Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Phantom" copies of iexplore.exe running


  • This topic is locked This topic is locked
18 replies to this topic

#1 zebadee

zebadee

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 21 May 2012 - 03:05 PM

Hi

For the past few weeks I've noticed that iexplore.exe starts itself & runs in background without any intervention.

I often "sleep" my laptop rather than perform a full shut-down. When I open the laptop, log in again, and check the processes in Windows Task Manager I invariably find 2 (sometimes 3) instances of iexplore.exe running in the background. It is only possible to get rid of these by clicking 'End Process Tree' on what I assume is the "master process". If the "wrong" instance is ended, another is immediately spawned.

I do NOT have any other symptoms of malware or virus infection, but I am very suspicious these processes.

(I do not generally use IExplorer - preferring Firefox & Chrome).

I am running Windows 7 Home Premium, Service Pack 1, 64bit O/S.

I hope you can help me work out if I am infected with something or not.

Thanks

Adam

==================================

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Adam at 20:31:02 on 2012-05-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4056.2598 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\adirasx64.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\tsnp2uvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://uk.yahoo.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120430132149.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [adiras] C:\Windows\adirasx64.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [snp2uvc] C:\Windows\vsnp2uvc.exe
mRun: [tsnp2uvc] C:\Windows\tsnp2uvc.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Adam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\METOFF~1.LNK - C:\Program Files (x86)\Met Office Desktop Widget\Met Office Desktop Widget.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D66C8D36-766B-46F0-865F-F0746ABE55A3} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E6A1CB54-D46A-4854-AA78-1E6320F5217E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E6A1CB54-D46A-4854-AA78-1E6320F5217E}\2456C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E6A1CB54-D46A-4854-AA78-1E6320F5217E}\265616E6379656 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E6A1CB54-D46A-4854-AA78-1E6320F5217E}\34F6F6B696E6760234F6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E6A1CB54-D46A-4854-AA78-1E6320F5217E}\3716E68616D60213E213 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E6A1CB54-D46A-4854-AA78-1E6320F5217E}\849676866796C6C656 : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120430132149.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [adiras] C:\Windows\adirasx64.exe
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [snp2uvc] C:\Windows\vsnp2uvc.exe
mRun-x64: [tsnp2uvc] C:\Windows\tsnp2uvc.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\39nctjgr.default\
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\39nctjgr.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-17 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-5-4 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-5-4 297008]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/11/20 15:07:36];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-11-20 146928]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-11-20 89600]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-5-1 181544]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-1 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-1 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-1 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-25 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-25 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-25 162192]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-5-4 976696]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-9-2 648432]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA009Ufd.sys --> C:\Windows\system32\DRIVERS\OA009Ufd.sys [?]
R3 OA009Vid;Creative Camera OA009 Function Driver;C:\Windows\system32\DRIVERS\OA009Vid.sys --> C:\Windows\system32\DRIVERS\OA009Vid.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
S2 ELOADER;General Purpose USB Driver (adildrx64.sys);C:\Windows\System32\drivers\adildrx64.sys [2009-11-4 58264]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-5 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-27 257696]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-5 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-11 129976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-20 20:38:24 -------- d-----w- C:\Users\Adam\AppData\Local\{E6A5E466-E1BA-45A5-8C07-D4274BF338AC}
2012-05-20 20:38:12 -------- d-----w- C:\Users\Adam\AppData\Local\{C26216E2-FAB3-4414-B314-3860B3E61FFD}
2012-05-20 17:25:57 -------- d-----w- C:\Users\Adam\AppData\Local\{860A0CFC-E3AC-499D-8905-538F509CD44A}
2012-05-20 08:14:20 -------- d-----w- C:\Users\Adam\AppData\Local\{FFC036E4-4950-48DD-82F3-9BE683C35D1E}
2012-05-20 08:14:09 -------- d-----w- C:\Users\Adam\AppData\Local\{E2D1F4CF-06A2-4507-B355-BB206777D017}
2012-05-19 12:39:47 -------- d-----w- C:\Users\Adam\AppData\Local\{A62198AE-1357-4376-9812-D2C8BAD5831C}
2012-05-19 12:39:36 -------- d-----w- C:\Users\Adam\AppData\Local\{AE3B9719-6606-4C73-9FE9-0A2024624FCB}
2012-05-18 21:47:16 -------- d-----w- C:\Users\Adam\AppData\Local\{2C4AFE22-D47F-4AFC-9418-B2A2700A8C93}
2012-05-18 21:47:04 -------- d-----w- C:\Users\Adam\AppData\Local\{F15342F3-F173-44B2-BCAA-9EDA3936D828}
2012-05-18 18:45:14 -------- d-----w- C:\Users\Adam\AppData\Local\{A90F8319-D327-44DA-889E-44D9956C77F3}
2012-05-18 18:45:02 -------- d-----w- C:\Users\Adam\AppData\Local\{8CB06F5D-D6EA-422A-A9D9-0611F3586E96}
2012-05-17 21:08:31 -------- d-----w- C:\Users\Adam\AppData\Local\{7DB7E61D-E1B1-4F21-AA8F-05C2A67FE9BF}
2012-05-17 21:08:19 -------- d-----w- C:\Users\Adam\AppData\Local\{EFFD32BF-634B-4C4A-90CD-E133AD1558A3}
2012-05-16 20:03:50 -------- d-----w- C:\Users\Adam\AppData\Local\{BDE85949-F8FC-49D7-B51E-C668F7098DB5}
2012-05-16 20:03:39 -------- d-----w- C:\Users\Adam\AppData\Local\{8B78A9E7-1E2E-462A-A21B-E88BF31A1D96}
2012-05-15 19:38:43 -------- d-----w- C:\Users\Adam\AppData\Local\{7F9292F6-6668-4B9B-B82E-375E4D10BBF9}
2012-05-15 19:38:31 -------- d-----w- C:\Users\Adam\AppData\Local\{4990E7A8-6135-40F8-950F-FB907BC2222F}
2012-05-14 22:48:44 -------- d-----w- C:\Users\Adam\AppData\Local\{69358EFD-A443-4B4D-B6C1-04721577B22B}
2012-05-14 22:48:32 -------- d-----w- C:\Users\Adam\AppData\Local\{D4C227B8-B478-443D-9B75-C7CECA943ED5}
2012-05-13 17:53:08 -------- d-----w- C:\Users\Adam\AppData\Local\{8A920490-4251-433B-803D-28BE482E17B4}
2012-05-13 17:52:56 -------- d-----w- C:\Users\Adam\AppData\Local\{5A5DB219-B3CE-4CC4-99FB-C9373A4D809C}
2012-05-13 16:14:51 -------- d-----w- C:\Users\Adam\AppData\Roaming\RealNetworks
2012-05-13 16:10:23 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2012-05-13 16:10:06 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-05-13 16:09:51 150696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-05-13 16:09:44 129144 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-05-12 21:21:03 -------- d-----w- C:\Users\Adam\AppData\Local\{D0AA6929-B500-4F04-ABC8-772CACB88D97}
2012-05-12 21:20:51 -------- d-----w- C:\Users\Adam\AppData\Local\{B8D2891F-EBDA-482C-8755-0857C040AD24}
2012-05-12 19:23:40 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-12 19:23:39 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 19:23:35 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-12 19:23:33 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-12 19:23:32 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-12 19:23:32 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-12 19:22:58 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-12 19:22:42 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 19:22:37 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 19:22:37 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 19:22:36 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 19:22:36 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-12 19:22:35 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 22:46:55 -------- d-----w- C:\Users\Adam\AppData\Local\{E8CAB4F8-83DA-44BB-9BC8-0B092D91650A}
2012-05-11 22:46:43 -------- d-----w- C:\Users\Adam\AppData\Local\{134592F9-EF32-430C-8B9C-7FFDF20BE5DA}
2012-05-11 21:47:26 -------- d-----w- C:\Users\Adam\AppData\Local\{6A812E04-DE9A-4209-8EB4-A1EADDB40E58}
2012-05-11 21:47:14 -------- d-----w- C:\Users\Adam\AppData\Local\{956AAC3F-4164-420C-9115-E2110F5F9AA4}
2012-05-10 19:16:49 -------- d-----w- C:\Users\Adam\AppData\Local\{A4719051-E389-4DF0-BAF0-FA12FCAFFA2E}
2012-05-10 19:16:37 -------- d-----w- C:\Users\Adam\AppData\Local\{17AA7B58-9ECF-4AEA-8220-5F0D69831829}
2012-05-09 21:18:47 -------- d-----w- C:\Users\Adam\AppData\Local\{0532105C-4EB4-4075-AC02-2CA34F97A50B}
2012-05-09 21:18:35 -------- d-----w- C:\Users\Adam\AppData\Local\{589DEA25-39AC-4CA6-AD48-2BEE7C5C3B55}
2012-05-09 06:41:25 -------- d-----w- C:\Users\Adam\AppData\Local\{67A8D9D6-5E7E-47B7-B7BB-44FA337988A0}
2012-05-09 06:41:13 -------- d-----w- C:\Users\Adam\AppData\Local\{9F3C70C6-2718-4D57-8B54-2047B788E0F3}
2012-05-08 22:06:07 -------- d-----w- C:\Users\Adam\AppData\Local\{0AC277D3-4DE7-4DD6-83A5-5A72AA28D8BC}
2012-05-08 22:05:56 -------- d-----w- C:\Users\Adam\AppData\Local\{9B07EB3D-7999-46DC-85BF-24A0837E1198}
2012-05-08 18:11:18 -------- d-----w- C:\Users\Adam\AppData\Local\{385F98F5-705B-4F6F-8E3D-B60FE45C454E}
2012-05-08 18:11:05 -------- d-----w- C:\Users\Adam\AppData\Local\{610794AB-9119-40AE-9999-B89D8C1D073B}
2012-05-06 20:12:48 -------- d-----w- C:\Users\Adam\AppData\Local\{86B335DE-BF23-47C1-8882-2B2E6DF5D731}
2012-05-06 20:12:36 -------- d-----w- C:\Users\Adam\AppData\Local\{981F8762-8926-4E3C-91B7-A1521FCF7F60}
2012-05-06 19:33:57 -------- d-----w- C:\Users\Adam\AppData\Local\{12870CAF-B50B-48FC-9A82-DC0B7AA113DF}
2012-05-06 19:33:45 -------- d-----w- C:\Users\Adam\AppData\Local\{D5465BF1-57A4-4724-8BB4-32957B9C8E8C}
2012-05-06 12:53:35 -------- d-----w- C:\Users\Adam\AppData\Local\{EC5CD142-E414-432F-B553-22865337C4E4}
2012-05-06 12:53:24 -------- d-----w- C:\Users\Adam\AppData\Local\{313081A4-454F-4DB4-A522-4978180CC960}
2012-05-06 11:31:37 -------- d-----w- C:\Users\Adam\AppData\Local\{1FA61EF0-33A6-41E3-B242-9ACDFB4164B6}
2012-05-06 11:31:25 -------- d-----w- C:\Users\Adam\AppData\Local\{7CAE2F85-F437-4392-8451-36DA1496306D}
2012-05-05 23:50:25 -------- d-----w- C:\Users\Adam\AppData\Local\{E0521F8E-DFF4-403D-BA0B-A6D05945BD7F}
2012-05-05 23:50:14 -------- d-----w- C:\Users\Adam\AppData\Local\{D00600E7-C84B-4F17-A53A-5DC52ED9078A}
2012-05-05 12:54:32 -------- d-----w- C:\Users\Adam\AppData\Local\{216AC0A0-E829-4FA1-8741-933B145848AC}
2012-05-05 12:54:21 -------- d-----w- C:\Users\Adam\AppData\Local\{3B84A4F6-BF5B-4F57-A48F-87CC3497E28B}
2012-05-01 21:00:10 -------- d-----w- C:\Users\Adam\AppData\Local\{2838C640-65C0-496F-BFC5-D11A45503693}
2012-05-01 20:59:58 -------- d-----w- C:\Users\Adam\AppData\Local\{EAC3D6FC-9E97-4BDA-93F2-8F8D5650EFEB}
2012-05-01 12:35:18 -------- d-----w- C:\Users\Adam\AppData\Local\{3D703785-5D42-4D00-861A-B80CBEA764E0}
2012-05-01 12:35:06 -------- d-----w- C:\Users\Adam\AppData\Local\{139EAF1D-E670-40FD-A72C-4B2820BE9B43}
2012-04-30 20:01:25 -------- d-----w- C:\Users\Adam\AppData\Local\{0C4D93F8-D52F-4D29-B670-DAC3B65361C5}
2012-04-30 20:01:13 -------- d-----w- C:\Users\Adam\AppData\Local\{D67F857C-6402-4A9B-BC0F-C47F2404F070}
2012-04-30 12:21:46 29272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-04-30 12:16:47 -------- d-----w- C:\Users\Adam\AppData\Local\{CA55CD29-EACB-49B7-A5AC-9E8E6345A9A3}
2012-04-30 12:16:35 -------- d-----w- C:\Users\Adam\AppData\Local\{F6C2C241-0453-43AF-9A30-84711D261074}
2012-04-28 12:41:26 -------- d-----w- C:\Users\Adam\AppData\Local\{83847269-0189-45D8-8EBE-00E33E2CA6A4}
2012-04-28 12:41:14 -------- d-----w- C:\Users\Adam\AppData\Local\{3AD4345E-ED36-4464-A098-191BC84EF0D0}
2012-04-28 12:35:44 -------- d-----w- C:\Users\Adam\AppData\Local\{68A4BAE8-1A25-4787-90D6-384F6D125D74}
2012-04-28 12:35:32 -------- d-----w- C:\Users\Adam\AppData\Local\{AA64FD0E-0F32-4783-B6ED-FFCC15C6BF40}
2012-04-27 20:48:19 -------- d-----w- C:\Users\Adam\AppData\Local\{94DE0371-FAA1-4EA6-8F0B-7E49AF34648D}
2012-04-27 20:48:07 -------- d-----w- C:\Users\Adam\AppData\Local\{7BC3D872-2F55-4154-8E94-170C0482A3D4}
2012-04-27 20:43:06 -------- d-----w- C:\Users\Adam\AppData\Local\{B1D8F777-C573-450E-9018-287BEFCC2E6C}
2012-04-27 20:42:53 -------- d-----w- C:\Users\Adam\AppData\Local\{755AE9CB-903E-4662-96CF-6A5CCB250797}
2012-04-27 16:04:20 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-26 23:48:13 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-26 23:05:16 -------- d-----w- C:\Users\Adam\AppData\Local\{6C720341-5370-4418-9B4C-BD9050A1A79E}
2012-04-26 23:05:03 -------- d-----w- C:\Users\Adam\AppData\Local\{AAEEA3B6-83AE-4F9E-9532-7AEB8C8454A0}
2012-04-26 16:58:31 -------- d-----w- C:\Users\Adam\AppData\Local\{0F4D69FE-FAA0-4D98-922F-F411918FB6A2}
2012-04-25 18:42:59 -------- d-----w- C:\Users\Adam\AppData\Local\{6F9AB053-6DE5-44AF-8D12-97EC957639D3}
2012-04-25 18:42:47 -------- d-----w- C:\Users\Adam\AppData\Local\{3F255200-FD16-49FA-8752-6D3BB57CE4D9}
2012-04-25 08:46:37 -------- d-----w- C:\Users\Adam\AppData\Local\{AF0BB2FC-8087-462D-979C-E0497B174B38}
2012-04-25 08:46:26 -------- d-----w- C:\Users\Adam\AppData\Local\{9B3945DF-15F7-42C9-9C3C-4B74D11E8832}
2012-04-24 13:59:32 -------- d-----w- C:\Users\Adam\AppData\Local\{7C9CB261-5992-494B-BD6A-39590C2CA480}
2012-04-24 13:59:21 -------- d-----w- C:\Users\Adam\AppData\Local\{6FB62739-5DB2-4501-8F19-B1925431DF7E}
2012-04-24 12:43:30 -------- d-----w- C:\Users\Adam\AppData\Local\{2CEE93E6-1565-4701-86DF-D680392B0A35}
2012-04-24 12:43:18 -------- d-----w- C:\Users\Adam\AppData\Local\{323FCF97-6B37-46BC-A83B-F3A2D97CADA6}
2012-04-23 20:21:22 -------- d-----w- C:\Users\Adam\AppData\Local\{AE3DEDC0-5F23-4C1B-9329-C93560E42C88}
2012-04-23 20:21:10 -------- d-----w- C:\Users\Adam\AppData\Local\{A439587D-9555-4B7F-B336-A1BA24E90204}
2012-04-21 21:55:52 -------- d-----w- C:\Users\Adam\AppData\Local\{BBB0843B-4D7E-401E-AD46-A0BA0AC9579C}
2012-04-21 21:55:41 -------- d-----w- C:\Users\Adam\AppData\Local\{FF6C76A9-94FD-4231-B4CF-1B01B02F126D}
.
==================== Find3M ====================
.
2012-05-13 16:09:30 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-05-13 16:09:30 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-05-05 13:04:29 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 07:41:12 101360 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-04-28 08:13:10 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-22 12:29:46 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-02-22 12:29:46 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-02-22 12:29:46 647208 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-02-22 12:29:46 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-02-22 12:29:46 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-02-22 12:29:46 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-02-22 12:29:46 160792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-02-22 12:29:46 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-02-22 12:29:46 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
.
============= FINISH: 20:32:26.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 21 May 2012 - 05:03 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 zebadee

zebadee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 22 May 2012 - 04:41 PM

Hi Gringo

Below are the dumps from running Security Check & Combofix.

