Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect


  • This topic is locked This topic is locked
19 replies to this topic

#1 selliott

selliott

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 06 May 2012 - 03:42 PM

Hit with browser redirect...please help. Using Internet Explorer 9, do not use Google chrome. Ran GMER, but it said it didn't find any system modification.


DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by shawntruc at 16:11:36 on 2012-05-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3061.1536 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\iHome\Mouse Driver\StartAutorun.exe
C:\Program Files (x86)\iHome\Mouse Driver\KMConfig.exe
C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Tray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iHome\Mouse Driver\KMProcess.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426021609.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Apple] rundll32.exe "C:\Users\shawntruc\AppData\Local\Apple Computer\Apple\tzsfv.dll",DllRegisterServer
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe -update activex
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [KMCONFIG] C:\Program Files (x86)\iHome\Mouse Driver\StartAutorun.exe KMConfig.exe
mRun: [PROFIS AutoUpdate] C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Tray.exe -hidden
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\SHAWNT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\SHAWNT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0F026C11-5A66-4c2b-87B5-88DDEBAE72A1} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTvsflex8l.CAB
DPF: {11E93902-B6FD-11D7-A642-00C04F57E4DC} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIX0010.CAB
DPF: {2961B151-8F4A-4C9E-8287-D59FAA6C959D} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIX0060.CAB
DPF: {2A00324E-751C-11D3-A5D3-00C04F7F81E2} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0040.CAB
DPF: {2FC291D0-5814-4658-9680-4DAD4DD3F330} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTRCM0030.CAB
DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
DPF: {30C95CE6-6D2F-11D3-81AD-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0020.CAB
DPF: {310C70B7-92ED-11D3-81CE-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0070.CAB
DPF: {33A48268-CF39-47E2-80A3-1BC33A1EF2C6} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTJCD6000.CAB
DPF: {4004B4D0-7D66-11D5-A55B-00B0D07DCA5B} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0090.CAB
DPF: {44BD92DB-D8A8-43A8-8900-DD73310A59EB} - hxxps://bst.gfnet.com/auroraweb/BSTtodg8.CAB
DPF: {4E096548-B6FC-11D7-A642-00C04F57E4DC} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIX0030.CAB
DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxps://bst.gfnet.com/auroraweb/BSTeReportsCE11.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {815E0702-E4CA-11D3-81ED-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0080.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {90C8812D-81C2-45EA-8101-6C6F29835AE8} - hxxps://bst.gfnet.com/auroraweb/BSTeInstaller.CAB
DPF: {ACCB32DB-F2C9-46C3-A215-21F805657765} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIX0050.CAB
DPF: {AD46BB36-7741-11D3-81B8-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0030.CAB
DPF: {B3A8D7A2-B7E1-11D3-81E2-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0050.CAB
DPF: {B3D2ED24-A4B6-11D6-A604-00C04F57E4DC} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIU0010.CAB
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D9EE5A5C-AF15-11D3-81E0-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0010.CAB
DPF: {DB797690-40E0-11D2-9BD5-0060082AE372} - hxxps://bst.gfnet.com/auroraweb/BSTeDepFiles.CAB
DPF: {DCFEDB58-DB3F-4DEB-A4C4-D8107FBBDAC3} - hxxps://bst.gfnet.com/auroraweb/BSTeReportsCE12.CAB
DPF: {E6671596-1F52-11D3-8162-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/AuroraShell.CAB
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A05A7D49-3809-4385-BB8F-44F367E69688} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A05A7D49-3809-4385-BB8F-44F367E69688}\1523554403 : DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{A05A7D49-3809-4385-BB8F-44F367E69688}\16474777966696 : DhcpNameServer = 192.168.4.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{A05A7D49-3809-4385-BB8F-44F367E69688}\5314D45433 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A05A7D49-3809-4385-BB8F-44F367E69688}\66275646 : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{A05A7D49-3809-4385-BB8F-44F367E69688}\6627F6E64796562743433353 : DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{A05A7D49-3809-4385-BB8F-44F367E69688}\D4143544D27457563747 : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{A05A7D49-3809-4385-BB8F-44F367E69688}\E46345B443 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE25F312-413A-4670-BB43-4A425268BBED} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426021609.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [KMCONFIG] C:\Program Files (x86)\iHome\Mouse Driver\StartAutorun.exe KMConfig.exe
mRun-x64: [PROFIS AutoUpdate] C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Tray.exe -hidden
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;C:\Windows\system32\drivers\McPvDrv.sys --> C:\Windows\system32\drivers\McPvDrv.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-3-27 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 ezGOSvc;Easybits GO Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 Hilti PROFIS AutoUpdate Service;Hilti PROFIS AutoUpdate Service;C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe [2010-3-25 206336]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-4-21 60928]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-21 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-21 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-21 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-21 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-10-21 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-10-21 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-4-21 1692480]
R2 SpyroService;Spyro Portal Service;C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [2012-1-31 48128]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-05 15:16:43 16200 ----a-w- C:\Windows\stinger.sys
2012-05-05 15:16:17 -------- d-----w- C:\Program Files (x86)\stinger
2012-05-03 21:09:48 -------- d-----w- C:\Users\shawntruc\AppData\Local\{050A2625-F1CB-4409-AB31-8EF80BDAB67A}
2012-05-03 21:09:14 -------- d-----w- C:\Users\shawntruc\AppData\Local\{E80E8461-99DD-44F6-8D40-B718B63FA434}
2012-04-30 02:08:21 -------- d-----w- C:\Users\shawntruc\AppData\Local\{C334A04F-2AA6-4FC4-B50F-A8AF2CF7DFAC}
2012-04-30 02:07:48 -------- d-----w- C:\Users\shawntruc\AppData\Local\{864966CD-A37A-439C-B7B1-01C1D7D1D93E}
2012-04-29 19:11:31 -------- d-----w- C:\Users\shawntruc\AppData\Local\{BE293EE3-5C94-49DE-A87A-2B9B7DD30F5B}
2012-04-29 19:05:18 -------- d-----w- C:\Users\shawntruc\AppData\Local\{BB82807A-6531-4EA5-A1BB-9E4E14484AC6}
2012-04-29 16:03:41 -------- d-----w- C:\Users\shawntruc\AppData\Local\{DB18E7D1-1AC9-40F5-A25D-07BCC5D49E41}
2012-04-29 16:03:08 -------- d-----w- C:\Users\shawntruc\AppData\Local\{DD9DFD44-3804-4D02-96A0-5ABCF713BF30}
2012-04-29 12:40:49 -------- d-----w- C:\Users\shawntruc\AppData\Local\{234B16D2-F2E7-42F7-99E8-E411A49F344B}
2012-04-29 12:40:34 -------- d-----w- C:\Users\shawntruc\AppData\Local\{F37C55CF-44DF-4279-A5D2-36EDC50018AE}
2012-04-24 20:58:22 -------- d-----w- C:\Users\shawntruc\AppData\Local\{FA93B5F1-F7DD-4680-BAC7-DB8B7CDB2894}
2012-04-24 20:58:04 -------- d-----w- C:\Users\shawntruc\AppData\Local\{17B219B0-03EC-4D0F-888E-6755A802DA8A}
2012-04-23 10:29:08 -------- d-----w- C:\Users\shawntruc\AppData\Local\{1AACEB9E-34AA-4478-A591-88F6BF6C8F23}
2012-04-23 10:28:39 -------- d-----w- C:\Users\shawntruc\AppData\Local\{4E63D191-A8D0-4465-BF12-C9A20FB32D02}
2012-04-22 11:57:38 -------- d-----w- C:\Users\shawntruc\AppData\Local\{FB60580B-EC6A-4893-94E3-C43FB14F07B6}
2012-04-22 11:57:23 -------- d-----w- C:\Users\shawntruc\AppData\Local\{25D78DED-0297-4D51-BA63-705C013D07B3}
2012-04-22 01:10:44 -------- d-----w- C:\Users\shawntruc\AppData\Local\{41F63074-34C7-4D51-B517-25A5B8713E73}
2012-04-22 01:03:27 -------- d-----w- C:\Users\shawntruc\AppData\Local\{F06863F5-553F-494A-B0A7-B78C252FD5C5}
2012-04-21 03:58:13 -------- d-----w- C:\Users\shawntruc\AppData\Local\{9B96EBB5-FC7F-4CCF-8E6A-1C85D611B5F0}
2012-04-21 03:58:00 -------- d-----w- C:\Users\shawntruc\AppData\Local\{3441C2D4-AA57-431E-9EA7-31BC36D5FA9F}
2012-04-21 02:56:57 -------- d-----w- C:\Users\shawntruc\AppData\Local\{7ADFDDD5-BB1B-415C-9C2F-6AE40DE9D27C}
2012-04-21 02:56:34 -------- d-----w- C:\Users\shawntruc\AppData\Local\{601039C3-74AA-47FD-959C-E751B4E80BFD}
2012-04-19 21:21:31 -------- d-----w- C:\Users\shawntruc\AppData\Local\{0F7637BC-39FD-4361-9BB8-80B5C90712CE}
2012-04-19 21:20:57 -------- d-----w- C:\Users\shawntruc\AppData\Local\{75B9F384-6AAF-4317-BEEA-3CCF2D5443C3}
2012-04-19 11:41:15 -------- d-----w- C:\Users\shawntruc\AppData\Local\{BC0807CF-C09C-4225-BD3E-7D472E7E6AEF}
2012-04-19 11:40:41 -------- d-----w- C:\Users\shawntruc\AppData\Local\{98396ABE-DCB8-400B-9C09-595C3141D5E1}
2012-04-16 19:27:01 -------- d-----w- C:\Users\shawntruc\AppData\Local\{B35E98E5-2E82-4AD0-A5BE-BCCE50169357}
2012-04-16 19:26:48 -------- d-----w- C:\Users\shawntruc\AppData\Local\{10031C2F-8D07-4C32-8F90-BF5E926E5A7B}
2012-04-16 19:26:25 -------- d-----w- C:\Users\shawntruc\AppData\Local\{5248C840-988E-4CB7-994D-58BD6BC8790A}
2012-04-16 19:26:06 -------- d-----w- C:\Users\shawntruc\AppData\Local\{7EEC7462-7753-494C-8311-D7878012AD6E}
2012-04-15 22:24:20 -------- d-----w- C:\Users\shawntruc\AppData\Local\{964CA522-23D0-4342-A8F6-0377390927BE}
2012-04-15 22:24:10 -------- d-----w- C:\Users\shawntruc\AppData\Local\{E8C88F69-7438-41D4-9E11-B5CC4331AA81}
2012-04-15 22:21:55 -------- d-----w- C:\Users\shawntruc\AppData\Local\{5C336C15-232A-456E-AD27-F0D4475E3914}
2012-04-15 22:21:44 -------- d-----w- C:\Users\shawntruc\AppData\Local\{DC1BA351-F98C-4081-83AA-F05CF8DA889E}
2012-04-15 21:55:37 -------- d-----w- C:\Users\shawntruc\AppData\Local\{4D457053-1607-49BA-8B03-D7F496836807}
2012-04-15 21:55:04 -------- d-----w- C:\Users\shawntruc\AppData\Local\{69B2215D-04BC-4877-91A5-09E554708EB0}
2012-04-15 20:46:37 -------- d-----w- C:\Users\shawntruc\AppData\Local\{CDD352BC-6DF8-4D59-B0AD-E3734DEC40F3}
2012-04-15 20:46:27 -------- d-----w- C:\Users\shawntruc\AppData\Local\{BFBD0423-4BDF-460C-8077-82250865FE7F}
2012-04-15 20:22:11 -------- d-----w- C:\Users\shawntruc\AppData\Local\{CB3245BF-5246-4AF0-B213-7B46C332D3CB}
2012-04-15 20:21:41 -------- d-----w- C:\Users\shawntruc\AppData\Local\{D062AF63-9F2E-46BA-846B-5C64DB5B0B21}
2012-04-15 17:39:43 -------- d-----w- C:\Users\shawntruc\AppData\Local\{AB0944E4-D5F5-401B-9343-0A4F238EB6BC}
2012-04-15 17:39:10 -------- d-----w- C:\Users\shawntruc\AppData\Local\{ED399D1F-4B81-4D46-8892-A5DFB0487059}
2012-04-15 16:04:02 -------- d-----w- C:\Users\shawntruc\AppData\Local\{02CBA05D-D626-4BDF-B688-455A167F1822}
2012-04-15 16:03:28 -------- d-----w- C:\Users\shawntruc\AppData\Local\{B6E182F5-41F6-4406-9F1C-DF889B970435}
2012-04-15 00:29:43 -------- d-----w- C:\Users\shawntruc\AppData\Local\{D38B85CD-2D6C-40E5-95D1-4E4C69DEC34C}
2012-04-15 00:28:59 -------- d-----w- C:\Users\shawntruc\AppData\Local\{85DAE3CD-A2C7-4B90-9BA8-C8EABE244E6D}
2012-04-14 20:34:51 -------- d-----w- C:\Users\shawntruc\AppData\Local\{1C5E7CEA-168A-40F8-82C5-EF8F0CBD299D}
2012-04-14 12:04:27 -------- d-----w- C:\Users\shawntruc\AppData\Roaming\Intuit
2012-04-14 12:00:22 -------- d-----w- C:\Users\shawntruc\AppData\Local\IsolatedStorage
2012-04-14 12:00:20 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2012-04-14 11:59:42 -------- d-----w- C:\Program Files (x86)\TurboTax
2012-04-14 11:59:13 -------- d-----w- C:\ProgramData\Intuit
2012-04-14 11:27:41 -------- d-----w- C:\Users\shawntruc\AppData\Local\{BA108B06-30E3-4252-BD1F-78DD42A0E8D4}
2012-04-13 18:55:49 -------- d-----w- C:\Users\shawntruc\AppData\Local\{8F9F2406-F717-4E05-9FEE-6CFBE4AABC73}
2012-04-13 18:55:36 -------- d-----w- C:\Users\shawntruc\AppData\Local\{AF11BF1F-19C0-4152-A85E-506A4084B9BE}
2012-04-12 18:43:27 -------- d-----w- C:\Users\shawntruc\AppData\Local\{CB647E5C-6F17-4C13-92C8-CCA5843691F1}
2012-04-12 07:01:06 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 07:01:06 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 07:01:05 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 07:01:04 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 07:01:04 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 07:01:04 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 07:01:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 18:45:05 -------- d-----w- C:\Users\shawntruc\AppData\Local\{740439E3-FEF7-4776-8FF1-5B9C90E0763D}
2012-04-10 18:45:23 -------- d-----w- C:\Users\shawntruc\AppData\Local\{2249BE34-4E05-4E21-8714-7FBE4D41C193}
2012-04-10 16:35:03 -------- d-----w- C:\Users\shawntruc\AppData\Local\{5D0AF143-1B4C-47F7-A5F7-53803A00B454}
2012-04-10 00:33:29 -------- d-----w- C:\Users\shawntruc\AppData\Local\{BC8226C6-A421-46E0-B215-0B91F1CD9928}
2012-04-08 12:32:05 -------- d-----w- C:\Users\shawntruc\AppData\Local\{8A19FCEE-86E1-426F-BD6A-FBEA21555B0D}
2012-04-08 00:05:46 -------- d-----w- C:\Users\shawntruc\AppData\Local\{1D266EED-F4C4-4C57-BBB1-346BD74626C8}
2012-04-07 12:05:10 -------- d-----w- C:\Users\shawntruc\AppData\Local\{678978BE-067E-45E3-91D4-F53D99046A96}
.
==================== Find3M ====================
.
2012-04-04 20:13:17 60 ----a-w- C:\Windows\wpd99.drv
2012-03-20 18:31:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 17:11:30 162192 ----a-w- C:\Windows\System32\mfevtps.exe
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-03 21:23:02 1003520 ----a-w- C:\Windows\SysWow64\bstCommonControls.ocx
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-24 20:22:23 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll
2012-02-22 17:29:46 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-02-22 17:29:46 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-02-22 17:29:46 647208 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-02-22 17:29:46 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-02-22 17:29:46 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-02-22 17:29:46 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-02-22 17:29:46 160792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-02-22 17:29:46 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-02-22 17:29:46 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 20:33:02 640112 ----a-w- C:\Windows\SysWow64\AuroraShell.ocx
2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 16:12:55.54 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:25 PM

