Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engines Keep on Redirecting to different Link


  • This topic is locked This topic is locked
17 replies to this topic

#1 pollobeast

pollobeast

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 21 May 2012 - 11:19 PM

For the past few days now Google has kept on redirecting me to different sites. I tried Yahoo search, but the same results. When I click on a link provided for me, sometimes it will redirect me to a different site. These sites are sometimes blocked by the McAfee filter. But other times it is an advertisement to some kind of product. I tried using the TDSS rootkit removing tool from Kaspersky Lab ZAO, but it didn't help. I scanned my computer with Malwarebytes Anti-Malware trial version, but it still did not solve the problem. I do not know what to do. Here are my DDS.txt reports:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by mac at 20:07:34 on 2012-05-21
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3032.1565 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\mac\AppData\Local\Akamai\netsession_win.exe
C:\Users\mac\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\rundll32.exe
C:\Users\mac\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://lenovo.live.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120510174205.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime (drop down deals)\YontooIEClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Akamai NetSession Interface] "c:\users\mac\appdata\local\akamai\netsession_win.exe"
uRun: [Spotify Web Helper] "c:\users\mac\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [Roxio] rundll32.exe "c:\users\mac\appdata\local\spotify\roxio\epojjz.dll",DllRegisterServer
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [PMHandler] c:\progra~1\lenovo\pmdriver\PMHandler.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPWAUDAP] c:\program files\lenovo\hotkey\TpWAudAp.exe
mRun: [SmartAudio] c:\program files\conexant\smartaudio\SMAUDIO.EXE /c
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe"
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{E68A85F8-8AEA-40E0-8444-CCA37B84C76A} : DhcpNameServer = 192.168.254.254 192.168.254.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ACGina
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mac\appdata\roaming\mozilla\firefox\profiles\7tita1ia.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\mac\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 464304]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-3-19 64912]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-1-10 169608]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-3-19 54776]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 FNF5SVC;Fn+F5 Service;c:\program files\lenovo\hotkey\FnF5svc.exe [2008-9-10 54560]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-19 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-19 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-19 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-19 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-19 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-19 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-19 151880]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-19 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-24 183808]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-19 57600]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2011-3-19 112128]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-3-19 97536]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-19 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-19 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-19 340920]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
R4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-21 654408]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2011-3-19 48192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-19 135664]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-4-25 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-4-25 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-4-25 166384]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-15 257696]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-3-23 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-19 135664]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-19 87656]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-11-22 97552]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-4-25 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-9-22 370024]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-05-22 00:50:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-21 21:01:27 -------- d-----w- c:\users\mac\appdata\roaming\Malwarebytes
2012-05-21 21:00:59 -------- d-----w- c:\programdata\Malwarebytes
2012-05-21 21:00:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-18 19:48:58 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0841c99d-f991-4508-9059-7c31ab94d1d5}\mpengine.dll
2012-05-16 03:51:16 -------- d-----w- c:\program files\Audacity
2012-05-12 03:45:26 -------- d-----w- C:\I
2012-05-11 00:41:52 29272 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
2012-05-10 22:54:05 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 22:54:01 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-02 00:45:32 -------- d-----w- c:\program files\CCleaner
2012-04-26 01:46:14 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-26 01:46:10 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-26 01:46:10 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-05 15:53:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 15:53:10 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-20 20:11:32 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-01 14:46:01 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-01 14:46:01 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:08:47 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-29 13:44:50 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-29 13:41:40 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 17:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 20:29:46 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 20:29:46 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 20:29:46 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 20:29:46 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 20:29:46 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 20:29:46 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 20:29:46 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 20:29:46 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 20:29:46 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 20:29:46 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
============= FINISH: 20:10:00.88 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:03 PM

Posted 21 May 2012 - 11:36 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 pollobeast

pollobeast
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 22 May 2012 - 02:34 PM

Here is my checkup.txt:

Results of screen317's Security Check version 0.99.34
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee Total Protection
McAfee Online Backup
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
CCleaner
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
McAfee Online Backup MOBKbackup.exe
``````````End of Log````````````

Here is my log from combofix:

ComboFix 12-05-22.02 - mac 05/22/2012 12:03:07.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3032.1896 [GMT -7:00]
Running from: c:\users\mac\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\a
C:\i
C:\prefs.js
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\mac\AppData\Local\Spotify\Roxio\epojjz.dll
c:\windows\system32\devil.dll
c:\windows\system32\Thumbs.db
Q:\Autorun.inf
S:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 19:12 . 2012-05-22 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-22 00:50 . 2012-05-22 00:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-21 21:01 . 2012-05-21 21:01 -------- d-----w- c:\users\mac\AppData\Roaming\Malwarebytes
2012-05-21 21:00 . 2012-05-21 21:00 -------- d-----w- c:\programdata\Malwarebytes
2012-05-16 03:53 . 2012-05-17 05:50 -------- d-----w- c:\users\mac\AppData\Roaming\Audacity
2012-05-16 03:51 . 2012-05-16 03:51 -------- d-----w- c:\program files\Audacity
2012-05-11 00:41 . 2012-03-20 20:06 29272 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2012-05-10 22:54 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 22:54 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-02 00:45 . 2012-05-02 00:45 -------- d-----w- c:\program files\CCleaner
2012-04-26 01:46 . 2012-04-26 01:46 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-26 01:46 . 2012-04-26 01:46 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 01:46 . 2012-04-26 01:46 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 16:40 . 2012-05-22 17:41 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C6526A4-1469-458F-B534-AC1C7A152BE9}\mpengine.dll
2012-05-05 15:53 . 2012-04-15 22:58 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 15:53 . 2011-07-20 20:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-20 20:11 . 2011-03-20 00:35 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-02-29 15:11 . 2012-04-11 01:38 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-11 01:38 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-11 01:38 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-11 01:38 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-11 01:39 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-11 01:39 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 01:39 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-11 01:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 17:18 . 2011-03-20 01:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 20:29 . 2012-01-11 00:30 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 20:29 . 2011-03-20 01:01 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 20:29 . 2011-03-20 01:00 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 20:29 . 2011-03-20 01:00 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 20:29 . 2011-03-20 01:00 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 20:29 . 2011-03-20 01:00 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 20:29 . 2011-03-20 01:00 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 20:29 . 2011-03-20 01:00 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 20:29 . 2010-10-14 05:28 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 20:29 . 2010-10-14 05:28 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-04-26 01:46 . 2011-11-11 03:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 21:01 . 2011-03-21 23:54 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 03:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 03:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 03:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-20 39408]
"Akamai NetSession Interface"="c:\users\mac\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 3331872]
"Spotify Web Helper"="c:\users\mac\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-05 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMHandler"="c:\progra~1\Lenovo\PMDriver\PMHandler.exe" [2008-09-23 83240]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2008-12-20 449088]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-07 431392]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-08-07 148768]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 15:53]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-20 03:40]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-20 03:40]
.
2012-04-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
FF - ProfilePath - c:\users\mac\AppData\Roaming\Mozilla\Firefox\Profiles\7tita1ia.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
HKCU-Run-Roxio - c:\users\mac\AppData\Local\Spotify\Roxio\epojjz.dll
SafeBoot-15672670.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-22 12:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4800)
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LENOVO\HOTKEY\FNF5SVC.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\mfevtps.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\McAfee Online Backup\MOBKbackup.exe
c:\program files\McAfee Online Backup\MOBKbackup.exe
c:\windows\system32\vssvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2012-05-22 12:23:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-22 19:23
.