Both ran without any problems.

Adam
-----------------------------------

Results of screen317's Security Check version 0.99.33
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee Virtual Technician
McAfee SecurityCenter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 31
Java version out of date!
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


-----------------------------------

ComboFix 12-05-22.02 - Adam 22/05/2012 22:13:48.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4056.2740 [GMT 1:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Adam\AppData\Local\TempDIR
c:\users\Adam\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\Adam\GoToAssistDownloadHelper.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 21:26 . 2012-05-22 21:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-13 16:10 . 2012-05-13 16:10 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2012-05-13 16:10 . 2012-05-13 16:10 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-05-13 16:09 . 2012-05-13 16:09 150696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-05-13 16:09 . 2012-05-13 16:09 129144 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-05-13 16:09 . 2012-05-13 16:10 -------- d-----w- c:\program files (x86)\Real
2012-05-12 19:23 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 19:23 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 19:23 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 19:23 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 19:23 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 19:23 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 19:22 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 19:22 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 19:22 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 19:22 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 19:22 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 19:22 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 19:22 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 22:15 . 2012-05-11 22:15 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-11 22:15 . 2012-05-11 22:15 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-11 22:10 . 2012-05-11 22:11 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-04-30 12:21 . 2012-03-20 12:06 29272 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
2012-04-28 08:13 . 2012-04-28 08:13 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-27 16:04 . 2012-05-05 13:04 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-26 23:48 . 2012-05-05 13:04 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-25 22:05 . 2012-04-25 22:05 -------- d-----w- c:\program files (x86)\PuTTY
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 16:09 . 2009-09-02 16:21 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-13 16:09 . 2009-09-02 16:21 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-05 13:04 . 2011-05-15 13:18 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 07:41 . 2011-10-11 21:55 101360 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-04-28 08:13 . 2010-05-06 16:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-01 06:46 . 2012-04-13 21:02 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-13 21:02 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-13 21:02 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-13 21:02 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-13 21:02 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-13 21:02 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 21:02 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-13 21:06 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-13 21:05 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-13 21:06 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-13 21:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-13 21:06 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-13 21:06 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 21:05 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-13 21:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"adiras"="c:\windows\adirasx64.exe" [2007-02-13 253008]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-06-01 320512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-05-13 296056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-11 559616]
.
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Met Office Desktop Widget.lnk - c:\program files (x86)\Met Office Desktop Widget\Met Office Desktop Widget.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 ELOADER;General Purpose USB Driver (adildrx64.sys);c:\windows\system32\Drivers\adildrx64.sys [2007-02-07 58264]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-04 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-04 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-17 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-05-04 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-05-04 297008]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/11/20 15:07];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-06-24 20:19 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-05-04 976696]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-07-16 648432]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [x]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 13:04]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-04 23:35]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-04 23:35]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1559965601-3645301527-1855661932-1000Core.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16 20:28]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1559965601-3645301527-1855661932-1000UA.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16 20:28]
.
2012-05-21 c:\windows\Tasks\vtscheduletask.job
- c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2011-06-01 13:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"adiras"="adiras.exe" [2007-02-13 194128]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 2314120]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-03-26 2115664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2009-03-09 374]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://uk.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\39nctjgr.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{7322D736-AA5F-4DD0-8E33-EA48318CC276}\delldock.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-22 22:32:54
ComboFix-quarantined-files.txt 2012-05-22 21:32
.
Pre-Run: 117,536,587,776 bytes free
Post-Run: 118,183,333,888 bytes free
.
- - End Of File - - B2ED47F58890E30AF4E85D0DCFC844A9

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 22 May 2012 - 04:47 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 zebadee

zebadee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 22 May 2012 - 06:29 PM

Here are TDSSKiller and aswMBR logs. Both ran without any problems.

