:19:04.0239 7680 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
18:19:04.0242 7680 LSI_FC - ok
18:19:04.0280 7680 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
18:19:04.0319 7680 LSI_SAS - ok
18:19:04.0344 7680 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
18:19:04.0346 7680 LSI_SAS2 - ok
18:19:04.0367 7680 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
18:19:04.0371 7680 LSI_SCSI - ok
18:19:04.0387 7680 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
18:19:04.0390 7680 luafv - ok
18:19:04.0726 7680 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:19:04.0726 7680 McAfee SiteAdvisor Service - ok
18:19:04.0936 7680 McComponentHostService (485405de203e88b3fe4294a2ea48d7ee) C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe
18:19:04.0956 7680 McComponentHostService - ok
18:19:04.0956 7680 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:19:04.0961 7680 McMPFSvc - ok
18:19:04.0976 7680 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:19:04.0976 7680 mcmscsvc - ok
18:19:04.0986 7680 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:19:04.0991 7680 McNaiAnn - ok
18:19:04.0991 7680 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:19:04.0996 7680 McNASvc - ok
18:19:05.0162 7680 McODS (07b89e7de2f7971cf7eef0262207c4de) C:\Program Files\mcafee\VirusScan\mcods.exe
18:19:05.0169 7680 McODS - ok
18:19:05.0174 7680 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:19:05.0176 7680 McOobeSv - ok
18:19:05.0183 7680 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
18:19:05.0185 7680 McProxy - ok
18:19:05.0289 7680 McShield (325b166bf78d8a8ad93e44ca7a6fc332) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:19:05.0301 7680 McShield - ok
18:19:05.0423 7680 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
18:19:05.0431 7680 Mcx2Svc - ok
18:19:05.0486 7680 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
18:19:05.0488 7680 megasas - ok
18:19:05.0514 7680 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
18:19:05.0531 7680 MegaSR - ok
18:19:05.0562 7680 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\windows\system32\drivers\mfeapfk.sys
18:19:05.0563 7680 mfeapfk - ok
18:19:05.0591 7680 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\windows\system32\drivers\mfeavfk.sys
18:19:05.0592 7680 mfeavfk - ok
18:19:05.0634 7680 mfeavfk01 - ok
18:19:05.0686 7680 mfefire (7d8fdc43972d059907e09ee4022f77e8) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:19:05.0696 7680 mfefire - ok
18:19:05.0912 7680 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\windows\system32\drivers\mfefirek.sys
18:19:05.0916 7680 mfefirek - ok
18:19:06.0074 7680 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\windows\system32\drivers\mfehidk.sys
18:19:06.0090 7680 mfehidk - ok
18:19:06.0108 7680 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\windows\system32\DRIVERS\mfenlfk.sys
18:19:06.0109 7680 mfenlfk - ok
18:19:06.0142 7680 mferkdet (65776bd8029e409935b90de30bf99526) C:\windows\system32\drivers\mferkdet.sys
18:19:06.0146 7680 mferkdet - ok
18:19:06.0309 7680 mfevtp (8a78905057308b084eaa29a9fe1b4f58) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
18:19:06.0326 7680 mfevtp - ok
18:19:06.0385 7680 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\windows\system32\drivers\mfewfpk.sys
18:19:06.0397 7680 mfewfpk - ok
18:19:06.0547 7680 Microsoft SharePoint Workspace Audit Service - ok
18:19:06.0619 7680 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:19:06.0622 7680 MMCSS - ok
18:19:06.0640 7680 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
18:19:06.0643 7680 Modem - ok
18:19:06.0656 7680 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
18:19:06.0657 7680 monitor - ok
18:19:06.0759 7680 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
18:19:06.0760 7680 mouclass - ok
18:19:06.0821 7680 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
18:19:06.0822 7680 mouhid - ok
18:19:06.0894 7680 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
18:19:06.0896 7680 mountmgr - ok
18:19:07.0003 7680 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:19:07.0006 7680 MozillaMaintenance - ok
18:19:07.0053 7680 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
18:19:07.0065 7680 mpio - ok
18:19:07.0102 7680 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
18:19:07.0105 7680 mpsdrv - ok
18:19:07.0634 7680 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
18:19:07.0670 7680 MpsSvc - ok
18:19:07.0905 7680 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
18:19:07.0935 7680 MRxDAV - ok
18:19:07.0980 7680 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
18:19:07.0984 7680 mrxsmb - ok
18:19:08.0039 7680 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:19:08.0054 7680 mrxsmb10 - ok
18:19:08.0069 7680 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:19:08.0073 7680 mrxsmb20 - ok
18:19:08.0111 7680 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
18:19:08.0112 7680 msahci - ok
18:19:08.0135 7680 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
18:19:08.0138 7680 msdsm - ok
18:19:08.0174 7680 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
18:19:08.0188 7680 MSDTC - ok
18:19:08.0228 7680 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
