Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE8-Unrequested Popups/Redirects


  • This topic is locked This topic is locked
37 replies to this topic

#1 rick2936

rick2936

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 22 May 2012 - 10:38 PM

Sometimes Internet Explorer 8 pops up a continual series of blank pages or redirects to ad pages. IE8 also frequently locks up and must be forced closed with Windows Task Manager. I see frequent error messages from McAfee that states something along the following lines: "McAffee service host not functioning".

Under guidance from the "Am I infected?" forum, have run MBAM, FSS aswMBR, boot_cleaner, GMER and TDSSKiller.

Edited by rick2936, 22 May 2012 - 11:10 PM.


BC AdBot (Login to Remove)

 


#2 rick2936

rick2936
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 22 May 2012 - 10:41 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Marcia at 22:24:07 on 2012-05-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2448.1686 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {da879c19-9088-418b-a63a-2e6fb294eaf0} - c:\program files\aadvantage eshoppingsm toolbar\Helper.dll
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwa0.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Freecause Toolbar BHO: {5712a6bb-b6c8-4e52-a152-1ba741c9a6a2} - c:\program files\aadvantage eshoppingsm toolbar\Toolbar.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: {74F6C5A9-0EAD-4a71-891E-376A838DF1F0} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120521063243.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwa0.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AAdvantage eShoppingSM Toolbar: {85741f1d-ed47-4dcf-9109-07d10213c4d0} - c:\program files\aadvantage eshoppingsm toolbar\Toolbar.dll
TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwa0.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {E8558D71-5E4E-4217-B608-D2F5D3623AE3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Adobe] rundll32.exe "c:\documents and settings\marcia\local settings\application data\apple\adobe\dwkjz.dll",DllRegisterServer
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Adobe] rundll32.exe "c:\documents and settings\marcia\local settings\application data\apple\adobe\dwkjz.dll",DllRegisterServer
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-ba7e-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {22787C65-23F3-4913-9191-B993458DA9CB} - hxxps://cyb.koreanair.com/KalApp/img/webchkin/markany/MAOnFPS_KOAIR.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ieee-isto.webex.com/client/T27LB/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{580030BE-F8C4-4DB5-9542-3E0DE61B0AB2} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{69D56952-BE0A-4CD9-9191-8ABB0A362CFC} : DhcpNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\marcia\application data\mozilla\firefox\profiles\wnogw0sa.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=
FF - plugin: c:\documents and settings\marcia\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-2-26 464304]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-2-26 89792]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-5-10 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-26 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-26 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-26 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-26 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-26 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-26 151880]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-11-11 2058776]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-11-12 112512]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-26 57600]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-11-12 244368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-11-12 109568]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-2-26 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-26 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-26 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-2-26 83856]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-10 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-10 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-2-26 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-26 87656]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-20 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-22 10:46:26 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{323eafff-b303-4105-87e0-7f124ae09053}\mpengine.dll
2012-05-21 11:32:44 29272 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
2012-05-21 01:47:06 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-20 13:33:52 16824 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2012-05-20 13:24:55 -------- d-----w- c:\windows\7CA5C4DF83274035AE2BCA76336A04FD.TMP
2012-05-19 13:54:21 -------- d-----w- c:\documents and settings\marcia\local settings\application data\PCHealth
2012-05-18 04:40:06 -------- d-----w- c:\documents and settings\marcia\application data\Malwarebytes
2012-05-18 04:38:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-18 04:38:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-18 04:38:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-05-21 01:47:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:26:09 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:23:21 1871360 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:42:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-20 18:11:32 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-09 18:24:15 28904264 ----a-w- c:\documents and settings\marcia\temp_%1%2
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 22:25:40.23 ===============

Attached Files


Edited by rick2936, 23 May 2012 - 04:35 AM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:54 AM

Posted 23 May 2012 - 06:00 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 rick2936

rick2936
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 23 May 2012 - 11:16 PM

Thank you. Here are my security check results. I will run ComboFix tomorrow if that's alright.