--------------------------
23:00:45.0827 5076 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
23:00:45.0843 5076 ============================================================
23:00:45.0843 5076 Current date / time: 2012/05/22 23:00:45.0843
23:00:45.0843 5076 SystemInfo:
23:00:45.0843 5076
23:00:45.0843 5076 OS Version: 6.1.7601 ServicePack: 1.0
23:00:45.0843 5076 Product type: Workstation
23:00:45.0843 5076 ComputerName: ADAM-PC
23:00:45.0843 5076 UserName: Adam
23:00:45.0843 5076 Windows directory: C:\Windows
23:00:45.0843 5076 System windows directory: C:\Windows
23:00:45.0843 5076 Running under WOW64
23:00:45.0843 5076 Processor architecture: Intel x64
23:00:45.0843 5076 Number of processors: 2
23:00:45.0843 5076 Page size: 0x1000
23:00:45.0843 5076 Boot type: Normal boot
23:00:45.0843 5076 ============================================================
23:00:46.0342 5076 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:00:46.0358 5076 ============================================================
23:00:46.0358 5076 \Device\Harddisk0\DR0:
23:00:46.0358 5076 MBR partitions:
23:00:46.0358 5076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
23:00:46.0358 5076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
23:00:46.0358 5076 ============================================================
23:00:46.0404 5076 C: <-> \Device\Harddisk0\DR0\Partition1
23:00:46.0404 5076 ============================================================
23:00:46.0404 5076 Initialize success
23:00:46.0404 5076 ============================================================
23:00:48.0417 5788 ============================================================
23:00:48.0417 5788 Scan started
23:00:48.0417 5788 Mode: Manual;
23:00:48.0417 5788 ============================================================
23:00:48.0947 5788 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:00:48.0947 5788 1394ohci - ok
23:00:49.0025 5788 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:00:49.0025 5788 ACPI - ok
23:00:49.0088 5788 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:00:49.0088 5788 AcpiPmi - ok
23:00:49.0150 5788 adiusbaw (5eb7ba94ad23f24761defe05f4855933) C:\Windows\system32\DRIVERS\adiusbawx64.sys
23:00:49.0150 5788 adiusbaw - ok
23:00:49.0290 5788 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:00:49.0306 5788 AdobeARMservice - ok
23:00:49.0540 5788 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:00:49.0540 5788 AdobeFlashPlayerUpdateSvc - ok
23:00:49.0743 5788 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:00:49.0743 5788 adp94xx - ok
23:00:49.0790 5788 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:00:49.0790 5788 adpahci - ok
23:00:49.0821 5788 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:00:49.0821 5788 adpu320 - ok
23:00:49.0852 5788 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:00:49.0852 5788 AeLookupSvc - ok
23:00:49.0992 5788 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
23:00:49.0992 5788 AESTFilters - ok
23:00:50.0055 5788 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:00:50.0070 5788 AFD - ok
23:00:50.0117 5788 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:00:50.0133 5788 agp440 - ok
23:00:50.0180 5788 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:00:50.0180 5788 ALG - ok
23:00:50.0242 5788 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:00:50.0242 5788 aliide - ok
23:00:50.0258 5788 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:00:50.0258 5788 amdide - ok
23:00:50.0320 5788 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:00:50.0320 5788 AmdK8 - ok
23:00:50.0336 5788 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:00:50.0336 5788 AmdPPM - ok
23:00:50.0382 5788 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:00:50.0398 5788 amdsata - ok
23:00:50.0445 5788 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:00:50.0445 5788 amdsbs - ok
23:00:50.0507 5788 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:00:50.0507 5788 amdxata - ok
23:00:50.0554 5788 ApfiltrService (98449a2957778a6f025c418438a380f4) C:\Windows\system32\DRIVERS\Apfiltr.sys
23:00:50.0554 5788 ApfiltrService - ok
23:00:50.0632 5788 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:00:50.0632 5788 AppID - ok
23:00:50.0679 5788 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:00:50.0679 5788 AppIDSvc - ok
23:00:50.0757 5788 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:00:50.0757 5788 Appinfo - ok
23:00:50.0835 5788 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:00:50.0835 5788 arc - ok
23:00:50.0850 5788 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:00:50.0850 5788 arcsas - ok
23:00:50.0866 5788 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:00:50.0882 5788 AsyncMac - ok
23:00:50.0928 5788 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:00:50.0928 5788 atapi - ok
23:00:51.0038 5788 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:00:51.0053 5788 AudioEndpointBuilder - ok
23:00:51.0069 5788 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:00:51.0069 5788 AudioSrv - ok
23:00:51.0131 5788 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:00:51.0131 5788 AxInstSV - ok
23:00:51.0240 5788 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:00:51.0240 5788 b06bdrv - ok
23:00:51.0303 5788 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:00:51.0303 5788 b57nd60a - ok
23:00:51.0537 5788 BCM43XX (fb4fda64f2e8552eaeb5986c3f34462c) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:00:51.0552 5788 BCM43XX - ok
23:00:51.0708 5788 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:00:51.0708 5788 BDESVC - ok
23:00:51.0786 5788 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:00:51.0786 5788 Beep - ok
23:00:51.0880 5788 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:00:51.0896 5788 BFE - ok
23:00:51.0974 5788 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
23:00:51.0989 5788 BITS - ok
23:00:52.0083 5788 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:00:52.0083 5788 blbdrive - ok
23:00:52.0130 5788 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:00:52.0130 5788 bowser - ok
23:00:52.0161 5788 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:00:52.0161 5788 BrFiltLo - ok
23:00:52.0176 5788 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:00:52.0176 5788 BrFiltUp - ok
23:00:52.0270 5788 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:00:52.0270 5788 BridgeMP - ok
23:00:52.0317 5788 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:00:52.0332 5788 Browser - ok
23:00:52.0364 5788 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:00:52.0364 5788 Brserid - ok
23:00:52.0410 5788 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:00:52.0410 5788 BrSerWdm - ok
23:00:52.0426 5788 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:00:52.0426 5788 BrUsbMdm - ok
23:00:52.0442 5788 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:00:52.0442 5788 BrUsbSer - ok
23:00:52.0520 5788 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:00:52.0520 5788 BthEnum - ok
23:00:52.0551 5788 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:00:52.0551 5788 BTHMODEM - ok
23:00:52.0598 5788 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:00:52.0598 5788 BthPan - ok
23:00:52.0691 5788 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
23:00:52.0691 5788 BTHPORT - ok
23:00:52.0754 5788 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:00:52.0754 5788 bthserv - ok
23:00:52.0785 5788 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
23:00:52.0785 5788 BTHUSB - ok
23:00:52.0816 5788 catchme - ok
23:00:52.0863 5788 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:00:52.0863 5788 cdfs - ok
23:00:52.0925 5788 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:00:52.0941 5788 cdrom - ok
23:00:52.0988 5788 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:00:52.0988 5788 CertPropSvc - ok
23:00:53.0050 5788 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
23:00:53.0066 5788 cfwids - ok
23:00:53.0144 5788 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:00:53.0144 5788 circlass - ok
23:00:53.0206 5788 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:00:53.0206 5788 CLFS - ok
23:00:53.0284 5788 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:00:53.0284 5788 clr_optimization_v2.0.50727_32 - ok
23:00:53.0378 5788 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:00:53.0378 5788 clr_optimization_v2.0.50727_64 - ok
23:00:53.0456 5788 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:00:53.0456 5788 clr_optimization_v4.0.30319_32 - ok
23:00:53.0502 5788 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:00:53.0518 5788 clr_optimization_v4.0.30319_64 - ok
23:00:53.0565 5788 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:00:53.0565 5788 CmBatt - ok
23:00:53.0596 5788 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:00:53.0596 5788 cmdide - ok
23:00:53.0658 5788 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:00:53.0674 5788 CNG - ok
23:00:53.0736 5788 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:00:53.0736 5788 Compbatt - ok
23:00:53.0783 5788 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:00:53.0783 5788 CompositeBus - ok
23:00:53.0814 5788 COMSysApp - ok
23:00:53.0846 5788 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:00:53.0846 5788 crcdisk - ok
23:00:53.0908 5788 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:00:53.0924 5788 CryptSvc - ok
23:00:53.0970 5788 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
23:00:53.0970 5788 CtClsFlt - ok
23:00:54.0064 5788 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:00:54.0080 5788 DcomLaunch - ok
23:00:54.0142 5788 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:00:54.0158 5788 defragsvc - ok
23:00:54.0204 5788 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:00:54.0220 5788 DfsC - ok
23:00:54.0282 5788 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:00:54.0282 5788 Dhcp - ok
23:00:54.0329 5788 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:00:54.0329 5788 discache - ok
23:00:54.0360 5788 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:00:54.0360 5788 Disk - ok
23:00:54.0407 5788 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:00:54.0423 5788 Dnscache - ok
23:00:54.0485 5788 DockLoginService - ok
23:00:54.0563 5788 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:00:54.0563 5788 dot3svc - ok
23:00:54.0594 5788 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:00:54.0594 5788 DPS - ok
23:00:54.0641 5788 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:00:54.0641 5788 drmkaud - ok
23:00:54.0735 5788 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:00:54.0750 5788 DXGKrnl - ok
23:00:54.0813 5788 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:00:54.0813 5788 EapHost - ok
23:00:54.0984 5788 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:00:55.0016 5788 ebdrv - ok
23:00:55.0156 5788 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:00:55.0172 5788 EFS - ok
23:00:55.0281 5788 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:00:55.0296 5788 ehRecvr - ok
23:00:55.0343 5788 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:00:55.0343 5788 ehSched - ok
23:00:55.0437 5788 ELOADER (bca6aaba425ce46d89412190a5a27b94) C:\Windows\system32\Drivers\adildrx64.sys
23:00:55.0437 5788 ELOADER - ok
23:00:55.0499 5788 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:00:55.0515 5788 elxstor - ok
23:00:55.0562 5788 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:00:55.0562 5788 ErrDev - ok
23:00:55.0640 5788 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:00:55.0640 5788 EventSystem - ok
23:00:55.0702 5788 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:00:55.0702 5788 exfat - ok
23:00:55.0718 5788 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:00:55.0733 5788 fastfat - ok
23:00:55.0827 5788 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:00:55.0842 5788 Fax - ok