Posted 06 May 2012 - 11:32 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 selliott

selliott
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 07 May 2012 - 11:40 AM

Gringo,

Thanks very much for your help. I ran security check and combofix...the logs are posted below. Rebooted my computer, and it appears that Google is now working correctly.

Security Check Log:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee Total Protection
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SpyroDriver
Java™ 6 Update 29
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````



Combofix Log:

ComboFix 12-05-07.01 - shawntruc 05/07/2012 8:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3061.1690 [GMT -4:00]
Running from: c:\users\shawntruc\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\shawntruc\AppData\Local\Apple Computer\Apple\tzsfv.dll
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\ijl11.dll
c:\windows\SysWow64\lsprst7.dll
Y:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))
.
.
2012-05-07 12:48 . 2012-05-07 12:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-05 15:16 . 2012-05-05 15:16 16200 ----a-w- c:\windows\stinger.sys
2012-05-05 15:16 . 2012-05-05 15:21 -------- d-----w- c:\program files (x86)\stinger
2012-04-24 11:46 . 2012-04-24 11:46 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-14 12:04 . 2012-04-14 12:04 -------- d-----w- c:\users\shawntruc\AppData\Roaming\Intuit
2012-04-14 12:00 . 2012-04-14 12:00 -------- d-----w- c:\users\shawntruc\AppData\Local\IsolatedStorage
2012-04-14 12:00 . 2012-04-14 12:01 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-04-14 11:59 . 2012-04-14 11:59 -------- d-----w- c:\program files (x86)\TurboTax
2012-04-14 11:59 . 2012-04-14 12:01 -------- d-----w- c:\programdata\Intuit
2012-04-12 07:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 07:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-22 12:04 . 2010-05-18 23:11 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-04-22 12:03 . 2010-06-06 19:57 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-04-22 12:03 . 2010-06-06 19:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-04-10 19:08 . 2010-06-06 19:57 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-04-10 19:06 . 2010-05-18 23:10 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-10 18:58 . 2010-05-18 23:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-20 18:31 . 2011-05-17 17:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 17:11 . 2011-10-21 12:40 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-03 21:23 . 2012-03-03 21:23 1003520 ----a-w- c:\windows\SysWow64\bstCommonControls.ocx
2012-03-01 11:06 . 2012-03-01 11:06 10 ----a-w- c:\windows\Fonts\wfonts.key
2012-02-22 17:29 . 2011-10-21 12:46 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 17:29 . 2011-10-21 12:45 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 17:29 . 2011-10-21 12:45 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 17:29 . 2011-10-21 12:45 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 17:29 . 2011-10-21 12:45 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 17:29 . 2011-10-21 12:45 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 17:29 . 2011-10-21 12:45 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 17:29 . 2011-03-13 15:20 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 17:29 . 2011-03-13 15:20 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-17 06:38 . 2012-03-13 18:53 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 18:53 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 18:53 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 18:53 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 20:33 . 2012-02-15 20:33 640112 ----a-w- c:\windows\SysWow64\AuroraShell.ocx
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 06:36 . 2012-03-13 20:38 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 20:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-01-15 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"KMCONFIG"="c:\program files (x86)\iHome\Mouse Driver\StartAutorun.exe" [2008-05-30 212992]
"PROFIS AutoUpdate"="c:\program files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Tray.exe" [2011-11-08 474112]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-20 560128]
.
c:\users\shawntruc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 Hilti PROFIS AutoUpdate Service;Hilti PROFIS AutoUpdate Service;c:\program files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe [2011-11-08 206336]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 SpyroService;Spyro Portal Service;c:\program files (x86)\FS\Spyro Portal\FlashPortal.exe [2012-01-31 48128]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-01 3189016]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
DPF: {0F026C11-5A66-4c2b-87B5-88DDEBAE72A1} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTvsflex8l.CAB
DPF: {11E93902-B6FD-11D7-A642-00C04F57E4DC} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIX0010.CAB
DPF: {2961B151-8F4A-4C9E-8287-D59FAA6C959D} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIX0060.CAB
DPF: {2A00324E-751C-11D3-A5D3-00C04F7F81E2} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0040.CAB
DPF: {2FC291D0-5814-4658-9680-4DAD4DD3F330} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTRCM0030.CAB
DPF: {30C95CE6-6D2F-11D3-81AD-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0020.CAB
DPF: {310C70B7-92ED-11D3-81CE-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0070.CAB
DPF: {33A48268-CF39-47E2-80A3-1BC33A1EF2C6} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTJCD6000.CAB
DPF: {4004B4D0-7D66-11D5-A55B-00B0D07DCA5B} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0090.CAB
DPF: {44BD92DB-D8A8-43A8-8900-DD73310A59EB} - hxxps://bst.gfnet.com/auroraweb/BSTtodg8.CAB
DPF: {4E096548-B6FC-11D7-A642-00C04F57E4DC} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIX0030.CAB
DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxps://bst.gfnet.com/auroraweb/BSTeReportsCE11.CAB
DPF: {815E0702-E4CA-11D3-81ED-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0080.CAB
DPF: {90C8812D-81C2-45EA-8101-6C6F29835AE8} - hxxps://bst.gfnet.com/auroraweb/BSTeInstaller.CAB
DPF: {ACCB32DB-F2C9-46C3-A215-21F805657765} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIX0050.CAB
DPF: {AD46BB36-7741-11D3-81B8-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0030.CAB
DPF: {B3A8D7A2-B7E1-11D3-81E2-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0050.CAB
DPF: {B3D2ED24-A4B6-11D6-A604-00C04F57E4DC} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIU0010.CAB
DPF: {D9EE5A5C-AF15-11D3-81E0-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0010.CAB
DPF: {DB797690-40E0-11D2-9BD5-0060082AE372} - hxxps://bst.gfnet.com/auroraweb/BSTeDepFiles.CAB
DPF: {DCFEDB58-DB3F-4DEB-A4C4-D8107FBBDAC3} - hxxps://bst.gfnet.com/auroraweb/BSTeReportsCE12.CAB
DPF: {E6671596-1F52-11D3-8162-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/AuroraShell.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Apple - c:\users\shawntruc\AppData\Local\Apple Computer\Apple\tzsfv.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-CraftBukkit - c:\users\shawntruc\Documents\CraftBukkit Server\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2151826625-3538584327-2775130625-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2151826625-3538584327-2775130625-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-05-07 09:10:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-07 13:10
.
Pre-Run: 148,342,169,600 bytes free
Post-Run: 175,359,365,120 bytes free
.
- - End Of File - - DE61B56E66B4EAD7FA964B3117115D16

