Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is so infected: sympdi.dll, consrv.dll and desktop.ini !


  • This topic is locked This topic is locked
22 replies to this topic

#1 docsethp

docsethp

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 13 May 2012 - 07:27 PM

Hi All

I've seen other similar posts, but seems like my computer is more infected than others. (okay, not a great claim to disclose!) Noticed it yesterday when McAfee told me my computer is not protected, and then saw that my windows firewall could not be activated (get an error code), windows defender cannot start (another error code) and everytime I try to restart the firewall on McAfee, it quickly reverts to off. It says it's on, but I know it's lying... I have run MalWarebytes and it finds 3 trojans that it deletes. However, that did not help. I downloaded and Ran Windows Security Essentials, and it finds tons of things. Problem is when in tries to fix them, I can't restart the computer and have to restore to an earlier point.

Running Windows 7 Home Premium 64 Bit
Some Trojans found are:

Trojan: Win64/Sirefef.Y
Trojan: Win32/Sirefef.AB
Trojan: Win64/Sirefef.U
Trojan: Win64/Sirefef.P
Trojan: Win64/Sirefef.B
and many others similar to it!

These affect the C:Windows/assemble/GAC_32/Desktop.ini, C:Windows/assemble/GAC_64/Desktop.ini, C:/Windows/System32/consrv.dll, C:/Windows/system32/sympdi.dll

In addition, it also finds:
Exploit:Java and TojanDownloader:Java files

Last thing I remembered doing before this happened was downloading imgburn and watching youtube vids, but I'm sure it's been going on a lot longer...

I appreciate and help that can be given (if possible!) and thanks in advance!

Seth

------------
DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Seth at 19:07:27 on 2012-05-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.5833 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbtcoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIGCA.EXE
C:\Users\Seth\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Users\Seth\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100821080421.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [<NO NAME>]
uRun: [EPSON NX420 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_S4375.tmp" /EF "HKCU"
uRun: [Akamai NetSession Interface] "C:\Users\Seth\AppData\Local\Akamai\netsession_win.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [MediaFace Integration] C:\Program Files (x86)\Fellowes\MediaFACE 4.2\SetHook.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Seth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Seth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Seth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ROLLER~1.LNK - C:\Users\Seth\AppData\Local\Temp\{85813D38-1733-4D55-88E8-A7A6FDD24880}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: usc.edu\sslvpn2
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://sslvpn2.usc.edu/CACHE/stc/10/binaries/vpnweb.cab
DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} - hxxps://onsite.verisign.com/services/TheUniversityofTexasSystemHealthScienceCenteratHoustonCA/vspta3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0D47B984-E699-46CA-87C0-7C9E415AD686} : DhcpNameServer = 192.168.1.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100821080421.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [MediaFace Integration] C:\Program Files (x86)\Fellowes\MediaFACE 4.2\SetHook.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-1-11 92160]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-14 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-8-21 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-8-21 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-8-21 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-21 199032]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-21 244840]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-21 148520]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-11 656624]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-5-5 583360]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 ivgeefak;ivgeefak;\??\C:\Windows\system32\drivers\ivgeefak.sys --> C:\Windows\system32\drivers\ivgeefak.sys [?]
S1 sfkdyliv;sfkdyliv;\??\C:\Windows\system32\drivers\sfkdyliv.sys --> C:\Windows\system32\drivers\sfkdyliv.sys [?]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-8-21 355440]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384]
S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744]
.
=============== Created Last 30 ================
.
2012-05-14 02:02:41 50000 ----a-w- C:\Windows\System32\drivers\ivgeefak.sys
2012-05-14 02:01:34 50000 ----a-w- C:\Windows\System32\drivers\sfkdyliv.sys
2012-05-13 12:05:59 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{813849DC-14E3-4008-8C9A-C5ED488A6311}\offreg.dll
2012-05-13 12:01:05 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{249497CE-35A2-4B55-BB70-C242F7161535}\gapaengine.dll
2012-05-13 12:01:02 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{813849DC-14E3-4008-8C9A-C5ED488A6311}\mpengine.dll
2012-05-13 06:02:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-13 05:43:27 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-13 05:15:26 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 05:15:26 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-13 05:15:26 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-13 05:15:26 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-13 05:15:26 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 05:14:39 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-13 05:14:39 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-13 05:14:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-13 05:14:21 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-13 05:14:21 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-13 05:14:20 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-13 05:13:44 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-13 05:12:56 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-13 04:52:27 16200 ----a-w- C:\Windows\stinger.sys
2012-05-13 02:26:26 -------- d-----w- C:\Program Files (x86)\stinger
2012-05-12 15:28:29 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-12 04:03:23 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-05-12 04:02:17 -------- d-----we C:\Windows\system64
2012-05-12 01:01:07 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{87033A04-AF82-4396-A8AB-9112AE7B3BA0}\mpengine.dll
2012-05-09 05:12:23 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-09 05:12:23 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-09 05:12:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-09 05:12:22 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-09 05:12:22 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-09 05:12:22 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-09 05:12:22 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-09 05:08:26 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-05-09 05:08:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-05-09 05:08:25 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-05-09 05:08:25 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-21 01:32:21 28672 ----a-w- C:\Windows\SysWow64\mousewheel.ocx
2012-04-21 01:32:21 212240 ----a-w- C:\Windows\SysWow64\richtx32.ocx
2012-04-21 01:32:21 -------- d-----w- C:\Program Files (x86)\DVD Flick
2012-04-14 20:09:17 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
.
==================== Find3M ====================
.
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-08 17:40:25 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-15 18:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 18:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
.
============= FINISH: 19:11:51.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 14 May 2012 - 12:02 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 docsethp

docsethp
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 14 May 2012 - 01:38 AM

Hi Gringo - thanks for getting back to me so fast in order to help me out, and making the instructions so clear. Before running the recovery scan tool I had to restore to an earlier point and uninstall MSE since it kept wanting to delete those files that allowed Windows to load. Here is the info from the tool. Thanks Again for your help.

-Seth

Scan result of Farbar Recovery Scan Tool Version: 13-05-2012
Ran by SYSTEM at 14-05-2012 12:24:36
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7834656 2009-06-02] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [x]
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [162328 2011-02-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2011-02-11] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417304 2011-02-11] (Intel Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [244208 2009-06-10] (Sonic Solutions)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [40376 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2012-03-26] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MediaFace Integration] C:\Program Files (x86)\Fellowes\MediaFACE 4.2\SetHook.exe [53248 2005-03-28] (Fellowes, Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1484856 2010-07-01] (McAfee, Inc.)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKU\Seth\...\Run: [] [x]
HKU\Seth\...\Run: [EPSON NX420 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_S4375.tmp" /EF "HKCU" [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\Seth\...\Run: [Akamai NetSession Interface] "C:\Users\Seth\AppData\Local\Akamai\netsession_win.exe" [3331872 2012-03-13] (Akamai Technologies, Inc)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
SubSystems: [Windows] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ======

2 dlbt_device; C:\Windows\system32\dlbtcoms.exe -service [567280 2007-06-07] ( )
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [651720 2010-01-11] (Macrovision Europe Ltd.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [509416 2010-04-15] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199032 2010-05-31] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [244840 2010-05-31] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [148520 2010-05-31] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
4 RoxLiveShare10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [309744 2009-06-10] (Sonic Solutions)
3 RoxMediaDB10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [1124848 2009-06-10] (Sonic Solutions)
2 RoxWatch10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [166384 2009-06-10] (Sonic Solutions)
2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [x]
2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [62416 2010-05-31] (McAfee, Inc.)
3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10628640 2011-02-11] (Intel Corporation)
3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [138752 2009-05-26] (Intel® Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [121504 2010-05-31] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [189880 2010-05-31] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [440688 2010-05-31] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [528616 2010-05-31] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75288 2010-05-31] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [93840 2010-05-31] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [279752 2010-05-31] (McAfee, Inc.)
3 mfeavfk01; [x]
1 wwdbzulp; \??\C:\Windows\system32\drivers\wwdbzulp.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-14 14:20 - 2012-05-14 02:47 - 0035208 ____A C:\Users\Seth\Desktop\FRST.txt
2012-05-13 23:46 - 2012-05-14 12:24 - 0000000 ____D C:\FRST
2012-05-13 22:19 - 2012-05-13 22:23 - 0001418 ____A C:\Users\Seth\Desktop\Help.txt
2012-05-13 22:12 - 2012-05-13 22:12 - 0024508 ____A C:\Users\Seth\Desktop\DDS.txt
2012-05-13 22:12 - 2012-05-13 22:12 - 0016084 ____A C:\Users\Seth\Desktop\Attach.txt
2012-05-13 08:00 - 2012-05-14 14:19 - 0001945 ____A C:\Windows\epplauncher.mif
2012-05-13 08:00 - 2012-05-13 08:00 - 0755926 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-13 01:43 - 2012-05-13 01:43 - 0000000 ____D C:\Program Files (x86)\ESET
2012-05-13 01:36 - 2012-05-14 00:08 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-13 01:14 - 2012-03-31 02:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-13 01:14 - 2012-03-31 00:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-13 01:14 - 2012-03-31 00:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-13 01:14 - 2012-03-30 23:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-13 01:14 - 2012-03-03 02:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-13 01:14 - 2012-03-03 01:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-13 01:13 - 2012-03-17 03:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr(56).sys
2012-05-13 01:12 - 2012-03-30 07:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-13 00:52 - 2012-05-13 07:58 - 0016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys
2012-05-13 00:10 - 2012-05-13 00:10 - 9455168 ____A (McAfee Inc.) C:\Users\Seth\Desktop\stinger.exe
2012-05-12 22:26 - 2012-05-14 00:12 - 0000000 ____D C:\Program Files (x86)\stinger
2012-05-12 22:26 - 2012-05-13 11:00 - 0000038 ___RH C:\Users\Seth\Desktop\stinger.opt
2012-05-12 00:03 - 2012-05-13 00:49 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-12 00:02 - 2012-05-12 00:02 - 0000000 ____D C:\Windows\system64
2012-05-10 20:53 - 2012-05-11 02:22 - 0025600 ____A C:\Users\Seth\Desktop\Board Review 2012-2013.xls
2012-05-09 21:38 - 2012-05-11 19:42 - 0019874 ____A C:\Users\Seth\Desktop\Curriculum Rev May 2012.docx
2012-05-09 01:12 - 2012-03-01 02:46 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-05-09 01:12 - 2012-03-01 02:38 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-05-09 01:12 - 2012-03-01 02:33 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-05-09 01:12 - 2012-03-01 02:28 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-05-09 01:12 - 2012-03-01 01:37 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-05-09 01:12 - 2012-03-01 01:33 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-05-09 01:12 - 2012-03-01 01:29 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-05-09 01:11 - 2012-02-28 02:39 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-09 01:11 - 2012-02-28 02:39 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-09 01:11 - 2012-02-28 02:39 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-09 01:11 - 2012-02-28 02:36 - 9020928 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-09 01:11 - 2012-02-28 02:36 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-09 01:11 - 2012-02-28 02:36 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-09 01:11 - 2012-02-28 02:35 - 2453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-09 01:11 - 2012-02-28 02:35 - 12264448 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-09 01:11 - 2012-02-28 02:35 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-09 01:11 - 2012-02-28 02:35 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-09 01:11 - 2012-02-28 01:38 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-09 01:11 - 2012-02-28 01:38 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-09 01:11 - 2012-02-28 01:38 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-09 01:11 - 2012-02-28 01:35 - 5998080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-09 01:11 - 2012-02-28 01:35 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-05-09 01:11 - 2012-02-28 01:35 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-09 01:11 - 2012-02-28 01:34 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-09 01:11 - 2012-02-28 01:34 - 10992640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-09 01:11 - 2012-02-28 01:34 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-09 01:11 - 2012-02-28 01:34 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-09 01:11 - 2012-02-28 00:31 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-09 01:11 - 2012-02-27 23:52 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-09 01:11 - 2012-01-25 02:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-05-09 01:11 - 2012-01-25 02:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-05-09 01:11 - 2012-01-25 02:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-05-09 01:08 - 2012-02-17 02:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-05-09 01:08 - 2012-02-17 01:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-05-09 01:08 - 2012-02-17 00:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-05-09 01:08 - 2012-02-17 00:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-05-04 21:17 - 2012-05-04 21:17 - 9166129 ____A C:\Users\Seth\Desktop\Central Line Module.pdf
2012-05-02 20:19 - 2012-05-02 20:19 - 0001416 ____A C:\Users\Seth\Desktop\ImgBurn - Shortcut.lnk
2012-04-26 17:12 - 2012-04-26 22:39 - 0077223 ____A C:\Users\Seth\Desktop\Medstudy May.docx
2012-04-20 21:32 - 2012-04-20 21:32 - 0001938 ____A C:\Users\Seth\Desktop\DVD Flick.lnk
2012-04-20 21:32 - 2012-04-20 21:32 - 0000000 ____D C:\Program Files (x86)\DVD Flick
2012-04-20 21:32 - 2008-08-31 16:27 - 0028672 ____A (-) C:\Windows\SysWOW64\mousewheel.ocx
2012-04-20 21:32 - 2004-03-09 03:00 - 0212240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx
2012-04-14 23:07 - 2012-04-22 02:07 - 0016404 ____A C:\Users\Seth\Desktop\ITe Doc.docx
2012-04-14 16:09 - 2009-08-20 01:50 - 0024416 ___RA (Adobe Systems Inc.) C:\Windows\System32\AdobePDFUI.dll

