Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser redirect - not sure which one


  • This topic is locked This topic is locked
23 replies to this topic

#1 GLFNSKI

GLFNSKI

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 25 May 2012 - 10:31 AM

I originally contracted the happili virus and Dell tech support helped me get rid of it. I do not see happili any longer but my browser still randomly redirects when I click on Google search results (the only search engine I use). Nothing I have tried can detect it or get rid of it.

Thanks you for looking at this for me!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by WMRutah at 9:19:12 on 2012-05-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8174.5322 [GMT -6:00]
.
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\WMRutah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KALEID~1.LNK - C:\Users\WMRutah\AppData\Roaming\Kaleidescape\Kaleidescape.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CARDMI~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONVER~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{AA71ACD6-88CB-4EB6-AF1F-2527775EBE1C} : DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\WMRutah\AppData\Roaming\Mozilla\Firefox\Profiles\ghow4c5t.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\npdeployJava1.dll
FF - plugin: C:\Windows\system32\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2011-11-14 90192]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-3-15 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 GsServer;GoodSync Server;C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [2012-4-12 5230256]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-15 13592]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-3-13 66096]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
R3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-26 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-15 1691848]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 257696]
S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-26 136176]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
VBEFile=C:\Windows\SysWow64\WScript.exe "%1" %*
VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-05-10 21:25:08 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 21:25:08 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 21:25:07 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-10 21:25:06 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 21:25:06 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 21:25:06 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 21:24:29 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 21:24:21 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 21:24:17 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 21:24:17 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 21:24:17 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 21:24:17 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-10 21:24:17 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-05 22:29:53 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-05-05 09:35:05 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-05 01:14:06 52568 ----a-w- C:\Windows\System32\AdobePDF.dll
2012-05-03 14:37:01 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-03 14:37:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-26 18:31:17 -------- d-----w- C:\ProgramData\Ant
2012-04-26 18:26:27 -------- d-----w- C:\Users\WMRutah\AppData\Roaming\Garmin
2012-04-26 18:26:27 -------- d-----w- C:\Users\WMRutah\AppData\Local\Garmin
2012-04-26 18:26:27 -------- d-----w- C:\ProgramData\Garmin
2012-04-26 18:26:13 -------- d-----w- C:\Program Files (x86)\Garmin
2012-04-26 02:22:15 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-26 02:22:14 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 02:22:14 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-05 10:35:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 10:35:08 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-23 14:29:36 296685 ----a-w- C:\ProgramData\1335190761.bdinstall.bin
2012-04-21 00:44:20 104680 ----a-w- C:\ProgramData\1334968943.bdinstall.bin
2012-04-21 00:38:57 167707 ----a-w- C:\ProgramData\1334968608.bdinstall.bin
2012-04-20 18:12:48 350316 ----a-w- C:\ProgramData\1334944686.bdinstall.bin
2012-04-20 17:30:07 103784 ----a-w- C:\Users\WMRutah\GoToAssistDownloadHelper.exe
2012-04-20 16:34:46 129024 ----a-w- C:\Windows\RegBootClean64.exe
2012-04-20 16:34:44 21520 ----a-w- C:\Windows\DCEBoot64.exe
2012-03-21 02:22:46 691896 ----a-w- C:\Windows\System32\drivers\avc3.sys
2012-03-16 00:51:52 0 ----a-w- C:\Windows\ativpsrm.bin
2012-03-16 00:46:59 99328 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-03-16 00:25:44 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2012-03-15 23:08:11 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2012-03-12 19:28:12 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2012-03-12 19:28:12 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 9:19:44.35 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 PM

Posted 25 May 2012 - 12:07 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 GLFNSKI

GLFNSKI
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 25 May 2012 - 12:37 PM

Hi Gringo!

I ran security check...

Results of screen317's Security Check version 0.99.38
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Trend Micro Titanium Internet Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Bitdefender Bitdefender 2012 vsserv.exe
Bitdefender Bitdefender 2012 updatesrv.exe
Bitdefender Bitdefender 2012 bdagent.exe
``````````End of Log````````````


NEXT, I disabled my Bitdefender Internet Security 2012 and ran combofix. I got an error message

ComboFix has detected the following real time scanner(s) to be active:
antivirus: Trend Micro Titanium Internet Security
antispyware: Trend Micro Titanium Internet Security
Please disable these before clicking OK.

I then searched for trend micro and couldn't find it.
I clicked OK and another window popped up saying the scanners were still detected and to continue at my own risk. I closed the window and another window appeared. I assume it was ComboFix working so I closed it right away.

Now for some background... My computer came with Trend Micro Titanium installed. I got the happili virus within days of using my computer so I uninstalled it and purchased Bitdefender. Bitdefender wouldn't install because it detected Trend Micro, so I had Trend Micro tech support assist me with uninstalling the hidden files. I don't think it is still installed, because when we were finished, I was able to install Bitdefender.

Should I go ahead and ignore the Trend Micro warning and run ComboFix?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 PM

Posted 25 May 2012 - 01:01 PM

Go ahead and run combofix and also I would like to know which browsers are redirecting verify all that are installed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 GLFNSKI

GLFNSKI
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 25 May 2012 - 01:25 PM

I have IE, Chrome, and Firefox installed, but I only use Firefox so I am unaware if the redirect is affected the other browsers. I used to use IE, prior to getting happili, but during that experience, it was recommended I switch,so I did.

After I ran ComboFix, when I opened my email back up to click on this link, Firefox asked me if I wanted it to be my default browser. It was my default browser prior to running ComboFix.

So, I'm looking at these logs and they are all recognizing Trend Micro. I assume it has remnants on my computer, but is it really active?