23:00:55.0889 5788 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:00:55.0889 5788 fdc - ok
23:00:55.0920 5788 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:00:55.0920 5788 fdPHost - ok
23:00:55.0936 5788 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:00:55.0952 5788 FDResPub - ok
23:00:55.0967 5788 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:00:55.0967 5788 FileInfo - ok
23:00:55.0983 5788 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:00:55.0983 5788 Filetrace - ok
23:00:56.0030 5788 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:00:56.0030 5788 flpydisk - ok
23:00:56.0123 5788 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:00:56.0123 5788 FltMgr - ok
23:00:56.0217 5788 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:00:56.0232 5788 FontCache - ok
23:00:56.0357 5788 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:00:56.0357 5788 FontCache3.0.0.0 - ok
23:00:56.0498 5788 FreeAgentGoNext Service (07af7870abf051ebbae8a8a92ff34abe) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
23:00:56.0498 5788 FreeAgentGoNext Service - ok
23:00:56.0607 5788 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:00:56.0622 5788 FsDepends - ok
23:00:56.0669 5788 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
23:00:56.0669 5788 fssfltr - ok
23:00:56.0841 5788 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:00:56.0856 5788 fsssvc - ok
23:00:56.0981 5788 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:00:56.0981 5788 Fs_Rec - ok
23:00:57.0044 5788 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:00:57.0044 5788 fvevol - ok
23:00:57.0090 5788 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:00:57.0090 5788 gagp30kx - ok
23:00:57.0184 5788 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:00:57.0184 5788 gpsvc - ok
23:00:57.0371 5788 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:00:57.0371 5788 gupdate - ok
23:00:57.0418 5788 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:00:57.0418 5788 gupdatem - ok
23:00:57.0465 5788 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:00:57.0465 5788 gusvc - ok
23:00:57.0496 5788 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:00:57.0496 5788 hcw85cir - ok
23:00:57.0558 5788 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:00:57.0574 5788 HDAudBus - ok
23:00:57.0590 5788 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:00:57.0590 5788 HidBatt - ok
23:00:57.0652 5788 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:00:57.0652 5788 HidBth - ok
23:00:57.0668 5788 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:00:57.0668 5788 HidIr - ok
23:00:57.0714 5788 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:00:57.0714 5788 hidserv - ok
23:00:57.0777 5788 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:00:57.0777 5788 HidUsb - ok
23:00:57.0824 5788 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:00:57.0824 5788 hkmsvc - ok
23:00:57.0870 5788 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:00:57.0870 5788 HomeGroupListener - ok
23:00:57.0917 5788 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:00:57.0933 5788 HomeGroupProvider - ok
23:00:57.0964 5788 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:00:57.0964 5788 HpSAMD - ok
23:00:58.0058 5788 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:00:58.0073 5788 HTTP - ok
23:00:58.0104 5788 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:00:58.0104 5788 hwpolicy - ok
23:00:58.0136 5788 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:00:58.0136 5788 i8042prt - ok
23:00:58.0245 5788 IAANTMON (f148c2e931bfc20397edc0a7b4f8e22b) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
23:00:58.0245 5788 IAANTMON - ok
23:00:58.0338 5788 iaStor (0b6c9c8f2e00e8b61c8379e62a9f921b) C:\Windows\system32\DRIVERS\iaStor.sys
23:00:58.0338 5788 iaStor - ok
23:00:58.0401 5788 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:00:58.0401 5788 iaStorV - ok
23:00:58.0588 5788 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:00:58.0588 5788 idsvc - ok
23:00:59.0306 5788 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:00:59.0384 5788 igfx - ok
23:00:59.0524 5788 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:00:59.0524 5788 iirsp - ok
23:00:59.0633 5788 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:00:59.0649 5788 IKEEXT - ok
23:00:59.0680 5788 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:00:59.0680 5788 intelide - ok
23:00:59.0742 5788 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:00:59.0742 5788 intelppm - ok
23:00:59.0789 5788 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:00:59.0789 5788 IPBusEnum - ok
23:00:59.0852 5788 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:00:59.0852 5788 IpFilterDriver - ok
23:00:59.0945 5788 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:00:59.0945 5788 iphlpsvc - ok
23:01:00.0008 5788 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:01:00.0008 5788 IPMIDRV - ok
23:01:00.0039 5788 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:01:00.0054 5788 IPNAT - ok
23:01:00.0086 5788 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:01:00.0086 5788 IRENUM - ok
23:01:00.0132 5788 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:01:00.0132 5788 isapnp - ok
23:01:00.0195 5788 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:01:00.0195 5788 iScsiPrt - ok
23:01:00.0226 5788 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:01:00.0226 5788 kbdclass - ok
23:01:00.0288 5788 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:01:00.0288 5788 kbdhid - ok
23:01:00.0335 5788 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:01:00.0335 5788 KeyIso - ok
23:01:00.0366 5788 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:01:00.0366 5788 KSecDD - ok
23:01:00.0398 5788 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:01:00.0398 5788 KSecPkg - ok
23:01:00.0444 5788 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:01:00.0444 5788 ksthunk - ok
23:01:00.0491 5788 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:01:00.0491 5788 KtmRm - ok
23:01:00.0569 5788 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:01:00.0585 5788 LanmanServer - ok
23:01:00.0632 5788 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:01:00.0632 5788 LanmanWorkstation - ok
23:01:00.0694 5788 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:01:00.0694 5788 lltdio - ok
23:01:00.0756 5788 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:01:00.0756 5788 lltdsvc - ok
23:01:00.0788 5788 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:01:00.0788 5788 lmhosts - ok
23:01:00.0819 5788 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:01:00.0819 5788 LSI_FC - ok
23:01:00.0850 5788 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:01:00.0850 5788 LSI_SAS - ok
23:01:00.0881 5788 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:01:00.0881 5788 LSI_SAS2 - ok
23:01:00.0928 5788 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:01:00.0928 5788 LSI_SCSI - ok
23:01:00.0959 5788 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:01:00.0959 5788 luafv - ok
23:01:01.0022 5788 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
23:01:01.0022 5788 ManyCam - ok
23:01:01.0178 5788 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:01:01.0178 5788 McMPFSvc - ok
23:01:01.0209 5788 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:01:01.0209 5788 mcmscsvc - ok
23:01:01.0224 5788 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:01:01.0240 5788 McNaiAnn - ok
23:01:01.0256 5788 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:01:01.0256 5788 McNASvc - ok
23:01:01.0380 5788 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\McAfee\VirusScan\mcods.exe
23:01:01.0380 5788 McODS - ok
23:01:01.0412 5788 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:01:01.0412 5788 McProxy - ok
23:01:01.0505 5788 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
23:01:01.0505 5788 McShield - ok
23:01:01.0552 5788 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:01:01.0552 5788 Mcx2Svc - ok
23:01:01.0583 5788 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:01:01.0583 5788 megasas - ok
23:01:01.0630 5788 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:01:01.0630 5788 MegaSR - ok
23:01:01.0661 5788 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
23:01:01.0677 5788 mfeapfk - ok
23:01:01.0708 5788 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
23:01:01.0724 5788 mfeavfk - ok
23:01:01.0755 5788 mfeavfk01 - ok
23:01:01.0833 5788 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
23:01:01.0833 5788 mfefire - ok
23:01:01.0895 5788 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
23:01:01.0911 5788 mfefirek - ok
23:01:01.0989 5788 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
23:01:01.0989 5788 mfehidk - ok
23:01:02.0051 5788 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
23:01:02.0051 5788 mfenlfk - ok
23:01:02.0098 5788 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
23:01:02.0098 5788 mferkdet - ok
23:01:02.0192 5788 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
23:01:02.0192 5788 mfevtp - ok
23:01:02.0238 5788 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
23:01:02.0238 5788 mfewfpk - ok
23:01:02.0270 5788 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:01:02.0270 5788 MMCSS - ok
23:01:02.0316 5788 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:01:02.0316 5788 Modem - ok
23:01:02.0363 5788 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:01:02.0363 5788 monitor - ok
23:01:02.0410 5788 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:01:02.0410 5788 mouclass - ok
23:01:02.0472 5788 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:01:02.0488 5788 mouhid - ok
23:01:02.0535 5788 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:01:02.0535 5788 mountmgr - ok
23:01:02.0675 5788 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:01:02.0691 5788 MozillaMaintenance - ok
23:01:02.0722 5788 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:01:02.0738 5788 mpio - ok
23:01:02.0769 5788 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:01:02.0769 5788 mpsdrv - ok
23:01:02.0831 5788 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:01:02.0847 5788 MpsSvc - ok
23:01:02.0894 5788 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:01:02.0894 5788 MRxDAV - ok
23:01:02.0940 5788 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:01:02.0940 5788 mrxsmb - ok
23:01:02.0987 5788 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:01:03.0003 5788 mrxsmb10 - ok
23:01:03.0018 5788 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:01:03.0018 5788 mrxsmb20 - ok
23:01:03.0065 5788 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:01:03.0065 5788 msahci - ok
23:01:03.0096 5788 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:01:03.0112 5788 msdsm - ok
23:01:03.0143 5788 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:01:03.0143 5788 MSDTC - ok
23:01:03.0206 5788 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:01:03.0206 5788 Msfs - ok
23:01:03.0221 5788 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:01:03.0221 5788 mshidkmdf - ok
23:01:03.0268 5788 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:01:03.0268 5788 msisadrv - ok
23:01:03.0315 5788 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:01:03.0330 5788 MSiSCSI - ok
23:01:03.0330 5788 msiserver - ok
23:01:03.0471 5788 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:01:03.0486 5788 MSK80Service - ok
23:01:03.0533 5788 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:01:03.0533 5788 MSKSSRV - ok
23:01:03.0549 5788 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:01:03.0549 5788 MSPCLOCK - ok
23:01:03.0596 5788 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:01:03.0596 5788 MSPQM - ok
23:01:03.0674 5788 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:01:03.0674 5788 MsRPC - ok
23:01:03.0720 5788 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:01:03.0720 5788 mssmbios - ok