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
McAfee Security Scan Plus
McAfee SecurityCenter
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
Windows Defender
Adobe Flash Player 11.2.202.235
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Windows Defender MsMpEng.exe
Windows Defender MSASCui.exe
``````````End of Log````````````

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:54 AM

Posted 24 May 2012 - 09:37 AM

No problem and I will see you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 rick2936

rick2936
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 25 May 2012 - 12:16 AM

ComboFix 12-05-24.03 - Marcia 05/24/2012 23:39:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2448.1909 [GMT -5:00]
Running from: c:\documents and settings\Marcia\Desktop\Security2\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Marcia\g2mdlhlpx.exe
c:\documents and settings\Marcia\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Marcia\My Documents\~WRL0005.tmp
c:\documents and settings\Marcia\My Documents\~WRL0006.tmp
c:\documents and settings\Marcia\Recent\Thumbs.db
c:\program files\CouponAlert_2pEI
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COUPONALERT_2PSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-24 02:24 . 2008-04-14 05:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-05-24 02:24 . 2008-04-14 05:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-05-22 10:46 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{323EAFFF-B303-4105-87E0-7F124AE09053}\mpengine.dll
2012-05-21 11:32 . 2012-03-20 18:06 29272 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2012-05-21 01:47 . 2012-05-21 01:47 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-20 13:33 . 2012-04-21 01:19 16824 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2012-05-20 13:24 . 2012-05-20 13:24 -------- d-----w- c:\windows\7CA5C4DF83274035AE2BCA76336A04FD.TMP
2012-05-19 13:54 . 2012-05-19 13:54 -------- d-----w- c:\documents and settings\Marcia\Local Settings\Application Data\PCHealth
2012-05-18 04:40 . 2012-05-18 04:40 -------- d-----w- c:\documents and settings\Marcia\Application Data\Malwarebytes
2012-05-18 04:38 . 2012-05-18 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-18 04:38 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-18 04:38 . 2012-05-18 04:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-02 23:34 . 2012-05-02 23:34 -------- d-----w- c:\documents and settings\Marcia\Application Data\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-21 01:47 . 2011-10-11 00:28 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 16:40 . 2012-03-22 04:27 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-04-11 13:26 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:23 . 2008-04-14 12:00 1871360 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:42 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-20 18:11 . 2011-02-26 20:02 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-09 18:24 . 2012-03-09 17:06 28904264 ----a-w- c:\documents and settings\Marcia\temp_%1%2
2012-03-01 11:01 . 2012-02-15 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-04-21 01:19 . 2012-05-20 13:38 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 19:01 . 2011-02-26 20:02 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da879c19-9088-418b-a63a-2e6fb294eaf0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Helper.dll" [2010-07-15 243200]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-05-09 176936]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{da879c19-9088-418b-a63a-2e6fb294eaf0}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{26582F40-76E8-4A2A-B30C-26832801B787}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5712A6BB-B6C8-4E52-A152-1BA741C9A6A2}]
2010-07-15 19:33 1497600 ----a-w- c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Swag_Bucks\prxtbSwa0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{85741F1D-ED47-4DCF-9109-07D10213C4D0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll" [2010-07-15 1497600]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]
[HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]
[HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{85741F1D-ED47-4DCF-9109-07D10213C4D0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll" [2010-07-15 1497600]
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]
[HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]
[HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-11 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-30 3905920]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-08-04 358424]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-02-23 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-16 729088]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-21 200704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-22 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-22 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-22 134656]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-16 127037]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-09-21 1392640]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1206544]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000003}\_SC_Acrobat.exe [2012-3-9 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\TroubleShooter.exe"=
"c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\ToolbarUpdate.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/26/2011 3:02 PM 89792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/10/2010 11:58 PM 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/26/2011 3:02 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2/26/2011 3:02 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [2/26/2011 3:02 PM 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2/26/2011 3:02 PM 151880]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [11/11/2009 11:20 PM 2058776]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/12/2009 1:09 AM 112512]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/26/2011 3:02 PM 57600]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [11/12/2009 12:53 AM 244368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [11/12/2009 12:47 AM 109568]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/26/2011 3:02 PM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/26/2011 3:02 PM 83856]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2011 7:28 PM 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/31/2012 4:09 PM 158856]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2011 7:28 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/26/2011 3:02 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/26/2011 3:02 PM 87656]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/20/2012 8:38 AM 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 00:28]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 00:28]
.
2012-05-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
2012-05-24 c:\windows\Tasks\User_Feed_Synchronization-{8EF575E5-56C9-404F-9F3C-0286A6E4FCB8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
DPF: {22787C65-23F3-4913-9191-B993458DA9CB} - hxxps://cyb.koreanair.com/KalApp/img/webchkin/markany/MAOnFPS_KOAIR.cab
FF - ProfilePath - c:\documents and settings\Marcia\Application Data\Mozilla\Firefox\Profiles\wnogw0sa.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Adobe - c:\documents and settings\Marcia\Local Settings\Application Data\Apple\Adobe\dwkjz.dll
HKU-Default-Run-Adobe - c:\documents and settings\Marcia\Local Settings\Application Data\Apple\Adobe\dwkjz.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-24 23:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\system32\wbem\Performance\WmiApRpl_new.h 357 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1448)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(5544)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\igfxdo.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-05-24 23:59:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-25 04:59