ComboFix 12-05-25.03 - WMRutah 05/25/2012 12:07:50.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8174.5373 [GMT -6:00]
Running from: c:\users\WMRutah\Desktop\Combo-Fix.exe
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1334944686.bdinstall.bin
c:\programdata\1334968608.bdinstall.bin
c:\programdata\1334968943.bdinstall.bin
c:\programdata\1335190761.bdinstall.bin
c:\programdata\PCDr\5907\Downloads\a0b7da8a-c390-46f6-b2b6-21325fedceac.dll
c:\users\WMRutah\Documents\Readiris.DUS
c:\users\WMRutah\GoToAssistDownloadHelper.exe
T:\AUTORUN.INF
U:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-25 18:11 . 2012-05-25 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-17 18:02 . 2012-05-17 18:02 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-17 18:02 . 2012-05-17 18:02 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-10 21:25 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 21:25 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 21:25 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 21:25 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 21:25 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 21:25 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 21:24 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 21:24 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 21:24 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 21:24 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 21:24 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 21:24 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 21:24 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-05 22:29 . 2009-08-20 05:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-05-05 09:35 . 2012-05-05 10:35 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-05 01:14 . 2009-08-20 05:50 52568 ----a-w- c:\windows\system32\AdobePDF.dll
2012-05-03 14:37 . 2012-05-03 14:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-03 14:37 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-26 18:31 . 2012-04-26 18:31 -------- d-----w- c:\programdata\Ant
2012-04-26 18:26 . 2012-04-26 18:26 -------- d-----w- c:\users\WMRutah\AppData\Roaming\Garmin
2012-04-26 18:26 . 2012-04-26 18:26 -------- d-----w- c:\programdata\Garmin
2012-04-26 18:26 . 2012-04-26 18:26 -------- d-----w- c:\users\WMRutah\AppData\Local\Garmin
2012-04-26 18:26 . 2012-04-26 18:26 -------- d-----w- c:\program files\DIFX
2012-04-26 18:26 . 2012-04-26 18:30 -------- d-----w- c:\program files (x86)\Garmin
2012-04-26 02:22 . 2012-04-26 02:22 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-26 02:22 . 2012-04-26 02:22 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 02:22 . 2012-04-26 02:22 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 10:35 . 2012-04-02 19:02 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 10:35 . 2012-03-15 22:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-20 16:34 . 2012-04-20 16:34 129024 ----a-w- c:\windows\RegBootClean64.exe
2012-04-20 16:34 . 2012-04-20 16:34 21520 ----a-w- c:\windows\DCEBoot64.exe
2012-03-23 19:41 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-21 02:22 . 2012-03-21 02:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-03-16 00:47 . 2012-03-16 00:47 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-03-16 00:47 . 2012-03-16 00:47 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-03-16 00:47 . 2012-03-16 00:47 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2012-03-16 00:47 . 2012-03-16 00:47 778752 ----a-w- c:\windows\system32\mssvp.dll
2012-03-16 00:47 . 2012-03-16 00:47 75264 ----a-w- c:\windows\system32\msscntrs.dll
2012-03-16 00:47 . 2012-03-16 00:47 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2012-03-16 00:47 . 2012-03-16 00:47 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2012-03-16 00:47 . 2012-03-16 00:47 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2012-03-16 00:47 . 2012-03-16 00:47 491520 ----a-w- c:\windows\system32\mssph.dll
2012-03-16 00:47 . 2012-03-16 00:47 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-03-16 00:47 . 2012-03-16 00:47 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2012-03-16 00:47 . 2012-03-16 00:47 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2012-03-16 00:47 . 2012-03-16 00:47 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-03-16 00:47 . 2012-03-16 00:47 288256 ----a-w- c:\windows\system32\mssphtb.dll
2012-03-16 00:47 . 2012-03-16 00:47 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2012-03-16 00:47 . 2012-03-16 00:47 2315776 ----a-w- c:\windows\system32\tquery.dll
2012-03-16 00:47 . 2012-03-16 00:47 2223616 ----a-w- c:\windows\system32\mssrch.dll
2012-03-16 00:47 . 2012-03-16 00:47 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2012-03-16 00:47 . 2012-03-16 00:47 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2012-03-16 00:47 . 2012-03-16 00:47 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2012-03-16 00:47 . 2012-03-16 00:47 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2012-03-16 00:47 . 2012-03-16 00:47 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2012-03-16 00:47 . 2012-03-16 00:47 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-03-16 00:47 . 2012-03-16 00:47 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-03-16 00:47 . 2012-03-16 00:47 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-03-16 00:47 . 2012-03-16 00:47 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-03-16 00:47 . 2012-03-16 00:47 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-03-16 00:47 . 2012-03-16 00:47 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-03-16 00:47 . 2012-03-16 00:47 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-03-16 00:47 . 2012-03-16 00:47 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-03-16 00:47 . 2012-03-16 00:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2012-03-16 00:47 . 2012-03-16 00:47 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-03-16 00:47 . 2012-03-16 00:47 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-03-16 00:47 . 2012-03-16 00:47 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-03-16 00:47 . 2012-03-16 00:47 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-03-16 00:47 . 2012-03-16 00:47 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-03-16 00:47 . 2012-03-16 00:47 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-03-16 00:47 . 2012-03-16 00:47 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-03-16 00:47 . 2012-03-16 00:47 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-03-16 00:47 . 2012-03-16 00:47 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-03-16 00:47 . 2012-03-16 00:47 2871808 ----a-w- c:\windows\explorer.exe
2012-03-16 00:47 . 2012-03-16 00:47 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-03-16 00:47 . 2012-03-16 00:47 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-03-16 00:47 . 2012-03-16 00:47 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-16 00:47 . 2012-03-16 00:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-16 00:47 . 2012-03-16 00:47 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-03-16 00:47 . 2012-03-16 00:47 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-03-16 00:47 . 2012-03-16 00:47 100864 ----a-w- c:\windows\system32\fontsub.dll
2012-03-16 00:47 . 2012-03-16 00:47 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-16 00:47 . 2012-03-16 00:47 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-16 00:47 . 2012-03-16 00:47 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-16 00:47 . 2012-03-16 00:47 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-03-16 00:47 . 2012-03-16 00:47 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-03-16 00:47 . 2012-03-16 00:47 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-16 00:47 . 2012-03-16 00:47 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-03-16 00:47 . 2012-03-16 00:47 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-03-16 00:47 . 2012-03-16 00:47 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-03-16 00:47 . 2012-03-16 00:47 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-03-16 00:47 . 2012-03-16 00:47 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-03-16 00:47 . 2012-03-16 00:47 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2012-03-16 00:47 . 2012-03-16 00:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-03-16 00:47 . 2012-03-16 00:47 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-03-16 00:47 . 2012-03-16 00:47 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-03-16 00:47 . 2012-03-16 00:47 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-03-16 00:47 . 2012-03-16 00:47 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-03-16 00:47 . 2012-03-16 00:47 421888 ----a-w- c:\windows\system32\KernelBase.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 03:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 03:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 03:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-26 39408]
"gSyncit"="c:\program files (x86)\Fieldston Software\gSyncit\gsyncit.exe" [2012-03-12 98016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\WMRutah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Kaleidescape Conductor.lnk - c:\users\WMRutah\AppData\Roaming\Kaleidescape\Kaleidescape.exe [2012-4-15 1517056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2012-3-26 77824]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2012-3-26 15360]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2012-3-26 1146880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-12-20 1691848]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 136176]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-15 466736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-15 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [2012-04-12 5230256]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-14 66096]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 10:35]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 23:05]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 23:05]
.