Pre-Run: 157,338,062,848 bytes free
Post-Run: 157,040,046,080 bytes free
.
- - End Of File - - AB33816BACBFC4930872052650098A5D


I still have the redirecting problem when I search in Google, and Yahoo Search.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:03 PM

Posted 22 May 2012 - 03:07 PM

Greetings pollobeast

I would like to know which browsers are redirecting please verify all that are installed.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 pollobeast

pollobeast
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 22 May 2012 - 04:24 PM

Hello,

Thanks for all your help. I'm using Firefox, but I also have internet explorer. I think the search engines have stopped redirecting me. When I used the ComboFix, I disabled my antivirus stuff. But now I try to turn back on Windows Defender, but it won't let me get into it. There is a error windows that says: "Application failed to initialize: 0x800106ba. A problem caused this program's service to stop. To start the service, restart your computer or search Help and Support for how to start a service manually. But I do not know if the problem is because of ComboFix. But anyways, here are my aswMBR report:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-22 13:42:32
-----------------------------
13:42:32.307 OS Version: Windows 6.0.6002 Service Pack 2
13:42:32.307 Number of processors: 2 586 0x170A
13:42:32.307 ComputerName: TATFAMILY UserName: mac
13:43:03.494 Initialize success
13:51:23.291 AVAST engine defs: 12052201
13:54:45.654 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:54:45.654 Disk 0 Vendor: FUJITSU_MHZ2250BH_G1 0084000B Size: 238475MB BusType: 3
13:54:45.701 Disk 0 MBR read successfully
13:54:45.701 Disk 0 MBR scan
13:54:45.701 Disk 0 unknown MBR code
13:54:45.716 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048
13:54:45.732 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 216973 MB offset 3074048
13:54:45.779 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20000 MB offset 447434752
13:54:45.794 Disk 0 scanning sectors +488395120
13:54:45.857 Disk 0 scanning C:\Windows\system32\drivers
13:55:00.022 Service scanning
13:55:43.203 Modules scanning
13:56:07.898 Disk 0 trace - called modules:
13:56:08.429 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
13:56:08.444 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86415298]
13:56:08.444 3 CLASSPNP.SYS[833a98b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85cf8390]
13:56:10.145 AVAST engine scan C:\Windows
13:56:26.821 AVAST engine scan C:\Windows\system32
14:04:10.337 AVAST engine scan C:\Windows\system32\drivers
14:04:35.548 AVAST engine scan C:\Users\mac
14:13:55.730 Disk 0 MBR has been saved successfully to "C:\Users\mac\Desktop\MBR.dat"
14:13:55.746 The log file has been saved successfully to "C:\Users\mac\Desktop\aswMBR.txt"

and here is my TDSS Report:
13:39:12.0204 2296 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
13:39:14.0248 2296 ============================================================
13:39:14.0248 2296 Current date / time: 2012/05/22 13:39:14.0248
13:39:14.0248 2296 SystemInfo:
13:39:14.0248 2296
13:39:14.0248 2296 OS Version: 6.0.6002 ServicePack: 2.0
13:39:14.0248 2296 Product type: Workstation
13:39:14.0248 2296 ComputerName: TATFAMILY
13:39:14.0248 2296 UserName: mac
13:39:14.0248 2296 Windows directory: C:\Windows
13:39:14.0248 2296 System windows directory: C:\Windows
13:39:14.0248 2296 Processor architecture: Intel x86
13:39:14.0248 2296 Number of processors: 2
13:39:14.0248 2296 Page size: 0x1000
13:39:14.0248 2296 Boot type: Normal boot
13:39:14.0248 2296 ============================================================
13:39:16.0182 2296 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:39:16.0182 2296 ============================================================
13:39:16.0182 2296 \Device\Harddisk0\DR0:
13:39:16.0182 2296 MBR partitions:
13:39:16.0182 2296 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
13:39:16.0182 2296 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1A7C6800
13:39:16.0182 2296 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1AAB5000, BlocksNum 0x2710170
13:39:16.0182 2296 ============================================================
13:39:16.0229 2296 C: <-> \Device\Harddisk0\DR0\Partition1
13:39:16.0260 2296 S: <-> \Device\Harddisk0\DR0\Partition0
13:39:16.0338 2296 Q: <-> \Device\Harddisk0\DR0\Partition2
13:39:16.0338 2296 ============================================================
13:39:16.0338 2296 Initialize success
13:39:16.0338 2296 ============================================================
13:39:40.0128 4340 ============================================================
13:39:40.0128 4340 Scan started
13:39:40.0128 4340 Mode: Manual;
13:39:40.0128 4340 ============================================================
13:39:41.0127 4340 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:39:41.0127 4340 ACPI - ok
13:39:41.0251 4340 AcPrfMgrSvc (a125765807a56b6323635cddc5ef0770) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
13:39:41.0314 4340 AcPrfMgrSvc - ok
13:39:41.0361 4340 AcSvc (977457d42bc46e46d1fea8d375685de9) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
13:39:41.0423 4340 AcSvc - ok
13:39:41.0517 4340 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:39:41.0579 4340 AdobeARMservice - ok
13:39:41.0688 4340 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:39:41.0688 4340 AdobeFlashPlayerUpdateSvc - ok
13:39:41.0797 4340 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:39:41.0813 4340 adp94xx - ok
13:39:41.0875 4340 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:39:41.0891 4340 adpahci - ok
13:39:41.0922 4340 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:39:41.0922 4340 adpu160m - ok
13:39:41.0953 4340 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:39:41.0969 4340 adpu320 - ok
13:39:42.0031 4340 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:39:42.0031 4340 AeLookupSvc - ok
13:39:42.0141 4340 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:39:42.0375 4340 AFD - ok
13:39:42.0437 4340 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:39:42.0437 4340 agp440 - ok
13:39:42.0499 4340 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:39:42.0515 4340 aic78xx - ok
13:39:42.0546 4340 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:39:42.0546 4340 ALG - ok
13:39:42.0593 4340 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:39:42.0593 4340 aliide - ok
13:39:42.0609 4340 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:39:42.0609 4340 amdagp - ok
13:39:42.0624 4340 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:39:42.0640 4340 amdide - ok
13:39:42.0655 4340 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:39:42.0655 4340 AmdK7 - ok
13:39:42.0671 4340 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:39:42.0671 4340 AmdK8 - ok
13:39:42.0687 4340 ApfiltrService - ok
13:39:42.0733 4340 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:39:42.0733 4340 Appinfo - ok
13:39:42.0843 4340 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:39:42.0889 4340 Apple Mobile Device - ok
13:39:42.0999 4340 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
13:39:42.0999 4340 AppMgmt - ok
13:39:43.0045 4340 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:39:43.0045 4340 arc - ok
13:39:43.0092 4340 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:39:43.0092 4340 arcsas - ok
13:39:43.0248 4340 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:39:43.0311 4340 aspnet_state - ok
13:39:43.0373 4340 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:39:43.0373 4340 AsyncMac - ok
13:39:43.0404 4340 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:39:43.0420 4340 atapi - ok
13:39:43.0467 4340 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:39:43.0482 4340 AudioEndpointBuilder - ok
13:39:43.0482 4340 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:39:43.0482 4340 Audiosrv - ok
13:39:43.0576 4340 b57nd60x (f17463eddb3b6a988f939ff403e067c3) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:39:43.0623 4340 b57nd60x - ok
13:39:43.0701 4340 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:39:43.0701 4340 Beep - ok
13:39:43.0779 4340 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
13:39:43.0810 4340 BFE - ok
13:39:43.0950 4340 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
13:39:43.0966 4340 BITS - ok
13:39:44.0028 4340 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:39:44.0028 4340 blbdrive - ok
13:39:44.0262 4340 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:39:44.0340 4340 Bonjour Service - ok
13:39:44.0371 4340 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:39:44.0449 4340 bowser - ok