.
Pre-Run: 20,755,832,832 bytes free
Post-Run: 23,477,809,152 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /Execute /fastdetect
.
- - End Of File - - 41E4F0A808B5B607D546725D9788CEB7

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:54 AM

Posted 25 May 2012 - 12:23 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 rick2936

rick2936
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 25 May 2012 - 01:02 AM

00:59:43.0515 5128 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
00:59:45.0515 5128 ============================================================
00:59:45.0515 5128 Current date / time: 2012/05/25 00:59:45.0515
00:59:45.0515 5128 SystemInfo:
00:59:45.0515 5128
00:59:45.0515 5128 OS Version: 5.1.2600 ServicePack: 3.0
00:59:45.0515 5128 Product type: Workstation
00:59:45.0515 5128 ComputerName: MARCIA-E6400
00:59:45.0515 5128 UserName: Marcia
00:59:45.0515 5128 Windows directory: C:\WINDOWS
00:59:45.0515 5128 System windows directory: C:\WINDOWS
00:59:45.0515 5128 Processor architecture: Intel x86
00:59:45.0515 5128 Number of processors: 2
00:59:45.0515 5128 Page size: 0x1000
00:59:45.0515 5128 Boot type: Normal boot
00:59:45.0515 5128 ============================================================
00:59:46.0328 5128 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:59:46.0328 5128 ============================================================
00:59:46.0328 5128 \Device\Harddisk0\DR0:
00:59:46.0328 5128 MBR partitions:
00:59:46.0328 5128 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x5A357, BlocksNum 0x94B02A9
00:59:46.0328 5128 ============================================================
00:59:46.0375 5128 C: <-> \Device\Harddisk0\DR0\Partition0
00:59:46.0375 5128 ============================================================
00:59:46.0375 5128 Initialize success
00:59:46.0375 5128 ============================================================
01:00:16.0218 4924 ============================================================
01:00:16.0218 4924 Scan started
01:00:16.0218 4924 Mode: Manual;
01:00:16.0218 4924 ============================================================
01:00:16.0406 4924 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
01:00:16.0453 4924 !SASCORE - ok
01:00:16.0593 4924 Abiosdsk - ok
01:00:16.0593 4924 abp480n5 - ok
01:00:16.0640 4924 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:00:16.0640 4924 ACPI - ok
01:00:16.0687 4924 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
01:00:16.0687 4924 ACPIEC - ok
01:00:16.0703 4924 adpu160m - ok
01:00:16.0765 4924 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:00:16.0765 4924 aec - ok
01:00:16.0828 4924 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys
01:00:16.0875 4924 AESTAud - ok
01:00:16.0937 4924 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
01:00:16.0984 4924 AFD - ok
01:00:17.0000 4924 Aha154x - ok
01:00:17.0000 4924 aic78u2 - ok
01:00:17.0000 4924 aic78xx - ok
01:00:17.0031 4924 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
01:00:17.0031 4924 Alerter - ok
01:00:17.0078 4924 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
01:00:17.0078 4924 ALG - ok
01:00:17.0078 4924 AliIde - ok
01:00:17.0078 4924 amsint - ok
01:00:17.0125 4924 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
01:00:17.0171 4924 ApfiltrService - ok
01:00:17.0218 4924 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:00:17.0281 4924 Apple Mobile Device - ok
01:00:17.0312 4924 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
01:00:17.0328 4924 AppMgmt - ok
01:00:17.0343 4924 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
01:00:17.0359 4924 Arp1394 - ok
01:00:17.0359 4924 asc - ok
01:00:17.0359 4924 asc3350p - ok
01:00:17.0359 4924 asc3550 - ok
01:00:17.0390 4924 ASFAgent (9ad6ef4d591211a93848103368125b41) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
01:00:17.0453 4924 ASFAgent - ok
01:00:17.0546 4924 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
01:00:17.0593 4924 aspnet_state - ok
01:00:17.0609 4924 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:00:17.0609 4924 AsyncMac - ok
01:00:17.0640 4924 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:00:17.0640 4924 atapi - ok
01:00:17.0640 4924 Atdisk - ok
01:00:17.0656 4924 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:00:17.0656 4924 Atmarpc - ok
01:00:17.0703 4924 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
01:00:17.0703 4924 AudioSrv - ok
01:00:17.0765 4924 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:00:17.0765 4924 audstub - ok
01:00:17.0843 4924 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:00:17.0843 4924 Beep - ok
01:00:17.0906 4924 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
01:00:17.0937 4924 BITS - ok
01:00:18.0015 4924 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
01:00:18.0062 4924 Bonjour Service - ok
01:00:18.0078 4924 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
01:00:18.0078 4924 Browser - ok
01:00:18.0078 4924 catchme - ok
01:00:18.0109 4924 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:00:18.0109 4924 cbidf2k - ok
01:00:18.0109 4924 cd20xrnt - ok
01:00:18.0125 4924 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:00:18.0140 4924 Cdaudio - ok
01:00:18.0171 4924 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:00:18.0171 4924 Cdfs - ok
01:00:18.0218 4924 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:00:18.0218 4924 Cdrom - ok
01:00:18.0218 4924 cerc6 - ok
01:00:18.0250 4924 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\WINDOWS\system32\drivers\cfwids.sys
01:00:18.0296 4924 cfwids - ok
01:00:18.0312 4924 Changer - ok
01:00:18.0328 4924 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
01:00:18.0328 4924 CiSvc - ok
01:00:18.0343 4924 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
01:00:18.0343 4924 ClipSrv - ok
01:00:18.0421 4924 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:00:18.0468 4924 clr_optimization_v2.0.50727_32 - ok
01:00:18.0562 4924 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:00:18.0609 4924 clr_optimization_v4.0.30319_32 - ok
01:00:18.0640 4924 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
01:00:18.0640 4924 CmBatt - ok
01:00:18.0640 4924 CmdIde - ok
01:00:18.0640 4924 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
01:00:18.0656 4924 Compbatt - ok
01:00:18.0656 4924 COMSysApp - ok
01:00:18.0656 4924 Cpqarray - ok
01:00:18.0703 4924 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
01:00:18.0703 4924 CryptSvc - ok
01:00:18.0703 4924 dac2w2k - ok
01:00:18.0703 4924 dac960nt - ok
01:00:18.0765 4924 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
01:00:18.0781 4924 DcomLaunch - ok
01:00:18.0812 4924 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
01:00:18.0812 4924 Dhcp - ok
01:00:18.0859 4924 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:00:18.0859 4924 Disk - ok
01:00:18.0859 4924 dmadmin - ok
01:00:18.0906 4924 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:00:18.0937 4924 dmboot - ok
01:00:18.0953 4924 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
01:00:18.0968 4924 dmio - ok
01:00:18.0984 4924 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:00:18.0984 4924 dmload - ok
01:00:19.0015 4924 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
01:00:19.0015 4924 dmserver - ok
01:00:19.0046 4924 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:00:19.0046 4924 DMusic - ok
01:00:19.0078 4924 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
01:00:19.0125 4924 Dnscache - ok
01:00:19.0140 4924 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
01:00:19.0156 4924 Dot3svc - ok