2012-05-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-05-25 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 02:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 02:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 02:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-04-26 1067256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\WMRutah\AppData\Roaming\Mozilla\Firefox\Profiles\ghow4c5t.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2012-05-25 12:17:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-25 18:17
.
Pre-Run: 839,797,583,872 bytes free
Post-Run: 839,751,458,816 bytes free
.
- - End Of File - - 94EB5F7A131DEED99B6644779D16947F

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 PM

Posted 25 May 2012 - 02:41 PM

Greetings GLFNSKI

I understand That you may not use them but I would like you to check them to see if they are redirecting


I want you to uninstall FireFox and if asked about user data or settings then remove that also (you may backup your bookmarks)
Restart the computer and reinstall firefox - check for the redirects and if all seems good then you can import your bookmarks again

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 GLFNSKI

GLFNSKI
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 27 May 2012 - 02:42 AM

Hi Gringo,

I uninstalled Firefox, including user settings. I have not reinstalled it yet.

I used Chrome for a couple searches, but was not redirected.

I started using IE again to see if it is redirecting. I have not been redirected, although I have not been on the computer much (holiday weekend).

I ran TDSSkiller.

01:21:52.0932 5224 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
01:21:53.0400 5224 ============================================================
01:21:53.0400 5224 Current date / time: 2012/05/27 01:21:53.0400
01:21:53.0400 5224 SystemInfo:
01:21:53.0400 5224
01:21:53.0400 5224 OS Version: 6.1.7601 ServicePack: 1.0
01:21:53.0400 5224 Product type: Workstation
01:21:53.0400 5224 ComputerName: WMRUTAH-PC
01:21:53.0400 5224 UserName: WMRutah
01:21:53.0400 5224 Windows directory: C:\Windows
01:21:53.0400 5224 System windows directory: C:\Windows
01:21:53.0400 5224 Running under WOW64
01:21:53.0400 5224 Processor architecture: Intel x64
01:21:53.0400 5224 Number of processors: 8
01:21:53.0400 5224 Page size: 0x1000
01:21:53.0400 5224 Boot type: Normal boot
01:21:53.0400 5224 ============================================================
01:21:53.0961 5224 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:21:53.0961 5224 ============================================================
01:21:53.0961 5224 \Device\Harddisk0\DR0:
01:21:53.0961 5224 MBR partitions:
01:21:53.0961 5224 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A4E000
01:21:53.0961 5224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A62000, BlocksNum 0x72CA4000
01:21:53.0961 5224 ============================================================
01:21:53.0992 5224 C: <-> \Device\Harddisk0\DR0\Partition1
01:21:53.0992 5224 ============================================================
01:21:53.0992 5224 Initialize success
01:21:53.0992 5224 ============================================================
01:22:25.0692 4780 ============================================================
01:22:25.0692 4780 Scan started
01:22:25.0692 4780 Mode: Manual;
01:22:25.0692 4780 ============================================================
01:22:27.0704 4780 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:22:27.0704 4780 1394ohci - ok
01:22:27.0735 4780 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:22:27.0735 4780 ACPI - ok
01:22:27.0735 4780 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:22:27.0735 4780 AcpiPmi - ok
01:22:27.0798 4780 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:22:27.0813 4780 AdobeARMservice - ok
01:22:27.0891 4780 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:22:27.0907 4780 AdobeFlashPlayerUpdateSvc - ok
01:22:27.0922 4780 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
01:22:27.0922 4780 adp94xx - ok
01:22:27.0938 4780 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
01:22:27.0938 4780 adpahci - ok
01:22:27.0954 4780 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
01:22:27.0954 4780 adpu320 - ok
01:22:27.0985 4780 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:22:27.0985 4780 AeLookupSvc - ok
01:22:28.0032 4780 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
01:22:28.0032 4780 AERTFilters - ok
01:22:28.0063 4780 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:22:28.0063 4780 AFD - ok
01:22:28.0078 4780 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:22:28.0078 4780 agp440 - ok
01:22:28.0094 4780 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:22:28.0094 4780 ALG - ok
01:22:28.0094 4780 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:22:28.0094 4780 aliide - ok
01:22:28.0141 4780 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
01:22:28.0141 4780 AMD External Events Utility - ok
01:22:28.0141 4780 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:22:28.0141 4780 amdide - ok
01:22:28.0156 4780 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
01:22:28.0156 4780 AmdK8 - ok
01:22:28.0344 4780 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
01:22:28.0453 4780 amdkmdag - ok
01:22:28.0578 4780 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
01:22:28.0578 4780 amdkmdap - ok
01:22:28.0593 4780 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
01:22:28.0593 4780 AmdPPM - ok
01:22:28.0609 4780 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:22:28.0609 4780 amdsata - ok
01:22:28.0609 4780 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
01:22:28.0609 4780 amdsbs - ok
01:22:28.0624 4780 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:22:28.0624 4780 amdxata - ok
01:22:28.0656 4780 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:22:28.0656 4780 AppID - ok
01:22:28.0671 4780 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:22:28.0671 4780 AppIDSvc - ok
01:22:28.0687 4780 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:22:28.0687 4780 Appinfo - ok
01:22:28.0796 4780 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:22:28.0796 4780 Apple Mobile Device - ok
01:22:28.0843 4780 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
01:22:28.0843 4780 AppMgmt - ok
01:22:28.0843 4780 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
01:22:28.0858 4780 arc - ok
01:22:28.0858 4780 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
01:22:28.0858 4780 arcsas - ok
