Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting & McAfee firewall disabling


  • This topic is locked This topic is locked
33 replies to this topic

#1 kretsch72

kretsch72

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 01 May 2012 - 05:19 PM

A couple days ago, I started getting redirected with my Google searches to pages such as SMART and Hapilli. When opening the link as a new tab, it usually takes me to the correct link on the 2nd or 3rd attempt. At the same time as the Google search problem started, I began getting McAfee Security warnings. My firewall was disabled. When I click to enable the firewall, it becomes disabled within 2 seconds once again.

I tried using TDSSKiller and MalwareBytes Anti-Malware with TDSSKiller finding three suspicious files. I kept the default skip for all three and Malware quarantined two files. The problem continues and I need some assistance removing the Malware from the computer.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Bob at 18:02:10 on 2012-05-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.1425 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
C:\Windows\system32\dleacoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Bob\AppData\Roaming\Byzoov\zonoa.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Bob\AppData\Roaming\Ewohoc\uhda.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Dell Support Center\imstrayicon.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120424190411.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google] RUNDLL32.EXE C:\Users\Bob\AppData\Local\Google\gljfalgz.dll,NxGetApexSDK
uRun: [rortap] rundll32.exe "C:\Users\Bob\AppData\Local\Temp\rortap.dll",CreateTexture
uRun: [Ylruawdeg] C:\Users\Bob\AppData\Roaming\Byzoov\zonoa.exe
uRun: [Windows Live] rundll32.exe "C:\Users\Bob\AppData\Local\Windows Live Writer\Windows Live\weiplhyp.dll",DllRegisterServer
uRun: [Okugkix] C:\Users\Bob\AppData\Roaming\Ewohoc\uhda.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Bob\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://98.235.34.62/bl_camera.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
TCP: Interfaces\{EE5EDEBC-1017-478C-AD0F-7EA54F11895E} : DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120424190411.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-10 98208]
R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleaserv.exe [2010-10-29 45224]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-29 654408]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-6-10 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-6-10 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\SystemCore\mcshield.exe [2011-6-10 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe [2011-6-10 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-10 673088]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-10 2320920]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-5 136176]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-6-10 249936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 253088]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-5 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-01 19:52:03 -------- d-----w- C:\Users\Bob\AppData\Local\{201D6773-DCBD-4827-AE04-6B6C36EFB043}
2012-05-01 19:51:40 -------- d-----w- C:\Users\Bob\AppData\Local\{7D77A1BE-82C3-4FF3-8258-46E3946DCBA8}
2012-04-30 20:30:54 -------- d-----w- C:\Users\Bob\AppData\Local\{7E1FE22A-729E-4338-A04F-FDC1B187768B}
2012-04-30 20:30:34 -------- d-----w- C:\Users\Bob\AppData\Local\{E8EC8C49-2DFA-4BDD-B573-98459C02235C}
2012-04-30 20:28:10 -------- d-----w- C:\Users\Bob\AppData\Roaming\Waem
2012-04-30 20:28:10 -------- d-----w- C:\Users\Bob\AppData\Roaming\Idqima
2012-04-30 20:28:10 -------- d-----w- C:\Users\Bob\AppData\Roaming\Ewohoc
2012-04-30 01:25:44 -------- d-----w- C:\Users\Bob\AppData\Roaming\Malwarebytes
2012-04-30 01:25:34 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-30 01:25:32 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-30 01:25:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-29 22:14:29 -------- d-----w- C:\Users\Bob\AppData\Local\{15CEE3DD-C7A6-46F4-AAE8-F42D177D7F3C}
2012-04-29 22:14:08 -------- d-----w- C:\Users\Bob\AppData\Local\{C6DCACE8-89A3-47D8-9AE1-534DC3A2C5EF}
2012-04-28 14:31:25 -------- d-----w- C:\Users\Bob\AppData\Local\{AAAFEEC7-B033-4401-9870-F91B119A0B0A}
2012-04-28 14:31:03 -------- d-----w- C:\Users\Bob\AppData\Local\{3E11C9F7-50A3-437A-874C-CACBDCCDF36B}
2012-04-27 19:55:56 -------- d-----w- C:\Users\Bob\AppData\Local\{D4BEAA3D-F914-418D-B6BB-E7A751343F71}
2012-04-27 19:55:35 -------- d-----w- C:\Users\Bob\AppData\Local\{B6429465-905C-4572-87D8-D26E5AC2241D}
2012-04-26 23:50:19 -------- d-----w- C:\ProgramData\B7E85886000024090136692FA60145BE
2012-04-26 20:00:44 -------- d-----w- C:\Users\Bob\AppData\Local\{D32622F3-A421-4EFB-B00D-935425139EA7}
2012-04-26 20:00:23 -------- d-----w- C:\Users\Bob\AppData\Local\{DBE230CC-94D2-42EC-BB52-15C3C15E41CD}
2012-04-26 10:40:54 -------- d-----w- C:\Users\Bob\AppData\Roaming\Orwiuh
2012-04-26 10:40:54 -------- d-----w- C:\Users\Bob\AppData\Roaming\Keokwo
2012-04-26 10:40:54 -------- d-----w- C:\Users\Bob\AppData\Roaming\Byzoov
2012-04-25 23:59:32 -------- d-----w- C:\Users\Bob\AppData\Local\{87D957F1-CB1F-4B40-BE65-8F99DEB52DCD}
2012-04-25 23:59:10 -------- d-----w- C:\Users\Bob\AppData\Local\{B1115257-38F9-40A1-B172-CC750B3DE5E9}
2012-04-24 18:45:17 -------- d-----w- C:\Users\Bob\AppData\Local\{5E1E8CBA-79AF-4F27-B741-3799E67436CE}
2012-04-24 18:44:56 -------- d-----w- C:\Users\Bob\AppData\Local\{F89BA470-0DE9-4FE6-8B81-23C0B270F685}
2012-04-24 00:49:06 -------- d-----w- C:\Users\Bob\AppData\Local\{85980C90-210F-4CE9-9996-FF37A6CB7768}
2012-04-24 00:48:45 -------- d-----w- C:\Users\Bob\AppData\Local\{8C715C4B-B1C2-4863-B729-76B5D91D9A19}
2012-04-22 21:04:32 -------- d-----w- C:\Users\Bob\AppData\Local\{CAC261B2-7524-4121-97FD-564A7DB2B5A9}
2012-04-22 21:04:11 -------- d-----w- C:\Users\Bob\AppData\Local\{789BE56C-81B2-49BC-AE7A-70261D694A0B}
2012-04-21 13:37:34 -------- d-----w- C:\Users\Bob\AppData\Local\{8AE725CD-F9EC-451A-A032-FBE165A7DC08}
2012-04-21 13:37:13 -------- d-----w- C:\Users\Bob\AppData\Local\{050D6F5C-1846-41DF-A493-32F9A99ABF1A}
2012-04-19 19:42:17 -------- d-----w- C:\Users\Bob\AppData\Local\{5F02994C-3341-4B88-81CD-4EA101D9D4F8}
2012-04-19 19:41:56 -------- d-----w- C:\Users\Bob\AppData\Local\{2456E6E1-8079-4CBB-9215-AC6128138B9C}
2012-04-18 19:50:27 -------- d-----w- C:\Users\Bob\AppData\Local\{D5D1B66E-75E1-4CD1-A613-B2C7F84859C7}
2012-04-18 19:50:17 -------- d-----w- C:\Users\Bob\AppData\Local\{60BEC870-0804-4C87-9721-930E1684256D}
2012-04-18 00:14:42 -------- d-----w- C:\Users\Bob\AppData\Local\{CA91B90D-3A9F-4DC5-B4B1-EE28BA45E960}
2012-04-18 00:14:30 -------- d-----w- C:\Users\Bob\AppData\Local\{D75DAE8A-793E-45C3-81C5-E0C0BCCB1442}
2012-04-16 20:04:57 -------- d-----w- C:\Users\Bob\AppData\Local\{E5215F73-FE31-42E7-BF11-C4F417B4691E}
2012-04-16 20:04:36 -------- d-----w- C:\Users\Bob\AppData\Local\{E330E4FD-E1F0-44C9-9953-DBFC60449D34}
2012-04-16 02:37:26 -------- d-----w- C:\Users\Bob\AppData\Local\{E9ECCD9E-FB0E-4F85-95B8-840F4043E63A}
2012-04-16 02:37:07 -------- d-----w- C:\Users\Bob\AppData\Local\{B431C7F8-BEE0-4674-8DEC-C35F59A09F61}
2012-04-15 21:32:24 -------- d-----w- C:\Windows\en
2012-04-15 21:29:54 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-04-15 21:27:21 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8a8131c51cd1b4e03\DXSETUP.exe
2012-04-15 21:27:21 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8a8131c51cd1b4e03\dsetup32.dll
2012-04-15 21:27:21 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8ac89b0d1cd1b4e04\MeshBetaRemover.exe
2012-04-15 21:27:20 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8a8131c51cd1b4e03\DSETUP.dll
2012-04-15 21:26:39 -------- d-----w- C:\Users\Bob\AppData\Local\{AE21E66A-F577-4E82-BC12-4A420A7D4D50}
2012-04-15 21:26:18 -------- d-----w- C:\Users\Bob\AppData\Local\{7A207623-49AE-4343-82CF-CCA9565350EB}
2012-04-15 15:21:16 -------- d-----w- C:\Program Files (x86)\Playalot Games
2012-04-15 14:45:24 -------- d-----w- C:\Users\Bob\AppData\Local\{6998AE55-E1EC-4AE4-90A0-4DA641FADCF4}
2012-04-15 14:45:02 -------- d-----w- C:\Users\Bob\AppData\Local\{64F3AC42-0686-414E-A6B0-B059E6444833}
2012-04-15 00:08:34 -------- d-----w- C:\Users\Bob\AppData\Local\{6F10BAE7-C9D8-4C1B-A302-EEE2FE3694EA}
2012-04-15 00:08:12 -------- d-----w- C:\Users\Bob\AppData\Local\{FB286CF7-1DE8-4BD9-AB09-CCB443D717A1}
2012-04-13 19:02:55 -------- d-----w- C:\Users\Bob\AppData\Local\{DAAB293C-7DF4-44B6-8DEC-95AF055FFF52}
2012-04-13 17:03:00 -------- d-----w- C:\Users\Bob\AppData\Local\{C504B6E7-DB83-4F16-B324-382E982F3B3B}
2012-04-12 18:56:20 -------- d-----w- C:\Users\Bob\AppData\Local\{2851CB28-6AF0-42DA-A73C-87BA34E4B409}
2012-04-11 16:48:33 -------- d-----w- C:\Users\Bob\AppData\Local\{D23304C0-143F-457C-8F17-105A8751316B}
2012-04-11 10:37:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-04-11 10:37:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-04-11 10:37:59 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-04-11 10:37:41 5473136 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 10:37:40 3971440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 10:37:40 3915632 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-11 10:34:00 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 10:34:00 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 10:34:00 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 10:34:00 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 10:34:00 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 10:34:00 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 10:34:00 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 01:20:36 -------- d-----w- C:\Users\Bob\AppData\Local\{67A48A7C-8638-439E-9BC2-B8335182339D}
2012-04-07 00:32:45 -------- d-----w- C:\Users\Bob\AppData\Local\{C50E1172-CCBE-4FD1-9BF5-9D6EBD2D0883}
2012-04-07 00:00:35 -------- d-----w- C:\Users\Bob\AppData\Local\Programs
2012-04-06 23:54:05 -------- d-----w- C:\Users\Bob\AppData\Local\Nikon
2012-04-06 23:48:13 -------- d-----w- C:\Users\Bob\AppData\Local\ArcSoft
2012-04-06 23:48:11 -------- d-----w- C:\ProgramData\ArcSoft
2012-04-06 23:47:00 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-04-06 23:46:59 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-06 23:46:59 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-06 23:46:59 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-06 23:38:05 57344 ----a-r- C:\Users\Bob\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-04-06 23:36:41 -------- d-----w- C:\Program Files (x86)\Common Files\Nikon
2012-04-06 23:36:22 106496 ----a-w- C:\Windows\SysWow64\ATL71.DLL
2012-04-06 23:35:56 -------- d-----w- C:\ProgramData\Flags
2012-04-06 23:35:55 -------- d--h--r- C:\ProgramData\Extensions
2012-04-06 23:35:54 -------- d-----w- C:\ProgramData\Electric Clav
2012-04-06 23:35:22 -------- d-----w- C:\Users\Bob\AppData\Local\Downloaded Installations
2012-04-06 23:35:06 -------- d-----w- C:\Program Files (x86)\Nikon
2012-04-06 20:26:50 361576 ----a-w- C:\ProgramData\SPL5348.tmp
2012-04-05 19:56:57 -------- d-----w- C:\Users\Bob\AppData\Local\{AFAA3A67-28E5-4BE7-B556-61C2E329A1D1}
2012-04-04 19:49:10 -------- d-----w- C:\Users\Bob\AppData\Local\{E40345EB-3482-4938-B264-8368370A1CD1}
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-04 01:06:54 -------- d-----w- C:\Users\Bob\AppData\Local\{9670D503-CA2C-4415-976D-04EB5DFE563D}
2012-04-02 20:43:31 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-02 20:43:08 -------- d-----w- C:\Users\Bob\AppData\Local\{51554915-D62D-4248-8DC1-B39E1AA77192}
2012-04-02 20:27:48 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-14 12:43:36 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 17:11:30 162192 ----a-w- C:\Windows\System32\mfevtps.exe
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-22 17:29:46 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-02-22 17:29:46 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-02-22 17:29:46 647208 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-02-22 17:29:46 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-02-22 17:29:46 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-02-22 17:29:46 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-02-22 17:29:46 160792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-02-22 17:29:46 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-02-22 17:29:46 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-14 16:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 18:03:59.44 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 02 May 2012 - 12:33 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kretsch72