============ 3 Months Modified Files and Folders =============

2012-05-14 14:22 - 2010-01-11 16:21 - 2120097792 __ASH C:\hiberfil.sys
2012-05-14 14:22 - 2009-07-14 01:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-14 14:22 - 2009-07-14 00:51 - 0161527 ____A C:\Windows\setupact.log
2012-05-14 14:21 - 2009-07-14 01:10 - 1784085 ____A C:\Windows\WindowsUpdate.log
2012-05-14 14:21 - 2009-07-14 00:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-14 14:21 - 2009-07-14 00:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-14 14:20 - 2010-01-11 13:52 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-14 14:19 - 2012-05-13 08:00 - 0001945 ____A C:\Windows\epplauncher.mif
2012-05-14 12:24 - 2012-05-13 23:46 - 0000000 ____D C:\FRST
2012-05-14 03:13 - 2010-01-14 18:52 - 0000000 ___HD C:\users\Seth
2012-05-14 03:13 - 2009-07-13 23:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-14 02:47 - 2012-05-14 14:20 - 0035208 ____A C:\Users\Seth\Desktop\FRST.txt
2012-05-14 01:36 - 2012-04-03 02:02 - 0956645 ____A C:\Users\Seth\Desktop\In-Training Review.pptx
2012-05-14 00:12 - 2012-05-12 22:26 - 0000000 ____D C:\Program Files (x86)\stinger
2012-05-14 00:12 - 2011-12-11 01:26 - 0058682 ____A C:\Users\Seth\Desktop\MOVIES.docx
2012-05-14 00:12 - 2011-11-09 20:39 - 0000000 ____D C:\Users\Seth\Local Settings\Application Data\Akamai
2012-05-14 00:12 - 2011-11-09 20:39 - 0000000 ____D C:\Users\Seth\Local Settings\Akamai
2012-05-14 00:12 - 2011-11-09 20:39 - 0000000 ____D C:\Users\Seth\AppData\Local\Akamai
2012-05-14 00:12 - 2011-01-09 02:49 - 0000000 ____D C:\Users\Seth\Application Data\DVD Flick
2012-05-14 00:12 - 2011-01-09 02:49 - 0000000 ____D C:\Users\Seth\AppData\Roaming\DVD Flick
2012-05-14 00:12 - 2010-12-16 18:21 - 0000000 ____D C:\Users\Seth\Application Data\ICAClient
2012-05-14 00:12 - 2010-12-16 18:21 - 0000000 ____D C:\Users\Seth\AppData\Roaming\ICAClient
2012-05-14 00:12 - 2010-01-11 13:56 - 0000000 ____D C:\Program Files\McAfee
2012-05-14 00:12 - 2010-01-11 13:56 - 0000000 ____D C:\Program Files\Common Files\McAfee
2012-05-14 00:12 - 2010-01-11 13:31 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-14 00:12 - 2010-01-11 13:31 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-05-14 00:12 - 2010-01-11 13:31 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-05-14 00:12 - 2009-07-14 03:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-14 00:12 - 2009-07-13 23:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-05-14 00:11 - 2009-07-13 23:20 - 0000000 ____D C:\Windows\registration
2012-05-14 00:08 - 2012-05-13 01:36 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-13 22:23 - 2012-05-13 22:19 - 0001418 ____A C:\Users\Seth\Desktop\Help.txt
2012-05-13 22:12 - 2012-05-13 22:12 - 0024508 ____A C:\Users\Seth\Desktop\DDS.txt
2012-05-13 22:12 - 2012-05-13 22:12 - 0016084 ____A C:\Users\Seth\Desktop\Attach.txt
2012-05-13 11:00 - 2012-05-12 22:26 - 0000038 ___RH C:\Users\Seth\Desktop\stinger.opt
2012-05-13 08:00 - 2012-05-13 08:00 - 0755926 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-13 08:00 - 2009-07-13 22:36 - 0111454 ____A C:\Windows\System32\perfc009(58).dat
2012-05-13 07:58 - 2012-05-13 00:52 - 0016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys
2012-05-13 01:43 - 2012-05-13 01:43 - 0000000 ____D C:\Program Files (x86)\ESET
2012-05-13 01:29 - 2009-07-14 00:45 - 0347296 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-13 01:25 - 2010-04-17 10:14 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-13 01:23 - 2009-07-14 01:13 - 0752710 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-13 01:22 - 2009-07-14 01:08 - 0032588 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-13 00:49 - 2012-05-12 00:03 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-13 00:12 - 2011-01-17 20:16 - 0016068 ____A C:\Users\Seth\My Documents\CDs to Get.docx
2012-05-13 00:12 - 2011-01-17 20:16 - 0016068 ____A C:\Users\Seth\Documents\CDs to Get.docx
2012-05-13 00:10 - 2012-05-13 00:10 - 9455168 ____A (McAfee Inc.) C:\Users\Seth\Desktop\stinger.exe
2012-05-12 10:46 - 2009-07-14 03:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-05-12 00:02 - 2012-05-12 00:02 - 0000000 ____D C:\Windows\system64
2012-05-12 00:02 - 2009-07-14 01:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2012-05-11 23:21 - 2010-01-11 13:36 - 0000000 ____D C:\Users\All Users\Roxio
2012-05-11 23:21 - 2010-01-11 13:36 - 0000000 ____D C:\Users\All Users\Application Data\Roxio
2012-05-11 23:21 - 2010-01-11 13:36 - 0000000 ____D C:\ProgramData\Roxio
2012-05-11 19:42 - 2012-05-09 21:38 - 0019874 ____A C:\Users\Seth\Desktop\Curriculum Rev May 2012.docx
2012-05-11 02:22 - 2012-05-10 20:53 - 0025600 ____A C:\Users\Seth\Desktop\Board Review 2012-2013.xls
2012-05-11 00:00 - 2011-01-17 20:08 - 0013755 ____A C:\Users\Seth\My Documents\DVDs to Get.docx
2012-05-11 00:00 - 2011-01-17 20:08 - 0013755 ____A C:\Users\Seth\Documents\DVDs to Get.docx
2012-05-10 02:04 - 2010-11-29 12:58 - 0012506 ____A C:\Users\Seth\My Documents\TV Series to Get.docx
2012-05-10 02:04 - 2010-11-29 12:58 - 0012506 ____A C:\Users\Seth\Documents\TV Series to Get.docx
2012-05-09 20:31 - 2010-01-14 21:40 - 0000000 ____D C:\Users\Seth\My Documents\Medical Articles
2012-05-09 20:31 - 2010-01-14 21:40 - 0000000 ____D C:\Users\Seth\Documents\Medical Articles
2012-05-06 01:07 - 2010-12-09 01:42 - 0000000 ____D C:\Users\Seth\Application Data\avidemux
2012-05-06 01:07 - 2010-12-09 01:42 - 0000000 ____D C:\Users\Seth\AppData\Roaming\avidemux
2012-05-04 21:17 - 2012-05-04 21:17 - 9166129 ____A C:\Users\Seth\Desktop\Central Line Module.pdf
2012-05-04 02:22 - 2010-08-21 22:39 - 0000000 ____D C:\Users\Seth\Application Data\uTorrent
2012-05-04 02:22 - 2010-08-21 22:39 - 0000000 ____D C:\Users\Seth\AppData\Roaming\uTorrent
2012-05-03 20:20 - 2010-08-21 22:18 - 0000000 ____D C:\Users\Seth\Desktop\MOVIES
2012-05-02 20:19 - 2012-05-02 20:19 - 0001416 ____A C:\Users\Seth\Desktop\ImgBurn - Shortcut.lnk
2012-05-01 18:19 - 2010-12-23 00:20 - 0000000 ____D C:\Users\Seth\My Documents\USC Faculty
2012-05-01 18:19 - 2010-12-23 00:20 - 0000000 ____D C:\Users\Seth\Documents\USC Faculty
2012-04-26 22:39 - 2012-04-26 17:12 - 0077223 ____A C:\Users\Seth\Desktop\Medstudy May.docx
2012-04-22 02:07 - 2012-04-14 23:07 - 0016404 ____A C:\Users\Seth\Desktop\ITe Doc.docx
2012-04-20 21:32 - 2012-04-20 21:32 - 0001938 ____A C:\Users\Seth\Desktop\DVD Flick.lnk
2012-04-20 21:32 - 2012-04-20 21:32 - 0000000 ____D C:\Program Files (x86)\DVD Flick
2012-04-16 19:28 - 2012-01-17 01:21 - 0002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-16 19:28 - 2012-01-17 01:21 - 0002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2012-04-15 11:36 - 2010-01-14 21:42 - 0000000 ____D C:\Users\Seth\My Documents\NOVA
2012-04-15 11:36 - 2010-01-14 21:42 - 0000000 ____D C:\Users\Seth\Documents\NOVA
2012-04-14 20:03 - 2011-03-19 19:21 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-13 01:07 - 2011-06-30 13:09 - 0010115 ____A C:\Users\Seth\My Documents\Mags to Get.docx
2012-04-13 01:07 - 2011-06-30 13:09 - 0010115 ____A C:\Users\Seth\Documents\Mags to Get.docx
2012-04-04 18:56 - 2011-03-19 19:21 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-01 03:11 - 2012-04-01 03:09 - 0000460 ____A C:\Users\Seth\My Documents\Fluenz_Fluenz Spanish_1.str
2012-04-01 03:11 - 2012-04-01 03:09 - 0000460 ____A C:\Users\Seth\Documents\Fluenz_Fluenz Spanish_1.str
2012-04-01 03:09 - 2012-04-01 03:08 - 0000000 ____D C:\Users\Seth\Local Settings\Fluenz
2012-04-01 03:09 - 2012-04-01 03:08 - 0000000 ____D C:\Users\Seth\Local Settings\Application Data\Fluenz
2012-04-01 03:09 - 2012-04-01 03:08 - 0000000 ____D C:\Users\Seth\AppData\Local\Fluenz
2012-04-01 03:07 - 2012-04-01 03:07 - 0000000 ____D C:\Program Files (x86)\Fluenz
2012-03-31 21:20 - 2012-03-31 21:20 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-31 21:20 - 2012-03-31 21:20 - 0001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-03-31 21:20 - 2012-03-31 21:19 - 0000000 ____D C:\Program Files\iTunes
2012-03-31 21:20 - 2012-03-31 21:19 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-31 21:19 - 2012-03-31 21:19 - 0000000 ____D C:\Program Files\iPod
2012-03-31 02:05 - 2012-05-13 01:14 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-31 00:39 - 2012-05-13 01:14 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-31 00:39 - 2012-05-13 01:14 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 23:10 - 2012-05-13 01:14 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 07:35 - 2012-05-13 01:12 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-24 23:54 - 2012-03-24 23:54 - 0356475 ____A C:\Users\Seth\Desktop\VitD_Dose_-_Annals_2012.pdf
2012-03-23 21:36 - 2012-03-23 21:36 - 0084104 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-03-23 15:17 - 2012-03-23 15:17 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01007.Wdf
2012-03-22 14:40 - 2011-12-11 01:26 - 0047884 ____H C:\Users\Seth\Desktop\~WRL0002.tmp
2012-03-17 03:58 - 2012-05-13 01:13 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr(56).sys
2012-03-08 13:40 - 2011-06-03 19:05 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-07 19:25 - 2010-01-18 19:12 - 0000000 ____D C:\Users\Seth\My Documents\UT Houston Faculty
2012-03-07 19:25 - 2010-01-18 19:12 - 0000000 ____D C:\Users\Seth\Documents\UT Houston Faculty
2012-03-05 21:43 - 2010-04-17 08:56 - 0000000 ___RD C:\Users\Seth\My Documents\Scanned Documents
2012-03-05 21:43 - 2010-04-17 08:56 - 0000000 ___RD C:\Users\Seth\Documents\Scanned Documents
2012-03-05 17:47 - 2010-01-15 20:03 - 0000000 ____D C:\Users\Seth\Tracing
2012-03-05 01:36 - 2012-03-05 01:35 - 0000000 ___HD C:\Users\Seth\Desktop\F05
2012-03-04 14:34 - 2012-03-04 14:34 - 0000162 ___AH C:\Users\Seth\Desktop\~$It.docx
2012-03-03 02:35 - 2012-05-13 01:14 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-03 01:31 - 2012-05-13 01:14 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-01 02:46 - 2012-05-09 01:12 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-03-01 02:38 - 2012-05-09 01:12 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-03-01 02:33 - 2012-05-09 01:12 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-03-01 02:28 - 2012-05-09 01:12 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-03-01 01:37 - 2012-05-09 01:12 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-03-01 01:33 - 2012-05-09 01:12 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-03-01 01:29 - 2012-05-09 01:12 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-28 22:36 - 2010-01-11 16:21 - 0503312 ____A C:\Windows\PFRO.log
2012-02-28 02:39 - 2012-05-09 01:11 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-28 02:39 - 2012-05-09 01:11 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-28 02:39 - 2012-05-09 01:11 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-28 02:36 - 2012-05-09 01:11 - 9020928 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-28 02:36 - 2012-05-09 01:11 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-28 02:36 - 2012-05-09 01:11 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-28 02:35 - 2012-05-09 01:11 - 2453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-28 02:35 - 2012-05-09 01:11 - 12264448 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-28 02:35 - 2012-05-09 01:11 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-28 02:35 - 2012-05-09 01:11 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-28 01:38 - 2012-05-09 01:11 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-28 01:38 - 2012-05-09 01:11 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-28 01:38 - 2012-05-09 01:11 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-28 01:35 - 2012-05-09 01:11 - 5998080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-28 01:35 - 2012-05-09 01:11 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-28 01:35 - 2012-05-09 01:11 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-28 01:34 - 2012-05-09 01:11 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-28 01:34 - 2012-05-09 01:11 - 10992640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-28 01:34 - 2012-05-09 01:11 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-28 01:34 - 2012-05-09 01:11 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-28 00:31 - 2012-05-09 01:11 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 23:52 - 2012-05-09 01:11 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-21 14:44 - 2010-01-14 18:56 - 0000473 ____A C:\Users\Seth\Downloads\Desktop.lnk
2012-02-21 14:44 - 2010-01-14 18:56 - 0000402 __ASH C:\Users\Seth\My Documents\desktop.ini
2012-02-21 14:44 - 2010-01-14 18:56 - 0000174 ___SH C:\Users\Seth\Start Menu\Programs\Startup\desktop.ini
2012-02-21 14:44 - 2010-01-14 18:56 - 0000174 ___SH C:\Users\Seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-20 02:14 - 2012-02-14 16:02 - 1056520 ____A C:\Users\Seth\Desktop\Medical Jeopardy.docx
2012-02-18 12:46 - 2012-02-18 12:46 - 0155296 ____A C:\Users\Seth\My Documents\2011TaxReturn[1].pdf
2012-02-18 12:46 - 2012-02-18 12:46 - 0155296 ____A C:\Users\Seth\Documents\2011TaxReturn[1].pdf
2012-02-17 02:38 - 2012-05-09 01:08 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-17 01:34 - 2012-05-09 01:08 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-17 00:58 - 2012-05-09 01:08 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-17 00:57 - 2012-05-09 01:08 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-15 14:01 - 2012-02-15 14:01 - 4547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-02-15 14:01 - 2012-02-15 14:01 - 0052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8157.18 MB
Available physical RAM: 7374.45 MB
Total Pagefile: 8155.33 MB
Available Pagefile: 7357.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:585.51 GB) (Free:73.7 GB) NTFS
7 Drive i: (RECOVERY) (Fixed) (Total:10.61 GB) (Free:4.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
8 Drive j: (USB DISK) (Removable) (Total:0.94 GB) (Free:0.68 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 960 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 54 MB 31 KB
Partition 2 Primary 10 GB 55 MB
Partition 3 Primary 585 GB 10 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 54 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 I RECOVERY NTFS Partition 10 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 585 GB Healthy

======================================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 959 MB 16 KB

======================================================================================================

Disk: 5
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J USB DISK FAT Removable 959 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-10 01:14

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 14 May 2012 - 01:58 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ATTENTION! ====> ZeroAccess
1 wwdbzulp; \??\C:\Windows\system32\drivers\wwdbzulp.sys [x]
C:\Windows\system32\drivers\wwdbzulp.sys


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 docsethp

docsethp
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 14 May 2012 - 10:27 PM

Hi Again Gringo

Here ya go:

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 13-05-2012
Ran by SYSTEM at 2012-05-15 10:21:15 Run:1
Running from J:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
wwdbzulp service deleted successfully.
C:\Windows\system32\drivers\wwdbzulp.sys not found.