18:19:08.0231 7680 Msfs - ok
18:19:08.0253 7680 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
18:19:08.0255 7680 mshidkmdf - ok
18:19:08.0271 7680 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
18:19:08.0272 7680 msisadrv - ok
18:19:08.0312 7680 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
18:19:08.0324 7680 MSiSCSI - ok
18:19:08.0327 7680 msiserver - ok
18:19:08.0354 7680 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
18:19:08.0357 7680 MSKSSRV - ok
18:19:08.0406 7680 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
18:19:08.0410 7680 MSPCLOCK - ok
18:19:08.0428 7680 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
18:19:08.0431 7680 MSPQM - ok
18:19:08.0564 7680 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
18:19:08.0576 7680 MsRPC - ok
18:19:08.0625 7680 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
18:19:08.0626 7680 mssmbios - ok
18:19:08.0647 7680 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
18:19:08.0651 7680 MSTEE - ok
18:19:08.0655 7680 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
18:19:08.0656 7680 MTConfig - ok
18:19:08.0687 7680 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
18:19:08.0688 7680 Mup - ok
18:19:09.0167 7680 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
18:19:09.0189 7680 napagent - ok
18:19:09.0233 7680 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
18:19:09.0246 7680 NativeWifiP - ok
18:19:09.0444 7680 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
18:19:09.0465 7680 NDIS - ok
18:19:09.0487 7680 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
18:19:09.0489 7680 NdisCap - ok
18:19:09.0513 7680 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
18:19:09.0515 7680 NdisTapi - ok
18:19:09.0554 7680 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
18:19:09.0557 7680 Ndisuio - ok
18:19:09.0615 7680 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
18:19:09.0629 7680 NdisWan - ok
18:19:09.0673 7680 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
18:19:09.0675 7680 NDProxy - ok
18:19:09.0747 7680 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
18:19:09.0750 7680 Net Driver HPZ12 - ok
18:19:09.0781 7680 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\windows\system32\DRIVERS\netaapl64.sys
18:19:09.0784 7680 Netaapl - ok
18:19:09.0815 7680 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
18:19:09.0818 7680 NetBIOS - ok
18:19:10.0032 7680 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
18:19:10.0037 7680 NetBT - ok
18:19:10.0080 7680 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:19:10.0082 7680 Netlogon - ok
18:19:10.0126 7680 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
18:19:10.0140 7680 Netman - ok
18:19:10.0174 7680 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
18:19:10.0191 7680 netprofm - ok
18:19:10.0386 7680 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:19:10.0390 7680 NetTcpPortSharing - ok
18:19:10.0413 7680 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
18:19:10.0416 7680 nfrd960 - ok
18:19:10.0485 7680 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
18:19:10.0502 7680 NlaSvc - ok
18:19:10.0533 7680 nlsX86cc - ok
18:19:10.0592 7680 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
18:19:10.0596 7680 Npfs - ok
18:19:10.0670 7680 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
18:19:10.0677 7680 nsi - ok
18:19:10.0714 7680 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
18:19:10.0716 7680 nsiproxy - ok
18:19:11.0122 7680 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
18:19:11.0159 7680 Ntfs - ok
18:19:11.0281 7680 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
18:19:11.0283 7680 Null - ok
18:19:11.0339 7680 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
18:19:11.0348 7680 nvraid - ok
18:19:11.0411 7680 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
18:19:11.0424 7680 nvstor - ok
18:19:11.0455 7680 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
18:19:11.0459 7680 nv_agp - ok
18:19:11.0481 7680 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
18:19:11.0484 7680 ohci1394 - ok
18:19:11.0571 7680 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:19:11.0580 7680 ose - ok
18:19:12.0654 7680 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:19:12.0814 7680 osppsvc - ok
18:19:13.0369 7680 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:19:13.0384 7680 p2pimsvc - ok
18:19:13.0462 7680 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
18:19:13.0478 7680 p2psvc - ok
18:19:13.0603 7680 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
18:19:13.0603 7680 Parport - ok
18:19:13.0681 7680 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
18:19:13.0681 7680 partmgr - ok
18:19:13.0712 7680 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
18:19:13.0728 7680 PcaSvc - ok
18:19:13.0774 7680 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
18:19:13.0790 7680 pci - ok
18:19:13.0821 7680 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
18:19:13.0821 7680 pciide - ok
18:19:13.0852 7680 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
18:19:13.0868 7680 pcmcia - ok
18:19:13.0899 7680 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
18:19:13.0899 7680 pcw - ok