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:25 PM

Posted 07 May 2012 - 12:24 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 selliott

selliott
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 07 May 2012 - 03:53 PM

TDSSKiller.2.7.34.0_07.05.2012_16.37.34_log.txt

16:37:34.0128 10104 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
16:37:36.0128 10104 ============================================================
16:37:36.0128 10104 Current date / time: 2012/05/07 16:37:36.0128
16:37:36.0128 10104 SystemInfo:
16:37:36.0128 10104
16:37:36.0128 10104 OS Version: 6.1.7601 ServicePack: 1.0
16:37:36.0128 10104 Product type: Workstation
16:37:36.0128 10104 ComputerName: MAIN-LAPTOP
16:37:36.0128 10104 UserName: shawntruc
16:37:36.0128 10104 Windows directory: C:\Windows
16:37:36.0128 10104 System windows directory: C:\Windows
16:37:36.0128 10104 Running under WOW64
16:37:36.0128 10104 Processor architecture: Intel x64
16:37:36.0128 10104 Number of processors: 4
16:37:36.0128 10104 Page size: 0x1000
16:37:36.0128 10104 Boot type: Normal boot
16:37:36.0128 10104 ============================================================
16:37:37.0458 10104 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:37:37.0468 10104 ============================================================
16:37:37.0468 10104 \Device\Harddisk0\DR0:
16:37:37.0468 10104 MBR partitions:
16:37:37.0468 10104 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
16:37:37.0468 10104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
16:37:37.0468 10104 ============================================================
16:37:37.0498 10104 C: <-> \Device\Harddisk0\DR0\Partition1
16:37:37.0498 10104 ============================================================
16:37:37.0498 10104 Initialize success
16:37:37.0498 10104 ============================================================
16:37:41.0388 8780 ============================================================
16:37:41.0388 8780 Scan started
16:37:41.0388 8780 Mode: Manual;
16:37:41.0388 8780 ============================================================
16:37:43.0329 8780 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:37:43.0339 8780 1394ohci - ok
16:37:43.0379 8780 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
16:37:43.0379 8780 Acceler - ok
16:37:43.0419 8780 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:37:43.0429 8780 ACPI - ok
16:37:43.0449 8780 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:37:43.0459 8780 AcpiPmi - ok
16:37:43.0529 8780 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:37:43.0539 8780 adp94xx - ok
16:37:43.0579 8780 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:37:43.0589 8780 adpahci - ok
16:37:43.0619 8780 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:37:43.0629 8780 adpu320 - ok
16:37:43.0669 8780 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:37:43.0669 8780 AeLookupSvc - ok
16:37:43.0789 8780 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
16:37:43.0789 8780 AESTFilters - ok
16:37:43.0869 8780 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:37:43.0889 8780 AFD - ok
16:37:43.0919 8780 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:37:43.0919 8780 agp440 - ok
16:37:43.0939 8780 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:37:43.0939 8780 ALG - ok
16:37:43.0969 8780 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:37:43.0969 8780 aliide - ok
16:37:44.0009 8780 AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe
16:37:44.0029 8780 AMD External Events Utility - ok
16:37:44.0039 8780 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:37:44.0049 8780 amdide - ok
16:37:44.0099 8780 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:37:44.0099 8780 AmdK8 - ok
16:37:44.0449 8780 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
16:37:44.0569 8780 amdkmdag - ok
16:37:44.0779 8780 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
16:37:44.0789 8780 amdkmdap - ok
16:37:44.0809 8780 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:37:44.0819 8780 AmdPPM - ok
16:37:44.0839 8780 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:37:44.0839 8780 amdsata - ok
16:37:44.0869 8780 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:37:44.0879 8780 amdsbs - ok
16:37:44.0899 8780 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:37:44.0909 8780 amdxata - ok
16:37:44.0949 8780 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:37:44.0949 8780 AppID - ok
16:37:44.0999 8780 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:37:44.0999 8780 AppIDSvc - ok
16:37:45.0039 8780 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:37:45.0039 8780 Appinfo - ok
16:37:45.0159 8780 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:37:45.0169 8780 Apple Mobile Device - ok
16:37:45.0219 8780 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:37:45.0219 8780 arc - ok
16:37:45.0239 8780 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:37:45.0239 8780 arcsas - ok
16:37:45.0369 8780 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:37:45.0389 8780 aspnet_state - ok
16:37:45.0419 8780 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:37:45.0419 8780 AsyncMac - ok
16:37:45.0459 8780 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:37:45.0459 8780 atapi - ok
16:37:45.0509 8780 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
16:37:45.0509 8780 AtiHdmiService - ok
16:37:45.0589 8780 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:37:45.0609 8780 AudioEndpointBuilder - ok
16:37:45.0619 8780 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:37:45.0629 8780 AudioSrv - ok
16:37:45.0679 8780 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:37:45.0679 8780 AxInstSV - ok
16:37:45.0789 8780 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:37:45.0809 8780 b06bdrv - ok
16:37:45.0879 8780 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:37:45.0889 8780 b57nd60a - ok
16:37:45.0919 8780 BCM42RLY (5c0f919666954885d7760dffe4b29a25) C:\Windows\system32\drivers\BCM42RLY.sys
16:37:45.0919 8780 BCM42RLY - ok
16:37:46.0119 8780 BCM43XX (bab887a2b2786310a966881f074f4a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
16:37:46.0179 8780 BCM43XX - ok
16:37:46.0369 8780 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:37:46.0369 8780 BDESVC - ok
16:37:46.0389 8780 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:37:46.0399 8780 Beep - ok
16:37:46.0479 8780 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:37:46.0509 8780 BFE - ok
16:37:46.0579 8780 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:37:46.0609 8780 BITS - ok
16:37:46.0669 8780 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:37:46.0669 8780 blbdrive - ok
16:37:46.0759 8780 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:37:46.0779 8780 Bonjour Service - ok
16:37:46.0829 8780 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:37:46.0839 8780 bowser - ok
16:37:46.0849 8780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:37:46.0849 8780 BrFiltLo - ok
16:37:46.0869 8780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:37:46.0869 8780 BrFiltUp - ok
16:37:46.0899 8780 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:37:46.0899 8780 BridgeMP - ok
16:37:46.0939 8780 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:37:46.0949 8780 Browser - ok
16:37:46.0979 8780 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:37:46.0999 8780 Brserid - ok
16:37:47.0069 8780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:37:47.0079 8780 BrSerWdm - ok
16:37:47.0089 8780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:37:47.0089 8780 BrUsbMdm - ok
16:37:47.0109 8780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:37:47.0109 8780 BrUsbSer - ok
16:37:47.0129 8780 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:37:47.0129 8780 BTHMODEM - ok
16:37:47.0189 8780 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:37:47.0189 8780 bthserv - ok
16:37:47.0209 8780 catchme - ok
16:37:47.0239 8780 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:37:47.0239 8780 cdfs - ok
16:37:47.0299 8780 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:37:47.0309 8780 cdrom - ok
16:37:47.0369 8780 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:37:47.0369 8780 CertPropSvc - ok
16:37:47.0419 8780 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
16:37:47.0429 8780 cfwids - ok
16:37:47.0459 8780 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:37:47.0459 8780 circlass - ok
16:37:47.0529 8780 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:37:47.0549 8780 CLFS - ok
16:37:47.0659 8780 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:37:47.0659 8780 clr_optimization_v2.0.50727_32 - ok
16:37:47.0749 8780 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:37:47.0749 8780 clr_optimization_v2.0.50727_64 - ok
16:37:47.0849 8780 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:37:47.0959 8780 clr_optimization_v4.0.30319_32 - ok
16:37:47.0999 8780 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:37:48.0029 8780 clr_optimization_v4.0.30319_64 - ok
16:37:48.0079 8780 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:37:48.0079 8780 CmBatt - ok
16:37:48.0109 8780 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:37:48.0119 8780 cmdide - ok
16:37:48.0189 8780 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:37:48.0209 8780 CNG - ok
16:37:48.0229 8780 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:37:48.0239 8780 Compbatt - ok
16:37:48.0259 8780 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:37:48.0259 8780 CompositeBus - ok
16:37:48.0269 8780 COMSysApp - ok
16:37:48.0289 8780 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:37:48.0289 8780 crcdisk - ok
16:37:48.0339 8780 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:37:48.0349 8780 CryptSvc - ok
16:37:48.0389 8780 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:37:48.0399 8780 CtClsFlt - ok
16:37:48.0459 8780 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:37:48.0489 8780 DcomLaunch - ok
16:37:48.0539 8780 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:37:48.0569 8780 defragsvc - ok
16:37:48.0879 8780 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:37:48.0879 8780 DfsC - ok
16:37:48.0909 8780 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:37:48.0929 8780 Dhcp - ok
16:37:48.0959 8780 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:37:48.0969 8780 discache - ok
16:37:48.0999 8780 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:37:49.0009 8780 Disk - ok
16:37:49.0049 8780 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:37:49.0059 8780 Dnscache - ok
16:37:49.0159 8780 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
16:37:49.0169 8780 DockLoginService - ok
16:37:49.0209 8780 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:37:49.0229 8780 dot3svc - ok
16:37:49.0279 8780 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:37:49.0289 8780 DPS - ok
16:37:49.0309 8780 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:37:49.0309 8780 drmkaud - ok
16:37:49.0409 8780 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:37:49.0449 8780 DXGKrnl - ok
16:37:49.0489 8780 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:37:49.0489 8780 EapHost - ok
16:37:49.0719 8780 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:37:49.0789 8780 ebdrv - ok
16:37:50.0089 8780 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:37:50.0099 8780 EFS - ok
16:37:50.0169 8780 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:37:50.0199 8780 ehRecvr - ok
16:37:50.0229 8780 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:37:50.0229 8780 ehSched - ok
16:37:50.0329 8780 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:37:50.0349 8780 elxstor - ok
16:37:50.0379 8780 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:37:50.0379 8780 ErrDev - ok
16:37:50.0449 8780 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:37:50.0469 8780 EventSystem - ok
16:37:50.0509 8780 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:37:50.0519 8780 exfat - ok
16:37:50.0669 8780 ezGOSvc (bc680dc833672e54db07f5f39d259b03) C:\Windows\SysWOW64\ezGOSvc.dll
16:37:50.0669 8780 ezGOSvc - ok
16:37:50.0699 8780 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:37:50.0709 8780 fastfat - ok
16:37:50.0799 8780 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:37:50.0839 8780 Fax - ok
16:37:50.0859 8780 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:37:50.0859 8780 fdc - ok
16:37:50.0900 8780 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:37:50.0900 8780 fdPHost - ok
16:37:50.0920 8780 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:37:50.0920 8780 FDResPub - ok
16:37:50.0940 8780 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:37:50.0940 8780 FileInfo - ok
16:37:50.0950 8780 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:37:50.0960 8780 Filetrace - ok
16:37:50.0970 8780 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:37:50.0970 8780 flpydisk - ok
16:37:51.0020 8780 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:37:51.0030 8780 FltMgr - ok
16:37:51.0130 8780 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:37:51.0160 8780 FontCache - ok
16:37:51.0260 8780 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:37:51.0260 8780 FontCache3.0.0.0 - ok
16:37:51.0290 8780 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:37:51.0290 8780 FsDepends - ok
16:37:51.0330 8780 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
16:37:51.0340 8780 fssfltr - ok
16:37:51.0360 8780 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:37:51.0370 8780 Fs_Rec - ok
16:37:51.0430 8780 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:37:51.0450 8780 fvevol - ok
16:37:51.0470 8780 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:37:51.0480 8780 gagp30kx - ok
16:37:51.0580 8780 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
16:37:51.0590 8780 GameConsoleService - ok
16:37:51.0630 8780 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:37:51.0630 8780 GEARAspiWDM - ok
16:37:51.0660 8780 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
16:37:51.0660 8780 GoToAssist - ok
16:37:51.0750 8780 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:37:51.0770 8780 gpsvc - ok
16:37:51.0820 8780 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
16:37:51.0820 8780 hamachi - ok
16:37:52.0010 8780 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
16:37:52.0050 8780 Hamachi2Svc - ok
16:37:52.0200 8780 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:37:52.0200 8780 hcw85cir - ok
16:37:52.0250 8780 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:37:52.0260 8780 HDAudBus - ok
16:37:52.0310 8780 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
16:37:52.0310 8780 HECIx64 - ok
16:37:52.0330 8780 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:37:52.0340 8780 HidBatt - ok
16:37:52.0360 8780 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:37:52.0360 8780 HidBth - ok
16:37:52.0370 8780 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:37:52.0380 8780 HidIr - ok
16:37:52.0420 8780 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:37:52.0420 8780 hidserv - ok
16:37:52.0440 8780 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:37:52.0440 8780 HidUsb - ok
16:37:52.0560 8780 Hilti PROFIS AutoUpdate Service (1db9caf983aa107bed93399e54325e62) C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe
16:37:52.0570 8780 Hilti PROFIS AutoUpdate Service - ok
16:37:52.0630 8780 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:37:52.0630 8780 hkmsvc - ok
16:37:52.0680 8780 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:37:52.0700 8780 HomeGroupListener - ok
16:37:52.0740 8780 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:37:52.0760 8780 HomeGroupProvider - ok
16:37:52.0800 8780 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:37:52.0800 8780 HpSAMD - ok
16:37:52.0880 8780 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:37:52.0910 8780 HTTP - ok
16:37:52.0930 8780 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:37:52.0930 8780 hwpolicy - ok
16:37:52.0960 8780 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:37:52.0970 8780 i8042prt - ok
16:37:53.0010 8780 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:37:53.0030 8780 iaStorV - ok
16:37:53.0160 8780 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:37:53.0200 8780 idsvc - ok