01:22:28.0952 4780 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:22:28.0952 4780 aspnet_state - ok
01:22:28.0968 4780 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:22:28.0968 4780 AsyncMac - ok
01:22:28.0999 4780 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:22:28.0999 4780 atapi - ok
01:22:29.0030 4780 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
01:22:29.0030 4780 AtiHDAudioService - ok
01:22:29.0061 4780 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:22:29.0077 4780 AudioEndpointBuilder - ok
01:22:29.0077 4780 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:22:29.0077 4780 AudioSrv - ok
01:22:29.0124 4780 avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
01:22:29.0124 4780 avc3 - ok
01:22:29.0139 4780 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
01:22:29.0139 4780 avchv - ok
01:22:29.0170 4780 avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
01:22:29.0170 4780 avckf - ok
01:22:29.0217 4780 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:22:29.0217 4780 AxInstSV - ok
01:22:29.0248 4780 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
01:22:29.0248 4780 b06bdrv - ok
01:22:29.0264 4780 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:22:29.0264 4780 b57nd60a - ok
01:22:29.0280 4780 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:22:29.0280 4780 BDESVC - ok
01:22:29.0358 4780 BdfNdisf (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
01:22:29.0358 4780 BdfNdisf - ok
01:22:29.0436 4780 bdfsfltr (ea195950fa5dd4a8f7bc00822213a363) C:\Windows\system32\DRIVERS\bdfsfltr.sys
01:22:29.0436 4780 bdfsfltr - ok
01:22:29.0482 4780 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
01:22:29.0482 4780 bdfwfpf - ok
01:22:29.0498 4780 bdsandbox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys
01:22:29.0498 4780 bdsandbox - ok
01:22:29.0514 4780 BDVEDISK (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
01:22:29.0514 4780 BDVEDISK - ok
01:22:29.0529 4780 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:22:29.0529 4780 Beep - ok
01:22:29.0576 4780 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
01:22:29.0576 4780 BFE - ok
01:22:29.0623 4780 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
01:22:29.0623 4780 BITS - ok
01:22:29.0654 4780 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:22:29.0670 4780 blbdrive - ok
01:22:29.0716 4780 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
01:22:29.0732 4780 Bonjour Service - ok
01:22:29.0748 4780 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:22:29.0748 4780 bowser - ok
01:22:29.0763 4780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
01:22:29.0763 4780 BrFiltLo - ok
01:22:29.0763 4780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
01:22:29.0763 4780 BrFiltUp - ok
01:22:29.0794 4780 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:22:29.0794 4780 BridgeMP - ok
01:22:29.0794 4780 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:22:29.0794 4780 Browser - ok
01:22:29.0810 4780 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:22:29.0826 4780 Brserid - ok
01:22:29.0841 4780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:22:29.0841 4780 BrSerWdm - ok
01:22:29.0841 4780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:22:29.0841 4780 BrUsbMdm - ok
01:22:29.0841 4780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:22:29.0841 4780 BrUsbSer - ok
01:22:29.0872 4780 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
01:22:29.0872 4780 BTCFilterService - ok
01:22:29.0872 4780 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
01:22:29.0872 4780 BTHMODEM - ok
01:22:29.0888 4780 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:22:29.0888 4780 bthserv - ok
01:22:30.0060 4780 CarboniteService (9da7d983b4e9ea2d065edf566ca64fc8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
01:22:30.0138 4780 CarboniteService - ok
01:22:30.0153 4780 catchme - ok
01:22:30.0200 4780 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:22:30.0200 4780 cdfs - ok
01:22:30.0216 4780 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:22:30.0216 4780 cdrom - ok
01:22:30.0231 4780 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:22:30.0231 4780 CertPropSvc - ok
01:22:30.0247 4780 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
01:22:30.0247 4780 circlass - ok
01:22:30.0262 4780 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:22:30.0262 4780 CLFS - ok
01:22:30.0309 4780 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:22:30.0325 4780 clr_optimization_v2.0.50727_32 - ok
01:22:30.0372 4780 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:22:30.0372 4780 clr_optimization_v2.0.50727_64 - ok
01:22:30.0418 4780 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:22:30.0418 4780 clr_optimization_v4.0.30319_32 - ok
01:22:30.0450 4780 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:22:30.0450 4780 clr_optimization_v4.0.30319_64 - ok
01:22:30.0465 4780 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
01:22:30.0465 4780 CmBatt - ok
01:22:30.0481 4780 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:22:30.0481 4780 cmdide - ok
01:22:30.0512 4780 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
01:22:30.0512 4780 CNG - ok
01:22:30.0528 4780 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
01:22:30.0528 4780 Compbatt - ok
01:22:30.0559 4780 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
01:22:30.0559 4780 CompositeBus - ok
01:22:30.0559 4780 COMSysApp - ok
01:22:30.0559 4780 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
01:22:30.0559 4780 crcdisk - ok
01:22:30.0590 4780 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
01:22:30.0590 4780 CryptSvc - ok
01:22:30.0652 4780 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
01:22:30.0652 4780 CSC - ok
01:22:30.0668 4780 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
01:22:30.0668 4780 CscService - ok
01:22:30.0715 4780 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:22:30.0715 4780 DcomLaunch - ok
01:22:30.0746 4780 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:22:30.0746 4780 defragsvc - ok
01:22:30.0777 4780 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:22:30.0777 4780 DfsC - ok
01:22:30.0793 4780 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:22:30.0793 4780 Dhcp - ok
01:22:30.0824 4780 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:22:30.0824 4780 discache - ok
01:22:30.0840 4780 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
01:22:30.0840 4780 Disk - ok
01:22:30.0855 4780 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
01:22:30.0871 4780 dmvsc - ok
01:22:30.0886 4780 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