01:00:19.0187 4924 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
01:00:19.0187 4924 Dot4 - ok
01:00:19.0203 4924 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
01:00:19.0250 4924 Dot4Print - ok
01:00:19.0265 4924 dpti2o - ok
01:00:19.0328 4924 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:00:19.0328 4924 drmkaud - ok
01:00:19.0343 4924 drvmcdb (24646242310499d75c6db4b32768a3b3) C:\WINDOWS\system32\drivers\drvmcdb.sys
01:00:19.0406 4924 drvmcdb - ok
01:00:19.0406 4924 drvnddm (2ff629c1c443e25d0149b9dfb77e43a8) C:\WINDOWS\system32\drivers\drvnddm.sys
01:00:19.0468 4924 drvnddm - ok
01:00:19.0515 4924 e1yexpress (10cbd2b278ce365b41de378632cb5ddb) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
01:00:19.0609 4924 e1yexpress - ok
01:00:19.0625 4924 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
01:00:19.0625 4924 EapHost - ok
01:00:19.0640 4924 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
01:00:19.0656 4924 ERSvc - ok
01:00:19.0687 4924 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:00:19.0703 4924 Eventlog - ok
01:00:19.0781 4924 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
01:00:19.0781 4924 EventSystem - ok
01:00:19.0921 4924 EvtEng (a57be3307ada2fc086b5b43135735283) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
01:00:20.0031 4924 EvtEng - ok
01:00:20.0078 4924 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:00:20.0078 4924 Fastfat - ok
01:00:20.0125 4924 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:00:20.0156 4924 FastUserSwitchingCompatibility - ok
01:00:20.0187 4924 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
01:00:20.0187 4924 Fdc - ok
01:00:20.0203 4924 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:00:20.0203 4924 Fips - ok
01:00:20.0281 4924 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:00:20.0359 4924 FLEXnet Licensing Service - ok
01:00:20.0375 4924 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
01:00:20.0390 4924 Flpydisk - ok
01:00:20.0421 4924 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
01:00:20.0453 4924 FltMgr - ok
01:00:20.0531 4924 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:00:20.0531 4924 FontCache3.0.0.0 - ok
01:00:20.0562 4924 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:00:20.0578 4924 Fs_Rec - ok
01:00:20.0593 4924 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:00:20.0609 4924 Ftdisk - ok
01:00:20.0640 4924 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
01:00:20.0687 4924 GEARAspiWDM - ok
01:00:20.0687 4924 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:00:20.0703 4924 Gpc - ok
01:00:20.0781 4924 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
01:00:20.0843 4924 gupdate - ok
01:00:20.0843 4924 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
01:00:20.0843 4924 gupdatem - ok
01:00:20.0906 4924 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
01:00:20.0968 4924 gusvc - ok
01:00:21.0000 4924 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
01:00:21.0000 4924 HDAudBus - ok
01:00:21.0031 4924 HECI (30d57ee84e1e169d41a6e873b549a096) C:\WINDOWS\system32\DRIVERS\HECI.sys
01:00:21.0125 4924 HECI - ok
01:00:21.0187 4924 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:00:21.0187 4924 helpsvc - ok
01:00:21.0218 4924 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
01:00:21.0218 4924 HidServ - ok
01:00:21.0234 4924 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:00:21.0250 4924 HidUsb - ok
01:00:21.0281 4924 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
01:00:21.0281 4924 hkmsvc - ok
01:00:21.0281 4924 hpn - ok
01:00:21.0593 4924 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
01:00:21.0656 4924 HPZid412 - ok
01:00:21.0875 4924 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
01:00:21.0937 4924 HPZipr12 - ok
01:00:22.0062 4924 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
01:00:22.0109 4924 HPZius12 - ok
01:00:22.0156 4924 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:00:22.0156 4924 HTTP - ok
01:00:23.0203 4924 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
01:00:23.0203 4924 HTTPFilter - ok
01:00:23.0218 4924 i2omgmt - ok
01:00:23.0281 4924 i2omp - ok
01:00:23.0406 4924 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:00:23.0406 4924 i8042prt - ok
01:00:23.0671 4924 IAANTMON (52e8a3cc8269adb27d25182284c5e650) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
01:00:23.0781 4924 IAANTMON - ok
01:00:26.0500 4924 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
01:00:26.0968 4924 ialm - ok
01:00:27.0328 4924 iastor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iastor.sys
01:00:27.0328 4924 iastor - ok
01:00:27.0484 4924 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:00:27.0562 4924 idsvc - ok
01:00:27.0593 4924 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:00:27.0593 4924 Imapi - ok
01:00:27.0640 4924 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
01:00:27.0640 4924 ImapiService - ok
01:00:27.0640 4924 ini910u - ok
01:00:27.0703 4924 IntcHdmiAddService (f32a62c765885bd8e4352a1565f702a6) C:\WINDOWS\system32\drivers\IntcHdmi.sys
01:00:27.0796 4924 IntcHdmiAddService - ok
01:00:27.0796 4924 IntelIde - ok
01:00:27.0843 4924 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:00:27.0843 4924 intelppm - ok
01:00:27.0875 4924 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
01:00:27.0875 4924 Ip6Fw - ok
01:00:27.0906 4924 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:00:27.0906 4924 IpFilterDriver - ok
01:00:27.0921 4924 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:00:27.0921 4924 IpInIp - ok
01:00:27.0953 4924 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:00:27.0953 4924 IpNat - ok
01:00:28.0062 4924 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
01:00:28.0125 4924 iPod Service - ok
01:00:28.0171 4924 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:00:28.0171 4924 IPSec - ok
01:00:28.0187 4924 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:00:28.0187 4924 IRENUM - ok
01:00:28.0218 4924 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:00:28.0234 4924 isapnp - ok
01:00:28.0250 4924 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:00:28.0265 4924 Kbdclass - ok
01:00:28.0281 4924 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:00:28.0281 4924 kbdhid - ok
01:00:28.0312 4924 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:00:28.0328 4924 kmixer - ok
01:00:28.0343 4924 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:00:28.0359 4924 KSecDD - ok
01:00:28.0375 4924 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
01:00:28.0406 4924 LanmanServer - ok
01:00:28.0453 4924 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
01:00:28.0453 4924 lanmanworkstation - ok
01:00:28.0453 4924 lbrtfdc - ok
01:00:28.0500 4924 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
01:00:28.0500 4924 LmHosts - ok
01:00:28.0562 4924 LMS (7580851ad46e80edee2a6098eb1bee29) C:\Program Files\Intel\AMT\LMS.exe
01:00:28.0625 4924 LMS - ok
01:00:28.0718 4924 McAfee SiteAdvisor Service (aac3b33ba020d2af530d694a5a920180) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
01:00:28.0765 4924 McAfee SiteAdvisor Service - ok
01:00:28.0843 4924 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
01:00:28.0890 4924 McciCMService - ok
01:00:28.0984 4924 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
01:00:29.0046 4924 McComponentHostService - ok
01:00:29.0156 4924 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
01:00:29.0156 4924 McMPFSvc - ok
01:00:29.0156 4924 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
01:00:29.0156 4924 mcmscsvc - ok
01:00:29.0171 4924 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
01:00:29.0171 4924 McNaiAnn - ok
01:00:29.0171 4924 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
01:00:29.0171 4924 McNASvc - ok
01:00:29.0265 4924 McODS (42117cbc4849a5cf11129912dabbdeca) C:\Program Files\McAfee\VirusScan\mcods.exe