==== End of Fixlog ====

Thanks!!!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 15 May 2012 - 08:45 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 docsethp

docsethp
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 16 May 2012 - 06:16 PM

Hi Gringo

Seems to be better, but some potential snags:

1) Here is the Log from Combofix:

ComboFix 12-05-16.02 - Seth 05/17/2012 5:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.6436 [GMT -7:00]
Running from: c:\users\Seth\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 )))))))))))))))))))))))))))))))
.
.
2012-05-17 12:40 . 2012-05-17 12:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-14 03:46 . 2012-05-14 16:25 -------- d-----w- C:\FRST
2012-05-13 05:43 . 2012-05-13 05:43 -------- d-----w- c:\program files (x86)\ESET
2012-05-13 05:36 . 2012-05-14 04:08 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-13 05:15 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-13 05:15 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-13 05:15 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 05:15 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-13 05:15 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 05:14 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-13 05:14 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-13 05:14 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 05:14 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-13 05:14 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 05:14 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-13 05:13 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr(56).sys
2012-05-13 05:12 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 04:52 . 2012-05-13 11:58 16200 ----a-w- c:\windows\stinger.sys
2012-05-13 02:26 . 2012-05-14 04:12 -------- d-----w- c:\program files (x86)\stinger
2012-05-12 04:02 . 2012-05-12 04:02 -------- d-----we c:\windows\system64
2012-05-09 05:12 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-09 05:12 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-09 05:12 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-09 05:12 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-09 05:12 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-09 05:12 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-09 05:12 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-09 05:08 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-09 05:08 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-09 05:08 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-09 05:08 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-21 01:32 . 2012-04-21 01:32 -------- d-----w- c:\program files (x86)\DVD Flick
2012-04-21 01:32 . 2008-08-31 20:27 28672 ----a-w- c:\windows\SysWow64\mousewheel.ocx
2012-04-21 01:32 . 2004-03-09 07:00 212240 ----a-w- c:\windows\SysWow64\richtx32.ocx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 08:46 . 2012-05-12 01:01 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{87033A04-AF82-4396-A8AB-9112AE7B3BA0}\mpengine.dll
2012-04-04 22:56 . 2011-03-19 23:21 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 17:40 . 2011-06-03 23:05 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 03:54 . 2012-03-08 03:54 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-3\Microsoft.MediaCenter.Sports.UI.dll
2012-03-08 03:53 . 2010-05-19 02:03 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-03-08 03:53 . 2010-05-19 02:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-08 03:53 . 2010-02-27 06:49 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Seth\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-06-10 244208]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MediaFace Integration"="c:\program files (x86)\Fellowes\MediaFACE 4.2\SetHook.exe" [2005-03-28 53248]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1484856]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
RollerCoaster Tycoon 3_ Wild Registration.lnk - c:\users\Seth\AppData\Local\Temp\{85813D38-1733-4D55-88E8-A7A6FDD24880}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-06-01 244840]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-06-01 148520]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-05-06 583360]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7834656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: usc.edu\sslvpn2
TCP: DhcpNameServer = 192.168.1.254
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://sslvpn2.usc.edu/CACHE/stc/10/binaries/vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{7322D736-AA5F-4DD0-8E33-EA48318CC276}\delldock.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-05-17 05:52:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-17 12:52
.
Pre-Run: 81,649,987,584 bytes free
Post-Run: 86,941,462,528 bytes free
.
- - End Of File - - 56E67A625658E4647FC7D1BC781B87AF


2) Some issues that occurred:

When I first ran combofix it said that McAfee's scanning (antispyware and antivirus) were On, when I made sure I manually diabled them. It kept telling me this, so I went into Task Manager and stopped McAfee. As you can see on the report above it also says Windows Defender was running, but that was not the case either. Anyways, I rank combofix and restarted due to the "illegal operation..." message

3) OKay, so it's running better. Mcafee initially had all items a go (real time scanning firewall, etc were listed as active/on...). I checked and I can open windows defender now and checked that my windows firewall is on, and it is (before I couldn't even get to either of these)

Then... as I was going to IE to post this, Mcafee once again said "my computer is at risk" and I can't turn on my real-time scanning or scan my PC for anything. It just turns on, and a few minutes later, the real-time scanning turns off (this is improved, as when I used to turn it on, it turned off immediately)

So, looks better, but I am suspicious there is something still going on...

Thanks again for your help, this seems promising...

Me

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 16 May 2012 - 09:11 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 docsethp

docsethp
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 16 May 2012 - 10:11 PM

Hi Again

Thanks for the quick reply, really appreciate your help. TDDS didn't find anything, aswMBR found 2 "infected" files

TDDS:

10:00:00.0337 5728 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
10:00:01.0070 5728 ============================================================
10:00:01.0070 5728 Current date / time: 2012/05/17 10:00:01.0070
10:00:01.0070 5728 SystemInfo:
10:00:01.0070 5728
10:00:01.0070 5728 OS Version: 6.1.7601 ServicePack: 1.0
10:00:01.0070 5728 Product type: Workstation
10:00:01.0070 5728 ComputerName: SETH-PC
10:00:01.0070 5728 UserName: Seth
10:00:01.0070 5728 Windows directory: C:\Windows
10:00:01.0070 5728 System windows directory: C:\Windows
10:00:01.0070 5728 Running under WOW64
10:00:01.0070 5728 Processor architecture: Intel x64
10:00:01.0070 5728 Number of processors: 4
10:00:01.0070 5728 Page size: 0x1000
10:00:01.0070 5728 Boot type: Normal boot
10:00:01.0070 5728 ============================================================
10:00:02.0053 5728 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:00:02.0069 5728 ============================================================
10:00:02.0069 5728 \Device\Harddisk0\DR0:
10:00:02.0069 5728 MBR partitions:
10:00:02.0069 5728 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1539000
10:00:02.0069 5728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1554800, BlocksNum 0x49303000
10:00:02.0069 5728 ============================================================
10:00:02.0084 5728 C: <-> \Device\Harddisk0\DR0\Partition1
10:00:02.0084 5728 ============================================================
10:00:02.0084 5728 Initialize success
10:00:02.0084 5728 ============================================================
10:00:16.0109 0744 ============================================================
10:00:16.0109 0744 Scan started
10:00:16.0109 0744 Mode: Manual;
10:00:16.0109 0744 ============================================================
10:00:16.0967 0744 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:00:16.0967 0744 1394ohci - ok
10:00:17.0029 0744 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:00:17.0029 0744 ACPI - ok
10:00:17.0076 0744 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:00:17.0076 0744 AcpiPmi - ok
10:00:17.0123 0744 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:00:17.0138 0744 adp94xx - ok
10:00:17.0169 0744 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:00:17.0169 0744 adpahci - ok
10:00:17.0201 0744 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:00:17.0216 0744 adpu320 - ok
10:00:17.0232 0744 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:00:17.0232 0744 AeLookupSvc - ok
10:00:17.0279 0744 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
10:00:17.0294 0744 AERTFilters - ok
10:00:17.0357 0744 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:00:17.0357 0744 AFD - ok
10:00:17.0403 0744 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:00:17.0403 0744 agp440 - ok
10:00:17.0419 0744 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:00:17.0419 0744 ALG - ok
10:00:17.0419 0744 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:00:17.0435 0744 aliide - ok
10:00:17.0435 0744 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:00:17.0435 0744 amdide - ok
10:00:17.0466 0744 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:00:17.0466 0744 AmdK8 - ok
10:00:17.0481 0744 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:00:17.0481 0744 AmdPPM - ok
10:00:17.0513 0744 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:00:17.0513 0744 amdsata - ok
10:00:17.0528 0744 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:00:17.0544 0744 amdsbs - ok
10:00:17.0575 0744 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:00:17.0575 0744 amdxata - ok
10:00:17.0606 0744 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:00:17.0606 0744 AppID - ok
10:00:17.0622 0744 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:00:17.0622 0744 AppIDSvc - ok
10:00:17.0700 0744 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:00:17.0700 0744 Appinfo - ok
10:00:17.0778 0744 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:00:17.0778 0744 Apple Mobile Device - ok
10:00:17.0809 0744 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:00:17.0809 0744 arc - ok
10:00:17.0825 0744 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:00:17.0825 0744 arcsas - ok
10:00:17.0856 0744 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:00:17.0856 0744 AsyncMac - ok
10:00:17.0918 0744 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:00:17.0918 0744 atapi - ok
10:00:17.0981 0744 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:00:17.0981 0744 AudioEndpointBuilder - ok
10:00:17.0996 0744 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:00:17.0996 0744 AudioSrv - ok
10:00:18.0043 0744 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:00:18.0059 0744 AxInstSV - ok
10:00:18.0090 0744 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:00:18.0105 0744 b06bdrv - ok
10:00:18.0152 0744 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:00:18.0152 0744 b57nd60a - ok
10:00:18.0199 0744 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:00:18.0199 0744 BDESVC - ok
10:00:18.0215 0744 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:00:18.0215 0744 Beep - ok
10:00:18.0308 0744 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:00:18.0324 0744 BFE - ok
10:00:18.0417 0744 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:00:18.0417 0744 BITS - ok
10:00:18.0449 0744 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:00:18.0449 0744 blbdrive - ok
10:00:18.0558 0744 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:00:18.0558 0744 Bonjour Service - ok
10:00:18.0605 0744 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:00:18.0605 0744 bowser - ok
10:00:18.0636 0744 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:00:18.0636 0744 BrFiltLo - ok
10:00:18.0636 0744 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:00:18.0636 0744 BrFiltUp - ok
10:00:18.0683 0744 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:00:18.0683 0744 BridgeMP - ok
10:00:18.0729 0744 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:00:18.0729 0744 Browser - ok
10:00:18.0745 0744 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:00:18.0761 0744 Brserid - ok
10:00:18.0776 0744 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:00:18.0776 0744 BrSerWdm - ok
10:00:18.0792 0744 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:00:18.0792 0744 BrUsbMdm - ok
10:00:18.0792 0744 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:00:18.0792 0744 BrUsbSer - ok
10:00:18.0823 0744 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:00:18.0823 0744 BTHMODEM - ok
10:00:18.0839 0744 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:00:18.0839 0744 bthserv - ok
10:00:18.0854 0744 catchme - ok
10:00:18.0885 0744 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:00:18.0885 0744 cdfs - ok
10:00:18.0932 0744 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:00:18.0948 0744 cdrom - ok
10:00:19.0010 0744 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:00:19.0010 0744 CertPropSvc - ok
10:00:19.0057 0744 cfwids (3b8a124d87ee9d229d1f07f518da9a4c) C:\Windows\system32\drivers\cfwids.sys
10:00:19.0057 0744 cfwids - ok
10:00:19.0073 0744 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:00:19.0073 0744 circlass - ok
10:00:19.0104 0744 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:00:19.0119 0744 CLFS - ok
10:00:19.0182 0744 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:00:19.0182 0744 clr_optimization_v2.0.50727_32 - ok
10:00:19.0213 0744 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:00:19.0213 0744 clr_optimization_v2.0.50727_64 - ok
10:00:19.0291 0744 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:00:19.0307 0744 clr_optimization_v4.0.30319_32 - ok
10:00:19.0338 0744 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:00:19.0338 0744 clr_optimization_v4.0.30319_64 - ok
10:00:19.0369 0744 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:00:19.0369 0744 CmBatt - ok
10:00:19.0416 0744 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:00:19.0416 0744 cmdide - ok
10:00:19.0463 0744 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:00:19.0478 0744 CNG - ok
10:00:19.0494 0744 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:00:19.0494 0744 Compbatt - ok
10:00:19.0556 0744 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:00:19.0556 0744 CompositeBus - ok
10:00:19.0556 0744 COMSysApp - ok
10:00:19.0587 0744 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:00:19.0587 0744 crcdisk - ok
10:00:19.0634 0744 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:00:19.0634 0744 CryptSvc - ok
10:00:19.0697 0744 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:00:19.0697 0744 DcomLaunch - ok
10:00:19.0743 0744 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:00:19.0743 0744 defragsvc - ok
10:00:19.0821 0744 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:00:19.0821 0744 DfsC - ok
10:00:19.0884 0744 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:00:19.0884 0744 Dhcp - ok
10:00:19.0899 0744 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:00:19.0899 0744 discache - ok
10:00:19.0915 0744 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:00:19.0915 0744 Disk - ok
10:00:19.0931 0744 dlbt_device - ok
10:00:19.0993 0744 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:00:19.0993 0744 Dnscache - ok
10:00:20.0040 0744 DockLoginService - ok
10:00:20.0102 0744 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:00:20.0118 0744 dot3svc - ok
10:00:20.0165 0744 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:00:20.0165 0744 DPS - ok
10:00:20.0180 0744 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:00:20.0180 0744 drmkaud - ok
10:00:20.0289 0744 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:00:20.0289 0744 DXGKrnl - ok
10:00:20.0305 0744 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:00:20.0321 0744 EapHost - ok
10:00:20.0492 0744 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:00:20.0539 0744 ebdrv - ok
10:00:20.0648 0744 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:00:20.0648 0744 EFS - ok
10:00:20.0711 0744 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:00:20.0711 0744 ehRecvr - ok
10:00:20.0742 0744 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:00:20.0742 0744 ehSched - ok
10:00:20.0804 0744 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:00:20.0820 0744 elxstor - ok
10:00:20.0867 0744 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:00:20.0867 0744 ErrDev - ok
10:00:20.0898 0744 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:00:20.0913 0744 EventSystem - ok
10:00:20.0929 0744 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:00:20.0945 0744 exfat - ok
10:00:20.0960 0744 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:00:20.0976 0744 fastfat - ok
10:00:21.0054 0744 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:00:21.0069 0744 Fax - ok
10:00:21.0085 0744 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:00:21.0085 0744 fdc - ok
10:00:21.0101 0744 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:00:21.0116 0744 fdPHost - ok
10:00:21.0116 0744 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:00:21.0116 0744 FDResPub - ok
10:00:21.0132 0744 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:00:21.0132 0744 FileInfo - ok
10:00:21.0147 0744 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:00:21.0147 0744 Filetrace - ok
10:00:21.0210 0744 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:00:21.0225 0744 FLEXnet Licensing Service - ok
10:00:21.0241 0744 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:00:21.0241 0744 flpydisk - ok
10:00:21.0288 0744 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:00:21.0288 0744 FltMgr - ok
10:00:21.0397 0744 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:00:21.0397 0744 FontCache - ok
10:00:21.0459 0744 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:00:21.0475 0744 FontCache3.0.0.0 - ok
10:00:21.0491 0744 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:00:21.0506 0744 FsDepends - ok
10:00:21.0537 0744 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:00:21.0537 0744 Fs_Rec - ok
10:00:21.0615 0744 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:00:21.0615 0744 fvevol - ok
10:00:21.0631 0744 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:00:21.0631 0744 gagp30kx - ok
10:00:21.0662 0744 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:00:21.0662 0744 GEARAspiWDM - ok
10:00:21.0709 0744 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
10:00:21.0709 0744 GoToAssist - ok
10:00:21.0787 0744 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:00:21.0787 0744 gpsvc - ok
10:00:21.0803 0744 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:00:21.0803 0744 hcw85cir - ok
10:00:21.0865 0744 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:00:21.0865 0744 HDAudBus - ok
10:00:21.0881 0744 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:00:21.0881 0744 HidBatt - ok
10:00:21.0896 0744 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:00:21.0896 0744 HidBth - ok
10:00:21.0912 0744 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:00:21.0912 0744 HidIr - ok
10:00:21.0943 0744 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:00:21.0943 0744 hidserv - ok
10:00:21.0959 0744 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:00:21.0959 0744 HidUsb - ok
10:00:22.0005 0744 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:00:22.0005 0744 hkmsvc - ok
10:00:22.0052 0744 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:00:22.0068 0744 HomeGroupListener - ok
10:00:22.0115 0744 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:00:22.0115 0744 HomeGroupProvider - ok
10:00:22.0161 0744 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:00:22.0161 0744 HpSAMD - ok
10:00:22.0239 0744 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:00:22.0255 0744 HTTP - ok
10:00:22.0302 0744 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:00:22.0302 0744 hwpolicy - ok
10:00:22.0380 0744 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:00:22.0380 0744 i8042prt - ok
10:00:22.0427 0744 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
10:00:22.0442 0744 iaStor - ok
10:00:22.0520 0744 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:00:22.0536 0744 iaStorV - ok
10:00:22.0629 0744 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:00:22.0645 0744 idsvc - ok
10:00:23.0129 0744 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:00:23.0253 0744 igfx - ok
10:00:23.0331 0744 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:00:23.0331 0744 iirsp - ok
10:00:23.0409 0744 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:00:23.0425 0744 IKEEXT - ok
10:00:23.0519 0744 IntcAzAudAddService (f2b52c7b1c8e6a4fc4c4564f4a421f23) C:\Windows\system32\drivers\RTKVHD64.sys
10:00:23.0534 0744 IntcAzAudAddService - ok
10:00:23.0597 0744 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
10:00:23.0597 0744 IntcHdmiAddService - ok
10:00:23.0643 0744 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:00:23.0643 0744 intelide - ok
10:00:23.0675 0744 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:00:23.0675 0744 intelppm - ok
10:00:23.0690 0744 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:00:23.0706 0744 IPBusEnum - ok
10:00:23.0768 0744 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:00:23.0768 0744 IpFilterDriver - ok