01:22:30.0886 4780 Dnscache - ok
01:22:30.0918 4780 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:22:30.0918 4780 dot3svc - ok
01:22:30.0933 4780 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:22:30.0933 4780 DPS - ok
01:22:30.0964 4780 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:22:30.0964 4780 drmkaud - ok
01:22:30.0996 4780 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:22:30.0996 4780 DXGKrnl - ok
01:22:31.0027 4780 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:22:31.0027 4780 EapHost - ok
01:22:31.0105 4780 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
01:22:31.0152 4780 ebdrv - ok
01:22:31.0230 4780 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
01:22:31.0230 4780 EFS - ok
01:22:31.0292 4780 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
01:22:31.0292 4780 ehRecvr - ok
01:22:31.0308 4780 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
01:22:31.0308 4780 ehSched - ok
01:22:31.0354 4780 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
01:22:31.0354 4780 elxstor - ok
01:22:31.0401 4780 EpsonBidirectionalService (a0fb385b6281d694f8930c2ef85c453e) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
01:22:31.0417 4780 EpsonBidirectionalService - ok
01:22:31.0417 4780 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:22:31.0417 4780 ErrDev - ok
01:22:31.0448 4780 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:22:31.0448 4780 EventSystem - ok
01:22:31.0464 4780 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:22:31.0464 4780 exfat - ok
01:22:31.0495 4780 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:22:31.0495 4780 fastfat - ok
01:22:31.0526 4780 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:22:31.0542 4780 Fax - ok
01:22:31.0542 4780 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
01:22:31.0542 4780 fdc - ok
01:22:31.0557 4780 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:22:31.0557 4780 fdPHost - ok
01:22:31.0573 4780 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:22:31.0573 4780 FDResPub - ok
01:22:31.0588 4780 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:22:31.0588 4780 FileInfo - ok
01:22:31.0604 4780 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:22:31.0604 4780 Filetrace - ok
01:22:31.0635 4780 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:22:31.0635 4780 FLEXnet Licensing Service - ok
01:22:31.0635 4780 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
01:22:31.0635 4780 flpydisk - ok
01:22:31.0651 4780 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:22:31.0666 4780 FltMgr - ok
01:22:31.0698 4780 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
01:22:31.0729 4780 FontCache - ok
01:22:31.0791 4780 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:22:31.0791 4780 FontCache3.0.0.0 - ok
01:22:31.0822 4780 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:22:31.0822 4780 FsDepends - ok
01:22:31.0854 4780 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
01:22:31.0854 4780 Fs_Rec - ok
01:22:31.0869 4780 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:22:31.0869 4780 fvevol - ok
01:22:31.0900 4780 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
01:22:31.0900 4780 gagp30kx - ok
01:22:31.0932 4780 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:22:31.0932 4780 GEARAspiWDM - ok
01:22:31.0994 4780 GoToAssist (8f6ae606eb0cc884ee12c41948424422) C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
01:22:31.0994 4780 GoToAssist - ok
01:22:32.0041 4780 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:22:32.0056 4780 gpsvc - ok
01:22:32.0103 4780 GsServer - ok
01:22:32.0150 4780 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:22:32.0150 4780 gupdate - ok
01:22:32.0181 4780 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:22:32.0181 4780 gupdatem - ok
01:22:32.0212 4780 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
01:22:32.0212 4780 gusvc - ok
01:22:32.0228 4780 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:22:32.0228 4780 hcw85cir - ok
01:22:32.0244 4780 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:22:32.0244 4780 HDAudBus - ok
01:22:32.0244 4780 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
01:22:32.0244 4780 HidBatt - ok
01:22:32.0259 4780 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
01:22:32.0259 4780 HidBth - ok
01:22:32.0259 4780 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
01:22:32.0259 4780 HidIr - ok
01:22:32.0275 4780 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
01:22:32.0275 4780 hidserv - ok
01:22:32.0275 4780 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
01:22:32.0275 4780 HidUsb - ok
01:22:32.0290 4780 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:22:32.0290 4780 hkmsvc - ok
01:22:32.0322 4780 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:22:32.0322 4780 HomeGroupListener - ok
01:22:32.0353 4780 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:22:32.0353 4780 HomeGroupProvider - ok
01:22:32.0400 4780 hpqcxs08 (08457d8f8149757c70cea59c71ec5d27) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
01:22:32.0415 4780 hpqcxs08 - ok
01:22:32.0415 4780 hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
01:22:32.0431 4780 hpqddsvc - ok
01:22:32.0446 4780 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:22:32.0446 4780 HpSAMD - ok
01:22:32.0478 4780 HPSLPSVC (2adf33f93991c4e24e86ffa5f906417b) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
01:22:32.0478 4780 HPSLPSVC - ok
01:22:32.0524 4780 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:22:32.0524 4780 HTTP - ok
01:22:32.0540 4780 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:22:32.0540 4780 hwpolicy - ok
01:22:32.0556 4780 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:22:32.0556 4780 i8042prt - ok
01:22:32.0587 4780 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys
01:22:32.0587 4780 iaStor - ok
01:22:32.0649 4780 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
01:22:32.0649 4780 IAStorDataMgrSvc - ok
01:22:32.0680 4780 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:22:32.0680 4780 iaStorV - ok
01:22:32.0758 4780 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:22:32.0774 4780 idsvc - ok
01:22:32.0790 4780 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
01:22:32.0790 4780 iirsp - ok
01:22:32.0836 4780 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:22:32.0852 4780 IKEEXT - ok
01:22:32.0914 4780 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
01:22:32.0946 4780 IntcAzAudAddService - ok
01:22:33.0008 4780 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