23:01:03.0767 5788 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:01:03.0783 5788 MSTEE - ok
23:01:03.0783 5788 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:01:03.0783 5788 MTConfig - ok
23:01:03.0814 5788 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:01:03.0814 5788 Mup - ok
23:01:03.0861 5788 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:01:03.0876 5788 napagent - ok
23:01:03.0923 5788 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:01:03.0923 5788 NativeWifiP - ok
23:01:04.0017 5788 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:01:04.0032 5788 NDIS - ok
23:01:04.0064 5788 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:01:04.0064 5788 NdisCap - ok
23:01:04.0095 5788 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:01:04.0095 5788 NdisTapi - ok
23:01:04.0142 5788 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:01:04.0142 5788 Ndisuio - ok
23:01:04.0188 5788 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:01:04.0188 5788 NdisWan - ok
23:01:04.0235 5788 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:01:04.0235 5788 NDProxy - ok
23:01:04.0282 5788 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:01:04.0282 5788 NetBIOS - ok
23:01:04.0329 5788 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:01:04.0329 5788 NetBT - ok
23:01:04.0376 5788 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:01:04.0376 5788 Netlogon - ok
23:01:04.0454 5788 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:01:04.0469 5788 Netman - ok
23:01:04.0500 5788 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:01:04.0500 5788 netprofm - ok
23:01:04.0625 5788 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:01:04.0625 5788 NetTcpPortSharing - ok
23:01:04.0688 5788 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:01:04.0688 5788 nfrd960 - ok
23:01:04.0750 5788 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:01:04.0750 5788 NlaSvc - ok
23:01:04.0766 5788 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:01:04.0781 5788 Npfs - ok
23:01:04.0812 5788 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:01:04.0812 5788 nsi - ok
23:01:04.0844 5788 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:01:04.0844 5788 nsiproxy - ok
23:01:04.0937 5788 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:01:04.0937 5788 Ntfs - ok
23:01:05.0109 5788 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:01:05.0109 5788 Null - ok
23:01:05.0202 5788 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:01:05.0202 5788 nvraid - ok
23:01:05.0234 5788 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:01:05.0234 5788 nvstor - ok
23:01:05.0265 5788 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:01:05.0265 5788 nv_agp - ok
23:01:05.0312 5788 OA009Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA009Ufd.sys
23:01:05.0327 5788 OA009Ufd - ok
23:01:05.0343 5788 OA009Vid (d460884eb05b90d06b35a1dbc31928df) C:\Windows\system32\DRIVERS\OA009Vid.sys
23:01:05.0358 5788 OA009Vid - ok
23:01:05.0483 5788 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:01:05.0483 5788 odserv - ok
23:01:05.0530 5788 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:01:05.0530 5788 ohci1394 - ok
23:01:05.0561 5788 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:01:05.0577 5788 ose - ok
23:01:05.0624 5788 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:01:05.0624 5788 p2pimsvc - ok
23:01:05.0655 5788 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:01:05.0655 5788 p2psvc - ok
23:01:05.0702 5788 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:01:05.0702 5788 Parport - ok
23:01:05.0717 5788 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:01:05.0717 5788 partmgr - ok
23:01:05.0764 5788 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:01:05.0764 5788 PcaSvc - ok
23:01:05.0826 5788 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:01:05.0826 5788 pci - ok
23:01:05.0842 5788 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:01:05.0842 5788 pciide - ok
23:01:05.0889 5788 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:01:05.0889 5788 pcmcia - ok
23:01:05.0904 5788 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:01:05.0904 5788 pcw - ok
23:01:05.0951 5788 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:01:05.0951 5788 PEAUTH - ok
23:01:06.0076 5788 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:01:06.0092 5788 PerfHost - ok
23:01:06.0232 5788 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:01:06.0248 5788 pla - ok
23:01:06.0388 5788 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:01:06.0404 5788 PlugPlay - ok
23:01:06.0435 5788 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:01:06.0435 5788 PNRPAutoReg - ok
23:01:06.0466 5788 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:01:06.0466 5788 PNRPsvc - ok
23:01:06.0560 5788 Point64 (a6d06378f37bdba0c0019294c2aabbd0) C:\Windows\system32\DRIVERS\point64k.sys
23:01:06.0560 5788 Point64 - ok
23:01:06.0622 5788 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:01:06.0638 5788 PolicyAgent - ok
23:01:06.0684 5788 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:01:06.0684 5788 Power - ok
23:01:06.0747 5788 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:01:06.0747 5788 PptpMiniport - ok
23:01:06.0794 5788 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:01:06.0794 5788 Processor - ok
23:01:06.0825 5788 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:01:06.0825 5788 ProfSvc - ok
23:01:06.0856 5788 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:01:06.0872 5788 ProtectedStorage - ok
23:01:06.0934 5788 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:01:06.0934 5788 Psched - ok
23:01:06.0996 5788 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
23:01:06.0996 5788 PxHlpa64 - ok
23:01:07.0090 5788 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:01:07.0106 5788 ql2300 - ok
23:01:07.0246 5788 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:01:07.0246 5788 ql40xx - ok
23:01:07.0293 5788 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:01:07.0308 5788 QWAVE - ok
23:01:07.0324 5788 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:01:07.0324 5788 QWAVEdrv - ok
23:01:07.0542 5788 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
23:01:07.0542 5788 RapportCerberus_34302 - ok
23:01:07.0683 5788 RapportEI64 (a9b735c5aa1d26eeaec5f4eb034d05bc) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
23:01:07.0683 5788 RapportEI64 - ok
23:01:07.0776 5788 RapportKE64 (19d54cc34e12ae46b1b73659938b1a4f) C:\Windows\system32\Drivers\RapportKE64.sys
23:01:07.0776 5788 RapportKE64 - ok
23:01:07.0901 5788 RapportMgmtService (5a3eee55b726272feece28cca84c070d) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
23:01:07.0917 5788 RapportMgmtService - ok
23:01:08.0010 5788 RapportPG64 (061048d9605d920deb1411cc7722d4d3) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
23:01:08.0010 5788 RapportPG64 - ok
23:01:08.0166 5788 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:01:08.0166 5788 RasAcd - ok
23:01:08.0229 5788 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:01:08.0229 5788 RasAgileVpn - ok
23:01:08.0260 5788 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:01:08.0260 5788 RasAuto - ok
23:01:08.0307 5788 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:01:08.0307 5788 Rasl2tp - ok
23:01:08.0385 5788 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:01:08.0385 5788 RasMan - ok
23:01:08.0447 5788 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:01:08.0447 5788 RasPppoe - ok
23:01:08.0463 5788 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:01:08.0463 5788 RasSstp - ok
23:01:08.0510 5788 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:01:08.0510 5788 rdbss - ok
23:01:08.0556 5788 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:01:08.0556 5788 rdpbus - ok
23:01:08.0572 5788 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:01:08.0572 5788 RDPCDD - ok
23:01:08.0634 5788 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:01:08.0634 5788 RDPENCDD - ok
23:01:08.0650 5788 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:01:08.0650 5788 RDPREFMP - ok
23:01:08.0681 5788 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
23:01:08.0681 5788 RDPWD - ok
23:01:08.0759 5788 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:01:08.0759 5788 rdyboost - ok
23:01:08.0806 5788 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:01:08.0822 5788 RemoteAccess - ok
23:01:08.0868 5788 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:01:08.0884 5788 RemoteRegistry - ok
23:01:08.0931 5788 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:01:08.0931 5788 RFCOMM - ok
23:01:08.0978 5788 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:01:08.0978 5788 RpcEptMapper - ok
23:01:09.0040 5788 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:01:09.0040 5788 RpcLocator - ok
23:01:09.0087 5788 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:01:09.0087 5788 RpcSs - ok
23:01:09.0149 5788 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:01:09.0149 5788 rspndr - ok
23:01:09.0212 5788 RTSTOR (39e74e264338934dbf11f8db79a3e116) C:\Windows\system32\drivers\RTSTOR64.SYS
23:01:09.0212 5788 RTSTOR - ok
23:01:09.0243 5788 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:01:09.0258 5788 SamSs - ok
23:01:09.0290 5788 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:01:09.0290 5788 sbp2port - ok
23:01:09.0336 5788 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:01:09.0336 5788 SCardSvr - ok
23:01:09.0383 5788 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:01:09.0383 5788 scfilter - ok
23:01:09.0461 5788 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:01:09.0477 5788 Schedule - ok
23:01:09.0524 5788 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:01:09.0524 5788 SCPolicySvc - ok
23:01:09.0539 5788 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:01:09.0539 5788 SDRSVC - ok
23:01:09.0680 5788 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:01:09.0680 5788 SeaPort - ok
23:01:09.0773 5788 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:01:09.0773 5788 secdrv - ok
23:01:09.0820 5788 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:01:09.0820 5788 seclogon - ok
23:01:09.0867 5788 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:01:09.0867 5788 SENS - ok
23:01:09.0882 5788 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:01:09.0882 5788 SensrSvc - ok
23:01:09.0914 5788 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:01:09.0914 5788 Serenum - ok
23:01:09.0960 5788 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:01:09.0960 5788 Serial - ok
23:01:09.0992 5788 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:01:09.0992 5788 sermouse - ok
23:01:10.0054 5788 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:01:10.0054 5788 SessionEnv - ok
23:01:10.0101 5788 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:01:10.0101 5788 sffdisk - ok
23:01:10.0116 5788 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:01:10.0116 5788 sffp_mmc - ok
23:01:10.0132 5788 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:01:10.0132 5788 sffp_sd - ok
23:01:10.0163 5788 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:01:10.0163 5788 sfloppy - ok
23:01:10.0257 5788 SftService (52434693713bdd905972617e21ac0cfc) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
23:01:10.0272 5788 SftService - ok
23:01:10.0319 5788 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:01:10.0319 5788 SharedAccess - ok
23:01:10.0366 5788 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:01:10.0382 5788 ShellHWDetection - ok
23:01:10.0460 5788 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:01:10.0460 5788 SiSRaid2 - ok
23:01:10.0491 5788 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:01:10.0491 5788 SiSRaid4 - ok
23:01:10.0538 5788 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:01:10.0538 5788 Smb - ok
23:01:10.0600 5788 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:01:10.0600 5788 SNMPTRAP - ok