16:37:53.0240 8780 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:37:53.0240 8780 iirsp - ok
16:37:53.0300 8780 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:37:53.0330 8780 IKEEXT - ok
16:37:53.0370 8780 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
16:37:53.0380 8780 Impcd - ok
16:37:53.0450 8780 InstallFilterService (fd5ef1d0210cb9c0773bba7ca360d762) C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
16:37:53.0450 8780 InstallFilterService - ok
16:37:53.0490 8780 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:37:53.0490 8780 intelide - ok
16:37:53.0520 8780 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:37:53.0520 8780 intelppm - ok
16:37:53.0620 8780 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
16:37:53.0620 8780 IntuitUpdateServiceV4 - ok
16:37:53.0670 8780 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:37:53.0670 8780 IPBusEnum - ok
16:37:53.0720 8780 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:37:53.0720 8780 IpFilterDriver - ok
16:37:53.0770 8780 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:37:53.0790 8780 iphlpsvc - ok
16:37:53.0830 8780 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:37:53.0830 8780 IPMIDRV - ok
16:37:53.0850 8780 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:37:53.0850 8780 IPNAT - ok
16:37:54.0000 8780 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:37:54.0020 8780 iPod Service - ok
16:37:54.0050 8780 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:37:54.0050 8780 IRENUM - ok
16:37:54.0090 8780 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:37:54.0090 8780 isapnp - ok
16:37:54.0140 8780 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:37:54.0150 8780 iScsiPrt - ok
16:37:54.0180 8780 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:37:54.0180 8780 kbdclass - ok
16:37:54.0210 8780 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:37:54.0210 8780 kbdhid - ok
16:37:54.0240 8780 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:37:54.0240 8780 KeyIso - ok
16:37:54.0300 8780 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
16:37:54.0300 8780 KMWDFILTER - ok
16:37:54.0320 8780 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:37:54.0320 8780 KSecDD - ok
16:37:54.0340 8780 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:37:54.0360 8780 KSecPkg - ok
16:37:54.0390 8780 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:37:54.0400 8780 ksthunk - ok
16:37:54.0450 8780 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:37:54.0470 8780 KtmRm - ok
16:37:54.0530 8780 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:37:54.0540 8780 LanmanServer - ok
16:37:54.0600 8780 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:37:54.0610 8780 LanmanWorkstation - ok
16:37:54.0640 8780 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:37:54.0640 8780 lltdio - ok
16:37:54.0690 8780 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:37:54.0700 8780 lltdsvc - ok
16:37:54.0720 8780 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:37:54.0720 8780 lmhosts - ok
16:37:54.0770 8780 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:37:54.0770 8780 LSI_FC - ok
16:37:54.0790 8780 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:37:54.0800 8780 LSI_SAS - ok
16:37:54.0810 8780 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:37:54.0820 8780 LSI_SAS2 - ok
16:37:54.0840 8780 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:37:54.0840 8780 LSI_SCSI - ok
16:37:54.0870 8780 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:37:54.0870 8780 luafv - ok
16:37:54.0980 8780 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:37:55.0000 8780 McAfee SiteAdvisor Service - ok
16:37:55.0010 8780 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:37:55.0020 8780 McMPFSvc - ok
16:37:55.0190 8780 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:37:55.0190 8780 mcmscsvc - ok
16:37:55.0200 8780 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:37:55.0200 8780 McNaiAnn - ok
16:37:55.0220 8780 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:37:55.0220 8780 McNASvc - ok
16:37:55.0300 8780 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\McAfee\VirusScan\mcods.exe
16:37:55.0300 8780 McODS - ok
16:37:55.0310 8780 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:37:55.0310 8780 McProxy - ok
16:37:55.0360 8780 McPvDrv (a0c364079e7ae6c3127bee8e196f00e5) C:\Windows\system32\drivers\McPvDrv.sys
16:37:55.0370 8780 McPvDrv - ok
16:37:55.0440 8780 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
16:37:55.0450 8780 McShield - ok
16:37:55.0490 8780 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:37:55.0500 8780 Mcx2Svc - ok
16:37:55.0530 8780 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:37:55.0540 8780 megasas - ok
16:37:55.0570 8780 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:37:55.0580 8780 MegaSR - ok
16:37:55.0620 8780 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
16:37:55.0630 8780 mfeapfk - ok
16:37:55.0680 8780 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
16:37:55.0690 8780 mfeavfk - ok
16:37:55.0730 8780 mfeavfk01 - ok
16:37:55.0790 8780 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:37:55.0800 8780 mfefire - ok
16:37:55.0840 8780 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
16:37:55.0900 8780 mfefirek - ok
16:37:55.0960 8780 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
16:37:55.0980 8780 mfehidk - ok
16:37:56.0010 8780 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
16:37:56.0010 8780 mfenlfk - ok
16:37:56.0040 8780 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
16:37:56.0040 8780 mferkdet - ok
16:37:56.0080 8780 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
16:37:56.0100 8780 mfevtp - ok
16:37:56.0130 8780 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
16:37:56.0140 8780 mfewfpk - ok
16:37:56.0180 8780 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:37:56.0180 8780 MMCSS - ok
16:37:56.0220 8780 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:37:56.0220 8780 Modem - ok
16:37:56.0240 8780 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:37:56.0250 8780 monitor - ok
16:37:56.0300 8780 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:37:56.0300 8780 mouclass - ok
16:37:56.0330 8780 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:37:56.0330 8780 mouhid - ok
16:37:56.0380 8780 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:37:56.0390 8780 mountmgr - ok
16:37:56.0430 8780 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:37:56.0440 8780 mpio - ok
16:37:56.0460 8780 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:37:56.0460 8780 mpsdrv - ok
16:37:56.0540 8780 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:37:56.0560 8780 MpsSvc - ok
16:37:56.0610 8780 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:37:56.0620 8780 MRxDAV - ok
16:37:56.0670 8780 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:37:56.0670 8780 mrxsmb - ok
16:37:56.0730 8780 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:37:56.0740 8780 mrxsmb10 - ok
16:37:56.0770 8780 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:37:56.0780 8780 mrxsmb20 - ok
16:37:56.0820 8780 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:37:56.0820 8780 msahci - ok
16:37:56.0860 8780 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:37:56.0870 8780 msdsm - ok
16:37:56.0910 8780 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:37:56.0920 8780 MSDTC - ok
16:37:56.0970 8780 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:37:56.0970 8780 Msfs - ok
16:37:57.0000 8780 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:37:57.0000 8780 mshidkmdf - ok
16:37:57.0010 8780 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:37:57.0010 8780 msisadrv - ok
16:37:57.0060 8780 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:37:57.0070 8780 MSiSCSI - ok
16:37:57.0070 8780 msiserver - ok
16:37:57.0210 8780 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:37:57.0210 8780 MSK80Service - ok
16:37:57.0250 8780 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:37:57.0260 8780 MSKSSRV - ok
16:37:57.0270 8780 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:37:57.0270 8780 MSPCLOCK - ok
16:37:57.0290 8780 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:37:57.0290 8780 MSPQM - ok
16:37:57.0350 8780 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:37:57.0360 8780 MsRPC - ok
16:37:57.0400 8780 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:37:57.0400 8780 mssmbios - ok
16:37:57.0420 8780 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:37:57.0420 8780 MSTEE - ok
16:37:57.0430 8780 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:37:57.0430 8780 MTConfig - ok
16:37:57.0450 8780 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:37:57.0450 8780 Mup - ok
16:37:57.0490 8780 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:37:57.0530 8780 napagent - ok
16:37:57.0570 8780 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:37:57.0580 8780 NativeWifiP - ok
16:37:57.0660 8780 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:37:57.0720 8780 NDIS - ok
16:37:57.0740 8780 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:37:57.0740 8780 NdisCap - ok
16:37:57.0770 8780 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:37:57.0770 8780 NdisTapi - ok
16:37:57.0810 8780 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:37:57.0810 8780 Ndisuio - ok
16:37:57.0860 8780 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:37:57.0870 8780 NdisWan - ok
16:37:57.0911 8780 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:37:57.0911 8780 NDProxy - ok
16:37:57.0931 8780 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:37:57.0931 8780 NetBIOS - ok
16:37:57.0981 8780 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:37:58.0001 8780 NetBT - ok
16:37:58.0051 8780 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:37:58.0051 8780 Netlogon - ok
16:37:58.0111 8780 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:37:58.0121 8780 Netman - ok
16:37:58.0241 8780 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:37:58.0251 8780 NetMsmqActivator - ok
16:37:58.0271 8780 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:37:58.0271 8780 NetPipeActivator - ok
16:37:58.0311 8780 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:37:58.0341 8780 netprofm - ok
16:37:58.0351 8780 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:37:58.0351 8780 NetTcpActivator - ok
16:37:58.0361 8780 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:37:58.0361 8780 NetTcpPortSharing - ok
16:37:58.0431 8780 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:37:58.0441 8780 nfrd960 - ok
16:37:58.0501 8780 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:37:58.0511 8780 NlaSvc - ok
16:37:58.0531 8780 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:37:58.0531 8780 Npfs - ok
16:37:58.0541 8780 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:37:58.0551 8780 nsi - ok
16:37:58.0591 8780 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:37:58.0601 8780 nsiproxy - ok
16:37:58.0731 8780 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:37:58.0791 8780 Ntfs - ok
16:37:58.0981 8780 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:37:58.0981 8780 Null - ok
16:37:59.0031 8780 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:37:59.0041 8780 nvraid - ok
16:37:59.0071 8780 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:37:59.0081 8780 nvstor - ok
16:37:59.0101 8780 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:37:59.0111 8780 nv_agp - ok
16:37:59.0201 8780 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:37:59.0241 8780 odserv - ok
16:37:59.0281 8780 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:37:59.0281 8780 ohci1394 - ok
16:37:59.0321 8780 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:37:59.0331 8780 ose - ok
16:37:59.0391 8780 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:37:59.0401 8780 p2pimsvc - ok
16:37:59.0441 8780 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:37:59.0511 8780 p2psvc - ok
16:37:59.0551 8780 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:37:59.0551 8780 Parport - ok
16:37:59.0591 8780 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:37:59.0591 8780 partmgr - ok
16:37:59.0621 8780 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:37:59.0631 8780 PcaSvc - ok
16:37:59.0671 8780 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:37:59.0691 8780 pci - ok
16:37:59.0701 8780 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:37:59.0711 8780 pciide - ok
16:37:59.0731 8780 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:37:59.0751 8780 pcmcia - ok
16:37:59.0771 8780 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:37:59.0781 8780 pcw - ok
16:37:59.0821 8780 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:37:59.0891 8780 PEAUTH - ok
16:37:59.0981 8780 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:37:59.0991 8780 PerfHost - ok
16:38:00.0111 8780 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:38:00.0201 8780 pla - ok
16:38:00.0261 8780 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:38:00.0281 8780 PlugPlay - ok
16:38:00.0311 8780 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:38:00.0321 8780 PNRPAutoReg - ok
16:38:00.0341 8780 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:38:00.0351 8780 PNRPsvc - ok
16:38:00.0391 8780 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:38:00.0411 8780 PolicyAgent - ok
16:38:00.0461 8780 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:38:00.0471 8780 Power - ok
16:38:00.0561 8780 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:38:00.0561 8780 PptpMiniport - ok
16:38:00.0601 8780 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:38:00.0611 8780 Processor - ok
16:38:00.0631 8780 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:38:00.0651 8780 ProfSvc - ok
16:38:00.0691 8780 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:38:00.0691 8780 ProtectedStorage - ok
16:38:00.0741 8780 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:38:00.0741 8780 Psched - ok
16:38:00.0771 8780 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:38:00.0781 8780 PxHlpa64 - ok
16:38:00.0881 8780 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:38:00.0951 8780 ql2300 - ok
16:38:01.0111 8780 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:38:01.0111 8780 ql40xx - ok
16:38:01.0161 8780 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:38:01.0171 8780 QWAVE - ok
16:38:01.0181 8780 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:38:01.0181 8780 QWAVEdrv - ok
16:38:01.0201 8780 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:38:01.0211 8780 RasAcd - ok
16:38:01.0241 8780 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:38:01.0251 8780 RasAgileVpn - ok
16:38:01.0301 8780 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:38:01.0311 8780 RasAuto - ok
16:38:01.0341 8780 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:38:01.0351 8780 Rasl2tp - ok
16:38:01.0411 8780 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:38:01.0431 8780 RasMan - ok
16:38:01.0451 8780 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:38:01.0451 8780 RasPppoe - ok
16:38:01.0471 8780 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:38:01.0471 8780 RasSstp - ok
16:38:01.0531 8780 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:38:01.0541 8780 rdbss - ok
16:38:01.0551 8780 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:38:01.0561 8780 rdpbus - ok
16:38:01.0571 8780 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:38:01.0571 8780 RDPCDD - ok
16:38:01.0601 8780 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:38:01.0601 8780 RDPENCDD - ok
16:38:01.0611 8780 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:38:01.0611 8780 RDPREFMP - ok
16:38:01.0661 8780 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:38:01.0681 8780 RDPWD - ok
16:38:01.0721 8780 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:38:01.0731 8780 rdyboost - ok
16:38:01.0771 8780 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:38:01.0781 8780 RemoteAccess - ok
16:38:01.0821 8780 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:38:01.0831 8780 RemoteRegistry - ok