kretsch72
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 02 May 2012 - 09:16 PM

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
McAfee SecurityCenter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 29
Java version out of date!
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````


ComboFix 12-05-02.03 - Bob 05/02/2012 20:28:35.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2377 [GMT -4:00]
Running from: c:\users\Bob\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Examples
c:\programdata\PCDr\5907\Downloads\15fc9c67-6e4d-42b6-b215-fee7bb01b1c7.dll
c:\programdata\SPL27D2.tmp
c:\programdata\SPL37A5.tmp
c:\programdata\SPL4623.tmp
c:\programdata\SPL5348.tmp
c:\programdata\SPL645F.tmp
c:\programdata\SPL709C.tmp
c:\programdata\SPL750F.tmp
c:\programdata\SPL7750.tmp
c:\programdata\SPL77AE.tmp
c:\programdata\SPL77FC.tmp
c:\programdata\SPL780C.tmp
c:\programdata\SPL78A8.tmp
c:\programdata\SPL7ABA.tmp
c:\programdata\SPL7B18.tmp
c:\programdata\SPL7BD3.tmp
c:\programdata\SPL7C8E.tmp
c:\programdata\SPL7F9A.tmp
c:\programdata\SPL818D.tmp
c:\programdata\SPL82D5.tmp
c:\programdata\SPL8304.tmp
c:\programdata\SPL8305.tmp
c:\programdata\SPL84D8.tmp
c:\programdata\SPL85B2.tmp
c:\programdata\SPL8757.tmp
c:\programdata\SPL88ED.tmp
c:\programdata\SPL8A44.tmp
c:\programdata\SPL8AFF.tmp
c:\programdata\SPL8B5D.tmp
c:\programdata\SPL8B8C.tmp
c:\programdata\SPL8C95.tmp
c:\programdata\SPL8D7F.tmp
c:\programdata\SPL8DBD.tmp
c:\programdata\SPL8F72.tmp
c:\programdata\SPL8F73.tmp
c:\programdata\SPL956B.tmp
c:\programdata\SPL980A.tmp
c:\programdata\SPL99DE.tmp
c:\programdata\SPL9B45.tmp
c:\programdata\SPLA43A.tmp
c:\programdata\SPLA977.tmp
c:\programdata\SPLACF1.tmp
c:\programdata\SPLD4BA.tmp
c:\programdata\SPLDDD0.tmp
c:\programdata\SPLDEB4.tmp
c:\programdata\SPLF2F6.tmp
c:\users\Bob\AppData\Local\Temp\rortap.dll
c:\users\Bob\AppData\Local\Windows Live Writer\Windows Live\weiplhyp.dll
c:\users\Bob\AppData\Roaming\Byzoov\zonoa.exe
c:\users\Bob\AppData\Roaming\Ewohoc\uhda.exe
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-04-03 to 2012-05-03 )))))))))))))))))))))))))))))))
.
.
2012-05-03 00:44 . 2012-05-03 00:44 -------- d-----w- c:\users\Heather\AppData\Local\temp
2012-05-03 00:44 . 2012-05-03 00:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-30 20:28 . 2012-05-03 00:43 -------- d-----w- c:\users\Bob\AppData\Roaming\Ewohoc
2012-04-30 20:28 . 2012-05-03 00:03 -------- d-----w- c:\users\Bob\AppData\Roaming\Waem
2012-04-30 20:28 . 2012-04-30 20:28 -------- d-----w- c:\users\Bob\AppData\Roaming\Idqima
2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\users\Bob\AppData\Roaming\Malwarebytes
2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\programdata\Malwarebytes
2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-30 01:25 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-26 23:50 . 2012-04-30 01:27 -------- d-----w- c:\programdata\B7E85886000024090136692FA60145BE
2012-04-26 10:40 . 2012-05-03 00:43 -------- d-----w- c:\users\Bob\AppData\Roaming\Byzoov
2012-04-26 10:40 . 2012-05-02 19:36 -------- d-----w- c:\users\Bob\AppData\Roaming\Keokwo
2012-04-26 10:40 . 2012-04-26 10:40 -------- d-----w- c:\users\Bob\AppData\Roaming\Orwiuh
2012-04-15 21:32 . 2012-04-15 21:32 -------- d-----w- c:\windows\en
2012-04-15 21:29 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-15 21:27 . 2012-04-15 21:27 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8a8131c51cd1b4e03\DXSETUP.exe
2012-04-15 21:27 . 2012-04-15 21:27 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8a8131c51cd1b4e03\dsetup32.dll
2012-04-15 21:27 . 2012-04-15 21:27 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8ac89b0d1cd1b4e04\MeshBetaRemover.exe
2012-04-15 21:27 . 2012-04-15 21:27 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8a8131c51cd1b4e03\DSETUP.dll
2012-04-15 15:21 . 2012-04-15 15:21 -------- d-----w- c:\users\Heather\AppData\Roaming\com.w3i.plyt
2012-04-15 15:21 . 2012-04-15 15:21 -------- d-----w- c:\program files (x86)\Playalot Games
2012-04-11 10:37 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-11 10:37 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-11 10:37 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-11 10:37 . 2012-03-06 06:51 5473136 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 10:37 . 2012-03-06 05:59 3971440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 10:37 . 2012-03-06 05:59 3915632 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 10:34 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 10:34 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 10:34 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 10:34 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 10:34 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 10:34 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 10:34 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 00:19 . 2012-04-11 00:19 -------- d-----w- c:\users\Heather\AppData\Local\Programs
2012-04-11 00:18 . 2012-04-11 00:18 -------- d-----w- c:\users\Heather\AppData\Local\ArcSoft
2012-04-11 00:18 . 2012-04-11 00:18 -------- d-----w- c:\users\Heather\AppData\Roaming\ArcSoft
2012-04-07 06:51 . 2012-04-07 06:51 -------- d-----w- c:\programdata\Nikon
2012-04-07 00:00 . 2012-04-07 00:00 -------- d-----w- c:\users\Bob\AppData\Local\Programs
2012-04-06 23:54 . 2012-04-06 23:54 -------- d-----w- c:\users\Bob\AppData\Local\Nikon
2012-04-06 23:50 . 2012-04-06 23:54 -------- d-----w- c:\users\Bob\AppData\Roaming\Nikon
2012-04-06 23:48 . 2012-04-06 23:48 -------- d-----w- c:\users\Bob\AppData\Local\ArcSoft
2012-04-06 23:48 . 2012-04-11 01:21 -------- d-----w- c:\programdata\ArcSoft
2012-04-06 23:47 . 2012-04-06 23:47 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2012-04-06 23:47 . 2012-04-06 23:47 -------- d-----w- c:\program files (x86)\ArcSoft
2012-04-06 23:47 . 2012-04-06 23:48 -------- d-----w- c:\users\Bob\AppData\Roaming\ArcSoft
2012-04-06 23:47 . 2001-09-05 08:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-04-06 23:46 . 2001-09-05 08:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-06 23:46 . 2001-09-05 08:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-06 23:46 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-06 23:38 . 2012-04-06 23:38 57344 ----a-r- c:\users\Bob\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-04-06 23:36 . 2012-04-06 23:38 -------- d-----w- c:\program files (x86)\Common Files\Nikon
2012-04-06 23:36 . 2012-04-06 23:35 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2012-04-06 23:35 . 2012-04-06 23:35 -------- d-----w- c:\programdata\Flags
2012-04-06 23:35 . 2012-04-06 23:35 -------- d--h--r- c:\programdata\Extensions
2012-04-06 23:35 . 2012-04-06 23:35 -------- d-----w- c:\programdata\Ultima_T15
2012-04-06 23:35 . 2012-04-06 23:35 -------- d-----w- c:\programdata\EnterNHelp
2012-04-06 23:35 . 2012-04-06 23:35 -------- d-----w- c:\programdata\Electric Clav
2012-04-06 23:35 . 2012-04-06 23:38 -------- d-----w- c:\users\Bob\AppData\Local\Downloaded Installations
2012-04-06 23:35 . 2012-04-06 23:39 -------- d-----w- c:\program files (x86)\Nikon
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 12:43 . 2012-04-02 20:27 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-14 12:43 . 2011-05-19 22:48 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-14 12:43 . 2012-04-02 20:43 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-20 17:11 . 2011-06-10 21:28 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-22 17:29 . 2011-06-10 21:36 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 17:29 . 2011-06-10 21:36 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 17:29 . 2011-06-10 21:36 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 17:29 . 2011-06-10 21:36 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 17:29 . 2011-06-10 21:36 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 17:29 . 2011-06-10 21:36 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 17:29 . 2011-06-10 21:36 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 17:29 . 2011-03-13 15:20 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 17:29 . 2011-03-13 15:20 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-15 06:27 . 2012-03-13 19:13 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-13 19:13 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-13 19:13 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-13 19:13 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:18 . 2012-03-13 19:14 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:17 . 2012-03-13 19:14 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 06:17 . 2012-03-13 19:14 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 06:17 . 2012-03-13 19:14 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 06:17 . 2012-03-13 19:14 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-13 19:14 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 05:41 . 2012-03-13 19:14 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-13 19:14 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:41 . 2012-03-13 19:14 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:41 . 2012-03-13 19:14 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-03 04:16 . 2012-03-13 19:14 3143168 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Google"="c:\users\Bob\AppData\Local\Google\gljfalgz.dll" [2011-09-28 557056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-05-21 1052328]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-05-21 45224]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 12:43]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 03:28]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 03:28]
.
2012-04-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-05-03 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-08 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-08 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-08 413720]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-08-09 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2010-08-09 139944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Ylruawdeg - c:\users\Bob\AppData\Roaming\Byzoov\zonoa.exe
Wow6432Node-HKCU-Run-Okugkix - c:\users\Bob\AppData\Roaming\Ewohoc\uhda.exe
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-LivingPlay - c:\program files (x86)\LivingPlay\lplayun.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Windows Live\Mail\wlmail.exe
.
**************************************************************************
.
Completion time: 2012-05-02 21:16:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-03 01:16
.
Pre-Run: 410,185,150,464 bytes free
Post-Run: 413,153,460,224 bytes free
.
- - End Of File - - 4AB7E3AD610C69C4B47A836AA004F004

I had no problems performing the items within your post.