01:22:33.0024 4780 IntcDAud - ok
01:22:33.0039 4780 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:22:33.0039 4780 intelide - ok
01:22:33.0070 4780 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:22:33.0070 4780 intelppm - ok
01:22:33.0164 4780 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
01:22:33.0164 4780 IntuitUpdateServiceV4 - ok
01:22:33.0195 4780 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:22:33.0195 4780 IPBusEnum - ok
01:22:33.0226 4780 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:22:33.0226 4780 IpFilterDriver - ok
01:22:33.0258 4780 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
01:22:33.0273 4780 iphlpsvc - ok
01:22:33.0273 4780 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:22:33.0273 4780 IPMIDRV - ok
01:22:33.0289 4780 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:22:33.0304 4780 IPNAT - ok
01:22:33.0351 4780 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
01:22:33.0351 4780 iPod Service - ok
01:22:33.0367 4780 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:22:33.0367 4780 IRENUM - ok
01:22:33.0367 4780 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:22:33.0382 4780 isapnp - ok
01:22:33.0382 4780 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:22:33.0398 4780 iScsiPrt - ok
01:22:33.0414 4780 k57nd60a (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
01:22:33.0414 4780 k57nd60a - ok
01:22:33.0429 4780 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
01:22:33.0429 4780 kbdclass - ok
01:22:33.0445 4780 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
01:22:33.0445 4780 kbdhid - ok
01:22:33.0476 4780 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:22:33.0476 4780 KeyIso - ok
01:22:33.0492 4780 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
01:22:33.0492 4780 KSecDD - ok
01:22:33.0507 4780 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
01:22:33.0507 4780 KSecPkg - ok
01:22:33.0523 4780 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:22:33.0523 4780 ksthunk - ok
01:22:33.0538 4780 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:22:33.0554 4780 KtmRm - ok
01:22:33.0570 4780 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
01:22:33.0570 4780 LanmanServer - ok
01:22:33.0585 4780 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:22:33.0585 4780 LanmanWorkstation - ok
01:22:33.0616 4780 libusb0 (02538e602280c07438c94489dcbe77d5) C:\Windows\system32\DRIVERS\libusb0.sys
01:22:33.0616 4780 libusb0 - ok
01:22:33.0632 4780 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:22:33.0648 4780 lltdio - ok
01:22:33.0663 4780 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:22:33.0663 4780 lltdsvc - ok
01:22:33.0679 4780 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:22:33.0679 4780 lmhosts - ok
01:22:33.0694 4780 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
01:22:33.0694 4780 LSI_FC - ok
01:22:33.0726 4780 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
01:22:33.0726 4780 LSI_SAS - ok
01:22:33.0726 4780 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
01:22:33.0726 4780 LSI_SAS2 - ok
01:22:33.0741 4780 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
01:22:33.0741 4780 LSI_SCSI - ok
01:22:33.0772 4780 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:22:33.0772 4780 luafv - ok
01:22:33.0788 4780 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
01:22:33.0788 4780 Mcx2Svc - ok
01:22:33.0788 4780 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
01:22:33.0804 4780 megasas - ok
01:22:33.0819 4780 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
01:22:33.0819 4780 MegaSR - ok
01:22:33.0835 4780 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
01:22:33.0835 4780 MEIx64 - ok
01:22:33.0850 4780 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:22:33.0850 4780 MMCSS - ok
01:22:33.0866 4780 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:22:33.0866 4780 Modem - ok
01:22:33.0882 4780 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:22:33.0882 4780 monitor - ok
01:22:33.0913 4780 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
01:22:33.0913 4780 motandroidusb - ok
01:22:33.0944 4780 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
01:22:33.0944 4780 motccgp - ok
01:22:33.0975 4780 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
01:22:33.0975 4780 motccgpfl - ok
01:22:33.0991 4780 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
01:22:33.0991 4780 motmodem - ok
01:22:33.0991 4780 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
01:22:33.0991 4780 MotoSwitchService - ok
01:22:34.0006 4780 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
01:22:34.0022 4780 Motousbnet - ok
01:22:34.0022 4780 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:22:34.0022 4780 mouclass - ok
01:22:34.0038 4780 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:22:34.0038 4780 mouhid - ok
01:22:34.0069 4780 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:22:34.0069 4780 mountmgr - ok
01:22:34.0084 4780 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:22:34.0084 4780 mpio - ok
01:22:34.0100 4780 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:22:34.0100 4780 mpsdrv - ok
01:22:34.0131 4780 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
01:22:34.0147 4780 MpsSvc - ok
01:22:34.0178 4780 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:22:34.0194 4780 MRxDAV - ok
01:22:34.0209 4780 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:22:34.0209 4780 mrxsmb - ok
01:22:34.0225 4780 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:22:34.0225 4780 mrxsmb10 - ok
01:22:34.0240 4780 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:22:34.0240 4780 mrxsmb20 - ok
01:22:34.0272 4780 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:22:34.0272 4780 msahci - ok
01:22:34.0303 4780 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:22:34.0303 4780 msdsm - ok
01:22:34.0318 4780 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:22:34.0318 4780 MSDTC - ok
01:22:34.0334 4780 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:22:34.0334 4780 Msfs - ok
01:22:34.0334 4780 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:22:34.0334 4780 mshidkmdf - ok
01:22:34.0350 4780 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:22:34.0350 4780 msisadrv - ok
01:22:34.0381 4780 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:22:34.0381 4780 MSiSCSI - ok
01:22:34.0381 4780 msiserver - ok
01:22:34.0396 4780 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:22:34.0396 4780 MSKSSRV - ok
01:22:34.0412 4780 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:22:34.0412 4780 MSPCLOCK - ok