18:19:13.0977 7680 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
18:19:14.0008 7680 PEAUTH - ok
18:19:14.0664 7680 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
18:19:14.0664 7680 PerfHost - ok
18:19:15.0194 7680 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
18:19:15.0241 7680 pla - ok
18:19:15.0709 7680 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
18:19:15.0740 7680 PlugPlay - ok
18:19:15.0990 7680 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
18:19:15.0990 7680 Pml Driver HPZ12 - ok
18:19:16.0052 7680 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
18:19:16.0052 7680 PNRPAutoReg - ok
18:19:16.0380 7680 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:19:16.0380 7680 PNRPsvc - ok
18:19:16.0536 7680 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
18:19:16.0551 7680 PolicyAgent - ok
18:19:16.0582 7680 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
18:19:16.0598 7680 Power - ok
18:19:16.0879 7680 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
18:19:16.0926 7680 PptpMiniport - ok
18:19:17.0035 7680 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
18:19:17.0050 7680 Processor - ok
18:19:17.0128 7680 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
18:19:17.0175 7680 ProfSvc - ok
18:19:17.0300 7680 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:19:17.0300 7680 ProtectedStorage - ok
18:19:17.0752 7680 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
18:19:17.0752 7680 Psched - ok
18:19:17.0784 7680 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
18:19:17.0784 7680 PxHlpa64 - ok
18:19:17.0924 7680 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
18:19:17.0971 7680 ql2300 - ok
18:19:19.0047 7680 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
18:19:19.0047 7680 ql40xx - ok
18:19:19.0094 7680 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
18:19:19.0094 7680 QWAVE - ok
18:19:19.0110 7680 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
18:19:19.0125 7680 QWAVEdrv - ok
18:19:19.0125 7680 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
18:19:19.0141 7680 RasAcd - ok
18:19:19.0172 7680 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
18:19:19.0172 7680 RasAgileVpn - ok
18:19:19.0437 7680 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
18:19:19.0484 7680 RasAuto - ok
18:19:19.0593 7680 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
18:19:19.0593 7680 Rasl2tp - ok
18:19:19.0780 7680 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
18:19:19.0780 7680 RasMan - ok
18:19:20.0046 7680 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
18:19:20.0046 7680 RasPppoe - ok
18:19:20.0217 7680 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
18:19:20.0217 7680 RasSstp - ok
18:19:20.0264 7680 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
18:19:20.0280 7680 rdbss - ok
18:19:20.0295 7680 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
18:19:20.0311 7680 rdpbus - ok
18:19:20.0326 7680 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
18:19:20.0326 7680 RDPCDD - ok
18:19:20.0342 7680 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
18:19:20.0342 7680 RDPENCDD - ok
18:19:20.0358 7680 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
18:19:20.0358 7680 RDPREFMP - ok
18:19:20.0794 7680 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
18:19:20.0810 7680 RDPWD - ok
18:19:20.0982 7680 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
18:19:20.0982 7680 rdyboost - ok
18:19:21.0091 7680 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
18:19:21.0153 7680 RemoteAccess - ok
18:19:21.0434 7680 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
18:19:21.0450 7680 RemoteRegistry - ok
18:19:21.0481 7680 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
18:19:21.0496 7680 RFCOMM - ok
18:19:21.0512 7680 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
18:19:21.0528 7680 RpcEptMapper - ok
18:19:21.0543 7680 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
18:19:21.0543 7680 RpcLocator - ok
18:19:22.0074 7680 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:19:22.0089 7680 RpcSs - ok
18:19:22.0120 7680 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
18:19:22.0120 7680 rspndr - ok
18:19:22.0198 7680 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\windows\system32\Drivers\RtsUStor.sys
18:19:22.0214 7680 RSUSBSTOR - ok
18:19:22.0276 7680 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\windows\system32\DRIVERS\Rt64win7.sys
18:19:22.0276 7680 RTL8167 - ok
18:19:22.0386 7680 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:19:22.0386 7680 SamSs - ok
18:19:22.0682 7680 SbFw (cdb954c736d51dc5fa712c039af4f683) C:\windows\system32\drivers\SbFw.sys
18:19:22.0682 7680 SbFw - ok
18:19:22.0744 7680 SBFWIMCL (5de22e3cb6140213da2e0599b08d525c) C:\windows\system32\DRIVERS\sbfwim.sys
18:19:22.0760 7680 SBFWIMCL - ok
18:19:22.0760 7680 SBFWIMCLMP (5de22e3cb6140213da2e0599b08d525c) C:\windows\system32\DRIVERS\SBFWIM.sys
18:19:22.0760 7680 SBFWIMCLMP - ok
18:19:22.0822 7680 sbhips (a5bc45f8c2f30350e7566799c86b2f5d) C:\windows\system32\drivers\sbhips.sys
18:19:22.0822 7680 sbhips - ok
18:19:22.0869 7680 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
18:19:22.0869 7680 sbp2port - ok