So far, the firewall has remained on and every Google search took me to the proper link. However, I'm getting a duplicate layer on top of whatever window is open. For instance, in my email, I will get a second column of all the emails to appear and if I'm in the body of a message, a second layer of the same message overlays the first. In Internet Explorer, I will get a second File menu at the top of the screen. In my reply to your post, I had to close out and start it back up a couple times as if I leave the page for a while to test everything, the window goes black.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 02 May 2012 - 09:30 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kretsch72

kretsch72
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 02 May 2012 - 10:37 PM

Thanks Gringo. The logs are below.

23:19:15.0235 7640 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
23:19:15.0547 7640 ============================================================
23:19:15.0547 7640 Current date / time: 2012/05/02 23:19:15.0547
23:19:15.0547 7640 SystemInfo:
23:19:15.0547 7640
23:19:15.0547 7640 OS Version: 6.1.7600 ServicePack: 0.0
23:19:15.0547 7640 Product type: Workstation
23:19:15.0547 7640 ComputerName: OCTOBER2010
23:19:15.0547 7640 UserName: Bob
23:19:15.0547 7640 Windows directory: C:\Windows
23:19:15.0547 7640 System windows directory: C:\Windows
23:19:15.0547 7640 Running under WOW64
23:19:15.0547 7640 Processor architecture: Intel x64
23:19:15.0547 7640 Number of processors: 4
23:19:15.0547 7640 Page size: 0x1000
23:19:15.0547 7640 Boot type: Normal boot
23:19:15.0547 7640 ============================================================
23:19:16.0093 7640 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:19:16.0109 7640 ============================================================
23:19:16.0109 7640 \Device\Harddisk0\DR0:
23:19:16.0109 7640 MBR partitions:
23:19:16.0109 7640 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000
23:19:16.0109 7640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x38606863
23:19:16.0109 7640 ============================================================
23:19:16.0156 7640 C: <-> \Device\Harddisk0\DR0\Partition1
23:19:16.0156 7640 ============================================================
23:19:16.0156 7640 Initialize success
23:19:16.0156 7640 ============================================================
23:19:18.0137 7116 ============================================================
23:19:18.0137 7116 Scan started
23:19:18.0137 7116 Mode: Manual;
23:19:18.0137 7116 ============================================================
23:19:19.0744 7116 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
23:19:19.0806 7116 1394ohci - ok
23:19:19.0931 7116 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:19:20.0025 7116 ACDaemon - ok
23:19:20.0087 7116 ACPI (794ff35015209b9d44f1360c42c9776d) C:\Windows\system32\DRIVERS\ACPI.sys
23:19:20.0087 7116 ACPI - ok
23:19:20.0118 7116 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:19:20.0118 7116 AcpiPmi - ok
23:19:20.0243 7116 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:19:20.0243 7116 AdobeARMservice - ok
23:19:20.0415 7116 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:19:20.0415 7116 AdobeFlashPlayerUpdateSvc - ok
23:19:20.0493 7116 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:19:20.0539 7116 adp94xx - ok
23:19:20.0602 7116 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:19:20.0649 7116 adpahci - ok
23:19:20.0680 7116 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:19:20.0695 7116 adpu320 - ok
23:19:20.0742 7116 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:19:20.0742 7116 AeLookupSvc - ok
23:19:20.0820 7116 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
23:19:20.0820 7116 AERTFilters - ok
23:19:20.0898 7116 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
23:19:20.0929 7116 AFD - ok
23:19:20.0961 7116 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:19:20.0976 7116 agp440 - ok
23:19:21.0007 7116 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:19:21.0023 7116 ALG - ok
23:19:21.0054 7116 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:19:21.0054 7116 aliide - ok
23:19:21.0085 7116 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:19:21.0085 7116 amdide - ok
23:19:21.0101 7116 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:19:21.0117 7116 AmdK8 - ok
23:19:21.0132 7116 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:19:21.0148 7116 AmdPPM - ok
23:19:21.0195 7116 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
23:19:21.0288 7116 amdsata - ok
23:19:21.0351 7116 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:19:21.0366 7116 amdsbs - ok
23:19:21.0382 7116 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
23:19:21.0382 7116 amdxata - ok
23:19:21.0444 7116 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:19:21.0460 7116 AppID - ok
23:19:21.0491 7116 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:19:21.0491 7116 AppIDSvc - ok
23:19:21.0522 7116 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
23:19:21.0522 7116 Appinfo - ok
23:19:21.0631 7116 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:19:21.0631 7116 Apple Mobile Device - ok
23:19:21.0709 7116 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:19:21.0725 7116 arc - ok
23:19:21.0741 7116 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:19:21.0741 7116 arcsas - ok
23:19:21.0787 7116 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:19:21.0787 7116 AsyncMac - ok
23:19:21.0819 7116 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:19:21.0819 7116 atapi - ok
23:19:21.0897 7116 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:19:21.0959 7116 AudioEndpointBuilder - ok
23:19:21.0959 7116 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:19:21.0975 7116 AudioSrv - ok
23:19:22.0053 7116 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
23:19:22.0053 7116 AxInstSV - ok
23:19:22.0131 7116 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:19:22.0146 7116 b06bdrv - ok
23:19:22.0209 7116 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:19:22.0224 7116 b57nd60a - ok
23:19:22.0521 7116 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:19:22.0536 7116 BCM43XX - ok
23:19:22.0739 7116 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
23:19:22.0786 7116 BcmVWL - ok
23:19:22.0879 7116 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:19:22.0911 7116 BDESVC - ok
23:19:22.0942 7116 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:19:22.0957 7116 Beep - ok
23:19:23.0067 7116 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
23:19:23.0113 7116 BFE - ok
23:19:23.0191 7116 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
23:19:23.0238 7116 BITS - ok
23:19:23.0285 7116 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:19:23.0301 7116 blbdrive - ok
23:19:23.0410 7116 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
23:19:23.0488 7116 Bonjour Service - ok
23:19:23.0550 7116 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:19:23.0550 7116 bowser - ok
23:19:23.0597 7116 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:19:23.0597 7116 BrFiltLo - ok
23:19:23.0628 7116 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:19:23.0644 7116 BrFiltUp - ok
23:19:23.0691 7116 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:19:23.0691 7116 BridgeMP - ok
23:19:23.0753 7116 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
23:19:23.0769 7116 Browser - ok
23:19:23.0847 7116 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:19:23.0878 7116 Brserid - ok
23:19:23.0909 7116 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:19:23.0925 7116 BrSerWdm - ok
23:19:23.0940 7116 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:19:23.0940 7116 BrUsbMdm - ok
23:19:23.0987 7116 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:19:23.0987 7116 BrUsbSer - ok
23:19:24.0049 7116 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:19:24.0049 7116 BthEnum - ok
23:19:24.0081 7116 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:19:24.0081 7116 BTHMODEM - ok
23:19:24.0127 7116 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:19:24.0127 7116 BthPan - ok
23:19:24.0190 7116 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
23:19:24.0299 7116 BTHPORT - ok
23:19:24.0330 7116 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:19:24.0330 7116 bthserv - ok
23:19:24.0361 7116 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
23:19:24.0424 7116 BTHUSB - ok
23:19:24.0455 7116 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
23:19:24.0455 7116 btusbflt - ok
23:19:24.0502 7116 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
23:19:24.0502 7116 btwaudio - ok
23:19:24.0517 7116 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
23:19:24.0517 7116 btwavdt - ok
23:19:24.0673 7116 btwdins (10ffb5fa51d5713d872b41a59dfc2213) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:19:24.0736 7116 btwdins - ok
23:19:24.0767 7116 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
23:19:24.0767 7116 btwl2cap - ok
23:19:24.0783 7116 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
23:19:24.0845 7116 btwrchid - ok
23:19:24.0876 7116 catchme - ok
23:19:24.0923 7116 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:19:24.0923 7116 cdfs - ok
23:19:24.0970 7116 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:19:24.0970 7116 cdrom - ok
23:19:25.0032 7116 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:19:25.0032 7116 CertPropSvc - ok
23:19:25.0095 7116 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
23:19:25.0173 7116 cfwids - ok
23:19:25.0204 7116 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:19:25.0204 7116 circlass - ok
23:19:25.0266 7116 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:19:25.0282 7116 CLFS - ok
23:19:25.0360 7116 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:19:25.0375 7116 clr_optimization_v2.0.50727_32 - ok
23:19:25.0422 7116 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:19:25.0438 7116 clr_optimization_v2.0.50727_64 - ok
23:19:25.0516 7116 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:19:25.0531 7116 clr_optimization_v4.0.30319_32 - ok
23:19:25.0594 7116 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:19:25.0594 7116 clr_optimization_v4.0.30319_64 - ok
23:19:25.0641 7116 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:19:25.0656 7116 CmBatt - ok
23:19:25.0672 7116 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:19:25.0687 7116 cmdide - ok
23:19:25.0750 7116 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
23:19:25.0765 7116 CNG - ok
23:19:25.0797 7116 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:19:25.0797 7116 Compbatt - ok
23:19:25.0812 7116 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:19:25.0828 7116 CompositeBus - ok
23:19:25.0828 7116 COMSysApp - ok
23:19:25.0859 7116 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:19:25.0859 7116 crcdisk - ok
23:19:25.0906 7116 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
23:19:25.0921 7116 CryptSvc - ok
23:19:25.0984 7116 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
23:19:26.0046 7116 CtClsFlt - ok
23:19:26.0140 7116 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:19:26.0171 7116 DcomLaunch - ok
23:19:26.0218 7116 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:19:26.0233 7116 defragsvc - ok
23:19:26.0280 7116 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:19:26.0280 7116 DfsC - ok
23:19:26.0327 7116 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
23:19:26.0374 7116 Dhcp - ok
23:19:26.0405 7116 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:19:26.0421 7116 discache - ok
23:19:26.0467 7116 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:19:26.0467 7116 Disk - ok
23:19:26.0577 7116 dleaCATSCustConnectService (1017d70abe5483f40c10b7774397d120) C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
23:19:26.0623 7116 dleaCATSCustConnectService - ok
23:19:26.0655 7116 dlea_device - ok
23:19:26.0701 7116 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
23:19:26.0764 7116 Dnscache - ok
23:19:26.0904 7116 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
23:19:26.0904 7116 DockLoginService - ok
23:19:26.0951 7116 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
23:19:26.0982 7116 dot3svc - ok
23:19:27.0013 7116 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
23:19:27.0013 7116 DPS - ok
23:19:27.0045 7116 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:19:27.0060 7116 drmkaud - ok
23:19:27.0138 7116 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
23:19:27.0247 7116 DXGKrnl - ok
23:19:27.0294 7116 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:19:27.0294 7116 EapHost - ok