10:00:23.0877 0744 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:00:23.0877 0744 iphlpsvc - ok
10:00:23.0924 0744 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:00:23.0924 0744 IPMIDRV - ok
10:00:23.0971 0744 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:00:23.0971 0744 IPNAT - ok
10:00:24.0111 0744 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
10:00:24.0127 0744 iPod Service - ok
10:00:24.0143 0744 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:00:24.0158 0744 IRENUM - ok
10:00:24.0158 0744 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:00:24.0158 0744 isapnp - ok
10:00:24.0221 0744 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:00:24.0236 0744 iScsiPrt - ok
10:00:24.0283 0744 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:00:24.0283 0744 kbdclass - ok
10:00:24.0330 0744 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:00:24.0330 0744 kbdhid - ok
10:00:24.0377 0744 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:00:24.0377 0744 KeyIso - ok
10:00:24.0408 0744 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:00:24.0423 0744 KSecDD - ok
10:00:24.0470 0744 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:00:24.0470 0744 KSecPkg - ok
10:00:24.0501 0744 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:00:24.0501 0744 ksthunk - ok
10:00:24.0548 0744 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:00:24.0564 0744 KtmRm - ok
10:00:24.0595 0744 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:00:24.0611 0744 LanmanServer - ok
10:00:24.0657 0744 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:00:24.0657 0744 LanmanWorkstation - ok
10:00:24.0689 0744 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:00:24.0689 0744 lltdio - ok
10:00:24.0735 0744 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:00:24.0735 0744 lltdsvc - ok
10:00:24.0751 0744 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:00:24.0751 0744 lmhosts - ok
10:00:24.0782 0744 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:00:24.0782 0744 LSI_FC - ok
10:00:24.0798 0744 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:00:24.0798 0744 LSI_SAS - ok
10:00:24.0829 0744 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:00:24.0829 0744 LSI_SAS2 - ok
10:00:24.0829 0744 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:00:24.0845 0744 LSI_SCSI - ok
10:00:24.0876 0744 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:00:24.0876 0744 luafv - ok
10:00:24.0954 0744 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
10:00:24.0954 0744 MBAMProtector - ok
10:00:25.0079 0744 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:00:25.0079 0744 MBAMService - ok
10:00:25.0235 0744 McAfee SiteAdvisor Service (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:00:25.0235 0744 McAfee SiteAdvisor Service - ok
10:00:25.0235 0744 McMPFSvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:00:25.0250 0744 McMPFSvc - ok
10:00:25.0250 0744 mcmscsvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:00:25.0250 0744 mcmscsvc - ok
10:00:25.0250 0744 McNaiAnn (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:00:25.0266 0744 McNaiAnn - ok
10:00:25.0266 0744 McNASvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:00:25.0266 0744 McNASvc - ok
10:00:25.0344 0744 McODS (3809b77eb1734cd5fb317425f188abc1) C:\Program Files\McAfee\VirusScan\mcods.exe
10:00:25.0359 0744 McODS - ok
10:00:25.0359 0744 McProxy (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:00:25.0359 0744 McProxy - ok
10:00:25.0422 0744 McShield (be7802cfab44b613ac1a20aec1d45b87) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
10:00:25.0437 0744 McShield - ok
10:00:25.0531 0744 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:00:25.0531 0744 Mcx2Svc - ok
10:00:25.0562 0744 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:00:25.0578 0744 megasas - ok
10:00:25.0593 0744 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:00:25.0609 0744 MegaSR - ok
10:00:25.0656 0744 mfeapfk (0d8a2ccd9fb7a18114ffa13bb681f362) C:\Windows\system32\drivers\mfeapfk.sys
10:00:25.0656 0744 mfeapfk - ok
10:00:25.0687 0744 mfeavfk (58e891f01db2b41ef1a1296fe63ed74c) C:\Windows\system32\drivers\mfeavfk.sys
10:00:25.0687 0744 mfeavfk - ok
10:00:25.0703 0744 mfeavfk01 - ok
10:00:25.0718 0744 mfefire (656ef23f7d0738dac975036d6bdde036) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
10:00:25.0718 0744 mfefire - ok
10:00:25.0749 0744 mfefirek (74c4bf6c59a8a900c25ee892d3771f73) C:\Windows\system32\drivers\mfefirek.sys
10:00:25.0749 0744 mfefirek - ok
10:00:25.0781 0744 mfehidk (bcd060ddc1ea7d2f84e75d17c8e2c88c) C:\Windows\system32\drivers\mfehidk.sys
10:00:25.0781 0744 mfehidk - ok
10:00:25.0796 0744 mfenlfk (27f5b2b6261d018cbce0f2250d812be5) C:\Windows\system32\DRIVERS\mfenlfk.sys
10:00:25.0796 0744 mfenlfk - ok
10:00:25.0827 0744 mferkdet (537d31cf8d41222be5bfa56a5ec35ceb) C:\Windows\system32\drivers\mferkdet.sys
10:00:25.0827 0744 mferkdet - ok
10:00:25.0952 0744 mfevtp (5f9f24654ac493970d678ec7b1e3df93) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
10:00:25.0952 0744 mfevtp - ok
10:00:25.0983 0744 mfewfpk (5c07cb165074c6114616d8473cdd0938) C:\Windows\system32\drivers\mfewfpk.sys
10:00:25.0983 0744 mfewfpk - ok
10:00:25.0999 0744 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:00:26.0015 0744 MMCSS - ok
10:00:26.0030 0744 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:00:26.0030 0744 Modem - ok
10:00:26.0061 0744 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:00:26.0061 0744 monitor - ok
10:00:26.0124 0744 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:00:26.0124 0744 mouclass - ok
10:00:26.0155 0744 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:00:26.0155 0744 mouhid - ok
10:00:26.0217 0744 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:00:26.0217 0744 mountmgr - ok
10:00:26.0264 0744 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:00:26.0280 0744 mpio - ok
10:00:26.0311 0744 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:00:26.0311 0744 mpsdrv - ok
10:00:26.0405 0744 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:00:26.0420 0744 MpsSvc - ok
10:00:26.0483 0744 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:00:26.0483 0744 MRxDAV - ok
10:00:26.0529 0744 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:00:26.0545 0744 mrxsmb - ok
10:00:26.0607 0744 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:00:26.0607 0744 mrxsmb10 - ok
10:00:26.0623 0744 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:00:26.0623 0744 mrxsmb20 - ok
10:00:26.0685 0744 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:00:26.0685 0744 msahci - ok
10:00:26.0748 0744 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:00:26.0748 0744 msdsm - ok
10:00:26.0779 0744 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:00:26.0795 0744 MSDTC - ok
10:00:26.0810 0744 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:00:26.0810 0744 Msfs - ok
10:00:26.0826 0744 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:00:26.0826 0744 mshidkmdf - ok
10:00:26.0873 0744 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:00:26.0873 0744 msisadrv - ok
10:00:26.0919 0744 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:00:26.0935 0744 MSiSCSI - ok
10:00:26.0935 0744 msiserver - ok
10:00:27.0153 0744 MSK80Service (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
10:00:27.0153 0744 MSK80Service - ok
10:00:27.0169 0744 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:00:27.0169 0744 MSKSSRV - ok
10:00:27.0200 0744 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:00:27.0200 0744 MSPCLOCK - ok
10:00:27.0200 0744 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:00:27.0200 0744 MSPQM - ok
10:00:27.0278 0744 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:00:27.0278 0744 MsRPC - ok
10:00:27.0294 0744 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:00:27.0294 0744 mssmbios - ok
10:00:27.0309 0744 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:00:27.0309 0744 MSTEE - ok
10:00:27.0325 0744 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:00:27.0325 0744 MTConfig - ok
10:00:27.0341 0744 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:00:27.0341 0744 Mup - ok
10:00:27.0419 0744 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:00:27.0419 0744 napagent - ok
10:00:27.0465 0744 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:00:27.0481 0744 NativeWifiP - ok
10:00:27.0543 0744 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:00:27.0543 0744 NDIS - ok
10:00:27.0575 0744 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:00:27.0575 0744 NdisCap - ok
10:00:27.0590 0744 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:00:27.0606 0744 NdisTapi - ok
10:00:27.0653 0744 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:00:27.0653 0744 Ndisuio - ok
10:00:27.0699 0744 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:00:27.0715 0744 NdisWan - ok
10:00:27.0777 0744 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:00:27.0777 0744 NDProxy - ok
10:00:27.0793 0744 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:00:27.0793 0744 NetBIOS - ok
10:00:27.0840 0744 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:00:27.0840 0744 NetBT - ok
10:00:27.0887 0744 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:00:27.0887 0744 Netlogon - ok
10:00:27.0933 0744 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:00:27.0933 0744 Netman - ok
10:00:27.0965 0744 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:00:27.0965 0744 netprofm - ok
10:00:28.0027 0744 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:00:28.0027 0744 NetTcpPortSharing - ok
10:00:28.0043 0744 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:00:28.0043 0744 nfrd960 - ok
10:00:28.0089 0744 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:00:28.0105 0744 NlaSvc - ok
10:00:28.0121 0744 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:00:28.0121 0744 Npfs - ok
10:00:28.0121 0744 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:00:28.0121 0744 nsi - ok
10:00:28.0136 0744 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:00:28.0136 0744 nsiproxy - ok
10:00:28.0261 0744 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:00:28.0292 0744 Ntfs - ok
10:00:28.0355 0744 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:00:28.0355 0744 Null - ok
10:00:28.0401 0744 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:00:28.0417 0744 nvraid - ok
10:00:28.0448 0744 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:00:28.0464 0744 nvstor - ok
10:00:28.0479 0744 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:00:28.0495 0744 nv_agp - ok
10:00:28.0604 0744 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:00:28.0620 0744 odserv - ok
10:00:28.0682 0744 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:00:28.0682 0744 ohci1394 - ok
10:00:28.0698 0744 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:00:28.0713 0744 ose - ok
10:00:28.0760 0744 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:00:28.0760 0744 p2pimsvc - ok
10:00:28.0807 0744 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:00:28.0807 0744 p2psvc - ok
10:00:28.0838 0744 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:00:28.0838 0744 Parport - ok
10:00:28.0869 0744 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:00:28.0869 0744 partmgr - ok
10:00:28.0901 0744 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:00:28.0901 0744 PcaSvc - ok
10:00:28.0932 0744 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:00:28.0932 0744 pci - ok
10:00:28.0963 0744 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:00:28.0963 0744 pciide - ok
10:00:28.0994 0744 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:00:29.0010 0744 pcmcia - ok
10:00:29.0025 0744 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:00:29.0025 0744 pcw - ok
10:00:29.0057 0744 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:00:29.0072 0744 PEAUTH - ok
10:00:29.0135 0744 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:00:29.0135 0744 PerfHost - ok
10:00:29.0306 0744 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:00:29.0337 0744 pla - ok
10:00:29.0415 0744 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:00:29.0431 0744 PlugPlay - ok
10:00:29.0447 0744 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:00:29.0447 0744 PNRPAutoReg - ok
10:00:29.0478 0744 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:00:29.0478 0744 PNRPsvc - ok
10:00:29.0509 0744 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:00:29.0525 0744 PolicyAgent - ok
10:00:29.0556 0744 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:00:29.0556 0744 Power - ok
10:00:29.0634 0744 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:00:29.0634 0744 PptpMiniport - ok
10:00:29.0665 0744 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:00:29.0665 0744 Processor - ok
10:00:29.0696 0744 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:00:29.0696 0744 ProfSvc - ok
10:00:29.0743 0744 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:00:29.0743 0744 ProtectedStorage - ok
10:00:29.0805 0744 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:00:29.0805 0744 Psched - ok
10:00:29.0837 0744 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:00:29.0837 0744 PxHlpa64 - ok
10:00:29.0930 0744 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:00:29.0946 0744 ql2300 - ok
10:00:30.0024 0744 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:00:30.0024 0744 ql40xx - ok
10:00:30.0055 0744 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:00:30.0071 0744 QWAVE - ok
10:00:30.0086 0744 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:00:30.0086 0744 QWAVEdrv - ok
10:00:30.0102 0744 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:00:30.0102 0744 RasAcd - ok
10:00:30.0133 0744 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:00:30.0133 0744 RasAgileVpn - ok
10:00:30.0149 0744 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:00:30.0164 0744 RasAuto - ok
10:00:30.0211 0744 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:00:30.0211 0744 Rasl2tp - ok
10:00:30.0258 0744 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:00:30.0273 0744 RasMan - ok
10:00:30.0289 0744 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:00:30.0289 0744 RasPppoe - ok
10:00:30.0320 0744 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:00:30.0320 0744 RasSstp - ok
10:00:30.0383 0744 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:00:30.0383 0744 rdbss - ok
10:00:30.0398 0744 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:00:30.0398 0744 rdpbus - ok
10:00:30.0414 0744 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:00:30.0414 0744 RDPCDD - ok
10:00:30.0445 0744 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:00:30.0445 0744 RDPENCDD - ok
10:00:30.0461 0744 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:00:30.0461 0744 RDPREFMP - ok
10:00:30.0492 0744 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:00:30.0507 0744 RDPWD - ok
10:00:30.0554 0744 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:00:30.0554 0744 rdyboost - ok
10:00:30.0601 0744 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:00:30.0601 0744 RemoteAccess - ok
10:00:30.0617 0744 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:00:30.0632 0744 RemoteRegistry - ok
10:00:30.0726 0744 RoxLiveShare10 (e0bef062c8950b698e3d79df432ad250) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
10:00:30.0726 0744 RoxLiveShare10 - ok