18:19:22.0885 7680 SBRE - ok
18:19:23.0181 7680 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\windows\system32\drivers\sbtis.sys
18:19:23.0181 7680 SbTis - ok
18:19:23.0540 7680 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
18:19:23.0556 7680 SCardSvr - ok
18:19:23.0665 7680 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
18:19:23.0680 7680 scfilter - ok
18:19:24.0008 7680 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
18:19:24.0039 7680 Schedule - ok
18:19:24.0086 7680 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
18:19:24.0086 7680 SCPolicySvc - ok
18:19:24.0133 7680 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
18:19:24.0148 7680 SDRSVC - ok
18:19:24.0429 7680 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
18:19:24.0445 7680 secdrv - ok
18:19:24.0538 7680 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
18:19:24.0538 7680 seclogon - ok
18:19:24.0570 7680 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
18:19:24.0570 7680 SENS - ok
18:19:24.0601 7680 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
18:19:24.0601 7680 SensrSvc - ok
18:19:24.0616 7680 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
18:19:24.0616 7680 Serenum - ok
18:19:24.0648 7680 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
18:19:24.0648 7680 Serial - ok
18:19:24.0694 7680 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
18:19:24.0694 7680 sermouse - ok
18:19:24.0913 7680 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
18:19:24.0975 7680 SessionEnv - ok
18:19:25.0053 7680 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
18:19:25.0069 7680 sffdisk - ok
18:19:25.0084 7680 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
18:19:25.0084 7680 sffp_mmc - ok
18:19:25.0147 7680 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
18:19:25.0147 7680 sffp_sd - ok
18:19:25.0194 7680 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
18:19:25.0194 7680 sfloppy - ok
18:19:26.0098 7680 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
18:19:26.0176 7680 SftService - ok
18:19:26.0504 7680 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
18:19:26.0535 7680 SharedAccess - ok
18:19:26.0598 7680 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
18:19:26.0613 7680 ShellHWDetection - ok
18:19:26.0754 7680 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
18:19:26.0754 7680 SiSRaid2 - ok
18:19:27.0003 7680 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
18:19:27.0066 7680 SiSRaid4 - ok
18:19:27.0206 7680 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:19:27.0222 7680 SkypeUpdate - ok
18:19:27.0253 7680 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
18:19:27.0253 7680 Smb - ok
18:19:27.0284 7680 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
18:19:27.0300 7680 SNMPTRAP - ok
18:19:27.0627 7680 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
18:19:27.0643 7680 Sony SCSI Helper Service - ok
18:19:27.0658 7680 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
18:19:27.0658 7680 spldr - ok
18:19:27.0814 7680 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
18:19:27.0830 7680 Spooler - ok
18:19:31.0920 7680 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
18:19:31.0987 7680 sppsvc - ok
18:19:32.0610 7680 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
18:19:32.0626 7680 sppuinotify - ok
18:19:32.0989 7680 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
18:19:32.0989 7680 sprtsvc_DellSupportCenter - ok
18:19:33.0985 7680 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
18:19:34.0009 7680 srv - ok
18:19:34.0678 7680 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
18:19:34.0765 7680 srv2 - ok
18:19:35.0088 7680 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
18:19:35.0091 7680 srvnet - ok
18:19:35.0531 7680 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
18:19:35.0556 7680 SSDPSRV - ok
18:19:35.0682 7680 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
18:19:35.0698 7680 SstpSvc - ok
18:19:36.0844 7680 STacSV (da7702025dfd169b909c4da3126762cc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
18:19:36.0869 7680 STacSV - ok
18:19:36.0897 7680 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
18:19:36.0899 7680 stexstor - ok
18:19:37.0747 7680 STHDA (caf5a9708671b14b9670260735b22c4e) C:\windows\system32\DRIVERS\stwrt64.sys
18:19:37.0770 7680 STHDA - ok
18:19:38.0384 7680 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
18:19:38.0403 7680 stisvc - ok
18:19:38.0609 7680 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
18:19:38.0610 7680 swenum - ok
18:19:39.0613 7680 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
18:19:39.0693 7680 swprv - ok
18:19:40.0303 7680 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\windows\system32\DRIVERS\SynTP.sys
18:19:40.0308 7680 SynTP - ok
18:19:42.0631 7680 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
18:19:42.0701 7680 SysMain - ok
18:19:43.0731 7680 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
18:19:43.0736 7680 TabletInputService - ok
18:19:44.0247 7680 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
18:19:44.0301 7680 TapiSrv - ok
18:19:44.0490 7680 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
18:19:44.0515 7680 TBS - ok