16:38:01.0871 8780 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
16:38:01.0871 8780 rimmptsk - ok
16:38:01.0891 8780 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
16:38:01.0891 8780 rimspci - ok
16:38:01.0901 8780 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
16:38:01.0911 8780 rimsptsk - ok
16:38:01.0951 8780 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:38:01.0951 8780 RimUsb - ok
16:38:01.0961 8780 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys
16:38:01.0971 8780 risdpcie - ok
16:38:01.0991 8780 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
16:38:01.0991 8780 rismxdp - ok
16:38:02.0011 8780 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
16:38:02.0021 8780 rixdpcie - ok
16:38:02.0031 8780 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:38:02.0041 8780 RpcEptMapper - ok
16:38:02.0051 8780 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:38:02.0051 8780 RpcLocator - ok
16:38:02.0111 8780 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:38:02.0111 8780 RpcSs - ok
16:38:02.0161 8780 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:38:02.0171 8780 rspndr - ok
16:38:02.0201 8780 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:38:02.0221 8780 RTL8167 - ok
16:38:02.0251 8780 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:38:02.0261 8780 SamSs - ok
16:38:02.0301 8780 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:38:02.0301 8780 sbp2port - ok
16:38:02.0331 8780 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:38:02.0351 8780 SCardSvr - ok
16:38:02.0381 8780 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:38:02.0381 8780 scfilter - ok
16:38:02.0461 8780 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:38:02.0541 8780 Schedule - ok
16:38:02.0571 8780 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:38:02.0571 8780 SCPolicySvc - ok
16:38:02.0601 8780 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:38:02.0621 8780 SDRSVC - ok
16:38:02.0731 8780 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
16:38:02.0741 8780 SeaPort - ok
16:38:02.0821 8780 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:38:02.0831 8780 secdrv - ok
16:38:02.0861 8780 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:38:02.0861 8780 seclogon - ok
16:38:02.0911 8780 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:38:02.0921 8780 SENS - ok
16:38:02.0931 8780 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:38:02.0941 8780 SensrSvc - ok
16:38:02.0961 8780 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:38:02.0961 8780 Serenum - ok
16:38:03.0001 8780 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:38:03.0001 8780 Serial - ok
16:38:03.0041 8780 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:38:03.0051 8780 sermouse - ok
16:38:03.0091 8780 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:38:03.0101 8780 SessionEnv - ok
16:38:03.0111 8780 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:38:03.0111 8780 sffdisk - ok
16:38:03.0121 8780 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:38:03.0131 8780 sffp_mmc - ok
16:38:03.0141 8780 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:38:03.0141 8780 sffp_sd - ok
16:38:03.0161 8780 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:38:03.0161 8780 sfloppy - ok
16:38:03.0311 8780 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
16:38:03.0351 8780 SftService - ok
16:38:03.0671 8780 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:38:03.0671 8780 SharedAccess - ok
16:38:03.0721 8780 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:38:03.0741 8780 ShellHWDetection - ok
16:38:03.0803 8780 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:38:03.0803 8780 SiSRaid2 - ok
16:38:03.0823 8780 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:38:03.0823 8780 SiSRaid4 - ok
16:38:03.0923 8780 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:38:03.0923 8780 SkypeUpdate - ok
16:38:03.0943 8780 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:38:03.0953 8780 Smb - ok
16:38:04.0003 8780 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:38:04.0003 8780 SNMPTRAP - ok
16:38:04.0013 8780 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:38:04.0013 8780 spldr - ok
16:38:04.0073 8780 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:38:04.0093 8780 Spooler - ok
16:38:04.0303 8780 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:38:04.0423 8780 sppsvc - ok
16:38:04.0503 8780 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:38:04.0503 8780 sppuinotify - ok
16:38:04.0573 8780 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
16:38:04.0583 8780 sprtsvc_DellSupportCenter - ok
16:38:04.0663 8780 SpyroService (bfae719594989d1f02b9e9cd86db293e) C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
16:38:04.0663 8780 SpyroService - ok
16:38:04.0723 8780 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:38:04.0743 8780 srv - ok
16:38:04.0773 8780 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:38:04.0793 8780 srv2 - ok
16:38:04.0813 8780 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:38:04.0813 8780 srvnet - ok
16:38:04.0863 8780 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:38:04.0873 8780 SSDPSRV - ok
16:38:04.0893 8780 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:38:04.0903 8780 SstpSvc - ok
16:38:05.0003 8780 STacSV (da7702025dfd169b909c4da3126762cc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
16:38:05.0013 8780 STacSV - ok
16:38:05.0063 8780 stdflt (c48e0745d33897c7a73394214f2b9b4f) C:\Windows\system32\DRIVERS\stdflt.sys
16:38:05.0063 8780 stdflt - ok
16:38:05.0123 8780 Steam Client Service - ok
16:38:05.0193 8780 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:38:05.0193 8780 stexstor - ok
16:38:05.0243 8780 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
16:38:05.0263 8780 STHDA - ok
16:38:05.0313 8780 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:38:05.0333 8780 stisvc - ok
16:38:05.0363 8780 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:38:05.0363 8780 swenum - ok
16:38:05.0433 8780 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:38:05.0453 8780 swprv - ok
16:38:05.0523 8780 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys
16:38:05.0543 8780 SynTP - ok
16:38:05.0673 8780 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:38:05.0723 8780 SysMain - ok
16:38:05.0883 8780 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:38:05.0883 8780 TabletInputService - ok
16:38:05.0943 8780 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:38:05.0963 8780 TapiSrv - ok
16:38:06.0003 8780 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:38:06.0003 8780 TBS - ok
16:38:06.0163 8780 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:38:06.0213 8780 Tcpip - ok
16:38:06.0413 8780 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:38:06.0433 8780 TCPIP6 - ok
16:38:06.0543 8780 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:38:06.0553 8780 tcpipreg - ok
16:38:06.0593 8780 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:38:06.0603 8780 TDPIPE - ok
16:38:06.0633 8780 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:38:06.0633 8780 TDTCP - ok
16:38:06.0673 8780 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:38:06.0673 8780 tdx - ok
16:38:06.0723 8780 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:38:06.0723 8780 TermDD - ok
16:38:06.0773 8780 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:38:06.0803 8780 TermService - ok
16:38:06.0853 8780 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:38:06.0853 8780 Themes - ok
16:38:06.0893 8780 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:38:06.0903 8780 THREADORDER - ok
16:38:06.0923 8780 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:38:06.0933 8780 TrkWks - ok
16:38:07.0003 8780 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:38:07.0013 8780 TrustedInstaller - ok
16:38:07.0053 8780 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:38:07.0063 8780 tssecsrv - ok
16:38:07.0113 8780 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:38:07.0123 8780 TsUsbFlt - ok
16:38:07.0163 8780 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:38:07.0173 8780 tunnel - ok
16:38:07.0213 8780 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:38:07.0213 8780 uagp35 - ok
16:38:07.0253 8780 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:38:07.0263 8780 udfs - ok
16:38:07.0313 8780 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:38:07.0323 8780 UI0Detect - ok
16:38:07.0363 8780 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:38:07.0363 8780 uliagpkx - ok
16:38:07.0413 8780 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:38:07.0413 8780 umbus - ok
16:38:07.0433 8780 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:38:07.0433 8780 UmPass - ok
16:38:07.0473 8780 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:38:07.0483 8780 upnphost - ok
16:38:07.0533 8780 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:38:07.0533 8780 USBAAPL64 - ok
16:38:07.0593 8780 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:38:07.0593 8780 usbaudio - ok
16:38:07.0633 8780 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:38:07.0633 8780 usbccgp - ok
16:38:07.0683 8780 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:38:07.0683 8780 usbcir - ok
16:38:07.0723 8780 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:38:07.0733 8780 usbehci - ok
16:38:07.0773 8780 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:38:07.0793 8780 usbhub - ok
16:38:07.0833 8780 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:38:07.0833 8780 usbohci - ok
16:38:07.0863 8780 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:38:07.0873 8780 usbprint - ok
16:38:07.0893 8780 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:38:07.0893 8780 USBSTOR - ok
16:38:07.0913 8780 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:38:07.0913 8780 usbuhci - ok
16:38:07.0953 8780 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:38:07.0963 8780 usbvideo - ok
16:38:08.0003 8780 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:38:08.0003 8780 UxSms - ok
16:38:08.0043 8780 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:38:08.0043 8780 VaultSvc - ok
16:38:08.0093 8780 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:38:08.0093 8780 vdrvroot - ok
16:38:08.0163 8780 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:38:08.0193 8780 vds - ok
16:38:08.0243 8780 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:38:08.0243 8780 vga - ok
16:38:08.0263 8780 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:38:08.0263 8780 VgaSave - ok
16:38:08.0293 8780 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:38:08.0303 8780 vhdmp - ok
16:38:08.0603 8780 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:38:08.0643 8780 viaide - ok
16:38:08.0833 8780 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:38:08.0933 8780 volmgr - ok
16:38:09.0023 8780 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:38:09.0043 8780 volmgrx - ok
16:38:09.0073 8780 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:38:09.0083 8780 volsnap - ok
16:38:09.0123 8780 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:38:09.0133 8780 vsmraid - ok
16:38:09.0263 8780 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:38:09.0303 8780 VSS - ok
16:38:09.0423 8780 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:38:09.0423 8780 vwifibus - ok
16:38:09.0433 8780 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:38:09.0433 8780 vwififlt - ok
16:38:09.0453 8780 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:38:09.0453 8780 vwifimp - ok
16:38:09.0513 8780 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:38:09.0533 8780 W32Time - ok
16:38:09.0543 8780 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:38:09.0553 8780 WacomPen - ok
16:38:09.0603 8780 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:38:09.0613 8780 WANARP - ok
16:38:09.0613 8780 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:38:09.0613 8780 Wanarpv6 - ok
16:38:09.0733 8780 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:38:09.0753 8780 WatAdminSvc - ok
16:38:09.0873 8780 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:38:09.0963 8780 wbengine - ok
16:38:10.0083 8780 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:38:10.0103 8780 WbioSrvc - ok
16:38:10.0153 8780 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:38:10.0173 8780 wcncsvc - ok
16:38:10.0193 8780 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:38:10.0193 8780 WcsPlugInService - ok
16:38:10.0243 8780 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:38:10.0243 8780 Wd - ok
16:38:10.0303 8780 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:38:10.0323 8780 Wdf01000 - ok
16:38:10.0333 8780 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:38:10.0343 8780 WdiServiceHost - ok
16:38:10.0343 8780 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:38:10.0353 8780 WdiSystemHost - ok
16:38:10.0403 8780 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:38:10.0413 8780 WebClient - ok
16:38:10.0443 8780 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:38:10.0463 8780 Wecsvc - ok
16:38:10.0483 8780 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:38:10.0483 8780 wercplsupport - ok
16:38:10.0513 8780 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:38:10.0523 8780 WerSvc - ok
16:38:10.0543 8780 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:38:10.0553 8780 WfpLwf - ok
16:38:10.0593 8780 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
16:38:10.0603 8780 WimFltr - ok
16:38:10.0623 8780 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:38:10.0623 8780 WIMMount - ok
16:38:10.0663 8780 WinDefend - ok
16:38:10.0673 8780 WinHttpAutoProxySvc - ok
16:38:10.0733 8780 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:38:10.0753 8780 Winmgmt - ok
16:38:10.0903 8780 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:38:10.0963 8780 WinRM - ok
16:38:11.0123 8780 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:38:11.0123 8780 WinUsb - ok
16:38:11.0213 8780 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:38:11.0243 8780 Wlansvc - ok
16:38:11.0443 8780 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:38:11.0543 8780 wlidsvc - ok
16:38:11.0583 8780 wltrysvc (a96d6c0613dcf84f2d07faeb75663072) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
16:38:11.0583 8780 wltrysvc - ok
16:38:11.0673 8780 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:38:11.0673 8780 WmiAcpi - ok
16:38:11.0773 8780 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:38:11.0783 8780 wmiApSrv - ok
16:38:11.0803 8780 WMPNetworkSvc - ok
16:38:11.0843 8780 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:38:11.0843 8780 WPCSvc - ok
16:38:11.0893 8780 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:38:11.0893 8780 WPDBusEnum - ok
16:38:11.0933 8780 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:38:11.0933 8780 ws2ifsl - ok
16:38:11.0963 8780 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:38:11.0973 8780 wscsvc - ok
16:38:11.0973 8780 WSearch - ok
16:38:12.0173 8780 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:38:12.0213 8780 wuauserv - ok
16:38:12.0343 8780 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:38:12.0343 8780 WudfPf - ok
16:38:12.0383 8780 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:38:12.0393 8780 WUDFRd - ok
16:38:12.0423 8780 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:38:12.0423 8780 wudfsvc - ok
16:38:12.0453 8780 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:38:12.0473 8780 WwanSvc - ok
16:38:12.0513 8780 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:38:12.0603 8780 \Device\Harddisk0\DR0 - ok
16:38:12.0603 8780 Boot (0x1200) (23d67aad727243674d1de8e73cfc9f41) \Device\Harddisk0\DR0\Partition0
16:38:12.0613 8780 \Device\Harddisk0\DR0\Partition0 - ok
16:38:12.0623 8780 Boot (0x1200) (5806b080c40c6cd2bf0775127e9433ca) \Device\Harddisk0\DR0\Partition1
16:38:12.0623 8780 \Device\Harddisk0\DR0\Partition1 - ok
16:38:12.0623 8780 ============================================================
16:38:12.0623 8780 Scan finished
16:38:12.0623 8780 ============================================================
16:38:12.0643 3744 Detected object count: 0
16:38:12.0643 3744 Actual detected object count: 0
16:43:42.0100 9552 Deinitialize success