23:19:27.0544 7116 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:19:27.0653 7116 ebdrv - ok
23:19:27.0778 7116 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
23:19:27.0871 7116 EFS - ok
23:19:27.0965 7116 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
23:19:28.0059 7116 ehRecvr - ok
23:19:28.0105 7116 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:19:28.0105 7116 ehSched - ok
23:19:28.0215 7116 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:19:28.0246 7116 elxstor - ok
23:19:28.0261 7116 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:19:28.0261 7116 ErrDev - ok
23:19:28.0339 7116 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:19:28.0339 7116 EventSystem - ok
23:19:28.0371 7116 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:19:28.0386 7116 exfat - ok
23:19:28.0417 7116 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:19:28.0417 7116 fastfat - ok
23:19:28.0495 7116 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
23:19:28.0511 7116 Fax - ok
23:19:28.0542 7116 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:19:28.0542 7116 fdc - ok
23:19:28.0558 7116 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:19:28.0573 7116 fdPHost - ok
23:19:28.0589 7116 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:19:28.0589 7116 FDResPub - ok
23:19:28.0620 7116 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:19:28.0620 7116 FileInfo - ok
23:19:28.0636 7116 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:19:28.0636 7116 Filetrace - ok
23:19:28.0667 7116 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:19:28.0667 7116 flpydisk - ok
23:19:28.0714 7116 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:19:28.0729 7116 FltMgr - ok
23:19:28.0792 7116 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
23:19:28.0839 7116 FlyUsb - ok
23:19:28.0948 7116 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
23:19:29.0041 7116 FontCache - ok
23:19:29.0088 7116 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:19:29.0104 7116 FontCache3.0.0.0 - ok
23:19:29.0135 7116 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:19:29.0135 7116 FsDepends - ok
23:19:29.0182 7116 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
23:19:29.0244 7116 fssfltr - ok
23:19:29.0431 7116 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:19:29.0478 7116 fsssvc - ok
23:19:29.0619 7116 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
23:19:29.0681 7116 Fs_Rec - ok
23:19:29.0743 7116 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:19:29.0759 7116 fvevol - ok
23:19:29.0806 7116 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:19:29.0821 7116 gagp30kx - ok
23:19:29.0931 7116 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
23:19:29.0931 7116 GamesAppService - ok
23:19:29.0977 7116 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:19:30.0055 7116 GEARAspiWDM - ok
23:19:30.0087 7116 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
23:19:30.0087 7116 GoToAssist - ok
23:19:30.0165 7116 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
23:19:30.0180 7116 gpsvc - ok
23:19:30.0289 7116 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:19:30.0289 7116 gupdate - ok
23:19:30.0321 7116 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:19:30.0321 7116 gupdatem - ok
23:19:30.0414 7116 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:19:30.0523 7116 gusvc - ok
23:19:30.0570 7116 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:19:30.0570 7116 hcw85cir - ok
23:19:30.0617 7116 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:19:30.0617 7116 HDAudBus - ok
23:19:30.0648 7116 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
23:19:30.0711 7116 HECIx64 - ok
23:19:30.0726 7116 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:19:30.0726 7116 HidBatt - ok
23:19:30.0742 7116 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:19:30.0757 7116 HidBth - ok
23:19:30.0773 7116 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:19:30.0789 7116 HidIr - ok
23:19:30.0820 7116 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:19:30.0835 7116 hidserv - ok
23:19:30.0867 7116 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:19:30.0882 7116 HidUsb - ok
23:19:30.0929 7116 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
23:19:30.0945 7116 hkmsvc - ok
23:19:30.0976 7116 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
23:19:30.0991 7116 HomeGroupListener - ok
23:19:31.0023 7116 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
23:19:31.0038 7116 HomeGroupProvider - ok
23:19:31.0085 7116 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:19:31.0101 7116 HpSAMD - ok
23:19:31.0163 7116 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:19:31.0194 7116 HTTP - ok
23:19:31.0210 7116 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:19:31.0210 7116 hwpolicy - ok
23:19:31.0257 7116 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:19:31.0272 7116 i8042prt - ok
23:19:31.0335 7116 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
23:19:31.0335 7116 iaStor - ok
23:19:31.0413 7116 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
23:19:31.0491 7116 iaStorV - ok
23:19:31.0615 7116 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:19:31.0678 7116 IDriverT - ok
23:19:31.0803 7116 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:19:31.0849 7116 idsvc - ok
23:19:32.0629 7116 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:19:32.0926 7116 igfx - ok
23:19:33.0066 7116 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:19:33.0066 7116 iirsp - ok
23:19:33.0160 7116 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
23:19:33.0222 7116 IKEEXT - ok
23:19:33.0253 7116 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
23:19:33.0331 7116 Impcd - ok
23:19:33.0519 7116 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys
23:19:33.0690 7116 IntcAzAudAddService - ok
23:19:33.0815 7116 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:19:33.0909 7116 IntcDAud - ok
23:19:33.0940 7116 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:19:33.0940 7116 intelide - ok
23:19:33.0987 7116 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:19:33.0987 7116 intelppm - ok
23:19:34.0033 7116 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:19:34.0033 7116 IPBusEnum - ok
23:19:34.0065 7116 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:19:34.0080 7116 IpFilterDriver - ok
23:19:34.0143 7116 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
23:19:34.0174 7116 iphlpsvc - ok
23:19:34.0221 7116 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:19:34.0221 7116 IPMIDRV - ok
23:19:34.0267 7116 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:19:34.0283 7116 IPNAT - ok
23:19:34.0455 7116 iPod Service (b7cb0b121962cd89f98c0dd89331b0c0) C:\Program Files\iPod\bin\iPodService.exe
23:19:34.0470 7116 iPod Service - ok
23:19:34.0533 7116 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:19:34.0533 7116 IRENUM - ok
23:19:34.0564 7116 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:19:34.0564 7116 isapnp - ok
23:19:34.0595 7116 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:19:34.0611 7116 iScsiPrt - ok
23:19:34.0642 7116 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:19:34.0657 7116 kbdclass - ok
23:19:34.0689 7116 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:19:34.0689 7116 kbdhid - ok
23:19:34.0735 7116 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:19:34.0751 7116 KeyIso - ok
23:19:34.0767 7116 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
23:19:34.0767 7116 KSecDD - ok
23:19:34.0798 7116 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
23:19:34.0798 7116 KSecPkg - ok
23:19:34.0829 7116 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:19:34.0845 7116 ksthunk - ok
23:19:34.0891 7116 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:19:34.0923 7116 KtmRm - ok
23:19:34.0969 7116 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
23:19:35.0047 7116 L1C - ok
23:19:35.0110 7116 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
23:19:35.0172 7116 LanmanServer - ok
23:19:35.0203 7116 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
23:19:35.0235 7116 LanmanWorkstation - ok
23:19:35.0749 7116 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
23:19:35.0781 7116 LeapFrog Connect Device Service - ok
23:19:35.0905 7116 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:19:35.0905 7116 lltdio - ok
23:19:35.0968 7116 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:19:35.0999 7116 lltdsvc - ok
23:19:36.0015 7116 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:19:36.0030 7116 lmhosts - ok
23:19:36.0139 7116 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:19:36.0139 7116 LMS - ok
23:19:36.0202 7116 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:19:36.0202 7116 LSI_FC - ok
23:19:36.0217 7116 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:19:36.0217 7116 LSI_SAS - ok
23:19:36.0249 7116 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:19:36.0249 7116 LSI_SAS2 - ok
23:19:36.0264 7116 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:19:36.0280 7116 LSI_SCSI - ok
23:19:36.0327 7116 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:19:36.0327 7116 luafv - ok
23:19:36.0373 7116 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
23:19:36.0373 7116 MBAMProtector - ok
23:19:36.0467 7116 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:19:36.0545 7116 MBAMService - ok
23:19:36.0639 7116 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:19:36.0639 7116 McMPFSvc - ok
23:19:36.0670 7116 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23:19:36.0685 7116 mcmscsvc - ok
23:19:36.0701 7116 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23:19:36.0701 7116 McNaiAnn - ok
23:19:36.0717 7116 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23:19:36.0717 7116 McNASvc - ok
23:19:36.0841 7116 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\mcafee\VirusScan\mcods.exe
23:19:36.0857 7116 McODS - ok
23:19:36.0888 7116 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23:19:36.0904 7116 McProxy - ok
23:19:36.0966 7116 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
23:19:37.0044 7116 McShield - ok
23:19:37.0169 7116 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
23:19:37.0185 7116 Mcx2Svc - ok
23:19:37.0231 7116 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:19:37.0231 7116 megasas - ok
23:19:37.0278 7116 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:19:37.0309 7116 MegaSR - ok
23:19:37.0372 7116 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
23:19:37.0450 7116 mfeapfk - ok
23:19:37.0512 7116 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
23:19:37.0575 7116 mfeavfk - ok
23:19:37.0606 7116 mfeavfk01 - ok
23:19:37.0684 7116 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
23:19:37.0746 7116 mfefire - ok
23:19:37.0809 7116 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
23:19:37.0902 7116 mfefirek - ok
23:19:37.0965 7116 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
23:19:37.0996 7116 mfehidk - ok
23:19:38.0043 7116 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
23:19:38.0136 7116 mfenlfk - ok
23:19:38.0167 7116 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
23:19:38.0230 7116 mferkdet - ok
23:19:38.0277 7116 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
23:19:38.0277 7116 mfevtp - ok
23:19:38.0339 7116 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
23:19:38.0339 7116 mfewfpk - ok
23:19:38.0386 7116 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:19:38.0386 7116 MMCSS - ok
23:19:38.0417 7116 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:19:38.0417 7116 Modem - ok
23:19:38.0448 7116 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:19:38.0448 7116 monitor - ok
23:19:38.0495 7116 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:19:38.0511 7116 mouclass - ok
23:19:38.0526 7116 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:19:38.0542 7116 mouhid - ok
23:19:38.0557 7116 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:19:38.0557 7116 mountmgr - ok
23:19:38.0589 7116 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:19:38.0604 7116 mpio - ok
23:19:38.0635 7116 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:19:38.0651 7116 mpsdrv - ok
23:19:38.0760 7116 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
23:19:38.0823 7116 MpsSvc - ok
23:19:38.0854 7116 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:19:38.0854 7116 MRxDAV - ok
23:19:38.0901 7116 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:19:38.0901 7116 mrxsmb - ok
23:19:38.0947 7116 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:19:38.0963 7116 mrxsmb10 - ok
23:19:38.0994 7116 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:19:38.0994 7116 mrxsmb20 - ok