18:19:47.0005 7680 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
18:19:47.0055 7680 Tcpip - ok
18:19:47.0665 7680 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
18:19:47.0675 7680 TCPIP6 - ok
18:19:48.0925 7680 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
18:19:48.0930 7680 tcpipreg - ok
18:19:48.0990 7680 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
18:19:49.0000 7680 TDPIPE - ok
18:19:49.0070 7680 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
18:19:49.0085 7680 TDTCP - ok
18:19:49.0370 7680 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
18:19:49.0400 7680 tdx - ok
18:19:49.0500 7680 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
18:19:49.0500 7680 TermDD - ok
18:19:50.0468 7680 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
18:19:50.0495 7680 TermService - ok
18:19:50.0543 7680 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
18:19:50.0545 7680 Themes - ok
18:19:50.0788 7680 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:19:50.0790 7680 THREADORDER - ok
18:19:50.0948 7680 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
18:19:50.0960 7680 TrkWks - ok
18:19:51.0270 7680 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
18:19:51.0273 7680 TrustedInstaller - ok
18:19:51.0380 7680 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
18:19:51.0383 7680 tssecsrv - ok
18:19:51.0550 7680 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
18:19:51.0570 7680 TsUsbFlt - ok
18:19:51.0868 7680 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
18:19:51.0885 7680 tunnel - ok
18:19:51.0950 7680 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\windows\system32\DRIVERS\TurboB.sys
18:19:51.0950 7680 TurboB - ok
18:19:52.0365 7680 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:19:52.0385 7680 TurboBoost - ok
18:19:52.0505 7680 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
18:19:52.0570 7680 uagp35 - ok
18:19:52.0980 7680 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
18:19:52.0990 7680 udfs - ok
18:19:53.0027 7680 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
18:19:53.0030 7680 UI0Detect - ok
18:19:53.0065 7680 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
18:19:53.0067 7680 uliagpkx - ok
18:19:53.0143 7680 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
18:19:53.0145 7680 umbus - ok
18:19:53.0182 7680 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
18:19:53.0184 7680 UmPass - ok
18:19:54.0151 7680 UNS (9e89c2d6945389270de067ce51ff7425) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:19:54.0162 7680 UNS - ok
18:19:55.0156 7680 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
18:19:55.0204 7680 upnphost - ok
18:19:55.0423 7680 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\windows\system32\Drivers\usbaapl64.sys
18:19:55.0429 7680 USBAAPL64 - ok
18:19:55.0703 7680 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
18:19:55.0703 7680 usbccgp - ok
18:19:55.0923 7680 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
18:19:55.0923 7680 usbcir - ok
18:19:55.0993 7680 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
18:19:55.0993 7680 usbehci - ok
18:19:56.0073 7680 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
18:19:56.0093 7680 usbhub - ok
18:19:56.0113 7680 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
18:19:56.0113 7680 usbohci - ok
18:19:56.0171 7680 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
18:19:56.0176 7680 usbprint - ok
18:19:56.0363 7680 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
18:19:56.0418 7680 usbscan - ok
18:19:56.0538 7680 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
18:19:56.0541 7680 USBSTOR - ok
18:19:56.0553 7680 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
18:19:56.0558 7680 usbuhci - ok
18:19:56.0588 7680 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
18:19:56.0596 7680 usbvideo - ok
18:19:56.0621 7680 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
18:19:56.0626 7680 UxSms - ok
18:19:56.0668 7680 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:19:56.0668 7680 VaultSvc - ok
18:19:56.0691 7680 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
18:19:56.0693 7680 vdrvroot - ok
18:19:56.0761 7680 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
18:19:56.0778 7680 vds - ok
18:19:56.0901 7680 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
18:19:56.0958 7680 vga - ok
18:19:57.0083 7680 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
18:19:57.0083 7680 VgaSave - ok
18:19:57.0148 7680 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
18:19:57.0163 7680 vhdmp - ok
18:19:57.0191 7680 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
18:19:57.0191 7680 viaide - ok
18:19:57.0208 7680 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
18:19:57.0211 7680 volmgr - ok
18:19:57.0261 7680 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
18:19:57.0273 7680 volmgrx - ok
18:19:57.0301 7680 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
18:19:57.0316 7680 volsnap - ok
18:19:57.0333 7680 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
18:19:57.0338 7680 vsmraid - ok
18:19:57.0956 7680 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
18:19:57.0996 7680 VSS - ok
18:19:58.0491 7680 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