13:39:44.0496 4340 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:39:44.0496 4340 BrFiltLo - ok
13:39:44.0512 4340 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:39:44.0512 4340 BrFiltUp - ok
13:39:44.0543 4340 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:39:44.0559 4340 Browser - ok
13:39:44.0605 4340 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:39:44.0605 4340 Brserid - ok
13:39:44.0621 4340 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:39:44.0621 4340 BrSerWdm - ok
13:39:44.0621 4340 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:39:44.0637 4340 BrUsbMdm - ok
13:39:44.0637 4340 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:39:44.0652 4340 BrUsbSer - ok
13:39:44.0652 4340 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:39:44.0668 4340 BTHMODEM - ok
13:39:44.0839 4340 Cam5607 (631783a00f11ea25abf597c9c33053d0) C:\Windows\system32\Drivers\BisonC07.sys
13:39:44.0964 4340 Cam5607 - ok
13:39:45.0058 4340 catchme - ok
13:39:45.0245 4340 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:39:45.0245 4340 cdfs - ok
13:39:45.0307 4340 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:39:45.0323 4340 cdrom - ok
13:39:45.0385 4340 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:39:45.0385 4340 CertPropSvc - ok
13:39:45.0463 4340 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys
13:39:45.0526 4340 cfwids - ok
13:39:45.0557 4340 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:39:45.0557 4340 circlass - ok
13:39:45.0619 4340 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:39:45.0635 4340 CLFS - ok
13:39:45.0697 4340 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:39:45.0713 4340 clr_optimization_v2.0.50727_32 - ok
13:39:45.0775 4340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:39:45.0838 4340 clr_optimization_v4.0.30319_32 - ok
13:39:45.0900 4340 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:39:45.0900 4340 CmBatt - ok
13:39:45.0900 4340 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:39:45.0916 4340 cmdide - ok
13:39:45.0994 4340 CnxtHdAudService (8b7a0ce6613f991359ff95212900396c) C:\Windows\system32\drivers\CHDRT32.sys
13:39:46.0103 4340 CnxtHdAudService - ok
13:39:46.0103 4340 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:39:46.0103 4340 Compbatt - ok
13:39:46.0119 4340 COMSysApp - ok
13:39:46.0119 4340 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:39:46.0134 4340 crcdisk - ok
13:39:46.0197 4340 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:39:46.0212 4340 Crusoe - ok
13:39:46.0275 4340 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
13:39:46.0290 4340 CryptSvc - ok
13:39:46.0368 4340 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
13:39:46.0384 4340 CSC - ok
13:39:46.0462 4340 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
13:39:46.0477 4340 CscService - ok
13:39:46.0587 4340 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:39:46.0602 4340 DcomLaunch - ok
13:39:46.0696 4340 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:39:46.0743 4340 DfsC - ok
13:39:46.0977 4340 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:39:47.0023 4340 DFSR - ok
13:39:47.0242 4340 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:39:47.0242 4340 Dhcp - ok
13:39:47.0335 4340 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:39:47.0335 4340 disk - ok
13:39:47.0413 4340 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
13:39:47.0507 4340 DLABMFSM - ok
13:39:47.0569 4340 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
13:39:47.0663 4340 DLABOIOM - ok
13:39:47.0741 4340 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
13:39:47.0835 4340 DLACDBHM - ok
13:39:47.0850 4340 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
13:39:47.0928 4340 DLADResM - ok
13:39:47.0944 4340 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
13:39:48.0022 4340 DLAIFS_M - ok
13:39:48.0037 4340 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
13:39:48.0115 4340 DLAOPIOM - ok
13:39:48.0131 4340 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
13:39:48.0193 4340 DLAPoolM - ok
13:39:48.0225 4340 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
13:39:48.0303 4340 DLARTL_M - ok
13:39:48.0318 4340 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
13:39:48.0396 4340 DLAUDFAM - ok
13:39:48.0427 4340 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
13:39:48.0505 4340 DLAUDF_M - ok
13:39:48.0583 4340 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:39:48.0630 4340 Dnscache - ok
13:39:48.0677 4340 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:39:48.0693 4340 dot3svc - ok
13:39:48.0755 4340 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:39:48.0771 4340 DPS - ok
13:39:48.0833 4340 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:39:48.0833 4340 drmkaud - ok
13:39:48.0849 4340 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
13:39:48.0927 4340 DRVMCDB - ok
13:39:48.0927 4340 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
13:39:48.0989 4340 DRVNDDM - ok
13:39:49.0083 4340 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:39:49.0083 4340 DXGKrnl - ok
13:39:49.0161 4340 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
13:39:49.0161 4340 e1express - ok
13:39:49.0192 4340 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:39:49.0207 4340 E1G60 - ok
13:39:49.0239 4340 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:39:49.0239 4340 EapHost - ok
13:39:49.0301 4340 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:39:49.0317 4340 Ecache - ok
13:39:49.0379 4340 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:39:49.0395 4340 elxstor - ok
13:39:49.0488 4340 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:39:49.0519 4340 EMDMgmt - ok
13:39:49.0566 4340 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:39:49.0566 4340 ErrDev - ok
13:39:49.0613 4340 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:39:49.0613 4340 EventSystem - ok
13:39:49.0675 4340 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:39:49.0675 4340 exfat - ok
13:39:49.0738 4340 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:39:49.0738 4340 fastfat - ok
13:39:49.0831 4340 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
13:39:49.0847 4340 Fax - ok
13:39:49.0878 4340 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:39:49.0878 4340 fdc - ok
13:39:49.0909 4340 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:39:49.0909 4340 fdPHost - ok
13:39:49.0925 4340 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:39:49.0925 4340 FDResPub - ok
13:39:49.0941 4340 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:39:49.0956 4340 FileInfo - ok
13:39:49.0987 4340 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:39:49.0987 4340 Filetrace - ok
13:39:50.0003 4340 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:39:50.0003 4340 flpydisk - ok
13:39:50.0050 4340 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:39:50.0050 4340 FltMgr - ok
13:39:50.0143 4340 FNF5SVC (c4c9a48c3339b6335f8f0db1f47bb668) C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
13:39:50.0206 4340 FNF5SVC - ok
13:39:50.0362 4340 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:39:50.0424 4340 FontCache - ok
13:39:50.0502 4340 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:39:50.0502 4340 FontCache3.0.0.0 - ok
13:39:50.0596 4340 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
13:39:50.0705 4340 fssfltr - ok
13:39:50.0908 4340 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
13:39:51.0064 4340 fsssvc - ok
13:39:51.0267 4340 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:39:51.0329 4340 Fs_Rec - ok
13:39:51.0376 4340 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:39:51.0391 4340 gagp30kx - ok
13:39:51.0438 4340 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:39:51.0501 4340 GEARAspiWDM - ok
13:39:51.0594 4340 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:39:51.0610 4340 gpsvc - ok
13:39:51.0735 4340 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
13:39:51.0828 4340 gupdate - ok
13:39:51.0844 4340 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
13:39:51.0844 4340 gupdatem - ok
13:39:51.0906 4340 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:39:51.0984 4340 gusvc - ok
13:39:52.0062 4340 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:39:52.0062 4340 HdAudAddService - ok
13:39:52.0171 4340 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:39:52.0171 4340 HDAudBus - ok
13:39:52.0187 4340 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:39:52.0187 4340 HidBth - ok
13:39:52.0218 4340 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:39:52.0218 4340 HidIr - ok