01:22:34.0412 4780 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:22:34.0412 4780 MSPQM - ok
01:22:34.0428 4780 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:22:34.0428 4780 MsRPC - ok
01:22:34.0443 4780 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
01:22:34.0443 4780 mssmbios - ok
01:22:34.0459 4780 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:22:34.0459 4780 MSTEE - ok
01:22:34.0459 4780 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
01:22:34.0459 4780 MTConfig - ok
01:22:34.0474 4780 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:22:34.0474 4780 Mup - ok
01:22:34.0490 4780 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:22:34.0506 4780 napagent - ok
01:22:34.0521 4780 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:22:34.0521 4780 NativeWifiP - ok
01:22:34.0568 4780 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
01:22:34.0584 4780 NDIS - ok
01:22:34.0599 4780 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:22:34.0599 4780 NdisCap - ok
01:22:34.0615 4780 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:22:34.0615 4780 NdisTapi - ok
01:22:34.0615 4780 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:22:34.0615 4780 Ndisuio - ok
01:22:34.0630 4780 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:22:34.0630 4780 NdisWan - ok
01:22:34.0646 4780 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:22:34.0646 4780 NDProxy - ok
01:22:34.0677 4780 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
01:22:34.0677 4780 Net Driver HPZ12 - ok
01:22:34.0693 4780 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:22:34.0693 4780 NetBIOS - ok
01:22:34.0708 4780 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:22:34.0708 4780 NetBT - ok
01:22:34.0724 4780 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:22:34.0724 4780 Netlogon - ok
01:22:34.0771 4780 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:22:34.0771 4780 Netman - ok
01:22:34.0833 4780 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:22:34.0833 4780 NetMsmqActivator - ok
01:22:34.0833 4780 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:22:34.0833 4780 NetPipeActivator - ok
01:22:34.0864 4780 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:22:34.0864 4780 netprofm - ok
01:22:34.0864 4780 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:22:34.0864 4780 NetTcpActivator - ok
01:22:34.0864 4780 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:22:34.0880 4780 NetTcpPortSharing - ok
01:22:34.0911 4780 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
01:22:34.0911 4780 netvsc - ok
01:22:34.0927 4780 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
01:22:34.0927 4780 nfrd960 - ok
01:22:34.0958 4780 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:22:34.0958 4780 NlaSvc - ok
01:22:34.0974 4780 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:22:34.0974 4780 Npfs - ok
01:22:34.0989 4780 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:22:34.0989 4780 nsi - ok
01:22:35.0005 4780 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:22:35.0005 4780 nsiproxy - ok
01:22:35.0067 4780 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:22:35.0067 4780 Ntfs - ok
01:22:35.0130 4780 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:22:35.0130 4780 Null - ok
01:22:35.0161 4780 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:22:35.0161 4780 nvraid - ok
01:22:35.0192 4780 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:22:35.0192 4780 nvstor - ok
01:22:35.0208 4780 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:22:35.0208 4780 nv_agp - ok
01:22:35.0223 4780 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:22:35.0223 4780 ohci1394 - ok
01:22:35.0286 4780 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:22:35.0286 4780 ose - ok
01:22:35.0442 4780 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:22:35.0504 4780 osppsvc - ok
01:22:35.0613 4780 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:22:35.0613 4780 p2pimsvc - ok
01:22:35.0644 4780 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:22:35.0644 4780 p2psvc - ok
01:22:35.0660 4780 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
01:22:35.0660 4780 Parport - ok
01:22:35.0738 4780 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
01:22:35.0738 4780 partmgr - ok
01:22:35.0754 4780 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:22:35.0754 4780 PcaSvc - ok
01:22:35.0816 4780 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
01:22:35.0816 4780 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
01:22:35.0832 4780 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:22:35.0832 4780 pci - ok
01:22:35.0863 4780 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:22:35.0863 4780 pciide - ok
01:22:35.0878 4780 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
01:22:35.0878 4780 pcmcia - ok
01:22:35.0894 4780 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:22:35.0894 4780 pcw - ok
01:22:35.0925 4780 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:22:35.0925 4780 PEAUTH - ok
01:22:35.0972 4780 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
01:22:35.0988 4780 PeerDistSvc - ok
01:22:36.0034 4780 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:22:36.0034 4780 PerfHost - ok
01:22:36.0128 4780 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:22:36.0144 4780 pla - ok
01:22:36.0175 4780 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
01:22:36.0190 4780 PlugPlay - ok
01:22:36.0222 4780 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
01:22:36.0237 4780 Pml Driver HPZ12 - ok
01:22:36.0237 4780 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:22:36.0253 4780 PNRPAutoReg - ok
01:22:36.0268 4780 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:22:36.0268 4780 PNRPsvc - ok
01:22:36.0300 4780 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:22:36.0300 4780 PolicyAgent - ok
01:22:36.0315 4780 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
01:22:36.0315 4780 Power - ok
01:22:36.0362 4780 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:22:36.0362 4780 PptpMiniport - ok
01:22:36.0378 4780 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
01:22:36.0378 4780 Processor - ok
01:22:36.0393 4780 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
01:22:36.0393 4780 ProfSvc - ok
01:22:36.0409 4780 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:22:36.0409 4780 ProtectedStorage - ok
01:22:36.0424 4780 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:22:36.0440 4780 Psched - ok