23:01:10.0818 5788 SNP2UVC (56794faf924344155944851409d163c9) C:\Windows\system32\DRIVERS\snp2uvc.sys
23:01:10.0850 5788 SNP2UVC - ok
23:01:11.0037 5788 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:01:11.0037 5788 spldr - ok
23:01:11.0099 5788 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:01:11.0115 5788 Spooler - ok
23:01:11.0318 5788 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:01:11.0333 5788 sppsvc - ok
23:01:11.0489 5788 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:01:11.0489 5788 sppuinotify - ok
23:01:11.0598 5788 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:01:11.0598 5788 srv - ok
23:01:11.0630 5788 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:01:11.0645 5788 srv2 - ok
23:01:11.0661 5788 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:01:11.0661 5788 srvnet - ok
23:01:11.0708 5788 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:01:11.0723 5788 SSDPSRV - ok
23:01:11.0739 5788 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:01:11.0739 5788 SstpSvc - ok
23:01:11.0864 5788 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
23:01:11.0864 5788 STacSV - ok
23:01:11.0910 5788 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:01:11.0910 5788 stexstor - ok
23:01:11.0988 5788 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
23:01:11.0988 5788 STHDA - ok
23:01:12.0082 5788 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:01:12.0082 5788 stisvc - ok
23:01:12.0191 5788 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
23:01:12.0191 5788 stllssvr - ok
23:01:12.0269 5788 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:01:12.0269 5788 swenum - ok
23:01:12.0332 5788 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:01:12.0347 5788 swprv - ok
23:01:12.0425 5788 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:01:12.0441 5788 SysMain - ok
23:01:12.0566 5788 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:01:12.0566 5788 TabletInputService - ok
23:01:12.0597 5788 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:01:12.0612 5788 TapiSrv - ok
23:01:12.0644 5788 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:01:12.0644 5788 TBS - ok
23:01:12.0831 5788 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:01:12.0846 5788 Tcpip - ok
23:01:13.0112 5788 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:01:13.0127 5788 TCPIP6 - ok
23:01:13.0268 5788 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:01:13.0283 5788 tcpipreg - ok
23:01:13.0346 5788 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:01:13.0346 5788 TDPIPE - ok
23:01:13.0377 5788 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:01:13.0377 5788 TDTCP - ok
23:01:13.0424 5788 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:01:13.0424 5788 tdx - ok
23:01:13.0455 5788 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:01:13.0455 5788 TermDD - ok
23:01:13.0502 5788 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:01:13.0502 5788 TermService - ok
23:01:13.0548 5788 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:01:13.0548 5788 Themes - ok
23:01:13.0595 5788 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:01:13.0595 5788 THREADORDER - ok
23:01:13.0611 5788 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:01:13.0626 5788 TrkWks - ok
23:01:13.0689 5788 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:01:13.0704 5788 TrustedInstaller - ok
23:01:13.0767 5788 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:01:13.0767 5788 tssecsrv - ok
23:01:13.0814 5788 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:01:13.0814 5788 TsUsbFlt - ok
23:01:13.0860 5788 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:01:13.0860 5788 tunnel - ok
23:01:13.0892 5788 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:01:13.0907 5788 uagp35 - ok
23:01:13.0970 5788 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:01:13.0970 5788 udfs - ok
23:01:14.0032 5788 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:01:14.0032 5788 UI0Detect - ok
23:01:14.0079 5788 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:01:14.0079 5788 uliagpkx - ok
23:01:14.0141 5788 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:01:14.0141 5788 umbus - ok
23:01:14.0188 5788 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:01:14.0188 5788 UmPass - ok
23:01:14.0235 5788 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:01:14.0250 5788 upnphost - ok
23:01:14.0313 5788 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:01:14.0313 5788 usbaudio - ok
23:01:14.0360 5788 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:01:14.0360 5788 usbccgp - ok
23:01:14.0406 5788 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:01:14.0406 5788 usbcir - ok
23:01:14.0438 5788 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:01:14.0438 5788 usbehci - ok
23:01:14.0469 5788 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:01:14.0469 5788 usbhub - ok
23:01:14.0516 5788 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:01:14.0516 5788 usbohci - ok
23:01:14.0578 5788 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:01:14.0578 5788 usbprint - ok
23:01:14.0609 5788 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:01:14.0609 5788 usbscan - ok
23:01:14.0640 5788 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:01:14.0640 5788 USBSTOR - ok
23:01:14.0672 5788 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:01:14.0672 5788 usbuhci - ok
23:01:14.0750 5788 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:01:14.0750 5788 usbvideo - ok
23:01:14.0796 5788 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:01:14.0796 5788 UxSms - ok
23:01:14.0843 5788 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:01:14.0843 5788 VaultSvc - ok
23:01:14.0890 5788 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:01:14.0890 5788 vdrvroot - ok
23:01:14.0984 5788 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:01:14.0984 5788 vds - ok
23:01:15.0030 5788 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:01:15.0046 5788 vga - ok
23:01:15.0062 5788 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:01:15.0062 5788 VgaSave - ok
23:01:15.0108 5788 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:01:15.0124 5788 vhdmp - ok
23:01:15.0140 5788 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:01:15.0140 5788 viaide - ok
23:01:15.0171 5788 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:01:15.0171 5788 volmgr - ok
23:01:15.0233 5788 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:01:15.0233 5788 volmgrx - ok
23:01:15.0296 5788 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:01:15.0296 5788 volsnap - ok
23:01:15.0342 5788 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:01:15.0358 5788 vsmraid - ok
23:01:15.0483 5788 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:01:15.0514 5788 VSS - ok
23:01:15.0639 5788 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:01:15.0639 5788 vwifibus - ok
23:01:15.0654 5788 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:01:15.0654 5788 vwififlt - ok
23:01:15.0717 5788 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:01:15.0717 5788 W32Time - ok
23:01:15.0764 5788 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:01:15.0764 5788 WacomPen - ok
23:01:15.0826 5788 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:01:15.0826 5788 WANARP - ok
23:01:15.0842 5788 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:01:15.0842 5788 Wanarpv6 - ok
23:01:15.0935 5788 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:01:15.0951 5788 WatAdminSvc - ok
23:01:16.0044 5788 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:01:16.0060 5788 wbengine - ok
23:01:16.0185 5788 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:01:16.0185 5788 WbioSrvc - ok
23:01:16.0232 5788 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:01:16.0232 5788 wcncsvc - ok
23:01:16.0278 5788 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:01:16.0278 5788 WcsPlugInService - ok
23:01:16.0356 5788 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:01:16.0356 5788 Wd - ok
23:01:16.0419 5788 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:01:16.0419 5788 Wdf01000 - ok
23:01:16.0450 5788 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:01:16.0450 5788 WdiServiceHost - ok
23:01:16.0450 5788 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:01:16.0450 5788 WdiSystemHost - ok
23:01:16.0497 5788 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:01:16.0497 5788 WebClient - ok
23:01:16.0544 5788 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:01:16.0544 5788 Wecsvc - ok
23:01:16.0559 5788 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:01:16.0559 5788 wercplsupport - ok
23:01:16.0606 5788 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:01:16.0622 5788 WerSvc - ok
23:01:16.0715 5788 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:01:16.0715 5788 WfpLwf - ok
23:01:16.0762 5788 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
23:01:16.0778 5788 WimFltr - ok
23:01:16.0793 5788 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:01:16.0809 5788 WIMMount - ok
23:01:16.0840 5788 WinDefend - ok
23:01:16.0856 5788 WinHttpAutoProxySvc - ok
23:01:16.0949 5788 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:01:16.0949 5788 Winmgmt - ok
23:01:17.0152 5788 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:01:17.0168 5788 WinRM - ok
23:01:17.0355 5788 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:01:17.0355 5788 WinUsb - ok
23:01:17.0433 5788 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:01:17.0433 5788 Wlansvc - ok
23:01:17.0526 5788 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:01:17.0526 5788 wlcrasvc - ok
23:01:17.0760 5788 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:01:17.0776 5788 wlidsvc - ok
23:01:17.0963 5788 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:01:17.0963 5788 WmiAcpi - ok
23:01:18.0057 5788 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:01:18.0057 5788 wmiApSrv - ok
23:01:18.0135 5788 WMPNetworkSvc - ok
23:01:18.0182 5788 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:01:18.0182 5788 WPCSvc - ok
23:01:18.0228 5788 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:01:18.0228 5788 WPDBusEnum - ok
23:01:18.0275 5788 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:01:18.0275 5788 ws2ifsl - ok
23:01:18.0322 5788 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:01:18.0338 5788 wscsvc - ok
23:01:18.0338 5788 WSearch - ok
23:01:18.0462 5788 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:01:18.0494 5788 wuauserv - ok
23:01:18.0650 5788 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:01:18.0650 5788 WudfPf - ok
23:01:18.0681 5788 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:01:18.0681 5788 WUDFRd - ok
23:01:18.0728 5788 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:01:18.0743 5788 wudfsvc - ok
23:01:18.0774 5788 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:01:18.0790 5788 WwanSvc - ok
23:01:18.0837 5788 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
23:01:18.0852 5788 yukonw7 - ok
23:01:18.0946 5788 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
23:01:18.0962 5788 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
23:01:19.0024 5788 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:01:19.0445 5788 \Device\Harddisk0\DR0 - ok
23:01:19.0523 5788 Boot (0x1200) (e7d520ac42f006b606fa67a86d2be6f8) \Device\Harddisk0\DR0\Partition0
23:01:19.0523 5788 \Device\Harddisk0\DR0\Partition0 - ok
23:01:19.0539 5788 Boot (0x1200) (56fa77c83aeba4f71aa4625cd2924dd6) \Device\Harddisk0\DR0\Partition1
23:01:19.0539 5788 \Device\Harddisk0\DR0\Partition1 - ok
23:01:19.0539 5788 ============================================================
23:01:19.0539 5788 Scan finished
23:01:19.0539 5788 ============================================================
23:01:19.0554 3784 Detected object count: 0
23:01:19.0554 3784 Actual detected object count: 0