13:39:52.0281 4340 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
13:39:52.0281 4340 hidserv - ok
13:39:52.0327 4340 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:39:52.0343 4340 HidUsb - ok
13:39:52.0405 4340 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:39:52.0405 4340 hkmsvc - ok
13:39:52.0437 4340 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:39:52.0437 4340 HpCISSs - ok
13:39:52.0515 4340 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:39:52.0515 4340 HSFHWAZL - ok
13:39:52.0655 4340 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:39:52.0795 4340 HSF_DPV - ok
13:39:52.0873 4340 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:39:53.0014 4340 HSXHWAZL - ok
13:39:53.0107 4340 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:39:53.0123 4340 HTTP - ok
13:39:53.0170 4340 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:39:53.0170 4340 i2omp - ok
13:39:53.0217 4340 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:39:53.0232 4340 i8042prt - ok
13:39:53.0295 4340 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:39:53.0295 4340 iaStorV - ok
13:39:53.0482 4340 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:39:53.0497 4340 idsvc - ok
13:39:55.0791 4340 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:39:55.0915 4340 igfx - ok
13:39:56.0337 4340 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:39:56.0352 4340 iirsp - ok
13:39:56.0477 4340 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:39:56.0477 4340 IKEEXT - ok
13:39:56.0571 4340 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
13:39:56.0680 4340 IntcHdmiAddService - ok
13:39:56.0773 4340 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:39:56.0773 4340 intelide - ok
13:39:56.0805 4340 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:39:56.0820 4340 intelppm - ok
13:39:56.0883 4340 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:39:56.0883 4340 IPBusEnum - ok
13:39:56.0898 4340 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:39:56.0898 4340 IpFilterDriver - ok
13:39:56.0976 4340 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
13:39:56.0992 4340 iphlpsvc - ok
13:39:56.0992 4340 IpInIp - ok
13:39:57.0039 4340 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:39:57.0039 4340 IPMIDRV - ok
13:39:57.0054 4340 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:39:57.0070 4340 IPNAT - ok
13:39:57.0241 4340 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
13:39:57.0335 4340 iPod Service - ok
13:39:57.0335 4340 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:39:57.0351 4340 IRENUM - ok
13:39:57.0382 4340 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:39:57.0382 4340 isapnp - ok
13:39:57.0444 4340 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:39:57.0444 4340 iScsiPrt - ok
13:39:57.0460 4340 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:39:57.0475 4340 iteatapi - ok
13:39:57.0475 4340 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:39:57.0491 4340 iteraid - ok
13:39:57.0553 4340 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
13:39:57.0616 4340 IviRegMgr - ok
13:39:57.0678 4340 JMCR (a69a1b991824b98f744913555f665893) C:\Windows\system32\DRIVERS\jmcr.sys
13:39:57.0741 4340 JMCR - ok
13:39:57.0787 4340 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:39:57.0787 4340 kbdclass - ok
13:39:57.0819 4340 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:39:57.0834 4340 kbdhid - ok
13:39:57.0865 4340 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:39:57.0912 4340 KeyIso - ok
13:39:57.0975 4340 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:39:58.0084 4340 KSecDD - ok
13:39:58.0224 4340 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:39:58.0240 4340 KtmRm - ok
13:39:58.0318 4340 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
13:39:58.0380 4340 LanmanServer - ok
13:39:58.0443 4340 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:39:58.0458 4340 LanmanWorkstation - ok
13:39:58.0552 4340 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
13:39:58.0645 4340 lenovo.smi - ok
13:39:58.0692 4340 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:39:58.0692 4340 lltdio - ok
13:39:58.0755 4340 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:39:58.0755 4340 lltdsvc - ok
13:39:58.0786 4340 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:39:58.0786 4340 lmhosts - ok
13:39:58.0817 4340 LPCFilter (31f74d5d47eea83e5e89447586917774) C:\Windows\system32\DRIVERS\LPCFilter.sys
13:39:58.0864 4340 LPCFilter - ok
13:39:58.0911 4340 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:39:58.0911 4340 LSI_FC - ok
13:39:58.0926 4340 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:39:58.0942 4340 LSI_SAS - ok
13:39:59.0020 4340 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:39:59.0020 4340 LSI_SCSI - ok
13:39:59.0035 4340 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:39:59.0035 4340 luafv - ok
13:39:59.0129 4340 McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:39:59.0145 4340 McAfee SiteAdvisor Service - ok
13:39:59.0145 4340 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:39:59.0145 4340 McMPFSvc - ok
13:39:59.0145 4340 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:39:59.0145 4340 mcmscsvc - ok
13:39:59.0160 4340 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:39:59.0160 4340 McNaiAnn - ok
13:39:59.0207 4340 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:39:59.0207 4340 McNASvc - ok
13:39:59.0379 4340 McODS (42117cbc4849a5cf11129912dabbdeca) C:\Program Files\McAfee\VirusScan\mcods.exe
13:39:59.0457 4340 McODS - ok
13:39:59.0488 4340 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:39:59.0488 4340 McProxy - ok
13:39:59.0535 4340 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
13:39:59.0613 4340 McShield - ok
13:39:59.0644 4340 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:39:59.0659 4340 mdmxsdk - ok
13:39:59.0706 4340 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:39:59.0706 4340 megasas - ok
13:39:59.0769 4340 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:39:59.0784 4340 MegaSR - ok
13:39:59.0831 4340 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys
13:39:59.0847 4340 mfeapfk - ok
13:39:59.0878 4340 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys
13:39:59.0940 4340 mfeavfk - ok
13:39:59.0971 4340 mfeavfk01 - ok
13:40:00.0018 4340 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys
13:40:00.0018 4340 mfebopk - ok
13:40:00.0065 4340 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
13:40:00.0127 4340 mfefire - ok
13:40:00.0174 4340 mfefirek (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys
13:40:00.0252 4340 mfefirek - ok
13:40:00.0346 4340 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys
13:40:00.0486 4340 mfehidk - ok
13:40:00.0517 4340 mfenlfk (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys
13:40:00.0564 4340 mfenlfk - ok
13:40:00.0611 4340 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\Windows\system32\drivers\mferkdet.sys
13:40:00.0673 4340 mferkdet - ok
13:40:00.0720 4340 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Windows\system32\mfevtps.exe
13:40:00.0767 4340 mfevtp - ok
13:40:00.0814 4340 mfewfpk (f284337aedb7483df8a5fa840647e2b0) C:\Windows\system32\drivers\mfewfpk.sys
13:40:00.0876 4340 mfewfpk - ok
13:40:00.0923 4340 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:40:00.0923 4340 MMCSS - ok
13:40:01.0032 4340 MOBKbackup (35176fa09a0fc58db630991a81a0ba39) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
13:40:01.0079 4340 MOBKbackup - ok
13:40:01.0141 4340 MOBKFilter (e896775837a8bce436348df460522394) C:\Windows\system32\DRIVERS\MOBK.sys
13:40:01.0235 4340 MOBKFilter - ok
13:40:01.0282 4340 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:40:01.0282 4340 Modem - ok
13:40:01.0313 4340 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:40:01.0313 4340 monitor - ok
13:40:01.0407 4340 MotioninJoyXFilter (787a5f57812f8b9d76d82c80d077c5ca) C:\Windows\system32\DRIVERS\MijXfilt.sys
13:40:01.0469 4340 MotioninJoyXFilter - ok
13:40:01.0500 4340 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:40:01.0500 4340 mouclass - ok
13:40:01.0531 4340 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:40:01.0531 4340 mouhid - ok
13:40:01.0547 4340 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:40:01.0547 4340 MountMgr - ok
13:40:01.0625 4340 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:40:01.0687 4340 MozillaMaintenance - ok
13:40:01.0750 4340 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:40:01.0750 4340 mpio - ok
13:40:01.0781 4340 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:40:01.0781 4340 mpsdrv - ok