18:19:58.0508 7680 vwifibus - ok
18:19:58.0523 7680 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
18:19:58.0539 7680 vwififlt - ok
18:19:58.0555 7680 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
18:19:58.0555 7680 vwifimp - ok
18:19:58.0945 7680 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
18:19:58.0960 7680 W32Time - ok
18:19:58.0991 7680 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
18:19:58.0991 7680 WacomPen - ok
18:19:59.0054 7680 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:19:59.0054 7680 WANARP - ok
18:19:59.0069 7680 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:19:59.0069 7680 Wanarpv6 - ok
18:19:59.0179 7680 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
18:19:59.0241 7680 WatAdminSvc - ok
18:19:59.0647 7680 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
18:19:59.0693 7680 wbengine - ok
18:20:00.0723 7680 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
18:20:00.0739 7680 WbioSrvc - ok
18:20:01.0129 7680 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
18:20:01.0129 7680 wcncsvc - ok
18:20:01.0269 7680 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
18:20:01.0269 7680 WcsPlugInService - ok
18:20:01.0487 7680 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
18:20:01.0487 7680 Wd - ok
18:20:01.0690 7680 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
18:20:01.0721 7680 Wdf01000 - ok
18:20:01.0987 7680 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:20:02.0116 7680 WdiServiceHost - ok
18:20:02.0116 7680 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:20:02.0126 7680 WdiSystemHost - ok
18:20:02.0186 7680 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
18:20:02.0206 7680 WebClient - ok
18:20:02.0226 7680 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
18:20:02.0236 7680 Wecsvc - ok
18:20:02.0256 7680 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
18:20:02.0256 7680 wercplsupport - ok
18:20:02.0286 7680 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
18:20:02.0296 7680 WerSvc - ok
18:20:02.0416 7680 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
18:20:02.0416 7680 WfpLwf - ok
18:20:02.0886 7680 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
18:20:02.0906 7680 WimFltr - ok
18:20:02.0986 7680 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
18:20:02.0986 7680 WIMMount - ok
18:20:03.0196 7680 WinDefend - ok
18:20:03.0201 7680 WinHttpAutoProxySvc - ok
18:20:03.0426 7680 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
18:20:03.0441 7680 Winmgmt - ok
18:20:03.0971 7680 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
18:20:04.0016 7680 WinRM - ok
18:20:04.0591 7680 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
18:20:04.0596 7680 WinUsb - ok
18:20:04.0666 7680 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
18:20:04.0686 7680 Wlansvc - ok
18:20:04.0901 7680 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:20:04.0906 7680 wlcrasvc - ok
18:20:05.0266 7680 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:20:05.0276 7680 wlidsvc - ok
18:20:05.0431 7680 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
18:20:05.0481 7680 wltrysvc - ok
18:20:05.0896 7680 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
18:20:05.0896 7680 WmiAcpi - ok
18:20:06.0326 7680 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
18:20:06.0341 7680 wmiApSrv - ok
18:20:06.0391 7680 WMPNetworkSvc - ok
18:20:06.0421 7680 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
18:20:06.0421 7680 WPCSvc - ok
18:20:06.0471 7680 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
18:20:06.0481 7680 WPDBusEnum - ok
18:20:06.0506 7680 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
18:20:06.0511 7680 ws2ifsl - ok
18:20:06.0531 7680 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
18:20:06.0536 7680 wscsvc - ok
18:20:06.0536 7680 WSearch - ok
18:20:08.0244 7680 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
18:20:08.0281 7680 wuauserv - ok
18:20:08.0812 7680 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
18:20:08.0818 7680 WudfPf - ok
18:20:08.0838 7680 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
18:20:08.0853 7680 WUDFRd - ok
18:20:08.0900 7680 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
18:20:08.0903 7680 wudfsvc - ok
18:20:09.0133 7680 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
18:20:09.0181 7680 WwanSvc - ok
18:20:09.0342 7680 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\windows\system32\DRIVERS\yk62x64.sys
18:20:09.0353 7680 yukonw7 - ok
18:20:09.0412 7680 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:20:09.0496 7680 \Device\Harddisk0\DR0 - ok
18:20:09.0503 7680 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
18:20:09.0512 7680 \Device\Harddisk0\DR0\Partition0 - ok
18:20:09.0542 7680 Boot (0x1200) (99198af2f386b679c0cbf0169778bd7d) \Device\Harddisk0\DR0\Partition1
18:20:09.0544 7680 \Device\Harddisk0\DR0\Partition1 - ok
18:20:09.0546 7680 ============================================================
18:20:09.0546 7680 Scan finished
18:20:09.0546 7680 ============================================================
18:20:09.0561 8724 Detected object count: 0
18:20:09.0561 8724 Actual detected object count: 0