10:00:30.0788 0744 RoxMediaDB10 (8475cef8c9c7de0918c61235ed06606a) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
10:00:30.0804 0744 RoxMediaDB10 - ok
10:00:30.0835 0744 RoxWatch10 (5ab029b4cf15e5fd7bba73694856c477) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
10:00:30.0835 0744 RoxWatch10 - ok
10:00:30.0897 0744 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:00:30.0897 0744 RpcEptMapper - ok
10:00:30.0929 0744 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:00:30.0929 0744 RpcLocator - ok
10:00:30.0991 0744 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:00:30.0991 0744 RpcSs - ok
10:00:31.0038 0744 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:00:31.0038 0744 rspndr - ok
10:00:31.0085 0744 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:00:31.0100 0744 RTL8167 - ok
10:00:31.0147 0744 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:00:31.0147 0744 SamSs - ok
10:00:31.0178 0744 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:00:31.0178 0744 sbp2port - ok
10:00:31.0209 0744 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:00:31.0225 0744 SCardSvr - ok
10:00:31.0256 0744 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:00:31.0256 0744 scfilter - ok
10:00:31.0365 0744 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:00:31.0365 0744 Schedule - ok
10:00:31.0428 0744 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:00:31.0428 0744 SCPolicySvc - ok
10:00:31.0475 0744 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:00:31.0475 0744 SDRSVC - ok
10:00:31.0615 0744 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:00:31.0615 0744 SeaPort - ok
10:00:31.0662 0744 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:00:31.0662 0744 secdrv - ok
10:00:31.0709 0744 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:00:31.0709 0744 seclogon - ok
10:00:31.0724 0744 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:00:31.0724 0744 SENS - ok
10:00:31.0740 0744 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:00:31.0740 0744 SensrSvc - ok
10:00:31.0771 0744 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:00:31.0771 0744 Serenum - ok
10:00:31.0787 0744 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:00:31.0787 0744 Serial - ok
10:00:31.0833 0744 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:00:31.0833 0744 sermouse - ok
10:00:31.0911 0744 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:00:31.0927 0744 SessionEnv - ok
10:00:31.0943 0744 SessionLauncher - ok
10:00:31.0974 0744 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:00:31.0974 0744 sffdisk - ok
10:00:31.0989 0744 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:00:32.0005 0744 sffp_mmc - ok
10:00:32.0005 0744 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:00:32.0005 0744 sffp_sd - ok
10:00:32.0021 0744 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:00:32.0036 0744 sfloppy - ok
10:00:32.0083 0744 SftService (7f475425582163602ef1589c0071e521) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
10:00:32.0099 0744 SftService - ok
10:00:32.0145 0744 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:00:32.0145 0744 SharedAccess - ok
10:00:32.0223 0744 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:00:32.0223 0744 ShellHWDetection - ok
10:00:32.0270 0744 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:00:32.0270 0744 SiSRaid2 - ok
10:00:32.0286 0744 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:00:32.0286 0744 SiSRaid4 - ok
10:00:32.0317 0744 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:00:32.0333 0744 Smb - ok
10:00:32.0379 0744 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:00:32.0379 0744 SNMPTRAP - ok
10:00:32.0395 0744 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:00:32.0395 0744 spldr - ok
10:00:32.0473 0744 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:00:32.0473 0744 Spooler - ok
10:00:32.0691 0744 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:00:32.0723 0744 sppsvc - ok
10:00:32.0785 0744 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:00:32.0785 0744 sppuinotify - ok
10:00:32.0863 0744 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
10:00:32.0863 0744 sprtsvc_DellSupportCenter - ok
10:00:32.0925 0744 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:00:32.0941 0744 srv - ok
10:00:32.0957 0744 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:00:32.0957 0744 srv2 - ok
10:00:32.0988 0744 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:00:32.0988 0744 srvnet - ok
10:00:33.0019 0744 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:00:33.0019 0744 SSDPSRV - ok
10:00:33.0035 0744 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:00:33.0035 0744 SstpSvc - ok
10:00:33.0066 0744 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:00:33.0066 0744 stexstor - ok
10:00:33.0144 0744 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:00:33.0175 0744 stisvc - ok
10:00:33.0222 0744 stllssvr (5889618eebd7d2ff13c30d73fcff8cd0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
10:00:33.0222 0744 stllssvr - ok
10:00:33.0269 0744 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:00:33.0269 0744 swenum - ok
10:00:33.0300 0744 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:00:33.0300 0744 swprv - ok
10:00:33.0425 0744 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:00:33.0456 0744 SysMain - ok
10:00:33.0565 0744 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:00:33.0565 0744 TabletInputService - ok
10:00:33.0627 0744 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:00:33.0643 0744 TapiSrv - ok
10:00:33.0659 0744 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:00:33.0659 0744 TBS - ok
10:00:33.0799 0744 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:00:33.0815 0744 Tcpip - ok
10:00:33.0939 0744 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:00:33.0955 0744 TCPIP6 - ok
10:00:34.0017 0744 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:00:34.0017 0744 tcpipreg - ok
10:00:34.0049 0744 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:00:34.0049 0744 TDPIPE - ok
10:00:34.0111 0744 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:00:34.0111 0744 TDTCP - ok
10:00:34.0158 0744 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:00:34.0158 0744 tdx - ok
10:00:34.0205 0744 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:00:34.0205 0744 TermDD - ok
10:00:34.0283 0744 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:00:34.0298 0744 TermService - ok
10:00:34.0314 0744 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:00:34.0329 0744 Themes - ok
10:00:34.0345 0744 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:00:34.0345 0744 THREADORDER - ok
10:00:34.0361 0744 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:00:34.0361 0744 TrkWks - ok
10:00:34.0439 0744 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:00:34.0439 0744 TrustedInstaller - ok
10:00:34.0485 0744 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:00:34.0485 0744 tssecsrv - ok
10:00:34.0563 0744 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:00:34.0563 0744 TsUsbFlt - ok
10:00:34.0626 0744 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:00:34.0626 0744 tunnel - ok
10:00:34.0657 0744 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:00:34.0657 0744 uagp35 - ok
10:00:34.0719 0744 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:00:34.0719 0744 udfs - ok
10:00:34.0751 0744 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:00:34.0751 0744 UI0Detect - ok
10:00:34.0797 0744 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:00:34.0797 0744 uliagpkx - ok
10:00:34.0860 0744 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:00:34.0860 0744 umbus - ok
10:00:34.0875 0744 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:00:34.0875 0744 UmPass - ok
10:00:34.0907 0744 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:00:34.0907 0744 upnphost - ok
10:00:34.0953 0744 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
10:00:34.0953 0744 USBAAPL64 - ok
10:00:35.0016 0744 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:00:35.0016 0744 usbaudio - ok
10:00:35.0063 0744 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:00:35.0078 0744 usbccgp - ok
10:00:35.0141 0744 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:00:35.0141 0744 usbcir - ok
10:00:35.0187 0744 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:00:35.0187 0744 usbehci - ok
10:00:35.0203 0744 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:00:35.0219 0744 usbhub - ok
10:00:35.0234 0744 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
10:00:35.0234 0744 usbohci - ok
10:00:35.0265 0744 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:00:35.0265 0744 usbprint - ok
10:00:35.0281 0744 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:00:35.0281 0744 usbscan - ok
10:00:35.0297 0744 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:00:35.0312 0744 USBSTOR - ok
10:00:35.0328 0744 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
10:00:35.0328 0744 usbuhci - ok
10:00:35.0375 0744 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:00:35.0375 0744 UxSms - ok
10:00:35.0421 0744 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:00:35.0421 0744 VaultSvc - ok
10:00:35.0484 0744 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:00:35.0484 0744 vdrvroot - ok
10:00:35.0562 0744 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:00:35.0562 0744 vds - ok
10:00:35.0577 0744 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:00:35.0577 0744 vga - ok
10:00:35.0593 0744 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:00:35.0593 0744 VgaSave - ok
10:00:35.0640 0744 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:00:35.0655 0744 vhdmp - ok
10:00:35.0702 0744 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:00:35.0702 0744 viaide - ok
10:00:35.0718 0744 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:00:35.0718 0744 volmgr - ok
10:00:35.0780 0744 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:00:35.0796 0744 volmgrx - ok
10:00:35.0858 0744 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:00:35.0858 0744 volsnap - ok
10:00:35.0936 0744 vpnagent (caafa2333b428a12bfa97ecd389f59c5) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
10:00:35.0936 0744 vpnagent - ok
10:00:35.0983 0744 vpnva (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys
10:00:35.0983 0744 vpnva - ok
10:00:35.0999 0744 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:00:36.0014 0744 vsmraid - ok
10:00:36.0139 0744 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:00:36.0155 0744 VSS - ok
10:00:36.0233 0744 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:00:36.0233 0744 vwifibus - ok
10:00:36.0264 0744 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:00:36.0279 0744 W32Time - ok
10:00:36.0311 0744 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:00:36.0311 0744 WacomPen - ok
10:00:36.0389 0744 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:00:36.0389 0744 WANARP - ok
10:00:36.0404 0744 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:00:36.0404 0744 Wanarpv6 - ok
10:00:36.0513 0744 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:00:36.0529 0744 WatAdminSvc - ok
10:00:36.0654 0744 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:00:36.0669 0744 wbengine - ok
10:00:36.0747 0744 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:00:36.0763 0744 WbioSrvc - ok
10:00:36.0825 0744 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:00:36.0825 0744 wcncsvc - ok
10:00:36.0841 0744 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:00:36.0841 0744 WcsPlugInService - ok
10:00:36.0872 0744 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:00:36.0872 0744 Wd - ok
10:00:36.0935 0744 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
10:00:36.0935 0744 WDC_SAM - ok
10:00:36.0966 0744 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:00:36.0981 0744 Wdf01000 - ok
10:00:36.0997 0744 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:00:36.0997 0744 WdiServiceHost - ok
10:00:36.0997 0744 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:00:37.0013 0744 WdiSystemHost - ok
10:00:37.0059 0744 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:00:37.0059 0744 WebClient - ok
10:00:37.0091 0744 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:00:37.0091 0744 Wecsvc - ok
10:00:37.0106 0744 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:00:37.0106 0744 wercplsupport - ok
10:00:37.0137 0744 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:00:37.0137 0744 WerSvc - ok
10:00:37.0169 0744 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:00:37.0184 0744 WfpLwf - ok
10:00:37.0200 0744 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
10:00:37.0215 0744 WimFltr - ok
10:00:37.0231 0744 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:00:37.0231 0744 WIMMount - ok
10:00:37.0278 0744 WinDefend - ok
10:00:37.0278 0744 WinHttpAutoProxySvc - ok
10:00:37.0340 0744 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:00:37.0340 0744 Winmgmt - ok
10:00:37.0465 0744 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:00:37.0496 0744 WinRM - ok
10:00:37.0605 0744 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:00:37.0621 0744 WinUsb - ok
10:00:37.0683 0744 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:00:37.0699 0744 Wlansvc - ok
10:00:37.0902 0744 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:00:37.0917 0744 wlidsvc - ok
10:00:38.0027 0744 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:00:38.0042 0744 WmiAcpi - ok
10:00:38.0089 0744 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:00:38.0105 0744 wmiApSrv - ok
10:00:38.0120 0744 WMPNetworkSvc - ok
10:00:38.0136 0744 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:00:38.0136 0744 WPCSvc - ok
10:00:38.0198 0744 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:00:38.0198 0744 WPDBusEnum - ok
10:00:38.0214 0744 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:00:38.0214 0744 ws2ifsl - ok
10:00:38.0245 0744 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:00:38.0245 0744 wscsvc - ok
10:00:38.0245 0744 WSearch - ok
10:00:38.0401 0744 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:00:38.0432 0744 wuauserv - ok
10:00:38.0541 0744 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:00:38.0541 0744 WudfPf - ok
10:00:38.0573 0744 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:00:38.0588 0744 WUDFRd - ok
10:00:38.0635 0744 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:00:38.0635 0744 wudfsvc - ok
10:00:38.0666 0744 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:00:38.0666 0744 WwanSvc - ok
10:00:38.0729 0744 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
10:00:38.0729 0744 xusb21 - ok
10:00:38.0775 0744 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:00:38.0963 0744 \Device\Harddisk0\DR0 - ok
10:00:38.0978 0744 Boot (0x1200) (1d486370cbbaf9e4ced12f964fd7e94e) \Device\Harddisk0\DR0\Partition0
10:00:38.0978 0744 \Device\Harddisk0\DR0\Partition0 - ok
10:00:38.0978 0744 Boot (0x1200) (c6a7fa4c458a030d829340a2b3fa61f7) \Device\Harddisk0\DR0\Partition1
10:00:38.0994 0744 \Device\Harddisk0\DR0\Partition1 - ok
10:00:38.0994 0744 ============================================================
10:00:38.0994 0744 Scan finished
10:00:38.0994 0744 ============================================================
10:00:38.0994 1108 Detected object count: 0
10:00:38.0994 1108 Actual detected object count: 0


aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-17 10:01:18
-----------------------------
10:01:18.737 OS Version: Windows x64 6.1.7601 Service Pack 1
10:01:18.737 Number of processors: 4 586 0x170A
10:01:18.737 ComputerName: SETH-PC UserName: Seth
10:01:20.265 Initialize success
10:02:10.712 AVAST engine defs: 12051601
10:03:28.603 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:03:28.603 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
10:03:28.618 Disk 0 MBR read successfully
10:03:28.634 Disk 0 MBR scan
10:03:28.634 Disk 0 Windows 7 default MBR code
10:03:28.634 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
10:03:28.650 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10866 MB offset 112640
10:03:28.665 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 599558 MB offset 22366208
10:03:28.681 Disk 0 scanning C:\Windows\system32\drivers
10:03:38.431 Service scanning
10:03:57.744 Modules scanning
10:03:57.744 Disk 0 trace - called modules:
10:03:57.759 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:03:57.775 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ad5060]
10:03:57.775 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa80077f2e40]
10:03:57.791 5 ACPI.sys[fffff88000f357a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80077f7060]
10:03:59.616 AVAST engine scan C:\Windows
10:04:02.627 AVAST engine scan C:\Windows\system32
10:04:11.955 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
10:05:12.686 File: C:\Windows\system32\symtdi.dll **INFECTED** Win64:ZAccess-E [Rtk]
10:06:33.370 AVAST engine scan C:\Windows\system32\drivers
10:06:45.194 AVAST engine scan C:\Users\Seth
10:08:34.410 Disk 0 MBR has been saved successfully to "C:\Users\Seth\Desktop\MBR.dat"
10:08:34.426 The log file has been saved successfully to "C:\Users\Seth\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 16 May 2012 - 10:36 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Windows\system32\consrv.dll
C:\Windows\system32\symtdi.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 docsethp