13:40:01.0859 4340 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
13:40:01.0890 4340 MpsSvc - ok
13:40:01.0906 4340 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:40:01.0906 4340 Mraid35x - ok
13:40:01.0937 4340 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:40:01.0953 4340 MRxDAV - ok
13:40:01.0984 4340 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:40:02.0093 4340 mrxsmb - ok
13:40:02.0140 4340 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:40:02.0233 4340 mrxsmb10 - ok
13:40:02.0296 4340 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:40:02.0389 4340 mrxsmb20 - ok
13:40:02.0467 4340 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
13:40:02.0467 4340 msahci - ok
13:40:02.0514 4340 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:40:02.0530 4340 msdsm - ok
13:40:02.0577 4340 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:40:02.0592 4340 MSDTC - ok
13:40:02.0608 4340 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:40:02.0623 4340 Msfs - ok
13:40:02.0670 4340 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:40:02.0670 4340 msisadrv - ok
13:40:02.0717 4340 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:40:02.0717 4340 MSiSCSI - ok
13:40:02.0733 4340 msiserver - ok
13:40:02.0842 4340 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:40:02.0842 4340 MSK80Service - ok
13:40:02.0920 4340 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:40:02.0920 4340 MSKSSRV - ok
13:40:02.0951 4340 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:40:02.0951 4340 MSPCLOCK - ok
13:40:02.0998 4340 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:40:02.0998 4340 MSPQM - ok
13:40:03.0045 4340 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:40:03.0060 4340 MsRPC - ok
13:40:03.0076 4340 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:40:03.0076 4340 mssmbios - ok
13:40:03.0138 4340 MSSQL$SQLEXPRESS - ok
13:40:03.0201 4340 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
13:40:03.0263 4340 MSSQLServerADHelper100 - ok
13:40:03.0279 4340 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:40:03.0279 4340 MSTEE - ok
13:40:03.0310 4340 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:40:03.0310 4340 Mup - ok
13:40:03.0372 4340 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:40:03.0403 4340 napagent - ok
13:40:03.0481 4340 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:40:03.0481 4340 NativeWifiP - ok
13:40:03.0559 4340 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:40:03.0559 4340 NDIS - ok
13:40:03.0606 4340 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:40:03.0606 4340 NdisTapi - ok
13:40:03.0669 4340 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:40:03.0669 4340 Ndisuio - ok
13:40:03.0715 4340 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:40:03.0715 4340 NdisWan - ok
13:40:03.0762 4340 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:40:03.0778 4340 NDProxy - ok
13:40:03.0793 4340 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:40:03.0793 4340 NetBIOS - ok
13:40:03.0871 4340 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:40:03.0887 4340 netbt - ok
13:40:03.0903 4340 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:40:03.0903 4340 Netlogon - ok
13:40:03.0965 4340 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:40:03.0965 4340 Netman - ok
13:40:04.0121 4340 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:40:04.0168 4340 NetMsmqActivator - ok
13:40:04.0183 4340 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:40:04.0199 4340 NetPipeActivator - ok
13:40:04.0246 4340 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:40:04.0246 4340 netprofm - ok
13:40:04.0261 4340 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:40:04.0261 4340 NetTcpActivator - ok
13:40:04.0261 4340 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:40:04.0261 4340 NetTcpPortSharing - ok
13:40:04.0698 4340 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
13:40:04.0823 4340 NETw5v32 - ok
13:40:05.0010 4340 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:40:05.0010 4340 nfrd960 - ok
13:40:05.0073 4340 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:40:05.0073 4340 NlaSvc - ok
13:40:05.0104 4340 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:40:05.0119 4340 Npfs - ok
13:40:05.0135 4340 npggsvc - ok
13:40:05.0166 4340 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:40:05.0182 4340 nsi - ok
13:40:05.0197 4340 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:40:05.0197 4340 nsiproxy - ok
13:40:05.0322 4340 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:40:05.0369 4340 Ntfs - ok
13:40:05.0572 4340 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:40:05.0572 4340 ntrigdigi - ok
13:40:05.0603 4340 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:40:05.0619 4340 Null - ok
13:40:05.0650 4340 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:40:05.0650 4340 nvraid - ok
13:40:05.0665 4340 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:40:05.0665 4340 nvstor - ok
13:40:05.0728 4340 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:40:05.0728 4340 nv_agp - ok
13:40:05.0728 4340 NwlnkFlt - ok
13:40:05.0743 4340 NwlnkFwd - ok
13:40:05.0899 4340 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:40:05.0993 4340 odserv - ok
13:40:06.0009 4340 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
13:40:06.0024 4340 ohci1394 - ok
13:40:06.0087 4340 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:40:06.0133 4340 ose - ok
13:40:06.0274 4340 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:40:06.0289 4340 p2pimsvc - ok
13:40:06.0289 4340 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:40:06.0305 4340 p2psvc - ok
13:40:06.0321 4340 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:40:06.0336 4340 Parport - ok
13:40:06.0367 4340 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
13:40:06.0477 4340 partmgr - ok
13:40:06.0492 4340 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:40:06.0508 4340 Parvdm - ok
13:40:06.0539 4340 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:40:06.0539 4340 PcaSvc - ok
13:40:06.0586 4340 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:40:06.0601 4340 pci - ok
13:40:06.0617 4340 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
13:40:06.0617 4340 pciide - ok
13:40:06.0679 4340 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
13:40:06.0679 4340 pcmcia - ok
13:40:06.0820 4340 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:40:06.0851 4340 PEAUTH - ok
13:40:07.0054 4340 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:40:07.0085 4340 pla - ok
13:40:07.0272 4340 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:40:07.0303 4340 PlugPlay - ok
13:40:07.0381 4340 PnkBstrA (1713d9de407313138118d501b0e3c05b) C:\Windows\system32\PnkBstrA.exe
13:40:07.0459 4340 PnkBstrA - ok
13:40:07.0569 4340 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:40:07.0584 4340 PNRPAutoReg - ok
13:40:07.0584 4340 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:40:07.0600 4340 PNRPsvc - ok
13:40:07.0662 4340 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:40:07.0662 4340 PolicyAgent - ok
13:40:07.0756 4340 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:40:07.0756 4340 PptpMiniport - ok
13:40:07.0787 4340 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:40:07.0787 4340 Processor - ok
13:40:07.0834 4340 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:40:07.0834 4340 ProfSvc - ok
13:40:07.0849 4340 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:40:07.0849 4340 ProtectedStorage - ok
13:40:07.0896 4340 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
13:40:07.0943 4340 psadd - ok
13:40:07.0974 4340 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:40:07.0990 4340 PSched - ok
13:40:08.0021 4340 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
13:40:08.0083 4340 PxHelp20 - ok
13:40:08.0208 4340 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:40:08.0271 4340 ql2300 - ok
13:40:08.0473 4340 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:40:08.0473 4340 ql40xx - ok
13:40:08.0551 4340 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:40:08.0567 4340 QWAVE - ok
13:40:08.0583 4340 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:40:08.0598 4340 QWAVEdrv - ok
13:40:08.0598 4340 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:40:08.0614 4340 RasAcd - ok
13:40:08.0629 4340 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:40:08.0645 4340 RasAuto - ok
13:40:08.0661 4340 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:40:08.0661 4340 Rasl2tp - ok