-----------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-22 23:03:10
-----------------------------
23:03:10.364 OS Version: Windows x64 6.1.7601 Service Pack 1
23:03:10.364 Number of processors: 2 586 0x170A
23:03:10.364 ComputerName: ADAM-PC UserName: Adam
23:03:12.594 Initialize success
23:05:23.542 AVAST engine defs: 12052201
23:05:52.854 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:05:52.870 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
23:05:52.885 Disk 0 MBR read successfully
23:05:52.885 Disk 0 MBR scan
23:05:52.901 Disk 0 Windows 7 default MBR code
23:05:52.901 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
23:05:52.932 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
23:05:52.948 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
23:05:52.979 Disk 0 scanning C:\Windows\system32\drivers
23:06:08.360 Service scanning
23:07:00.761 Modules scanning
23:07:00.761 Disk 0 trace - called modules:
23:07:00.808 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:07:00.839 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80043906b0]
23:07:00.839 3 CLASSPNP.SYS[fffff88001bd043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040e9050]
23:07:01.962 AVAST engine scan C:\Windows
23:07:06.003 AVAST engine scan C:\Windows\system32
23:10:59.067 AVAST engine scan C:\Windows\system32\drivers
23:11:17.475 AVAST engine scan C:\Users\Adam
23:37:14.217 AVAST engine scan C:\ProgramData
23:50:18.790 Scan finished successfully
00:26:39.360 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Desktop\MBR.dat"
00:26:39.438 The log file has been saved successfully to "C:\Users\Adam\Desktop\aswMBR.txt"