aswMBR.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-07 16:45:27
-----------------------------
16:45:27.250 OS Version: Windows x64 6.1.7601 Service Pack 1
16:45:27.250 Number of processors: 4 586 0x2502
16:45:27.250 ComputerName: MAIN-LAPTOP UserName: shawntruc
16:45:28.970 Initialize success
16:46:22.946 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:46:22.956 Disk 0 Vendor: ST9500420AS D005SDM1 Size: 476940MB BusType: 11
16:46:22.986 Disk 0 MBR read successfully
16:46:22.986 Disk 0 MBR scan
16:46:22.996 Disk 0 Windows VISTA default MBR code
16:46:22.996 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
16:46:23.006 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
16:46:23.026 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30800325
16:46:23.056 Disk 0 scanning C:\Windows\system32\drivers
16:46:32.177 Service scanning
16:46:49.759 Modules scanning
16:46:49.759 Disk 0 trace - called modules:
16:46:49.795 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:46:49.800 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003579060]
16:46:50.131 3 CLASSPNP.SYS[fffff88001bb343f] -> nt!IofCallDriver -> [0xfffffa8003410ce0]
16:46:50.131 5 stdflt.sys[fffff88001ae6a4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800326c060]
16:46:50.141 Scan finished successfully
16:47:13.566 Disk 0 MBR has been saved successfully to "C:\Users\shawntruc\Desktop\MBR.dat"
16:47:13.566 The log file has been saved successfully to "C:\Users\shawntruc\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:25 PM