13:40:08.0723 4340 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:40:08.0739 4340 RasMan - ok
13:40:08.0770 4340 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:40:08.0770 4340 RasPppoe - ok
13:40:08.0848 4340 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:40:08.0848 4340 RasSstp - ok
13:40:08.0926 4340 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:40:08.0941 4340 rdbss - ok
13:40:08.0973 4340 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:40:08.0973 4340 RDPCDD - ok
13:40:09.0035 4340 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
13:40:09.0051 4340 rdpdr - ok
13:40:09.0066 4340 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:40:09.0066 4340 RDPENCDD - ok
13:40:09.0129 4340 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
13:40:09.0238 4340 RDPWD - ok
13:40:09.0300 4340 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:40:09.0316 4340 RemoteAccess - ok
13:40:09.0363 4340 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:40:09.0363 4340 RemoteRegistry - ok
13:40:09.0456 4340 Roxio UPnP Renderer 10 (ada991d7a02130fa78413281a134330b) C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
13:40:09.0597 4340 Roxio UPnP Renderer 10 - ok
13:40:09.0659 4340 Roxio Upnp Server 10 (11f07111105072f81c03a437423e88ee) C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
13:40:09.0815 4340 Roxio Upnp Server 10 - ok
13:40:09.0940 4340 RoxLiveShare10 (7c334636b539fbfa65bd3b6da75b9d30) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
13:40:10.0018 4340 RoxLiveShare10 - ok
13:40:10.0158 4340 RoxMediaDB10 (eb9eeb379848f356797eb9ef31114ca5) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
13:40:10.0299 4340 RoxMediaDB10 - ok
13:40:10.0345 4340 RoxWatch10 (640e33efb13278bedd3699dfa88185e5) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
13:40:10.0408 4340 RoxWatch10 - ok
13:40:10.0548 4340 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:40:10.0564 4340 RpcLocator - ok
13:40:10.0642 4340 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:40:10.0657 4340 RpcSs - ok
13:40:10.0767 4340 RsFx0105 (6a7360e36cbd636972aeef0dd292a946) C:\Windows\system32\DRIVERS\RsFx0105.sys
13:40:10.0891 4340 RsFx0105 - ok
13:40:10.0923 4340 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:40:10.0923 4340 rspndr - ok
13:40:10.0954 4340 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:40:10.0954 4340 SamSs - ok
13:40:10.0985 4340 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:40:10.0985 4340 sbp2port - ok
13:40:11.0032 4340 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:40:11.0047 4340 SCardSvr - ok
13:40:11.0125 4340 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:40:11.0141 4340 Schedule - ok
13:40:11.0172 4340 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:40:11.0172 4340 SCPolicySvc - ok
13:40:11.0203 4340 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
13:40:11.0203 4340 sdbus - ok
13:40:11.0250 4340 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:40:11.0266 4340 SDRSVC - ok
13:40:11.0281 4340 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:40:11.0281 4340 secdrv - ok
13:40:11.0297 4340 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:40:11.0297 4340 seclogon - ok
13:40:11.0328 4340 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
13:40:11.0328 4340 SENS - ok
13:40:11.0359 4340 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:40:11.0375 4340 Serenum - ok
13:40:11.0391 4340 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:40:11.0391 4340 Serial - ok
13:40:11.0406 4340 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:40:11.0422 4340 sermouse - ok
13:40:11.0469 4340 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:40:11.0469 4340 SessionEnv - ok
13:40:11.0500 4340 SessionLauncher - ok
13:40:11.0531 4340 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:40:11.0531 4340 sffdisk - ok
13:40:11.0562 4340 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:40:11.0562 4340 sffp_mmc - ok
13:40:11.0562 4340 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:40:11.0578 4340 sffp_sd - ok
13:40:11.0578 4340 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:40:11.0578 4340 sfloppy - ok
13:40:11.0671 4340 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:40:11.0687 4340 SharedAccess - ok
13:40:11.0734 4340 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:40:11.0796 4340 ShellHWDetection - ok
13:40:11.0827 4340 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:40:11.0827 4340 sisagp - ok
13:40:11.0843 4340 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:40:11.0843 4340 SiSRaid2 - ok
13:40:11.0859 4340 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:40:11.0874 4340 SiSRaid4 - ok
13:40:12.0249 4340 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:40:12.0311 4340 slsvc - ok
13:40:12.0483 4340 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:40:12.0483 4340 SLUINotify - ok
13:40:12.0576 4340 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:40:12.0576 4340 Smb - ok
13:40:12.0623 4340 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:40:12.0623 4340 SNMPTRAP - ok
13:40:12.0654 4340 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:40:12.0654 4340 spldr - ok
13:40:12.0701 4340 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:40:12.0748 4340 Spooler - ok
13:40:12.0888 4340 SQLAgent$SQLEXPRESS (a892134c28777978ecde8283dc57ac0f) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
13:40:12.0966 4340 SQLAgent$SQLEXPRESS - ok
13:40:13.0029 4340 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:40:13.0107 4340 SQLBrowser - ok
13:40:13.0138 4340 SQLWriter (135cdccc167ef0c250125bbd3abe18d5) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:40:13.0216 4340 SQLWriter - ok
13:40:13.0278 4340 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:40:13.0372 4340 srv - ok
13:40:13.0434 4340 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:40:13.0528 4340 srv2 - ok
13:40:13.0575 4340 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:40:13.0621 4340 srvnet - ok
13:40:13.0668 4340 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:40:13.0684 4340 SSDPSRV - ok
13:40:13.0762 4340 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:40:13.0762 4340 SstpSvc - ok
13:40:13.0840 4340 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:40:13.0855 4340 stisvc - ok
13:40:13.0933 4340 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:40:14.0011 4340 stllssvr - ok
13:40:14.0027 4340 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:40:14.0043 4340 swenum - ok
13:40:14.0105 4340 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:40:14.0121 4340 swprv - ok
13:40:14.0167 4340 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:40:14.0167 4340 Symc8xx - ok
13:40:14.0183 4340 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:40:14.0183 4340 Sym_hi - ok
13:40:14.0199 4340 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:40:14.0214 4340 Sym_u3 - ok
13:40:14.0308 4340 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:40:14.0339 4340 SysMain - ok
13:40:14.0370 4340 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:40:14.0386 4340 TabletInputService - ok
13:40:14.0448 4340 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:40:14.0464 4340 TapiSrv - ok
13:40:14.0479 4340 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:40:14.0495 4340 TBS - ok
13:40:14.0620 4340 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
13:40:14.0698 4340 Tcpip - ok
13:40:14.0713 4340 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
13:40:14.0713 4340 Tcpip6 - ok
13:40:14.0760 4340 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:40:14.0760 4340 tcpipreg - ok
13:40:14.0791 4340 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:40:14.0807 4340 TDPIPE - ok
13:40:14.0823 4340 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:40:14.0823 4340 TDTCP - ok
13:40:14.0869 4340 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:40:14.0869 4340 tdx - ok
13:40:14.0916 4340 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:40:14.0916 4340 TermDD - ok
13:40:14.0994 4340 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:40:15.0025 4340 TermService - ok
13:40:15.0088 4340 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:40:15.0088 4340 Themes - ok
13:40:15.0244 4340 ThinkVantage Registry Monitor Service (9626746a9b120d2ed537dd8d76278405) c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
13:40:15.0369 4340 ThinkVantage Registry Monitor Service - ok
13:40:15.0400 4340 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:40:15.0400 4340 THREADORDER - ok
13:40:15.0509 4340 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
13:40:15.0525 4340 TPM - ok