23:19:39.0025 7116 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
23:19:39.0103 7116 msahci - ok
23:19:39.0150 7116 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:19:39.0150 7116 msdsm - ok
23:19:39.0213 7116 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:19:39.0228 7116 MSDTC - ok
23:19:39.0259 7116 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:19:39.0259 7116 Msfs - ok
23:19:39.0275 7116 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:19:39.0291 7116 mshidkmdf - ok
23:19:39.0322 7116 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:19:39.0322 7116 msisadrv - ok
23:19:39.0353 7116 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:19:39.0384 7116 MSiSCSI - ok
23:19:39.0384 7116 msiserver - ok
23:19:39.0478 7116 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:19:39.0493 7116 MSK80Service - ok
23:19:39.0525 7116 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:19:39.0540 7116 MSKSSRV - ok
23:19:39.0556 7116 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:19:39.0571 7116 MSPCLOCK - ok
23:19:39.0587 7116 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:19:39.0587 7116 MSPQM - ok
23:19:39.0634 7116 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:19:39.0649 7116 MsRPC - ok
23:19:39.0665 7116 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:19:39.0681 7116 mssmbios - ok
23:19:39.0696 7116 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:19:39.0696 7116 MSTEE - ok
23:19:39.0727 7116 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:19:39.0727 7116 MTConfig - ok
23:19:39.0759 7116 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:19:39.0759 7116 Mup - ok
23:19:39.0821 7116 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
23:19:39.0837 7116 napagent - ok
23:19:39.0899 7116 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:19:39.0915 7116 NativeWifiP - ok
23:19:40.0008 7116 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:19:40.0039 7116 NDIS - ok
23:19:40.0055 7116 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:19:40.0071 7116 NdisCap - ok
23:19:40.0102 7116 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:19:40.0102 7116 NdisTapi - ok
23:19:40.0149 7116 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:19:40.0149 7116 Ndisuio - ok
23:19:40.0180 7116 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:19:40.0195 7116 NdisWan - ok
23:19:40.0227 7116 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:19:40.0227 7116 NDProxy - ok
23:19:40.0242 7116 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:19:40.0242 7116 NetBIOS - ok
23:19:40.0273 7116 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:19:40.0305 7116 NetBT - ok
23:19:40.0320 7116 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:19:40.0320 7116 Netlogon - ok
23:19:40.0367 7116 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:19:40.0398 7116 Netman - ok
23:19:40.0445 7116 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:19:40.0461 7116 netprofm - ok
23:19:40.0539 7116 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:19:40.0539 7116 NetTcpPortSharing - ok
23:19:40.0601 7116 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:19:40.0601 7116 nfrd960 - ok
23:19:40.0663 7116 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
23:19:40.0695 7116 NlaSvc - ok
23:19:40.0726 7116 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:19:40.0726 7116 Npfs - ok
23:19:40.0741 7116 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:19:40.0757 7116 nsi - ok
23:19:40.0773 7116 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:19:40.0773 7116 nsiproxy - ok
23:19:40.0913 7116 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
23:19:40.0975 7116 Ntfs - ok
23:19:41.0100 7116 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:19:41.0116 7116 Null - ok
23:19:41.0163 7116 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
23:19:41.0241 7116 nvraid - ok
23:19:41.0287 7116 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
23:19:41.0365 7116 nvstor - ok
23:19:41.0397 7116 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:19:41.0412 7116 nv_agp - ok
23:19:41.0443 7116 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:19:41.0459 7116 ohci1394 - ok
23:19:41.0553 7116 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:19:41.0631 7116 ose - ok
23:19:41.0989 7116 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:19:42.0255 7116 osppsvc - ok
23:19:42.0379 7116 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:19:42.0395 7116 p2pimsvc - ok
23:19:42.0442 7116 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:19:42.0457 7116 p2psvc - ok
23:19:42.0535 7116 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:19:42.0551 7116 Parport - ok
23:19:42.0567 7116 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
23:19:42.0582 7116 partmgr - ok
23:19:42.0629 7116 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:19:42.0645 7116 PcaSvc - ok
23:19:42.0676 7116 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:19:42.0691 7116 pci - ok
23:19:42.0707 7116 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:19:42.0723 7116 pciide - ok
23:19:42.0754 7116 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:19:42.0769 7116 pcmcia - ok
23:19:42.0801 7116 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:19:42.0801 7116 pcw - ok
23:19:42.0847 7116 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:19:42.0894 7116 PEAUTH - ok
23:19:42.0988 7116 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:19:43.0003 7116 PerfHost - ok
23:19:43.0113 7116 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
23:19:43.0175 7116 pla - ok
23:19:43.0253 7116 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
23:19:43.0253 7116 PlugPlay - ok
23:19:43.0284 7116 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:19:43.0300 7116 PNRPAutoReg - ok
23:19:43.0347 7116 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:19:43.0362 7116 PNRPsvc - ok
23:19:43.0425 7116 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
23:19:43.0440 7116 PolicyAgent - ok
23:19:43.0471 7116 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:19:43.0487 7116 Power - ok
23:19:43.0565 7116 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:19:43.0565 7116 PptpMiniport - ok
23:19:43.0596 7116 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:19:43.0612 7116 Processor - ok
23:19:43.0659 7116 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
23:19:43.0659 7116 ProfSvc - ok
23:19:43.0690 7116 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:19:43.0690 7116 ProtectedStorage - ok
23:19:43.0721 7116 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:19:43.0721 7116 Psched - ok
23:19:43.0783 7116 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:19:43.0783 7116 PxHlpa64 - ok
23:19:43.0908 7116 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:19:43.0971 7116 ql2300 - ok
23:19:44.0111 7116 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:19:44.0127 7116 ql40xx - ok
23:19:44.0158 7116 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:19:44.0173 7116 QWAVE - ok
23:19:44.0205 7116 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:19:44.0205 7116 QWAVEdrv - ok
23:19:44.0236 7116 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:19:44.0236 7116 RasAcd - ok
23:19:44.0283 7116 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:19:44.0298 7116 RasAgileVpn - ok
23:19:44.0329 7116 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:19:44.0345 7116 RasAuto - ok
23:19:44.0361 7116 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:19:44.0376 7116 Rasl2tp - ok
23:19:44.0423 7116 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
23:19:44.0439 7116 RasMan - ok
23:19:44.0470 7116 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:19:44.0485 7116 RasPppoe - ok
23:19:44.0501 7116 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:19:44.0517 7116 RasSstp - ok
23:19:44.0548 7116 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:19:44.0563 7116 rdbss - ok
23:19:44.0595 7116 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:19:44.0610 7116 rdpbus - ok
23:19:44.0626 7116 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:19:44.0626 7116 RDPCDD - ok
23:19:44.0673 7116 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:19:44.0673 7116 RDPENCDD - ok
23:19:44.0688 7116 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:19:44.0688 7116 RDPREFMP - ok
23:19:44.0735 7116 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
23:19:44.0797 7116 RDPWD - ok
23:19:44.0875 7116 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:19:44.0875 7116 rdyboost - ok
23:19:44.0907 7116 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:19:44.0922 7116 RemoteAccess - ok
23:19:44.0985 7116 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:19:45.0000 7116 RemoteRegistry - ok
23:19:45.0063 7116 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:19:45.0078 7116 RFCOMM - ok
23:19:45.0094 7116 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:19:45.0109 7116 RpcEptMapper - ok
23:19:45.0141 7116 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:19:45.0156 7116 RpcLocator - ok
23:19:45.0203 7116 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:19:45.0219 7116 RpcSs - ok
23:19:45.0281 7116 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:19:45.0281 7116 rspndr - ok
23:19:45.0328 7116 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
23:19:45.0328 7116 RSUSBSTOR - ok
23:19:45.0375 7116 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:19:45.0375 7116 SamSs - ok
23:19:45.0406 7116 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:19:45.0406 7116 sbp2port - ok
23:19:45.0453 7116 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:19:45.0484 7116 SCardSvr - ok
23:19:45.0499 7116 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:19:45.0499 7116 scfilter - ok
23:19:45.0609 7116 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
23:19:45.0718 7116 Schedule - ok
23:19:45.0749 7116 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:19:45.0749 7116 SCPolicySvc - ok
23:19:45.0780 7116 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
23:19:45.0796 7116 SDRSVC - ok
23:19:45.0905 7116 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:19:45.0905 7116 SeaPort - ok
23:19:45.0967 7116 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:19:45.0967 7116 secdrv - ok
23:19:45.0999 7116 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
23:19:46.0014 7116 seclogon - ok
23:19:46.0030 7116 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:19:46.0030 7116 SENS - ok
23:19:46.0045 7116 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:19:46.0061 7116 SensrSvc - ok
23:19:46.0077 7116 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:19:46.0077 7116 Serenum - ok
23:19:46.0108 7116 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:19:46.0108 7116 Serial - ok
23:19:46.0139 7116 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:19:46.0139 7116 sermouse - ok
23:19:46.0186 7116 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
23:19:46.0201 7116 SessionEnv - ok
23:19:46.0233 7116 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:19:46.0233 7116 sffdisk - ok
23:19:46.0248 7116 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:19:46.0248 7116 sffp_mmc - ok
23:19:46.0264 7116 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:19:46.0311 7116 sffp_sd - ok
23:19:46.0326 7116 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:19:46.0326 7116 sfloppy - ok
23:19:46.0420 7116 SftService (cf53dcce55e500f51089774e851e7363) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
23:19:46.0435 7116 SftService - ok
23:19:46.0482 7116 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:19:46.0513 7116 SharedAccess - ok
23:19:46.0560 7116 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
23:19:46.0591 7116 ShellHWDetection - ok
23:19:46.0669 7116 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:19:46.0669 7116 SiSRaid2 - ok
23:19:46.0701 7116 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:19:46.0701 7116 SiSRaid4 - ok
23:19:46.0732 7116 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:19:46.0747 7116 Smb - ok
23:19:46.0810 7116 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:19:46.0825 7116 SNMPTRAP - ok
23:19:46.0841 7116 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:19:46.0841 7116 spldr - ok
23:19:46.0919 7116 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
23:19:46.0919 7116 Spooler - ok
23:19:47.0169 7116 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
23:19:47.0184 7116 sppsvc - ok
23:19:47.0309 7116 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:19:47.0325 7116 sppuinotify - ok
23:19:47.0387 7116 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:19:47.0403 7116 srv - ok