01:00:29.0328 4924 McODS - ok
01:00:29.0328 4924 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
01:00:29.0328 4924 McProxy - ok
01:00:29.0421 4924 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
01:00:29.0484 4924 McShield - ok
01:00:29.0640 4924 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
01:00:29.0656 4924 Messenger - ok
01:00:29.0765 4924 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\WINDOWS\system32\drivers\mfeapfk.sys
01:00:29.0812 4924 mfeapfk - ok
01:00:29.0875 4924 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\WINDOWS\system32\drivers\mfeavfk.sys
01:00:29.0937 4924 mfeavfk - ok
01:00:29.0937 4924 mfeavfk01 - ok
01:00:29.0953 4924 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\WINDOWS\system32\drivers\mfebopk.sys
01:00:30.0000 4924 mfebopk - ok
01:00:30.0062 4924 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
01:00:30.0125 4924 mfefire - ok
01:00:30.0203 4924 mfefirek (4ea6ff90015424517843e931448e00f1) C:\WINDOWS\system32\drivers\mfefirek.sys
01:00:30.0250 4924 mfefirek - ok
01:00:30.0328 4924 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\WINDOWS\system32\drivers\mfehidk.sys
01:00:30.0437 4924 mfehidk - ok
01:00:30.0468 4924 mfendisk (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
01:00:30.0515 4924 mfendisk - ok
01:00:30.0515 4924 mfendiskmp (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
01:00:30.0515 4924 mfendiskmp - ok
01:00:30.0531 4924 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\WINDOWS\system32\drivers\mferkdet.sys
01:00:30.0593 4924 mferkdet - ok
01:00:30.0640 4924 mfetdi2k (070d3faf2eac417c59d8674a8752f7a6) C:\WINDOWS\system32\drivers\mfetdi2k.sys
01:00:30.0703 4924 mfetdi2k - ok
01:00:30.0765 4924 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\WINDOWS\system32\mfevtps.exe
01:00:30.0812 4924 mfevtp - ok
01:00:30.0906 4924 Microsoft SharePoint Workspace Audit Service - ok
01:00:30.0937 4924 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:00:30.0937 4924 mnmdd - ok
01:00:30.0968 4924 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
01:00:30.0984 4924 mnmsrvc - ok
01:00:31.0015 4924 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:00:31.0015 4924 Modem - ok
01:00:31.0062 4924 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:00:31.0062 4924 Mouclass - ok
01:00:31.0078 4924 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:00:31.0093 4924 mouhid - ok
01:00:31.0109 4924 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:00:31.0125 4924 MountMgr - ok
01:00:31.0171 4924 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:00:31.0218 4924 MozillaMaintenance - ok
01:00:31.0218 4924 mraid35x - ok
01:00:31.0234 4924 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:00:31.0250 4924 MRxDAV - ok
01:00:31.0296 4924 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:00:31.0406 4924 MRxSmb - ok
01:00:31.0421 4924 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
01:00:31.0437 4924 MSDTC - ok
01:00:31.0468 4924 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:00:31.0468 4924 Msfs - ok
01:00:31.0468 4924 MSIServer - ok
01:00:31.0500 4924 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:00:31.0515 4924 MSKSSRV - ok
01:00:31.0546 4924 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:00:31.0546 4924 MSPCLOCK - ok
01:00:31.0562 4924 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:00:31.0562 4924 MSPQM - ok
01:00:31.0593 4924 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:00:31.0593 4924 mssmbios - ok
01:00:31.0640 4924 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
01:00:31.0687 4924 Mup - ok
01:00:31.0734 4924 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
01:00:31.0765 4924 napagent - ok
01:00:31.0765 4924 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:00:31.0781 4924 NDIS - ok
01:00:31.0812 4924 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:00:31.0859 4924 NdisTapi - ok
01:00:31.0875 4924 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:00:31.0875 4924 Ndisuio - ok
01:00:31.0921 4924 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:00:31.0921 4924 NdisWan - ok
01:00:31.0984 4924 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
01:00:32.0015 4924 NDProxy - ok
01:00:32.0015 4924 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:00:32.0015 4924 NetBIOS - ok
01:00:32.0031 4924 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:00:32.0046 4924 NetBT - ok
01:00:32.0078 4924 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:00:32.0078 4924 NetDDE - ok
01:00:32.0078 4924 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:00:32.0078 4924 NetDDEdsdm - ok
01:00:32.0109 4924 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:00:32.0109 4924 Netlogon - ok
01:00:32.0125 4924 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
01:00:32.0140 4924 Netman - ok
01:00:32.0234 4924 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:00:32.0234 4924 NetTcpPortSharing - ok
01:00:32.0656 4924 NETw5x32 (580207a7c9bde8ba65401f51f9ba9741) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
01:00:32.0734 4924 NETw5x32 - ok
01:00:32.0875 4924 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
01:00:32.0875 4924 NIC1394 - ok
01:00:32.0921 4924 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
01:00:32.0921 4924 Nla - ok
01:00:32.0953 4924 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:00:32.0953 4924 Npfs - ok
01:00:33.0000 4924 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:00:33.0015 4924 Ntfs - ok
01:00:33.0046 4924 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:00:33.0046 4924 NtLmSsp - ok
01:00:33.0093 4924 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
01:00:33.0109 4924 NtmsSvc - ok
01:00:33.0125 4924 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:00:33.0140 4924 Null - ok
01:00:33.0187 4924 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:00:33.0187 4924 NwlnkFlt - ok
01:00:33.0203 4924 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:00:33.0218 4924 NwlnkFwd - ok
01:00:33.0234 4924 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
01:00:33.0234 4924 ohci1394 - ok
01:00:33.0328 4924 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:00:33.0390 4924 ose - ok
01:00:33.0765 4924 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:00:33.0921 4924 osppsvc - ok
01:00:34.0062 4924 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
01:00:34.0062 4924 Parport - ok
01:00:34.0093 4924 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:00:34.0093 4924 PartMgr - ok
01:00:34.0109 4924 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:00:34.0125 4924 ParVdm - ok
01:00:34.0125 4924 PCASp50 - ok
01:00:34.0156 4924 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:00:34.0156 4924 PCI - ok
01:00:34.0156 4924 PCIDump - ok
01:00:34.0187 4924 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:00:34.0203 4924 PCIIde - ok
01:00:34.0218 4924 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
01:00:34.0234 4924 Pcmcia - ok
01:00:34.0234 4924 PDCOMP - ok
01:00:34.0234 4924 PDFRAME - ok
01:00:34.0234 4924 PDRELI - ok
01:00:34.0250 4924 PDRFRAME - ok
01:00:34.0250 4924 perc2 - ok
01:00:34.0250 4924 perc2hib - ok
01:00:34.0281 4924 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:00:34.0296 4924 PlugPlay - ok
01:00:34.0343 4924 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe
01:00:34.0390 4924 Pml Driver HPZ12 - ok
01:00:34.0437 4924 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:00:34.0437 4924 PolicyAgent - ok
01:00:34.0437 4924 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:00:34.0453 4924 PptpMiniport - ok
01:00:34.0453 4924 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:00:34.0453 4924 ProtectedStorage - ok
01:00:34.0484 4924 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:00:34.0484 4924 PSched - ok