13:40:15.0556 4340 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:40:15.0571 4340 TrkWks - ok
13:40:15.0665 4340 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:40:15.0681 4340 TrustedInstaller - ok
13:40:15.0727 4340 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:40:15.0743 4340 tssecsrv - ok
13:40:15.0790 4340 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:40:15.0790 4340 tunmp - ok
13:40:15.0805 4340 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:40:15.0821 4340 tunnel - ok
13:40:15.0852 4340 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\Windows\system32\DRIVERS\Tvti2c.sys
13:40:15.0946 4340 TVTI2C - ok
13:40:15.0993 4340 tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
13:40:16.0086 4340 tvtumon - ok
13:40:16.0133 4340 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:40:16.0133 4340 uagp35 - ok
13:40:16.0180 4340 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:40:16.0180 4340 udfs - ok
13:40:16.0227 4340 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:40:16.0227 4340 UI0Detect - ok
13:40:16.0258 4340 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:40:16.0273 4340 uliagpkx - ok
13:40:16.0305 4340 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:40:16.0305 4340 uliahci - ok
13:40:16.0320 4340 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:40:16.0336 4340 UlSata - ok
13:40:16.0367 4340 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:40:16.0367 4340 ulsata2 - ok
13:40:16.0398 4340 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:40:16.0398 4340 umbus - ok
13:40:16.0445 4340 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
13:40:16.0461 4340 UmRdpService - ok
13:40:16.0523 4340 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:40:16.0539 4340 upnphost - ok
13:40:16.0601 4340 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
13:40:16.0695 4340 USBAAPL - ok
13:40:16.0741 4340 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:40:16.0741 4340 usbccgp - ok
13:40:16.0773 4340 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:40:16.0788 4340 usbcir - ok
13:40:16.0851 4340 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:40:16.0866 4340 usbehci - ok
13:40:16.0913 4340 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:40:16.0913 4340 usbhub - ok
13:40:16.0944 4340 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:40:16.0960 4340 usbohci - ok
13:40:16.0991 4340 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:40:17.0007 4340 usbprint - ok
13:40:17.0038 4340 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:40:17.0038 4340 USBSTOR - ok
13:40:17.0069 4340 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:40:17.0069 4340 usbuhci - ok
13:40:17.0116 4340 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
13:40:17.0116 4340 usbvideo - ok
13:40:17.0163 4340 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:40:17.0163 4340 UxSms - ok
13:40:17.0241 4340 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:40:17.0256 4340 vds - ok
13:40:17.0334 4340 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:40:17.0334 4340 vga - ok
13:40:17.0350 4340 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:40:17.0365 4340 VgaSave - ok
13:40:17.0381 4340 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:40:17.0397 4340 viaagp - ok
13:40:17.0412 4340 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:40:17.0412 4340 ViaC7 - ok
13:40:17.0443 4340 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:40:17.0443 4340 viaide - ok
13:40:17.0475 4340 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:40:17.0475 4340 volmgr - ok
13:40:17.0537 4340 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:40:17.0553 4340 volmgrx - ok
13:40:17.0584 4340 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:40:17.0599 4340 volsnap - ok
13:40:17.0646 4340 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:40:17.0662 4340 vsmraid - ok
13:40:17.0787 4340 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:40:17.0818 4340 VSS - ok
13:40:17.0865 4340 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:40:17.0880 4340 W32Time - ok
13:40:17.0958 4340 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:40:17.0974 4340 WacomPen - ok
13:40:18.0005 4340 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:40:18.0021 4340 Wanarp - ok
13:40:18.0021 4340 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:40:18.0021 4340 Wanarpv6 - ok
13:40:18.0177 4340 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
13:40:18.0239 4340 wbengine - ok
13:40:18.0301 4340 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:40:18.0333 4340 wcncsvc - ok
13:40:18.0364 4340 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:40:18.0379 4340 WcsPlugInService - ok
13:40:18.0411 4340 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:40:18.0411 4340 Wd - ok
13:40:18.0504 4340 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:40:18.0520 4340 Wdf01000 - ok
13:40:18.0535 4340 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:40:18.0551 4340 WdiServiceHost - ok
13:40:18.0551 4340 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:40:18.0551 4340 WdiSystemHost - ok
13:40:18.0598 4340 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:40:18.0613 4340 WebClient - ok
13:40:18.0691 4340 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:40:18.0769 4340 Wecsvc - ok
13:40:18.0801 4340 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:40:18.0801 4340 wercplsupport - ok
13:40:18.0847 4340 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:40:18.0863 4340 WerSvc - ok
13:40:18.0941 4340 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
13:40:18.0957 4340 WimFltr - ok
13:40:19.0081 4340 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:40:19.0237 4340 winachsf - ok
13:40:19.0331 4340 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:40:19.0347 4340 WinDefend - ok
13:40:19.0347 4340 WinHttpAutoProxySvc - ok
13:40:19.0440 4340 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:40:19.0456 4340 Winmgmt - ok
13:40:19.0643 4340 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:40:19.0721 4340 WinRM - ok
13:40:19.0986 4340 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
13:40:19.0986 4340 WinUSB - ok
13:40:20.0095 4340 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:40:20.0095 4340 Wlansvc - ok
13:40:20.0220 4340 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:40:20.0298 4340 wlcrasvc - ok
13:40:20.0532 4340 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:40:20.0626 4340 wlidsvc - ok
13:40:20.0907 4340 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:40:20.0907 4340 WmiAcpi - ok
13:40:21.0000 4340 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:40:21.0016 4340 wmiApSrv - ok
13:40:21.0156 4340 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:40:21.0172 4340 WMPNetworkSvc - ok
13:40:21.0250 4340 WMZuneComm (017695393afffed8de58abd1b085be6d) c:\Program Files\Zune\WMZuneComm.exe
13:40:21.0343 4340 WMZuneComm - ok
13:40:21.0531 4340 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
13:40:21.0546 4340 WPDBusEnum - ok
13:40:21.0593 4340 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:40:21.0609 4340 WpdUsb - ok
13:40:21.0796 4340 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:40:22.0092 4340 WPFFontCache_v0400 - ok
13:40:22.0123 4340 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:40:22.0123 4340 ws2ifsl - ok
13:40:22.0170 4340 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
13:40:22.0186 4340 wscsvc - ok
13:40:22.0186 4340 WSearch - ok
13:40:22.0451 4340 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
13:40:22.0467 4340 wuauserv - ok
13:40:22.0701 4340 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
13:40:22.0716 4340 WudfPf - ok
13:40:22.0763 4340 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:40:22.0779 4340 WUDFRd - ok
13:40:22.0825 4340 wudfsvc (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
13:40:22.0872 4340 wudfsvc - ok
13:40:22.0903 4340 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
13:40:22.0966 4340 XAudio - ok
13:40:23.0028 4340 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
13:40:23.0091 4340 XAudioService - ok
13:40:23.0137 4340 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
13:40:23.0200 4340 xusb21 - ok
13:40:24.0011 4340 ZuneNetworkSvc (1076df9ade4e13ea3bf39d2165aeb903) c:\Program Files\Zune\ZuneNss.exe
13:40:24.0463 4340 ZuneNetworkSvc - ok
13:40:24.0541 4340 ZuneWlanCfgSvc (de1cdb333a402b279f04d627122fa08e) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
13:40:24.0635 4340 ZuneWlanCfgSvc - ok
13:40:24.0697 4340 MBR (0x1B8) (d017bcdba6b89eb3c0c10bb7fe12aeca) \Device\Harddisk0\DR0