23:19:47.0449 7116 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:19:47.0449 7116 srv2 - ok
23:19:47.0481 7116 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:19:47.0481 7116 srvnet - ok
23:19:47.0512 7116 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:19:47.0527 7116 SSDPSRV - ok
23:19:47.0559 7116 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:19:47.0559 7116 SstpSvc - ok
23:19:47.0590 7116 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:19:47.0605 7116 stexstor - ok
23:19:47.0668 7116 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
23:19:47.0699 7116 stisvc - ok
23:19:47.0715 7116 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:19:47.0730 7116 swenum - ok
23:19:47.0777 7116 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:19:47.0793 7116 swprv - ok
23:19:47.0839 7116 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys
23:19:47.0917 7116 SynTP - ok
23:19:48.0058 7116 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
23:19:48.0105 7116 SysMain - ok
23:19:48.0229 7116 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
23:19:48.0229 7116 TabletInputService - ok
23:19:48.0276 7116 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
23:19:48.0307 7116 TapiSrv - ok
23:19:48.0339 7116 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:19:48.0339 7116 TBS - ok
23:19:48.0526 7116 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
23:19:48.0588 7116 Tcpip - ok
23:19:48.0807 7116 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
23:19:48.0822 7116 TCPIP6 - ok
23:19:48.0994 7116 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:19:49.0009 7116 tcpipreg - ok
23:19:49.0025 7116 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:19:49.0041 7116 TDPIPE - ok
23:19:49.0072 7116 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
23:19:49.0150 7116 TDTCP - ok
23:19:49.0165 7116 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:19:49.0181 7116 tdx - ok
23:19:49.0197 7116 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:19:49.0212 7116 TermDD - ok
23:19:49.0290 7116 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
23:19:49.0321 7116 TermService - ok
23:19:49.0337 7116 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:19:49.0337 7116 Themes - ok
23:19:49.0368 7116 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:19:49.0368 7116 THREADORDER - ok
23:19:49.0399 7116 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:19:49.0415 7116 TrkWks - ok
23:19:49.0477 7116 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
23:19:49.0493 7116 TrustedInstaller - ok
23:19:49.0509 7116 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:19:49.0509 7116 tssecsrv - ok
23:19:49.0555 7116 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:19:49.0555 7116 tunnel - ok
23:19:49.0587 7116 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:19:49.0587 7116 uagp35 - ok
23:19:49.0633 7116 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
23:19:49.0711 7116 udfs - ok
23:19:49.0758 7116 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:19:49.0774 7116 UI0Detect - ok
23:19:49.0805 7116 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:19:49.0821 7116 uliagpkx - ok
23:19:49.0852 7116 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:19:49.0867 7116 umbus - ok
23:19:49.0883 7116 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:19:49.0883 7116 UmPass - ok
23:19:50.0101 7116 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:19:50.0117 7116 UNS - ok
23:19:50.0242 7116 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:19:50.0257 7116 upnphost - ok
23:19:50.0320 7116 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
23:19:50.0382 7116 USBAAPL64 - ok
23:19:50.0429 7116 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
23:19:50.0491 7116 usbccgp - ok
23:19:50.0538 7116 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:19:50.0538 7116 usbcir - ok
23:19:50.0569 7116 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
23:19:50.0616 7116 usbehci - ok
23:19:50.0663 7116 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
23:19:50.0741 7116 usbhub - ok
23:19:50.0772 7116 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
23:19:50.0835 7116 usbohci - ok
23:19:50.0866 7116 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:19:50.0881 7116 usbprint - ok
23:19:50.0913 7116 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:19:50.0913 7116 usbscan - ok
23:19:50.0959 7116 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:19:51.0006 7116 USBSTOR - ok
23:19:51.0037 7116 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
23:19:51.0084 7116 usbuhci - ok
23:19:51.0131 7116 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
23:19:51.0193 7116 usbvideo - ok
23:19:51.0225 7116 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:19:51.0240 7116 UxSms - ok
23:19:51.0256 7116 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:19:51.0256 7116 VaultSvc - ok
23:19:51.0303 7116 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:19:51.0303 7116 vdrvroot - ok
23:19:51.0349 7116 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
23:19:51.0381 7116 vds - ok
23:19:51.0412 7116 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:19:51.0427 7116 vga - ok
23:19:51.0443 7116 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:19:51.0459 7116 VgaSave - ok
23:19:51.0490 7116 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:19:51.0505 7116 vhdmp - ok
23:19:51.0552 7116 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:19:51.0552 7116 viaide - ok
23:19:51.0583 7116 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:19:51.0599 7116 volmgr - ok
23:19:51.0630 7116 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:19:51.0646 7116 volmgrx - ok
23:19:51.0677 7116 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:19:51.0708 7116 volsnap - ok
23:19:51.0739 7116 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:19:51.0755 7116 vsmraid - ok
23:19:51.0895 7116 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
23:19:51.0911 7116 VSS - ok
23:19:52.0051 7116 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:19:52.0051 7116 vwifibus - ok
23:19:52.0067 7116 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:19:52.0067 7116 vwififlt - ok
23:19:52.0129 7116 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:19:52.0145 7116 W32Time - ok
23:19:52.0176 7116 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:19:52.0176 7116 WacomPen - ok
23:19:52.0223 7116 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:52.0223 7116 WANARP - ok
23:19:52.0239 7116 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:52.0239 7116 Wanarpv6 - ok
23:19:52.0363 7116 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:19:52.0519 7116 WatAdminSvc - ok
23:19:52.0644 7116 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
23:19:52.0722 7116 wbengine - ok
23:19:52.0816 7116 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:19:52.0847 7116 WbioSrvc - ok
23:19:52.0909 7116 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
23:19:53.0003 7116 wcncsvc - ok
23:19:53.0019 7116 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:19:53.0034 7116 WcsPlugInService - ok
23:19:53.0081 7116 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:19:53.0097 7116 Wd - ok
23:19:53.0159 7116 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:19:53.0190 7116 Wdf01000 - ok
23:19:53.0237 7116 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:19:53.0237 7116 WdiServiceHost - ok
23:19:53.0253 7116 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:19:53.0253 7116 WdiSystemHost - ok
23:19:53.0315 7116 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
23:19:53.0377 7116 WebClient - ok
23:19:53.0424 7116 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:19:53.0455 7116 Wecsvc - ok
23:19:53.0487 7116 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:19:53.0487 7116 wercplsupport - ok
23:19:53.0518 7116 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:19:53.0518 7116 WerSvc - ok
23:19:53.0580 7116 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:19:53.0596 7116 WfpLwf - ok
23:19:53.0643 7116 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
23:19:53.0705 7116 WimFltr - ok
23:19:53.0721 7116 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:19:53.0736 7116 WIMMount - ok
23:19:53.0767 7116 WinDefend - ok
23:19:53.0783 7116 WinHttpAutoProxySvc - ok
23:19:53.0861 7116 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:19:53.0892 7116 Winmgmt - ok
23:19:54.0048 7116 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
23:19:54.0142 7116 WinRM - ok
23:19:54.0329 7116 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
23:19:54.0391 7116 WinUsb - ok
23:19:54.0485 7116 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:19:54.0532 7116 Wlansvc - ok
23:19:54.0610 7116 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:19:54.0672 7116 wlcrasvc - ok
23:19:54.0891 7116 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:19:54.0937 7116 wlidsvc - ok
23:19:55.0093 7116 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:19:55.0093 7116 WmiAcpi - ok
23:19:55.0187 7116 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:19:55.0203 7116 wmiApSrv - ok
23:19:55.0234 7116 WMPNetworkSvc - ok
23:19:55.0281 7116 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:19:55.0281 7116 WPCSvc - ok
23:19:55.0312 7116 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
23:19:55.0327 7116 WPDBusEnum - ok
23:19:55.0359 7116 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:19:55.0359 7116 ws2ifsl - ok
23:19:55.0405 7116 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
23:19:55.0452 7116 wscsvc - ok
23:19:55.0499 7116 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
23:19:55.0499 7116 WSDPrintDevice - ok
23:19:55.0515 7116 WSearch - ok
23:19:55.0686 7116 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
23:19:55.0702 7116 wuauserv - ok
23:19:55.0842 7116 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
23:19:55.0905 7116 WudfPf - ok
23:19:55.0936 7116 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:19:56.0029 7116 WUDFRd - ok
23:19:56.0045 7116 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
23:19:56.0061 7116 wudfsvc - ok
23:19:56.0092 7116 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:19:56.0123 7116 WwanSvc - ok
23:19:56.0170 7116 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:19:56.0263 7116 \Device\Harddisk0\DR0 - ok
23:19:56.0279 7116 Boot (0x1200) (d537c5db00668131c9e341d501b55f67) \Device\Harddisk0\DR0\Partition0
23:19:56.0279 7116 \Device\Harddisk0\DR0\Partition0 - ok
23:19:56.0295 7116 Boot (0x1200) (2340c985aa75654c7597e3a6ea3097d0) \Device\Harddisk0\DR0\Partition1
23:19:56.0295 7116 \Device\Harddisk0\DR0\Partition1 - ok
23:19:56.0295 7116 ============================================================
23:19:56.0295 7116 Scan finished
23:19:56.0295 7116 ============================================================
23:19:56.0326 6772 Detected object count: 0
23:19:56.0326 6772 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-02 23:21:16
-----------------------------
23:21:16.541 OS Version: Windows x64 6.1.7600
23:21:16.541 Number of processors: 4 586 0x2505
23:21:16.541 ComputerName: OCTOBER2010 UserName: Bob
23:21:17.913 Initialize success
23:24:19.408 AVAST engine defs: 12050201
23:24:32.700 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:24:32.700 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
23:24:32.715 Disk 0 MBR read successfully
23:24:32.715 Disk 0 MBR scan
23:24:32.731 Disk 0 Windows VISTA default MBR code
23:24:32.731 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
23:24:32.747 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 208845
23:24:32.762 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461837 MB offset 30928845
23:24:32.809 Disk 0 scanning C:\Windows\system32\drivers
23:24:47.021 Service scanning
23:25:14.149 Modules scanning
23:25:14.165 Disk 0 trace - called modules:
23:25:14.180 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:25:14.196 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c59060]
23:25:14.211 3 CLASSPNP.SYS[fffff88001ba743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800490d050]
23:25:15.771 AVAST engine scan C:\Windows
23:25:22.417 AVAST engine scan C:\Windows\system32
23:30:43.479 AVAST engine scan C:\Windows\system32\drivers
23:31:00.717 AVAST engine scan C:\Users\Bob
23:35:31.145 Disk 0 MBR has been saved successfully to "C:\Users\Bob\Desktop\MBR.dat"
23:35:31.145 The log file has been saved successfully to "C:\Users\Bob\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 02 May 2012 - 10:52 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Bob\AppData\Roaming\Byzoov
c:\users\Bob\AppData\Roaming\Keokwo
c:\users\Bob\AppData\Roaming\Orwiuh