01:00:34.0515 4924 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:00:34.0515 4924 Ptilink - ok
01:00:34.0546 4924 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:00:34.0546 4924 PxHelp20 - ok
01:00:34.0609 4924 QBCFMonitorService (0f1f42c39ab2b16db957a7a1756feffb) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
01:00:34.0656 4924 QBCFMonitorService - ok
01:00:34.0734 4924 QBFCService (92aa40e2b692e8637d45fb2d01137d17) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
01:00:34.0781 4924 QBFCService - ok
01:00:34.0781 4924 ql1080 - ok
01:00:34.0781 4924 Ql10wnt - ok
01:00:34.0781 4924 ql12160 - ok
01:00:34.0796 4924 ql1240 - ok
01:00:34.0796 4924 ql1280 - ok
01:00:34.0812 4924 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:00:34.0828 4924 RasAcd - ok
01:00:34.0859 4924 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
01:00:34.0859 4924 RasAuto - ok
01:00:34.0875 4924 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:00:34.0875 4924 Rasl2tp - ok
01:00:34.0906 4924 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
01:00:34.0906 4924 RasMan - ok
01:00:34.0906 4924 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:00:34.0906 4924 RasPppoe - ok
01:00:34.0921 4924 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:00:34.0921 4924 Raspti - ok
01:00:34.0953 4924 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:00:34.0968 4924 Rdbss - ok
01:00:34.0984 4924 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:00:34.0984 4924 RDPCDD - ok
01:00:35.0031 4924 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:00:35.0046 4924 rdpdr - ok
01:00:35.0093 4924 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
01:00:35.0203 4924 RDPWD - ok
01:00:35.0234 4924 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
01:00:35.0250 4924 RDSessMgr - ok
01:00:35.0281 4924 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:00:35.0281 4924 redbook - ok
01:00:35.0375 4924 RegSrvc (a171029d6b6c2d93c22861a347f43c2a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
01:00:35.0468 4924 RegSrvc - ok
01:00:35.0484 4924 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
01:00:35.0500 4924 RemoteAccess - ok
01:00:35.0531 4924 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
01:00:35.0546 4924 RemoteRegistry - ok
01:00:35.0562 4924 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
01:00:35.0609 4924 rimmptsk - ok
01:00:35.0640 4924 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
01:00:35.0656 4924 RpcLocator - ok
01:00:35.0703 4924 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
01:00:35.0703 4924 RpcSs - ok
01:00:35.0765 4924 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
01:00:35.0781 4924 RSVP - ok
01:00:35.0890 4924 S24EventMonitor (87955061fd3789ca7a5c4c72a05a1a9f) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
01:00:35.0968 4924 S24EventMonitor - ok
01:00:36.0015 4924 s24trans (e7958e8acda7ca20127ef5f2235f25cc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
01:00:36.0062 4924 s24trans - ok
01:00:36.0093 4924 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:00:36.0093 4924 SamSs - ok
01:00:36.0171 4924 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
01:00:36.0218 4924 SASDIFSV - ok
01:00:36.0250 4924 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
01:00:36.0296 4924 SASKUTIL - ok
01:00:36.0328 4924 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
01:00:36.0343 4924 SCardSvr - ok
01:00:36.0390 4924 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
01:00:36.0390 4924 Schedule - ok
01:00:36.0406 4924 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
01:00:36.0421 4924 sdbus - ok
01:00:36.0453 4924 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:00:36.0453 4924 Secdrv - ok
01:00:36.0500 4924 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
01:00:36.0500 4924 seclogon - ok
01:00:36.0515 4924 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
01:00:36.0515 4924 SENS - ok
01:00:36.0531 4924 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
01:00:36.0531 4924 Serenum - ok
01:00:36.0546 4924 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
01:00:36.0546 4924 Serial - ok
01:00:36.0593 4924 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
01:00:36.0593 4924 sffdisk - ok
01:00:36.0593 4924 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
01:00:36.0609 4924 sffp_sd - ok
01:00:36.0671 4924 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:00:36.0671 4924 Sfloppy - ok
01:00:36.0718 4924 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
01:00:36.0734 4924 SharedAccess - ok
01:00:36.0796 4924 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:00:36.0796 4924 ShellHWDetection - ok
01:00:36.0796 4924 Simbad - ok
01:00:36.0843 4924 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files\Skype\Updater\Updater.exe
01:00:39.0703 4924 SkypeUpdate - ok
01:00:39.0718 4924 Sparrow - ok
01:00:39.0781 4924 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:00:39.0781 4924 splitter - ok
01:00:39.0828 4924 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
01:00:39.0875 4924 Spooler - ok
01:00:39.0906 4924 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
01:00:39.0906 4924 sr - ok
01:00:39.0937 4924 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
01:00:39.0937 4924 srservice - ok
01:00:39.0984 4924 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
01:00:40.0031 4924 Srv - ok
01:00:40.0062 4924 sscdbhk5 (1cbd1b58a32de97899f5290b05f856db) C:\WINDOWS\system32\drivers\sscdbhk5.sys
01:00:40.0109 4924 sscdbhk5 - ok
01:00:40.0125 4924 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
01:00:40.0125 4924 SSDPSRV - ok
01:00:40.0156 4924 ssrtln (7fb07ac152d7a87e66204860002bd9a4) C:\WINDOWS\system32\drivers\ssrtln.sys
01:00:40.0203 4924 ssrtln - ok
01:00:40.0265 4924 STacSV (3603f3db9fba2a8fa91829681ba25afa) c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
01:00:40.0312 4924 STacSV - ok
01:00:40.0421 4924 STHDA (1b76479b80ff0f6e245ba590a64102be) C:\WINDOWS\system32\drivers\sthda.sys
01:00:40.0484 4924 STHDA - ok
01:00:40.0578 4924 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
01:00:40.0578 4924 stisvc - ok
01:00:40.0625 4924 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:00:40.0625 4924 swenum - ok
01:00:40.0656 4924 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:00:40.0656 4924 swmidi - ok
01:00:40.0671 4924 SwPrv - ok
01:00:40.0671 4924 symc810 - ok
01:00:40.0671 4924 symc8xx - ok
01:00:40.0671 4924 sym_hi - ok
01:00:40.0671 4924 sym_u3 - ok
01:00:40.0718 4924 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:00:40.0718 4924 sysaudio - ok
01:00:40.0750 4924 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
01:00:40.0750 4924 SysmonLog - ok
01:00:40.0781 4924 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
01:00:40.0796 4924 TapiSrv - ok
01:00:40.0843 4924 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:00:40.0859 4924 Tcpip - ok
01:00:40.0890 4924 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:00:40.0890 4924 TDPIPE - ok
01:00:40.0921 4924 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:00:40.0921 4924 TDTCP - ok
01:00:40.0953 4924 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:00:40.0953 4924 TermDD - ok
01:00:41.0000 4924 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
01:00:41.0015 4924 TermService - ok
01:00:41.0046 4924 tfsnboio (c89daabdff5bd984181f45adf6ddb24a) C:\WINDOWS\system32\dla\tfsnboio.sys
01:00:41.0093 4924 tfsnboio - ok
01:00:41.0109 4924 tfsncofs (f093906c27fc9c59bd03d84807266107) C:\WINDOWS\system32\dla\tfsncofs.sys
01:00:41.0156 4924 tfsncofs - ok
01:00:41.0171 4924 tfsndrct (9294575cdad17d1dadfcd98a2ca26e7a) C:\WINDOWS\system32\dla\tfsndrct.sys
01:00:41.0218 4924 tfsndrct - ok
01:00:41.0234 4924 tfsndres (cdcc394cbaac183f9bdebf6d2f97c5c6) C:\WINDOWS\system32\dla\tfsndres.sys
01:00:41.0265 4924 tfsndres - ok