Posted 08 May 2012 - 09:31 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 selliott

selliott
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 08 May 2012 - 08:12 PM

No problems. Everything seems to be okay.

Combofix log:

ComboFix 12-05-08.02 - shawntruc 05/08/2012 20:32:36.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3061.1647 [GMT -4:00]
Running from: c:\users\shawntruc\Desktop\ComboFix.exe
Command switches used :: c:\users\shawntruc\Desktop\CFScript.txt.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-09 00:43 . 2012-05-09 00:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-09 00:43 . 2012-05-09 00:43 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-05 15:16 . 2012-05-05 15:16 16200 ----a-w- c:\windows\stinger.sys
2012-05-05 15:16 . 2012-05-05 15:21 -------- d-----w- c:\program files (x86)\stinger
2012-04-24 11:46 . 2012-04-24 11:46 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-14 12:04 . 2012-04-14 12:04 -------- d-----w- c:\users\shawntruc\AppData\Roaming\Intuit
2012-04-14 12:00 . 2012-04-14 12:00 -------- d-----w- c:\users\shawntruc\AppData\Local\IsolatedStorage
2012-04-14 12:00 . 2012-04-14 12:01 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-04-14 11:59 . 2012-04-14 11:59 -------- d-----w- c:\program files (x86)\TurboTax
2012-04-14 11:59 . 2012-04-14 12:01 -------- d-----w- c:\programdata\Intuit
2012-04-12 07:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 07:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-22 12:04 . 2010-05-18 23:11 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-04-22 12:03 . 2010-06-06 19:57 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-04-22 12:03 . 2010-06-06 19:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-04-10 19:08 . 2010-06-06 19:57 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-04-10 19:06 . 2010-05-18 23:10 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-10 18:58 . 2010-05-18 23:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-20 18:31 . 2011-05-17 17:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 17:11 . 2011-10-21 12:40 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-03 21:23 . 2012-03-03 21:23 1003520 ----a-w- c:\windows\SysWow64\bstCommonControls.ocx
2012-03-01 11:06 . 2012-03-01 11:06 10 ----a-w- c:\windows\Fonts\wfonts.key
2012-02-22 17:29 . 2011-10-21 12:46 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 17:29 . 2011-10-21 12:45 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 17:29 . 2011-10-21 12:45 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 17:29 . 2011-10-21 12:45 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 17:29 . 2011-10-21 12:45 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 17:29 . 2011-10-21 12:45 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 17:29 . 2011-10-21 12:45 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 17:29 . 2011-03-13 15:20 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 17:29 . 2011-03-13 15:20 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-02-17 06:38 . 2012-03-13 18:53 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 18:53 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 18:53 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 18:53 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 20:33 . 2012-02-15 20:33 640112 ----a-w- c:\windows\SysWow64\AuroraShell.ocx
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 06:36 . 2012-03-13 20:38 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 20:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-07_12.52.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-03 20:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-08 18:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-08 18:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-03 20:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-03 20:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-08 18:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-05-08 18:47 34352 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-27 23:42 . 2012-05-08 18:47 20196 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2151826625-3538584327-2775130625-1001_UserData.bin
+ 2010-04-27 17:54 . 2012-05-08 19:33 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-27 17:54 . 2012-05-07 11:02 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-27 17:54 . 2012-05-08 19:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-27 17:54 . 2012-05-07 11:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-08 19:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-07 11:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-27 23:35 . 2011-09-16 18:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-27 23:35 . 2012-05-08 02:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-30 04:21 . 2012-05-07 13:34 5800 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-05-09 00:45 . 2012-05-09 00:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-07 12:51 . 2012-05-07 12:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-07 12:51 . 2012-05-07 12:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-09 00:45 . 2012-05-09 00:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-01 13:03 . 2012-05-07 13:26 287458 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-05-07 12:50 283528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-09 00:44 283528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-05-13 03:27 . 2012-05-09 00:44 8056404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2151826625-3538584327-2775130625-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-01-15 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"KMCONFIG"="c:\program files (x86)\iHome\Mouse Driver\StartAutorun.exe" [2008-05-30 212992]
"PROFIS AutoUpdate"="c:\program files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Tray.exe" [2011-11-08 474112]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-20 560128]
.
c:\users\shawntruc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 Hilti PROFIS AutoUpdate Service;Hilti PROFIS AutoUpdate Service;c:\program files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe [2011-11-08 206336]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 SpyroService;Spyro Portal Service;c:\program files (x86)\FS\Spyro Portal\FlashPortal.exe [2012-01-31 48128]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
DPF: {0F026C11-5A66-4c2b-87B5-88DDEBAE72A1} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTvsflex8l.CAB
DPF: {11E93902-B6FD-11D7-A642-00C04F57E4DC} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIX0010.CAB
DPF: {2961B151-8F4A-4C9E-8287-D59FAA6C959D} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIX0060.CAB
DPF: {2A00324E-751C-11D3-A5D3-00C04F7F81E2} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0040.CAB
DPF: {2FC291D0-5814-4658-9680-4DAD4DD3F330} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTRCM0030.CAB
DPF: {30C95CE6-6D2F-11D3-81AD-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0020.CAB
DPF: {310C70B7-92ED-11D3-81CE-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0070.CAB
DPF: {33A48268-CF39-47E2-80A3-1BC33A1EF2C6} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTJCD6000.CAB
DPF: {4004B4D0-7D66-11D5-A55B-00B0D07DCA5B} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0090.CAB
DPF: {44BD92DB-D8A8-43A8-8900-DD73310A59EB} - hxxps://bst.gfnet.com/auroraweb/BSTtodg8.CAB
DPF: {4E096548-B6FC-11D7-A642-00C04F57E4DC} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIX0030.CAB
DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxps://bst.gfnet.com/auroraweb/BSTeReportsCE11.CAB
DPF: {815E0702-E4CA-11D3-81ED-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0080.CAB
DPF: {90C8812D-81C2-45EA-8101-6C6F29835AE8} - hxxps://bst.gfnet.com/auroraweb/BSTeInstaller.CAB
DPF: {ACCB32DB-F2C9-46C3-A215-21F805657765} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIX0050.CAB
DPF: {AD46BB36-7741-11D3-81B8-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0030.CAB
DPF: {B3A8D7A2-B7E1-11D3-81E2-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0050.CAB
DPF: {B3D2ED24-A4B6-11D6-A604-00C04F57E4DC} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIU0010.CAB
DPF: {D9EE5A5C-AF15-11D3-81E0-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0010.CAB
DPF: {DB797690-40E0-11D2-9BD5-0060082AE372} - hxxps://bst.gfnet.com/auroraweb/BSTeDepFiles.CAB
DPF: {DCFEDB58-DB3F-4DEB-A4C4-D8107FBBDAC3} - hxxps://bst.gfnet.com/auroraweb/BSTeReportsCE12.CAB
DPF: {E6671596-1F52-11D3-8162-00C04F8DF62C} - hxxps://bst.gfnet.com/auroraweb/AuroraShell.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2151826625-3538584327-2775130625-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2151826625-3538584327-2775130625-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-05-08 21:02:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-09 01:02
.
Pre-Run: 171,288,952,832 bytes free
Post-Run: 171,494,154,240 bytes free
.
- - End Of File - - 9F86DF3FE938E9BA635DB1CE4E9AA6F4