File::
c:\users\Bob\AppData\Local\Google\gljfalgz.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kretsch72

kretsch72
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 03 May 2012 - 03:53 PM

Gringo - Thanks for the additional help...here is the log:

ComboFix 12-05-03.02 - Bob 05/03/2012 16:05:01.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2632 [GMT -4:00]
Running from: c:\users\Bob\Desktop\ComboFix.exe
Command switches used :: c:\users\Bob\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Bob\AppData\Local\Google\gljfalgz.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\15fc9c67-6e4d-42b6-b215-fee7bb01b1c7.dll
c:\users\Bob\AppData\Roaming\Byzoov
c:\users\Bob\AppData\Roaming\Idqima
c:\users\Bob\AppData\Roaming\Idqima\fiuml.ywx
c:\users\Bob\AppData\Roaming\Keokwo
c:\users\Bob\AppData\Roaming\Keokwo\odcu.tmp
c:\users\Bob\AppData\Roaming\Keokwo\odcu.vyu
c:\users\Bob\AppData\Roaming\Orwiuh
c:\users\Bob\AppData\Roaming\Orwiuh\upedc.oxd
.
.
((((((((((((((((((((((((( Files Created from 2012-04-03 to 2012-05-03 )))))))))))))))))))))))))))))))
.
.
2012-05-03 20:15 . 2012-05-03 20:15 -------- d-----w- c:\users\Heather\AppData\Local\temp
2012-05-03 20:15 . 2012-05-03 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-30 20:28 . 2012-05-03 00:43 -------- d-----w- c:\users\Bob\AppData\Roaming\Ewohoc
2012-04-30 20:28 . 2012-05-03 00:03 -------- d-----w- c:\users\Bob\AppData\Roaming\Waem
2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\users\Bob\AppData\Roaming\Malwarebytes
2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\programdata\Malwarebytes
2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-30 01:25 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-26 23:50 . 2012-04-30 01:27 -------- d-----w- c:\programdata\B7E85886000024090136692FA60145BE
2012-04-15 21:32 . 2012-04-15 21:32 -------- d-----w- c:\windows\en
2012-04-15 21:29 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-15 21:27 . 2012-04-15 21:27 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8a8131c51cd1b4e03\DXSETUP.exe
2012-04-15 21:27 . 2012-04-15 21:27 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8a8131c51cd1b4e03\dsetup32.dll
2012-04-15 21:27 . 2012-04-15 21:27 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8ac89b0d1cd1b4e04\MeshBetaRemover.exe
2012-04-15 21:27 . 2012-04-15 21:27 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8a8131c51cd1b4e03\DSETUP.dll
2012-04-15 15:21 . 2012-04-15 15:21 -------- d-----w- c:\users\Heather\AppData\Roaming\com.w3i.plyt
2012-04-15 15:21 . 2012-04-15 15:21 -------- d-----w- c:\program files (x86)\Playalot Games
2012-04-11 10:37 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-11 10:37 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-11 10:37 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-11 10:37 . 2012-03-06 06:51 5473136 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 10:37 . 2012-03-06 05:59 3971440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 10:37 . 2012-03-06 05:59 3915632 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 10:34 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 10:34 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 10:34 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 10:34 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 10:34 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 10:34 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 10:34 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 00:19 . 2012-04-11 00:19 -------- d-----w- c:\users\Heather\AppData\Local\Programs
2012-04-11 00:18 . 2012-04-11 00:18 -------- d-----w- c:\users\Heather\AppData\Local\ArcSoft
2012-04-11 00:18 . 2012-04-11 00:18 -------- d-----w- c:\users\Heather\AppData\Roaming\ArcSoft
2012-04-07 06:51 . 2012-04-07 06:51 -------- d-----w- c:\programdata\Nikon
2012-04-07 00:00 . 2012-04-07 00:00 -------- d-----w- c:\users\Bob\AppData\Local\Programs
2012-04-06 23:54 . 2012-04-06 23:54 -------- d-----w- c:\users\Bob\AppData\Local\Nikon
2012-04-06 23:50 . 2012-04-06 23:54 -------- d-----w- c:\users\Bob\AppData\Roaming\Nikon
2012-04-06 23:48 . 2012-04-06 23:48 -------- d-----w- c:\users\Bob\AppData\Local\ArcSoft
2012-04-06 23:48 . 2012-04-11 01:21 -------- d-----w- c:\programdata\ArcSoft
2012-04-06 23:47 . 2012-04-06 23:47 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2012-04-06 23:47 . 2012-04-06 23:47 -------- d-----w- c:\program files (x86)\ArcSoft
2012-04-06 23:47 . 2012-04-06 23:48 -------- d-----w- c:\users\Bob\AppData\Roaming\ArcSoft
2012-04-06 23:47 . 2001-09-05 08:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-04-06 23:46 . 2001-09-05 08:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-06 23:46 . 2001-09-05 08:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-06 23:46 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-06 23:38 . 2012-04-06 23:38 57344 ----a-r- c:\users\Bob\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-04-06 23:36 . 2012-04-06 23:38 -------- d-----w- c:\program files (x86)\Common Files\Nikon
2012-04-06 23:36 . 2012-04-06 23:35 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2012-04-06 23:35 . 2012-04-06 23:35 -------- d-----w- c:\programdata\Flags
2012-04-06 23:35 . 2012-04-06 23:35 -------- d--h--r- c:\programdata\Extensions
2012-04-06 23:35 . 2012-04-06 23:35 -------- d-----w- c:\programdata\Ultima_T15
2012-04-06 23:35 . 2012-04-06 23:35 -------- d-----w- c:\programdata\EnterNHelp
2012-04-06 23:35 . 2012-04-06 23:35 -------- d-----w- c:\programdata\Electric Clav
2012-04-06 23:35 . 2012-04-06 23:38 -------- d-----w- c:\users\Bob\AppData\Local\Downloaded Installations
2012-04-06 23:35 . 2012-04-06 23:39 -------- d-----w- c:\program files (x86)\Nikon
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 12:43 . 2012-04-02 20:27 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-14 12:43 . 2011-05-19 22:48 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-14 12:43 . 2012-04-02 20:43 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-20 17:11 . 2011-06-10 21:28 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-22 17:29 . 2011-06-10 21:36 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 17:29 . 2011-06-10 21:36 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 17:29 . 2011-06-10 21:36 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 17:29 . 2011-06-10 21:36 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 17:29 . 2011-06-10 21:36 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 17:29 . 2011-06-10 21:36 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 17:29 . 2011-06-10 21:36 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 17:29 . 2011-03-13 15:20 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 17:29 . 2011-03-13 15:20 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-15 06:27 . 2012-03-13 19:13 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-13 19:13 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-13 19:13 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-13 19:13 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:18 . 2012-03-13 19:14 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:17 . 2012-03-13 19:14 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 06:17 . 2012-03-13 19:14 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 06:17 . 2012-03-13 19:14 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 06:17 . 2012-03-13 19:14 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-13 19:14 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 05:41 . 2012-03-13 19:14 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-13 19:14 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:41 . 2012-03-13 19:14 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:41 . 2012-03-13 19:14 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-03_01.08.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-10 18:20 . 2012-05-03 19:37 63330 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-03 19:37 30862 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-10-29 09:37 . 2012-05-02 10:01 16682 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1335259518-96370257-690275378-1003_UserData.bin
+ 2010-10-29 09:37 . 2012-05-03 09:53 16682 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1335259518-96370257-690275378-1003_UserData.bin
+ 2010-10-29 16:19 . 2012-05-03 19:37 15650 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1335259518-96370257-690275378-1001_UserData.bin
+ 2010-10-29 00:13 . 2012-05-03 19:40 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-29 00:13 . 2012-05-03 01:03 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 00:13 . 2012-05-03 19:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-29 00:13 . 2012-05-03 01:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-03 19:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-03 01:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-03 01:07 . 2012-05-03 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-03 19:34 . 2012-05-03 19:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-03 19:34 . 2012-05-03 19:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-03 01:07 . 2012-05-03 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-10-30 12:08 . 2012-05-03 03:14 344234 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2012-05-03 10:02 446492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-03 01:06 446492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-02 23:44 . 2012-05-03 10:02 13615848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1335259518-96370257-690275378-1003-8192.dat
+ 2010-11-03 04:32 . 2012-05-03 03:38 15294182 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1335259518-96370257-690275378-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Google"="c:\users\Bob\AppData\Local\Google\gljfalgz.dll" [2011-09-28 557056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-05-21 1052328]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-05-21 45224]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 12:43]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 03:28]
.
2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 03:28]
.
2012-04-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-05-03 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-08 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-08 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-08 413720]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-08-09 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2010-08-09 139944]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-03 16:19:41
ComboFix-quarantined-files.txt 2012-05-03 20:19
ComboFix2.txt 2012-05-03 01:16
.
Pre-Run: 412,545,617,920 bytes free
Post-Run: 412,206,592,000 bytes free
.
- - End Of File - - 67EEB6651E8177847585A15E9EFF6FDC


I had no problems running ComboFix. It went a lot faster than last time. I thought it may have been hung up a couple times the first run but this time everything went very quickly. So far since running it, I put the virus protection and firewall back on and they are remaining on. I also went into Google and ran a number of searches and was taken to the proper link. The other problem I had before this running of ComboFix was that the email would double up either on the side or top. In addition, I couldn't click on the links from within an email to take me to the webpage (this one for instance to reply). I had to copy the shortcut and paste it in Explorer. I just went back into the email program and did not have any of the problems I had prior to running ComboFix again.

I do notice that when I hit F7, F8 or F9 on my keyboard (that the would mute, lower sound or increase sound)that the volume doesn't display on the screen anymore. The volume does get higher, lower or muted but it doesn't come up on the screen as to where it is.

Can you tell me what I had and what was removed? Is it a common Malware?

Thanks for all your help Gringo and let me know if I need to do anything else after you reviewed the log.

Edited by kretsch72, 03 May 2012 - 08:29 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 03 May 2012 - 10:14 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 29
LivingPlay
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 kretsch72

kretsch72
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 04 May 2012 - 04:29 PM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.04.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Bob :: OCTOBER2010 [administrator]

Protection: Disabled

5/4/2012 4:58:29 PM
mbam-log-2012-05-04 (16-58-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234668
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:14:52 PM, on 5/4/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120424190411.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google] RUNDLL32.EXE C:\Users\Bob\AppData\Local\Google\gljfalgz.dll,NxGetApexSDK
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://98.235.34.62/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: dleaCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
O23 - Service: dlea_device - - C:\Windows\system32\dleacoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16520 bytes


When running the Revo program for LivingPlay, I received the following error: "Running the application's uninstaller failed! Possible invalid uninstall command!" I don't think when I did it for Java that it properly went through with the searching for leftovers. I never got to check/tick the bolded item for Java but I was able to for LivingPlay.

The email program still overlays a second version of the program over the first and it's difficult to delete emails or see the next one. I was able to click on the links and go directly to the website though. Sometimes, the windows start button is highlighted funny. The volume controls still don't show up on the desktop when pressed via f7, f8 or f9. They work, but I can't see how loud it is unless I open the actual volume control.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 04 May 2012 - 09:35 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
      O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
      O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
      O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [Google] RUNDLL32.EXE C:\Users\Bob\AppData\Local\Google\gljfalgz.dll,NxGetApexSDK
      O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
      O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 kretsch72

kretsch72
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 05 May 2012 - 01:53 AM

Gringo - The following are the scan results:

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application
C:\Qoobox\Quarantine\C\Users\Bob\AppData\Roaming\Ewohoc\uhda.exe.vir a variant of Win32/Kryptik.AEYR trojan
C:\Users\Bob\AppData\Local\Google\gljfalgz.dll a variant of Win32/Boaxxe.E trojan
C:\Users\Bob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf.dll a variant of Win32/Adware.Gamevance.BR application
C:\Users\Bob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf2.dll a variant of Win32/Adware.Gamevance.BR application
C:\Users\Bob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf3.dll a variant of Win32/Adware.Gamevance.BR application
Operating memory a variant of Win32/Boaxxe.E trojan

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 05 May 2012 - 03:00 AM

Greetings

There are somethings in the online scan I want to remove so run this scrript for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\Users\Bob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

File::
C:\Users\Bob\AppData\Local\Google\gljfalgz.dll


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer



"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 kretsch72

kretsch72
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 05 May 2012 - 08:39 AM

Thanks again Gringo - the log is below:

ComboFix 12-05-05.05 - Bob 05/05/2012 8:59.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2696 [GMT -4:00]
Running from: c:\users\Bob\Desktop\ComboFix.exe
Command switches used :: c:\users\Bob\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Bob\AppData\Local\Google\gljfalgz.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
c:\users\Bob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\chrome.manifest
c:\users\Bob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\chrome\lptextlinks.jar
c:\users\Bob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf.dll
c:\users\Bob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf.xpt
c:\users\Bob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf2.dll
c:\users\Bob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf3.dll
c:\users\Bob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 13:07 . 2012-05-05 13:07 -------- d-----w- c:\users\Heather\AppData\Local\temp
2012-05-05 13:07 . 2012-05-05 13:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-05 05:01 . 2012-05-05 05:01 -------- d-----w- c:\program files (x86)\ESET
2012-05-04 23:05 . 2012-05-04 23:05 -------- d-----w- c:\users\Bob\AppData\Roaming\Unity
2012-05-04 21:10 . 2012-05-04 21:10 388096 ----a-r- c:\users\Bob\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-04 21:10 . 2012-05-04 21:10 -------- d-----w- c:\program files (x86)\Trend Micro
2012-05-04 20:50 . 2012-05-04 20:50 -------- d-----w- c:\program files\CCleaner
2012-05-04 20:40 . 2012-05-04 20:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-04 20:39 . 2012-05-04 20:39 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 20:39 . 2012-05-04 20:39 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 20:07 . 2012-05-04 20:07 -------- d-----w- c:\users\Bob\Revo Uninstaller
2012-05-03 22:12 . 2012-05-03 22:12 -------- d-----w- c:\users\Heather\AppData\Roaming\Unity
2012-04-30 20:28 . 2012-05-03 00:43 -------- d-----w- c:\users\Bob\AppData\Roaming\Ewohoc
2012-04-30 20:28 . 2012-05-03 00:03 -------- d-----w- c:\users\Bob\AppData\Roaming\Waem
2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\users\Bob\AppData\Roaming\Malwarebytes
2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\programdata\Malwarebytes
2012-04-30 01:25 . 2012-04-30 01:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-30 01:25 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-26 23:50 . 2012-04-30 01:27 -------- d-----w- c:\programdata\B7E85886000024090136692FA60145BE
2012-04-15 21:32 . 2012-04-15 21:32 -------- d-----w- c:\windows\en
2012-04-15 21:29 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-15 21:27 . 2012-04-15 21:27 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8a8131c51cd1b4e03\DXSETUP.exe
2012-04-15 21:27 . 2012-04-15 21:27 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8a8131c51cd1b4e03\dsetup32.dll
2012-04-15 21:27 . 2012-04-15 21:27 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8ac89b0d1cd1b4e04\MeshBetaRemover.exe
2012-04-15 21:27 . 2012-04-15 21:27 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8a8131c51cd1b4e03\DSETUP.dll
2012-04-15 15:21 . 2012-04-15 15:21 -------- d-----w- c:\users\Heather\AppData\Roaming\com.w3i.plyt
2012-04-15 15:21 . 2012-04-15 15:21 -------- d-----w- c:\program files (x86)\Playalot Games
2012-04-11 10:37 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-11 10:37 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-11 10:37 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-11 10:37 . 2012-03-06 06:51 5473136 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 10:37 . 2012-03-06 05:59 3971440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 10:37 . 2012-03-06 05:59 3915632 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 10:34 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 10:34 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 10:34 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 10:34 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 10:34 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 10:34 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 10:34 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 00:19 . 2012-04-11 00:19 -------- d-----w- c:\users\Heather\AppData\Local\Programs
2012-04-11 00:18 . 2012-04-11 00:18 -------- d-----w- c:\users\Heather\AppData\Local\ArcSoft
2012-04-11 00:18 . 2012-04-11 00:18 -------- d-----w- c:\users\Heather\AppData\Roaming\ArcSoft
2012-04-07 06:51 . 2012-04-07 06:51 -------- d-----w- c:\programdata\Nikon
2012-04-07 00:00 . 2012-04-07 00:00 -------- d-----w- c:\users\Bob\AppData\Local\Programs
2012-04-06 23:54 . 2012-04-06 23:54 -------- d-----w- c:\users\Bob\AppData\Local\Nikon
2012-04-06 23:50 . 2012-04-06 23:54 -------- d-----w- c:\users\Bob\AppData\Roaming\Nikon
2012-04-06 23:48 . 2012-04-06 23:48 -------- d-----w- c:\users\Bob\AppData\Local\ArcSoft
2012-04-06 23:48 . 2012-04-11 01:21 -------- d-----w- c:\programdata\ArcSoft
2012-04-06 23:47 . 2012-04-06 23:47 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2012-04-06 23:47 . 2012-04-06 23:47 -------- d-----w- c:\program files (x86)\ArcSoft
2012-04-06 23:47 . 2012-04-06 23:48 -------- d-----w- c:\users\Bob\AppData\Roaming\ArcSoft
2012-04-06 23:47 . 2001-09-05 08:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-04-06 23:46 . 2001-09-05 08:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-06 23:46 . 2001-09-05 08:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-06 23:46 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-06 23:38 . 2012-04-06 23:38 57344 ----a-r- c:\users\Bob\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-04-06 23:36 . 2012-04-06 23:38 -------- d-----w- c:\program files (x86)\Common Files\Nikon
2012-04-06 23:36 . 2012-04-06 23:35 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2012-04-06 23:35 . 2012-04-06 23:35 -------- d-----w- c:\programdata\Flags
2012-04-06 23:35 . 2012-04-06 23:35 -------- d--h--r- c:\programdata\Extensions
2012-04-06 23:35 . 2012-04-06 23:35 -------- d-----w- c:\programdata\Ultima_T15
2012-04-06 23:35 . 2012-04-06 23:35 -------- d-----w- c:\programdata\EnterNHelp
2012-04-06 23:35 . 2012-04-06 23:35 -------- d-----w- c:\programdata\Electric Clav
2012-04-06 23:35 . 2012-04-06 23:38 -------- d-----w- c:\users\Bob\AppData\Local\Downloaded Installations
2012-04-06 23:35 . 2012-04-06 23:39 -------- d-----w- c:\program files (x86)\Nikon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 22:43 . 2012-04-02 20:27 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 22:43 . 2011-05-19 22:48 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 22:43 . 2012-04-02 20:43 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-20 17:11 . 2011-06-10 21:28 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-22 17:29 . 2011-06-10 21:36 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 17:29 . 2011-06-10 21:36 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 17:29 . 2011-06-10 21:36 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 17:29 . 2011-06-10 21:36 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 17:29 . 2011-06-10 21:36 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 17:29 . 2011-06-10 21:36 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 17:29 . 2011-06-10 21:36 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 17:29 . 2011-03-13 15:20 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 17:29 . 2011-03-13 15:20 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-15 06:27 . 2012-03-13 19:13 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-13 19:13 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-13 19:13 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-13 19:13 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:18 . 2012-03-13 19:14 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:17 . 2012-03-13 19:14 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 06:17 . 2012-03-13 19:14 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 06:17 . 2012-03-13 19:14 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 06:17 . 2012-03-13 19:14 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-13 19:14 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 05:41 . 2012-03-13 19:14 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-13 19:14 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:41 . 2012-03-13 19:14 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:41 . 2012-03-13 19:14 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-03_01.08.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-05-04 22:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-14 12:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-14 12:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-04 22:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-04 22:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-14 12:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-10 18:20 . 2012-05-05 11:21 63410 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-05 12:51 30918 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-29 09:37 . 2012-05-04 21:39 16682 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1335259518-96370257-690275378-1003_UserData.bin
- 2010-10-29 09:37 . 2012-05-02 10:01 16682 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1335259518-96370257-690275378-1003_UserData.bin
+ 2010-10-29 16:19 . 2012-05-05 12:51 15666 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1335259518-96370257-690275378-1001_UserData.bin
- 2010-10-29 00:13 . 2012-05-03 01:03 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 00:13 . 2012-05-05 12:49 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-29 00:13 . 2012-05-05 12:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-29 00:13 . 2012-05-03 01:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-03 01:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-05 12:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-05 12:49 . 2012-05-05 12:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-03 01:07 . 2012-05-03 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-05 12:49 . 2012-05-05 12:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-03 01:07 . 2012-05-03 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-04 22:43 . 2012-05-04 22:43 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-05-04 21:43 . 2012-05-04 21:43 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
+ 2012-05-04 21:43 . 2012-05-04 21:43 424096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-04-02 20:27 . 2012-05-04 22:43 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-05-04 20:39 . 2012-05-04 20:39 157472 c:\windows\SysWOW64\javaws.exe
- 2011-10-27 22:53 . 2011-10-03 09:06 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-05-04 20:39 . 2012-05-04 20:39 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-05-04 20:39 . 2012-05-04 20:39 149280 c:\windows\SysWOW64\java.exe
+ 2010-10-30 12:08 . 2012-05-05 04:46 345028 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-05-05 04:48 624412 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-02 20:27 624412 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-05 04:48 106756 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-02 20:27 106756 c:\windows\system32\perfc009.dat
+ 2012-05-04 22:43 . 2012-05-04 22:43 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe
+ 2012-05-04 21:43 . 2012-05-04 21:43 631456 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe
+ 2012-05-04 21:43 . 2012-05-04 21:43 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.dll
+ 2009-07-14 05:01 . 2012-05-05 12:01 446492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-03 01:06 446492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-04 20:40 . 2012-05-04 20:40 207360 c:\windows\Installer\1361f6.msi
+ 2012-05-04 22:43 . 2012-05-04 22:43 8797856 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
- 2012-03-29 03:20 . 2012-05-03 01:07 1080208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-29 03:20 . 2012-05-04 04:35 1080208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-14 16:23 . 2012-05-04 21:35 1558068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1335259518-96370257-690275378-1001-12288.dat
+ 2012-05-04 21:08 . 2012-05-04 21:08 1402880 c:\windows\Installer\18a99a.msi
+ 2012-05-04 22:43 . 2012-05-04 22:43 11590304 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll
+ 2010-11-02 23:44 . 2012-05-05 12:01 14779768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1335259518-96370257-690275378-1003-8192.dat
+ 2010-11-03 04:32 . 2012-05-05 12:01 16124928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1335259518-96370257-690275378-1001-8192.dat
+ 2012-05-04 20:38 . 2012-05-04 20:38 12962304 c:\windows\Installer\1361f1.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-05-21 1052328]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-05-21 45224]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 22:43]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 03:28]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 03:28]
.
2012-04-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-05-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-08 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-08 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-08 413720]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-08-09 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2010-08-09 139944]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 204.186.80.251 216.144.187.101 216.144.187.199
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-05 09:13:27
ComboFix-quarantined-files.txt 2012-05-05 13:13
ComboFix2.txt 2012-05-03 20:19
ComboFix3.txt 2012-05-03 01:16
.
Pre-Run: 415,814,475,776 bytes free
Post-Run: 415,999,123,456 bytes free
.
- - End Of File - - 23E2FCADE14EDB0F1C0F76FC5CE25D1F


I had no problems running the CFscript into ComboFix. Everything went pretty quick. It seemed like the computer booted up much quicker this time.

So far, I'm not experiencing the email double up problem that I had yesterday. I was able to click on a link in the email and go directly to the website. My firewall has stayed on. I tried a couple Google searches and went to the correct site without being redirected. As I try more things, I'll edit the post if I have any problems.

How do the logs look now?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 05 May 2012 - 03:14 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Link 1
Link 2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
gljfalgz.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kretsch72

kretsch72
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 05 May 2012 - 05:35 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 18:30 on 05/05/2012 by Bob
Administrator - Elevation successful

========== filefind ==========

Searching for "gljfalgz.dll"
C:\Users\Bob\AppData\Local\Google\gljfalgz.dll --a---- 557056 bytes [20:13 28/09/2011] [20:13 28/09/2011] 7A800CE06D8705DE9FF66F80089D2B27

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users