01:00:41.0296 4924 tfsnifs (0a6c7c989dd76bb8989fd958ac5601d0) C:\WINDOWS\system32\dla\tfsnifs.sys
01:00:41.0343 4924 tfsnifs - ok
01:00:41.0359 4924 tfsnopio (92a17c0d73500f9b9c3028da9e4cdba6) C:\WINDOWS\system32\dla\tfsnopio.sys
01:00:41.0406 4924 tfsnopio - ok
01:00:41.0421 4924 tfsnpool (15ab1a2bb2b35eb1dcda39405114afc6) C:\WINDOWS\system32\dla\tfsnpool.sys
01:00:41.0468 4924 tfsnpool - ok
01:00:41.0484 4924 tfsnudf (370d2779668bf3b8d14f34356c41ab9c) C:\WINDOWS\system32\dla\tfsnudf.sys
01:00:41.0546 4924 tfsnudf - ok
01:00:41.0562 4924 tfsnudfa (4564799868c4bcdf28c8efc6d4c48c4b) C:\WINDOWS\system32\dla\tfsnudfa.sys
01:00:41.0609 4924 tfsnudfa - ok
01:00:41.0640 4924 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:00:41.0640 4924 Themes - ok
01:00:41.0671 4924 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
01:00:41.0687 4924 TlntSvr - ok
01:00:41.0687 4924 TosIde - ok
01:00:41.0734 4924 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
01:00:41.0734 4924 TrkWks - ok
01:00:41.0765 4924 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:00:41.0765 4924 Udfs - ok
01:00:41.0765 4924 ultra - ok
01:00:41.0953 4924 UNS (d7e5796a9783968f8ea968e83f196645) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
01:00:42.0046 4924 UNS - ok
01:00:42.0203 4924 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:00:42.0218 4924 Update - ok
01:00:42.0250 4924 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
01:00:42.0265 4924 upnphost - ok
01:00:42.0265 4924 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
01:00:42.0281 4924 UPS - ok
01:00:42.0312 4924 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
01:00:42.0390 4924 USBAAPL - ok
01:00:42.0453 4924 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
01:00:42.0453 4924 usbaudio - ok
01:00:42.0468 4924 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:00:42.0515 4924 usbccgp - ok
01:00:42.0546 4924 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
01:00:42.0640 4924 USBCCID - ok
01:00:42.0671 4924 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:00:42.0671 4924 usbehci - ok
01:00:42.0703 4924 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:00:42.0703 4924 usbhub - ok
01:00:42.0734 4924 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:00:42.0734 4924 usbprint - ok
01:00:42.0765 4924 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:00:42.0765 4924 usbscan - ok
01:00:42.0796 4924 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:00:42.0796 4924 USBSTOR - ok
01:00:42.0828 4924 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:00:42.0828 4924 usbuhci - ok
01:00:42.0859 4924 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:00:42.0875 4924 VgaSave - ok
01:00:42.0875 4924 ViaIde - ok
01:00:42.0906 4924 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
01:00:42.0906 4924 VolSnap - ok
01:00:42.0968 4924 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
01:00:43.0031 4924 VSS - ok
01:00:43.0062 4924 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
01:00:43.0062 4924 W32Time - ok
01:00:43.0078 4924 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:00:43.0078 4924 Wanarp - ok
01:00:43.0140 4924 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
01:00:43.0187 4924 Wdf01000 - ok
01:00:43.0187 4924 WDICA - ok
01:00:43.0234 4924 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:00:43.0234 4924 wdmaud - ok
01:00:43.0265 4924 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
01:00:43.0265 4924 WebClient - ok
01:00:43.0359 4924 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
01:00:43.0359 4924 WinDefend - ok
01:00:43.0406 4924 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
01:00:43.0406 4924 winmgmt - ok
01:00:43.0546 4924 WLANKEEPER (5426de14f7de69277cd61ae5021f277f) C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
01:00:43.0609 4924 WLANKEEPER - ok
01:00:43.0625 4924 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
01:00:43.0625 4924 WmdmPmSN - ok
01:00:43.0703 4924 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
01:00:43.0703 4924 Wmi - ok
01:00:43.0765 4924 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
01:00:43.0765 4924 WmiAcpi - ok
01:00:43.0828 4924 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
01:00:43.0843 4924 WmiApSrv - ok
01:00:44.0062 4924 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:00:44.0156 4924 WPFFontCache_v0400 - ok
01:00:44.0187 4924 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:00:44.0187 4924 WS2IFSL - ok
01:00:44.0234 4924 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
01:00:44.0234 4924 wscsvc - ok
01:00:44.0265 4924 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
01:00:44.0281 4924 wuauserv - ok
01:00:44.0328 4924 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
01:00:44.0328 4924 WZCSVC - ok
01:00:44.0343 4924 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
01:00:44.0375 4924 xmlprov - ok
01:00:44.0468 4924 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
01:00:44.0468 4924 YahooAUService - ok
01:00:44.0484 4924 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
01:00:44.0859 4924 \Device\Harddisk0\DR0 - ok
01:00:44.0906 4924 Boot (0x1200) (ae74299eb2b3ab7e95e6963c4a2a5937) \Device\Harddisk0\DR0\Partition0
01:00:44.0906 4924 \Device\Harddisk0\DR0\Partition0 - ok
01:00:44.0906 4924 ============================================================
01:00:44.0906 4924 Scan finished
01:00:44.0906 4924 ============================================================
01:00:44.0906 4916 Detected object count: 0
01:00:44.0906 4916 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:54 AM

Posted 25 May 2012 - 01:07 AM

greetings


Let me have the aswmbr when you have completed it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 rick2936

rick2936
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 25 May 2012 - 01:07 AM

OK, I will run these. FYI, when running IE8 now, I get a lot of out of memory error messages. Also, messages about virtual memory being low, even though it is maxed out. Attaching a couple of other messages that pop up.

Attached Files



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:54 AM

Posted 25 May 2012 - 01:12 AM

Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on safety
  • click on delete browsing history
  • make sure all boxes are checked
  • click on Tools,
  • click Internet Options.
  • On the Advanced tab, click Reset
  • put a check mark next to Delete Personal Settings
  • click Reset to confirm
  • when complete click the close button
  • restart IE


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 rick2936

rick2936
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 25 May 2012 - 01:17 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-25 01:03:17
-----------------------------
01:03:17.671 OS Version: Windows 5.1.2600 Service Pack 3
01:03:17.671 Number of processors: 2 586 0x170A
01:03:17.671 ComputerName: MARCIA-E6400 UserName: Marcia
01:03:18.093 Initialize success
01:09:40.187 AVAST engine defs: 12052402
01:11:38.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:11:38.718 Disk 0 Vendor: WDC_WD80 11.0 Size: 76319MB BusType: 8
01:11:38.765 Disk 0 MBR read successfully
01:11:38.765 Disk 0 MBR scan
01:11:38.796 Disk 0 Windows XP default MBR code
01:11:38.796 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 180 MB offset 63
01:11:38.828 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76128 MB offset 369495
01:11:38.828 Disk 0 scanning sectors +156280320
01:11:38.906 Disk 0 scanning C:\WINDOWS\system32\drivers
01:11:47.859 Service scanning
01:12:06.062 Modules scanning
01:12:12.031 Disk 0 trace - called modules:
01:12:12.078 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
01:12:12.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a13d968]
01:12:12.093 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8ab3f028]