==================================

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 22 May 2012 - 07:03 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 24 May 2012 - 11:36 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 zebadee

zebadee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 25 May 2012 - 05:08 PM

Hi Gringo, I didn't have time before now to carry on.

I'm running the script as instructed (on my laptop, not on this one).

It keeps popping up the following message panel:

"Windows cannot find 'NIRKMD'. Make sure you typed the name correctly, and then try again." <OK>

I press the <OK> button and it carries on.

It has just finished now & is producing a Log report - once it has finished I'll send it from that machine..

Adam

#9 zebadee

zebadee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 25 May 2012 - 05:18 PM

OK. I'm back on my laptop. COmbofix has finished. Log is below.

I googled the NIRKMD & found at post that suggest it was something to do with McAfee running still...

I did forget to disable real-time scanning before starting combofix. But got a panel up telling me McAfee was still running, and that I should disable it & then press OK to continue. Which I did. So McAfee wasn't running while COmbofix was scanning.

By the way - I still have the situation with 2 copies of iexplore.exe starting themselves & running in background.

---------------------------------------------


ComboFix 12-05-22.02 - Adam 25/05/2012 22:46:14.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4056.2848 [GMT 1:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
Command switches used :: c:\users\Adam\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-25 22:05 . 2012-05-25 22:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-13 16:10 . 2012-05-13 16:10 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2012-05-13 16:10 . 2012-05-13 16:10 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-05-13 16:09 . 2012-05-13 16:09 150696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-05-13 16:09 . 2012-05-13 16:09 129144 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-05-13 16:09 . 2012-05-13 16:10 -------- d-----w- c:\program files (x86)\Real
2012-05-12 19:23 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 19:23 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 19:23 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 19:23 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 19:23 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 19:23 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 19:22 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 19:22 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 19:22 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 19:22 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 19:22 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 19:22 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 19:22 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 22:15 . 2012-05-11 22:15 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-11 22:15 . 2012-05-11 22:15 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-11 22:10 . 2012-05-11 22:11 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-04-30 12:21 . 2012-03-20 12:06 29272 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
2012-04-28 08:13 . 2012-04-28 08:13 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-27 16:04 . 2012-05-05 13:04 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-26 23:48 . 2012-05-05 13:04 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 16:09 . 2009-09-02 16:21 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-13 16:09 . 2009-09-02 16:21 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-05 13:04 . 2011-05-15 13:18 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 07:41 . 2011-10-11 21:55 101360 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-04-28 08:13 . 2010-05-06 16:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-01 06:46 . 2012-04-13 21:02 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-13 21:02 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-13 21:02 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-13 21:02 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-13 21:02 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-13 21:02 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 21:02 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-13 21:06 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-13 21:05 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-13 21:06 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-13 21:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-13 21:06 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-13 21:06 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 21:05 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-13 21:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-22_21.29.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-22 20:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-23 19:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-22 20:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-23 19:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-22 20:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-23 19:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-20 14:59 . 2012-05-23 19:26 62666 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-23 19:26 50926 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-20 14:46 . 2012-05-23 19:26 23398 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1559965601-3645301527-1855661932-1000_UserData.bin
- 2009-11-20 14:46 . 2012-05-22 21:01 23398 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1559965601-3645301527-1855661932-1000_UserData.bin
- 2009-11-20 14:09 . 2012-05-22 21:09 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-20 14:09 . 2012-05-25 21:18 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-20 14:09 . 2012-05-22 21:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-20 14:09 . 2012-05-25 21:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-25 21:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-22 21:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-22 20:58 . 2012-05-22 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-23 19:24 . 2012-05-23 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-23 19:24 . 2012-05-23 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-22 20:58 . 2012-05-22 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-23 08:40 . 2012-05-25 01:59 287342 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-05-24 21:21 628874 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-22 21:04 628874 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-22 21:04 111026 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-24 21:21 111026 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-05-23 19:23 276976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-21 23:34 276976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-03-23 17:29 . 2012-05-23 19:23 38564444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1559965601-3645301527-1855661932-1000-8192.dat
+ 2011-05-15 13:14 . 2012-05-23 19:23 17801844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1559965601-3645301527-1855661932-1000-4096.dat
- 2011-05-15 13:14 . 2012-05-18 21:15 17801844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1559965601-3645301527-1855661932-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"adiras"="c:\windows\adirasx64.exe" [2007-02-13 253008]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-06-01 320512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-05-13 296056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-11 559616]
.
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Met Office Desktop Widget.lnk - c:\program files (x86)\Met Office Desktop Widget\Met Office Desktop Widget.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 ELOADER;General Purpose USB Driver (adildrx64.sys);c:\windows\system32\Drivers\adildrx64.sys [2007-02-07 58264]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-04 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-04 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-17 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-05-04 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-05-04 297008]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/11/20 15:07];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-06-24 20:19 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-05-04 976696]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-07-16 648432]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [x]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 13:04]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-04 23:35]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-04 23:35]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1559965601-3645301527-1855661932-1000Core.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16 20:28]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1559965601-3645301527-1855661932-1000UA.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16 20:28]
.
2012-05-25 c:\windows\Tasks\vtscheduletask.job
- c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2011-06-01 13:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"adiras"="adiras.exe" [2007-02-13 194128]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 2314120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2009-03-09 374]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://uk.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\39nctjgr.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-25 23:11:43
ComboFix-quarantined-files.txt 2012-05-25 22:11
ComboFix2.txt 2012-05-22 21:32
.
Pre-Run: 118,064,705,536 bytes free
Post-Run: 118,126,256,128 bytes free
.
- - End Of File - - 64BAF59057DCDE965929AB8088DFCE52

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 25 May 2012 - 05:50 PM

Greetings

I still have the situation with 2 copies of iexplore.exe starting themselves & running in background.
Is this after you start IE or they are starting by themselves


Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 31 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 zebadee

zebadee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 27 May 2012 - 02:30 PM

In response to your question - the 2 instances of IEXPLORE.EXE start themselves (I never use internet explorer).

Am about to start the next set of steps now. Will post the log files when I've finished.

Adam

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 27 May 2012 - 03:46 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 zebadee

zebadee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 27 May 2012 - 03:57 PM

Hi I got as far as where you said to run MBAM again, but I haven't run before... Can you send a link to the download?

thanks

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 27 May 2012 - 04:19 PM

sorry thought I seen it installed

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 zebadee

zebadee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 29 May 2012 - 05:46 PM

MBAM detected nothing. Logfile:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.29.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Adam :: ADAM-PC [administrator]

Protection: Enabled

29/05/2012 23:11:06
mbam-log-2012-05-29 (23-11-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208087
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




-----------------------
Here is output from HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:43:35, on 29/05/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\tsnp2uvc.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120430132149.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [adiras] C:\Windows\adirasx64.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Met Office Desktop Widget.lnk = C:\Program Files (x86)\Met Office Desktop Widget\Met Office Desktop Widget.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_Win32.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Unknown owner - C:\Program Files\Dell\DellDock\DockLogin.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13044 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users