docsethp
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 16 May 2012 - 11:14 PM

Hi Again

1/2) Ran combofix again but can't get report... In the middle of it generating the log, nothing happened. I waited >15 minutes for the log and nothing happened. I had to restart the computer since I got the "illegal operation..." notice

3) Firewall from windows appears on (although "managed by... ...Mcafee") when I look at settings

Unfortunately, McAfee starts, shows my firewall is on, but once again gives me the notice that "Real Time Scanning is Off"
about 2 minutes after starting the computer. When trying to turn it on, it automatically reverts to off again. When I try to run a manual scan... it says "An error occurred"

:-<

Thanks again

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 16 May 2012 - 11:20 PM

Hello

Ok lets try this, I want you to run the combofix script in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 docsethp

docsethp
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 17 May 2012 - 12:32 AM

Thanks - got it to work in safe mode and the reboot in the safe mode

When I restarted the computer to post this, I got a message from McAfee:
Program Wants Internet Access... detected program trying to accept incoming connections from the internet
Program: Akamai NetSession Client
Location: C:\users\seth\appdata\akamai\netsession_win.exe

I chose to Block it for now... When I did I get the mcafee computer at risk thingie with realtime scanning off..

Thanks again - Here is the combofix log:


ComboFix 12-05-16.02 - Seth 05/17/2012 11:59:58.3.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.7048 [GMT -7:00]
Running from: c:\users\Seth\Desktop\ComboFix.exe
Command switches used :: c:\users\Seth\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\consrv.dll"
c:\windows\system32\symtdi.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\consrv.dll
c:\windows\system32\symtdi.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 )))))))))))))))))))))))))))))))
.
.
2012-05-17 19:13 . 2012-05-17 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-14 03:46 . 2012-05-14 16:25 -------- d-----w- C:\FRST
2012-05-13 05:43 . 2012-05-13 05:43 -------- d-----w- c:\program files (x86)\ESET
2012-05-13 05:36 . 2012-05-14 04:08 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-13 05:15 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-13 05:15 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-13 05:15 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 05:15 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-13 05:15 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 05:14 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-13 05:14 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-13 05:14 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 05:14 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-13 05:14 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 05:14 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-13 05:13 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr(56).sys
2012-05-13 05:12 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 04:52 . 2012-05-13 11:58 16200 ----a-w- c:\windows\stinger.sys
2012-05-13 02:26 . 2012-05-14 04:12 -------- d-----w- c:\program files (x86)\stinger
2012-05-12 04:02 . 2012-05-12 04:02 -------- d-----we c:\windows\system64
2012-05-09 05:12 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-09 05:12 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-09 05:12 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-09 05:12 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-09 05:12 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-09 05:12 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-09 05:12 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-09 05:08 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-09 05:08 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-09 05:08 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-09 05:08 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-21 01:32 . 2012-04-21 01:32 -------- d-----w- c:\program files (x86)\DVD Flick
2012-04-21 01:32 . 2008-08-31 20:27 28672 ----a-w- c:\windows\SysWow64\mousewheel.ocx
2012-04-21 01:32 . 2004-03-09 07:00 212240 ----a-w- c:\windows\SysWow64\richtx32.ocx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 08:46 . 2012-05-12 01:01 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{87033A04-AF82-4396-A8AB-9112AE7B3BA0}\mpengine.dll
2012-04-04 22:56 . 2011-03-19 23:21 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 17:40 . 2011-06-03 23:05 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 03:54 . 2012-03-08 03:54 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-3\Microsoft.MediaCenter.Sports.UI.dll
2012-03-08 03:53 . 2010-05-19 02:03 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-03-08 03:53 . 2010-05-19 02:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-08 03:53 . 2010-02-27 06:49 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-17_12.42.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-01-14 23:03 . 2012-05-17 12:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-14 23:03 . 2012-05-17 18:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-14 23:03 . 2012-05-17 18:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-14 23:03 . 2012-05-17 12:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-14 23:03 . 2012-05-17 12:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-14 23:03 . 2012-05-17 18:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-14 23:03 . 2012-05-17 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-14 23:03 . 2012-05-17 12:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-14 23:03 . 2012-05-17 12:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-14 23:03 . 2012-05-17 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-17 19:14 . 2012-05-17 19:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-17 12:41 . 2012-05-17 12:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-17 12:41 . 2012-05-17 12:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-17 19:14 . 2012-05-17 19:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-05-17 12:40 312100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-17 18:50 312100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Seth\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-06-10 244208]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MediaFace Integration"="c:\program files (x86)\Fellowes\MediaFACE 4.2\SetHook.exe" [2005-03-28 53248]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1484856]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
RollerCoaster Tycoon 3_ Wild Registration.lnk - c:\users\Seth\AppData\Local\Temp\{85813D38-1733-4D55-88E8-A7A6FDD24880}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-06-01 244840]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-06-01 148520]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-05-06 583360]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7834656]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: usc.edu\sslvpn2
TCP: DhcpNameServer = 192.168.1.254
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://sslvpn2.usc.edu/CACHE/stc/10/binaries/vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-17 12:22:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-17 19:22
.
Pre-Run: 86,458,945,536 bytes free
Post-Run: 86,391,332,864 bytes free
.
- - End Of File - - 4F0E9A5A44AE9F298C52B8C52FBAFC6D

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 17 May 2012 - 12:48 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.5.1
Coupon Printer for Windows
Java™ 6 Update 29
SoulSeek 157 NS 13e
Vuze
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 docsethp

docsethp
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 17 May 2012 - 11:00 PM

Hi Gringo

I removed all programs. MBAM didn't find anything, here's the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-17 10:01:18
-----------------------------
10:01:18.737 OS Version: Windows x64 6.1.7601 Service Pack 1
10:01:18.737 Number of processors: 4 586 0x170A
10:01:18.737 ComputerName: SETH-PC UserName: Seth
10:01:20.265 Initialize success
10:02:10.712 AVAST engine defs: 12051601
10:03:28.603 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:03:28.603 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
10:03:28.618 Disk 0 MBR read successfully
10:03:28.634 Disk 0 MBR scan
10:03:28.634 Disk 0 Windows 7 default MBR code
10:03:28.634 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
10:03:28.650 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10866 MB offset 112640
10:03:28.665 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 599558 MB offset 22366208
10:03:28.681 Disk 0 scanning C:\Windows\system32\drivers
10:03:38.431 Service scanning
10:03:57.744 Modules scanning
10:03:57.744 Disk 0 trace - called modules:
10:03:57.759 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:03:57.775 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ad5060]
10:03:57.775 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa80077f2e40]
10:03:57.791 5 ACPI.sys[fffff88000f357a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80077f7060]
10:03:59.616 AVAST engine scan C:\Windows
10:04:02.627 AVAST engine scan C:\Windows\system32
10:04:11.955 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
10:05:12.686 File: C:\Windows\system32\symtdi.dll **INFECTED** Win64:ZAccess-E [Rtk]
10:06:33.370 AVAST engine scan C:\Windows\system32\drivers
10:06:45.194 AVAST engine scan C:\Users\Seth
10:08:34.410 Disk 0 MBR has been saved successfully to "C:\Users\Seth\Desktop\MBR.dat"
10:08:34.426 The log file has been saved successfully to "C:\Users\Seth\Desktop\aswMBR.txt"


When I rank Hijack this, I get the attached error message. When I do what they say, nothing is listed. I run the scan and save a log file, but it tells me cannot find... C:\programs\(x86)\TrendMicro\HiJackthis\hijackthis.log file. - regardless of what I send, I can't get the log. It lists a bunch of items, but can't get the log
to show anyways, and even when I say create a file, nothing is there. Notepad comes up empty.

I can run it and just to some printscreens if you'd like to show you the results of the Hijackthis log

As of now, McAfee still doesn't allow me to turn on real time scanning without it automatically turning off

Thanks!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users