13:40:25.0134 4340 \Device\Harddisk0\DR0 - ok
13:40:25.0134 4340 Boot (0x1200) (2409ead7fc81e955b613c99f0c963f1e) \Device\Harddisk0\DR0\Partition0
13:40:25.0150 4340 \Device\Harddisk0\DR0\Partition0 - ok
13:40:25.0181 4340 Boot (0x1200) (b4b225fe8a249f7c7c6801bea627ee7c) \Device\Harddisk0\DR0\Partition1
13:40:25.0181 4340 \Device\Harddisk0\DR0\Partition1 - ok
13:40:25.0212 4340 Boot (0x1200) (ab5cfeb4d564ff99fb3d6ea909b2eb38) \Device\Harddisk0\DR0\Partition2
13:40:25.0212 4340 \Device\Harddisk0\DR0\Partition2 - ok
13:40:25.0212 4340 ============================================================
13:40:25.0212 4340 Scan finished
13:40:25.0212 4340 ============================================================
13:40:25.0228 3672 Detected object count: 0
13:40:25.0228 3672 Actual detected object count: 0
13:41:55.0992 3632 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:03 PM

Posted 22 May 2012 - 05:48 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 pollobeast

pollobeast
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 22 May 2012 - 07:14 PM

Gringo,

My Windows Defender still has the error, and I cannot open it. But other than that everything seems to be running fine. Do you know if there is anything else wrong with my computer? Thank you very very much! Here are the report from Combofix:

ComboFix 12-05-22.02 - mac 05/22/2012 16:33:46.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3032.1856 [GMT -7:00]
Running from: c:\users\mac\Desktop\ComboFix.exe
Command switches used :: c:\users\mac\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 23:42 . 2012-05-22 23:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-22 17:41 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C6526A4-1469-458F-B534-AC1C7A152BE9}\mpengine.dll
2012-05-22 00:50 . 2012-05-22 00:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-21 21:01 . 2012-05-21 21:01 -------- d-----w- c:\users\mac\AppData\Roaming\Malwarebytes
2012-05-21 21:00 . 2012-05-21 21:00 -------- d-----w- c:\programdata\Malwarebytes
2012-05-16 03:53 . 2012-05-17 05:50 -------- d-----w- c:\users\mac\AppData\Roaming\Audacity
2012-05-16 03:51 . 2012-05-16 03:51 -------- d-----w- c:\program files\Audacity
2012-05-11 00:41 . 2012-03-20 20:06 29272 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2012-05-10 22:54 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 22:54 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-02 00:45 . 2012-05-02 00:45 -------- d-----w- c:\program files\CCleaner
2012-04-26 01:46 . 2012-04-26 01:46 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-26 01:46 . 2012-04-26 01:46 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 01:46 . 2012-04-26 01:46 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 15:53 . 2012-04-15 22:58 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 15:53 . 2011-07-20 20:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-20 20:11 . 2011-03-20 00:35 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-02-29 15:11 . 2012-04-11 01:38 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-11 01:38 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-11 01:38 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-11 01:38 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-11 01:39 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-11 01:39 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 01:39 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-11 01:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 17:18 . 2011-03-20 01:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-26 01:46 . 2011-11-11 03:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 21:01 . 2011-03-21 23:54 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 03:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 03:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 03:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-20 39408]
"Akamai NetSession Interface"="c:\users\mac\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 3331872]
"Spotify Web Helper"="c:\users\mac\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-05 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMHandler"="c:\progra~1\Lenovo\PMDriver\PMHandler.exe" [2008-09-23 83240]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2008-12-20 449088]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-07 431392]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-08-07 148768]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 02002930
*NewlyCreated* - ASWMBR
*Deregistered* - 02002930
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 15:53]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-20 03:40]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-20 03:40]
.
2012-04-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
FF - ProfilePath - c:\users\mac\AppData\Roaming\Mozilla\Firefox\Profiles\7tita1ia.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-22 16:42
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4516)
c:\program files\McAfee Online Backup\MOBKshell.dll
.
Completion time: 2012-05-22 16:45:18
ComboFix-quarantined-files.txt 2012-05-22 23:45
ComboFix2.txt 2012-05-22 19:23
.
Pre-Run: 156,225,675,264 bytes free
Post-Run: 156,289,572,864 bytes free
.
- - End Of File - - E45DB362DD98192298FD9F6C8E2CF2F1

#8 pollobeast

pollobeast
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 22 May 2012 - 07:31 PM

Whoops!! Sorry, I put some wrong information! I was searching on Google and it redirected me! Sorry for this!

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:03 PM

Posted 22 May 2012 - 07:34 PM

Greetings

I want you to uninstall firefox and if asked about user data or settings then remove that also

Restart the computer and reinstall Firefox and check for redirects


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 pollobeast

pollobeast
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 24 May 2012 - 02:33 PM

Redirecting seems to be gone. I have not got one yet.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:03 PM

Posted 24 May 2012 - 02:50 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 29 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 pollobeast

pollobeast
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 25 May 2012 - 10:17 AM

Gringo,

I will not be able to do what you asked until probably Tuesday (which will be more than 5 days). I just wanted to let you know because Ill be gone.

Thanks

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:03 PM

Posted 25 May 2012 - 12:04 PM

Thanks for letting me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 pollobeast

pollobeast
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 28 May 2012 - 10:22 PM

I received a blank hijackthis report, but I did what you said and it worked. MBAM didn't find any viruses on my computer. Here are my logs:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.29.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
mac :: TATFAMILY [administrator]

Protection: Disabled

5/28/2012 7:54:21 PM
mbam-log-2012-05-28 (19-54-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213570
Time elapsed: 11 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:19:25 PM, on 5/28/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\mac\AppData\Local\Akamai\netsession_win.exe
C:\Users\mac\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\mac\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\notepad.exe
C:\Users\mac\AppData\Roaming\Spotify\spotify.exe
C:\Windows\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120510174205.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDriver\PMHandler.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE /c
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\mac\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\mac\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0170791338257809) (0170791338257809mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\017079~1.EXE
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12303 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:03 PM

Posted 28 May 2012 - 10:31 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
      O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
      O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe"
      O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
      O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
      O4 - HKLM\..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\mac\AppData\Local\Akamai\netsession_win.exe"
      O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\mac\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users