#8 kelvan

kelvan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 30 April 2012 - 03:51 AM

Oh dear. Tried running the second one and got BSOD. Will attempt a second time.

Just on interesting note. after BSOD firefox would not let me get to bleepingcomputer.com I had to go through my old explorer!

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 30 April 2012 - 04:31 AM

ok only run once more and let me know if it still blue screened


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 kelvan

kelvan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 30 April 2012 - 04:33 AM

here is the log.

Also now my firefox internet seems to have reverted back to random re-direction when I complete a search. I have gone back to using internet explorer - which seems unaffected at this stage. Does this mean I have to start again. Oh dear!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-30 18:53:04
-----------------------------
18:53:04.274 OS Version: Windows x64 6.1.7601 Service Pack 1
18:53:04.274 Number of processors: 4 586 0x2505
18:53:04.275 ComputerName: MIKE UserName:
18:53:07.460 Initialize success
18:53:15.765 AVAST engine defs: 12042901
18:53:23.744 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:53:23.744 Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
18:53:23.760 Disk 0 MBR read successfully
18:53:23.760 Disk 0 MBR scan
18:53:23.760 Disk 0 Windows 7 default MBR code
18:53:23.776 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
18:53:23.791 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
18:53:23.791 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
18:53:23.838 Disk 0 scanning C:\windows\system32\drivers
18:53:45.161 Service scanning
18:54:13.160 Modules scanning
18:54:13.172 Disk 0 trace - called modules:
18:54:13.210 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
18:54:13.540 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c5a060]
18:54:13.547 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004987050]
18:54:16.375 AVAST engine scan C:\
19:29:29.405 Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Documents\MBR.dat"
19:29:29.670 The log file has been saved successfully to "C:\Users\Nicole\Documents\aswMBR.txt"


Thankyou so much for this service, it is impressive the knowledge you have and I appreciate the step by step. It must be frustrating at times when we interpret something or do something wrong.

#11 kelvan

kelvan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 30 April 2012 - 04:43 AM

Just letting you know. Internet explorer is also affected!!! it's back:(

And sorry I didn't mention but you probably deduced- no blue screen when running the second scan.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 30 April 2012 - 05:17 AM

Hello


I want you to uninstall FireFox and reinstall it, If asked about user data or settings remove that also.

I want you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


let me know if they are still redirecting




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 kelvan

kelvan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 30 April 2012 - 06:41 AM

Hi,

Good news, it seems to be rectified. I had a few issues downloading fix-it but it worked in the end. When I initially opened internet explorer I had issues but have opened and closed it a few times and seems to be following selected links accurately now.

Thank you.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 30 April 2012 - 07:27 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Ask Toolbar
Java™ 6 Update 20
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 03 May 2012 - 12:17 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users