01:12:12.453 AVAST engine scan C:\WINDOWS
01:12:36.375 AVAST engine scan C:\WINDOWS\system32
01:16:04.937 AVAST engine scan C:\WINDOWS\system32\drivers
01:16:15.906 AVAST engine scan C:\Documents and Settings\Marcia
01:16:59.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Marcia\Desktop\MBR.dat"
01:16:59.078 The log file has been saved successfully to "C:\Documents and Settings\Marcia\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:54 AM

Posted 25 May 2012 - 01:25 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

Edited by gringo_pr, 25 May 2012 - 01:26 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 rick2936

rick2936
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 25 May 2012 - 02:32 AM

So far so good. IE8 has run for a few minutes with no issues, other than red "x"'s where icons should be.

Had no problems running ComboFix with the script:

ComboFix 12-05-25.02 - Marcia 05/25/2012 2:12.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2448.1667 [GMT -5:00]
Running from: c:\documents and settings\Marcia\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Marcia\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-24 02:24 . 2008-04-14 05:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-05-24 02:24 . 2008-04-14 05:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-05-22 10:46 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{323EAFFF-B303-4105-87E0-7F124AE09053}\mpengine.dll
2012-05-21 11:32 . 2012-03-20 18:06 29272 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2012-05-21 01:47 . 2012-05-21 01:47 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-20 13:33 . 2012-04-21 01:19 16824 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2012-05-20 13:24 . 2012-05-20 13:24 -------- d-----w- c:\windows\7CA5C4DF83274035AE2BCA76336A04FD.TMP
2012-05-19 13:54 . 2012-05-19 13:54 -------- d-----w- c:\documents and settings\Marcia\Local Settings\Application Data\PCHealth
2012-05-18 04:40 . 2012-05-18 04:40 -------- d-----w- c:\documents and settings\Marcia\Application Data\Malwarebytes
2012-05-18 04:38 . 2012-05-18 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-18 04:38 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-18 04:38 . 2012-05-18 04:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-02 23:34 . 2012-05-02 23:34 -------- d-----w- c:\documents and settings\Marcia\Application Data\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-21 01:47 . 2011-10-11 00:28 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 16:40 . 2012-03-22 04:27 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-04-11 13:26 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:23 . 2008-04-14 12:00 1871360 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:42 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-20 18:11 . 2011-02-26 20:02 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-09 18:24 . 2012-03-09 17:06 28904264 ----a-w- c:\documents and settings\Marcia\temp_%1%2
2012-03-01 11:01 . 2012-02-15 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-04-21 01:19 . 2012-05-20 13:38 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 19:01 . 2011-02-26 20:02 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-25_04.54.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 12:00 . 2012-05-25 04:55 80944 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2012-05-25 06:51 80944 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2012-05-25 06:51 484714 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2012-05-25 04:55 484714 c:\windows\system32\perfh009.dat
+ 2012-05-25 06:23 . 2012-05-25 06:23 659968 c:\windows\Installer\1b80b5.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{85741F1D-ED47-4DCF-9109-07D10213C4D0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll" [2010-07-15 1497600]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]
[HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]
[HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{85741F1D-ED47-4DCF-9109-07D10213C4D0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll" [2010-07-15 1497600]
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]
[HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]
[HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-30 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-08-04 358424]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-02-23 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-16 729088]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-21 200704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-22 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-22 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-22 134656]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-16 127037]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-09-21 1392640]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1206544]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000003}\_SC_Acrobat.exe [2012-3-9 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\TroubleShooter.exe"=
"c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\ToolbarUpdate.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/26/2011 3:02 PM 89792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/10/2010 11:58 PM 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2/26/2011 3:02 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2/26/2011 3:02 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [2/26/2011 3:02 PM 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2/26/2011 3:02 PM 151880]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [11/11/2009 11:20 PM 2058776]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [11/12/2009 1:09 AM 112512]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/26/2011 3:02 PM 57600]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [11/12/2009 12:53 AM 244368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [11/12/2009 12:47 AM 109568]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/26/2011 3:02 PM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/26/2011 3:02 PM 83856]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2011 7:28 PM 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/31/2012 4:09 PM 158856]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2011 7:28 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/26/2011 3:02 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/26/2011 3:02 PM 87656]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/20/2012 8:38 AM 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 00:28]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-11 00:28]
.
2012-05-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
2012-05-25 c:\windows\Tasks\User_Feed_Synchronization-{8EF575E5-56C9-404F-9F3C-0286A6E4FCB8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
DPF: {22787C65-23F3-4913-9191-B993458DA9CB} - hxxps://cyb.koreanair.com/KalApp/img/webchkin/markany/MAOnFPS_KOAIR.cab
FF - ProfilePath - c:\documents and settings\Marcia\Application Data\Mozilla\Firefox\Profiles\wnogw0sa.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-25 02:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1444)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1712)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\igfxdo.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-05-25 02:21:39
ComboFix-quarantined-files.txt 2012-05-25 07:21
ComboFix2.txt 2012-05-25 04:59
.
Pre-Run: 23,381,790,720 bytes free
Post-Run: 23,459,352,576 bytes free
.
- - End Of File - - E908CC3038A38D7C1D6B893C2FEEF630

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:54 AM

Posted 25 May 2012 - 03:13 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Coupon Printer for Windows
McAfee Security Scan Plus
ShopAtHome SelectRebates
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users