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:25 PM

Posted 08 May 2012 - 08:36 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 selliott

selliott
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 08 May 2012 - 08:47 PM

Update for Microsoft Office 2007 (KB2508958)
Accelerometer
Adobe AIR
Adobe Reader 9.1.2
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
AviSynth 2.5
Banctec Service Agreement
CamStudio OSS Desktop Recorder
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cozi
CraftBukkit
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
DVD Decrypter (Remove Only)
EasyBits GO
ENERCALC Structural Engineering Library Version 6 Demo
ESPN Offline Draft
FLVPlayer4Free Free FLV Player 3.8.0.0
Fraps (remove only)
GIMP 2.6.11
GoToAssist 8.0.0.514
Hilti PROFIS Anchor
Hilti PROFIS AutoUpdate
iHome Mouse Driver
Java Auto Updater
Java™ 6 Update 29
Ji_Ga_Zo
Junk Mail filter update
Live! Cam Avatar Creator
LogMeIn Hamachi
McAfee Total Protection
Media Go
Media Go Video Playback Engine 1.48.108.10100
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 4.0
MSVCRT
MSVCRT_amd64
NCMA Masonry Design Software
PDF Rider 0.6
Pdf995
pdfsam
PlayStation®Network Downloader
PlayStation®Store
PowerDVD DX
PSP Video 9 6
QuickTime
RISA-2D 10.0 Demo
Roxio Burn
SBEDS v4.1a
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Skins
Skype Click to Call
Skype™ 5.8
SpyroDriver
Star Wars JK II Jedi Outcast
Steam
Terraria
The AISC Steel Construction Manual Companion
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wpaiper
TurboTax 2011 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.8
vShare Plugin
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xvid Video Codec

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:25 PM

Posted 08 May 2012 - 09:02 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.1.2
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 selliott

selliott
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 08 May 2012 - 10:45 PM

Whew! That took some time.

mbam log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
shawntruc :: MAIN-LAPTOP [administrator]

5/8/2012 11:27:29 PM
mbam-log-2012-05-08 (23-27-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219493
Time elapsed: 6 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:42:44 PM, on 5/8/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\iHome\Mouse Driver\StartAutorun.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\iHome\Mouse Driver\KMConfig.exe
C:\Program Files (x86)\iHome\Mouse Driver\KMProcess.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426021609.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files (x86)\iHome\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [PROFIS AutoUpdate] C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Tray.exe -hidden
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0F026C11-5A66-4c2b-87B5-88DDEBAE72A1} (BST Enterprise 8.3) - https://bst.gfnet.com/auroraweb/ClientComponents/BSTvsflex8l.CAB
O16 - DPF: {11E93902-B6FD-11D7-A642-00C04F57E4DC} (BST Enterprise BSTEIX0010) - https://bst.gfnet.com/auroraweb/ClientComponents/BSTEIX0010.CAB
O16 - DPF: {2961B151-8F4A-4C9E-8287-D59FAA6C959D} (BST Enterprise BSTEIX0060) - https://bst.gfnet.com/auroraweb/ClientComponents/BSTEIX0060.CAB
O16 - DPF: {2A00324E-751C-11D3-A5D3-00C04F7F81E2} (BST Enterprise BSTEIT0040) - https://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0040.CAB
O16 - DPF: {2FC291D0-5814-4658-9680-4DAD4DD3F330} (BST Enterprise BSTRCM0030) - https://bst.gfnet.com/auroraweb/ClientComponents/BSTRCM0030.CAB
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} (SFImageUpload1_10.ImageUpload) - http://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
O16 - DPF: {30C95CE6-6D2F-11D3-81AD-00C04F8DF62C} (BST Enterprise BSTEIT0020) - https://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0020.CAB
O16 - DPF: {310C70B7-92ED-11D3-81CE-00C04F8DF62C} (BST Enterprise BSTEIT0070) - https://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0070.CAB
O16 - DPF: {33A48268-CF39-47E2-80A3-1BC33A1EF2C6} (BST Enterprise BSTJCD6000) - https://bst.gfnet.com/auroraweb/ClientComponents/BSTJCD6000.CAB
O16 - DPF: {4004B4D0-7D66-11D5-A55B-00B0D07DCA5B} (BST Enterprise BSTEIT0090) - https://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0090.CAB
O16 - DPF: {44BD92DB-D8A8-43A8-8900-DD73310A59EB} (BST Enterprise 8.3) - https://bst.gfnet.com/auroraweb/BSTtodg8.CAB
O16 - DPF: {4E096548-B6FC-11D7-A642-00C04F57E4DC} (BST Enterprise BSTEIX0030) - https://bst.gfnet.com/auroraweb/ClientComponents/BSTEIX0030.CAB
O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} (BST Enterprise Reports 8.3) - https://bst.gfnet.com/auroraweb/BSTeReportsCE11.CAB
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {815E0702-E4CA-11D3-81ED-00C04F8DF62C} (BST Enterprise BSTEIT0080) - https://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0080.CAB
O16 - DPF: {90C8812D-81C2-45EA-8101-6C6F29835AE8} (BST Installer) - https://bst.gfnet.com/auroraweb/BSTeInstaller.CAB
O16 - DPF: {ACCB32DB-F2C9-46C3-A215-21F805657765} (BST Enterprise BSTEIX0050) - https://bst.gfnet.com/auroraweb/ClientComponents/BSTEIX0050.CAB
O16 - DPF: {AD46BB36-7741-11D3-81B8-00C04F8DF62C} (BST Enterprise BSTEIT0030) - https://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0030.CAB
O16 - DPF: {B3A8D7A2-B7E1-11D3-81E2-00C04F8DF62C} (BST Enterprise BSTEIT0050) - https://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0050.CAB
O16 - DPF: {B3D2ED24-A4B6-11D6-A604-00C04F57E4DC} (BST Enterprise BSTEIU0010) - https://bst.gfnet.com/auroraweb/ClientComponents/BSTEIU0010.CAB
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D9EE5A5C-AF15-11D3-81E0-00C04F8DF62C} (BST Enterprise BSTEIT0010) - https://bst.gfnet.com/auroraweb/ClientComponents/BSTEIT0010.CAB
O16 - DPF: {DB797690-40E0-11D2-9BD5-0060082AE372} (BST Enterprise) - https://bst.gfnet.com/auroraweb/BSTeDepFiles.CAB
O16 - DPF: {DCFEDB58-DB3F-4DEB-A4C4-D8107FBBDAC3} (BST Enterprise Reports) - https://bst.gfnet.com/auroraweb/BSTeReportsCE12.CAB
O16 - DPF: {E6671596-1F52-11D3-8162-00C04F8DF62C} (BST Enterprise) - https://bst.gfnet.com/auroraweb/AuroraShell.CAB
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hilti PROFIS AutoUpdate Service - Agito d.o.o. - C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Spyro Portal Service (SpyroService) - FS - C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19642 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:25 PM

Posted 08 May 2012 - 10:50 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
      O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
      O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
      O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
      O4 - HKLM\..\Run: [PROFIS AutoUpdate] C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Tray.exe -hidden
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
      O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
      O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 selliott

selliott
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 10 May 2012 - 11:57 PM

Gringo...thanks very much for the help. You've been awesome. I have been out of town on business and haven't been able to answer...I will respond tomorrow. Sorry for the delay.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:25 PM

Posted 11 May 2012 - 12:13 AM

No problem and thanks for the headsup - I will look for you then :thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:25 PM

Posted 13 May 2012 - 11:41 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users