01:22:36.0456 4780 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
01:22:36.0456 4780 PxHlpa64 - ok
01:22:36.0518 4780 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
01:22:36.0534 4780 ql2300 - ok
01:22:36.0596 4780 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
01:22:36.0596 4780 ql40xx - ok
01:22:36.0612 4780 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:22:36.0627 4780 QWAVE - ok
01:22:36.0627 4780 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:22:36.0627 4780 QWAVEdrv - ok
01:22:36.0627 4780 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:22:36.0627 4780 RasAcd - ok
01:22:36.0643 4780 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:22:36.0643 4780 RasAgileVpn - ok
01:22:36.0658 4780 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:22:36.0658 4780 RasAuto - ok
01:22:36.0674 4780 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:22:36.0674 4780 Rasl2tp - ok
01:22:36.0705 4780 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:22:36.0705 4780 RasMan - ok
01:22:36.0736 4780 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:22:36.0736 4780 RasPppoe - ok
01:22:36.0752 4780 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:22:36.0752 4780 RasSstp - ok
01:22:36.0768 4780 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:22:36.0768 4780 rdbss - ok
01:22:36.0768 4780 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:22:36.0768 4780 rdpbus - ok
01:22:36.0799 4780 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:22:36.0799 4780 RDPCDD - ok
01:22:36.0830 4780 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
01:22:36.0830 4780 RDPDR - ok
01:22:36.0846 4780 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:22:36.0846 4780 RDPENCDD - ok
01:22:36.0846 4780 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:22:36.0846 4780 RDPREFMP - ok
01:22:36.0877 4780 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
01:22:36.0877 4780 RDPWD - ok
01:22:36.0892 4780 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:22:36.0892 4780 rdyboost - ok
01:22:36.0955 4780 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:22:36.0955 4780 RemoteAccess - ok
01:22:36.0970 4780 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:22:36.0986 4780 RemoteRegistry - ok
01:22:37.0095 4780 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
01:22:37.0111 4780 RoxMediaDB12OEM - ok
01:22:37.0142 4780 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
01:22:37.0142 4780 RoxWatch12 - ok
01:22:37.0204 4780 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:22:37.0204 4780 RpcEptMapper - ok
01:22:37.0220 4780 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:22:37.0220 4780 RpcLocator - ok
01:22:37.0236 4780 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:22:37.0251 4780 RpcSs - ok
01:22:37.0282 4780 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:22:37.0282 4780 rspndr - ok
01:22:37.0298 4780 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
01:22:37.0298 4780 s3cap - ok
01:22:37.0329 4780 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:22:37.0329 4780 SamSs - ok
01:22:37.0345 4780 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:22:37.0345 4780 sbp2port - ok
01:22:37.0360 4780 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:22:37.0360 4780 SCardSvr - ok
01:22:37.0376 4780 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:22:37.0376 4780 scfilter - ok
01:22:37.0407 4780 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:22:37.0423 4780 Schedule - ok
01:22:37.0454 4780 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:22:37.0454 4780 SCPolicySvc - ok
01:22:37.0470 4780 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:22:37.0470 4780 SDRSVC - ok
01:22:37.0501 4780 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:22:37.0501 4780 secdrv - ok
01:22:37.0516 4780 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:22:37.0516 4780 seclogon - ok
01:22:37.0532 4780 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
01:22:37.0532 4780 SENS - ok
01:22:37.0548 4780 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:22:37.0548 4780 SensrSvc - ok
01:22:37.0579 4780 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
01:22:37.0579 4780 Serenum - ok
01:22:37.0579 4780 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
01:22:37.0579 4780 Serial - ok
01:22:37.0594 4780 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
01:22:37.0594 4780 sermouse - ok
01:22:37.0610 4780 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:22:37.0610 4780 SessionEnv - ok
01:22:37.0610 4780 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:22:37.0610 4780 sffdisk - ok
01:22:37.0610 4780 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:22:37.0610 4780 sffp_mmc - ok
01:22:37.0610 4780 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:22:37.0610 4780 sffp_sd - ok
01:22:37.0626 4780 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
01:22:37.0626 4780 sfloppy - ok
01:22:37.0719 4780 SftService (421c30c8e686dc41e64881269982b382) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
01:22:37.0750 4780 SftService - ok
01:22:37.0844 4780 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
01:22:37.0844 4780 SharedAccess - ok
01:22:37.0860 4780 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:22:37.0860 4780 ShellHWDetection - ok
01:22:37.0891 4780 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
01:22:37.0891 4780 SiSRaid2 - ok
01:22:37.0906 4780 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
01:22:37.0906 4780 SiSRaid4 - ok
01:22:37.0906 4780 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:22:37.0906 4780 Smb - ok
01:22:37.0938 4780 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:22:37.0938 4780 SNMPTRAP - ok
01:22:37.0953 4780 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:22:37.0953 4780 spldr - ok
01:22:37.0969 4780 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:22:37.0969 4780 Spooler - ok
01:22:38.0047 4780 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:22:38.0094 4780 sppsvc - ok
01:22:38.0172 4780 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:22:38.0172 4780 sppuinotify - ok
01:22:38.0203 4780 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:22:38.0203 4780 srv - ok
01:22:38.0234 4780 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:22:38.0234 4780 srv2 - ok
01:22:38.0250 4780 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:22:38.0250 4780 srvnet - ok
01:22:38.0281 4780 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
01:22:38.0281 4780 SSDPSRV - ok
01:22:38.0296 4780 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
01:22:38.0296 4780 SstpSvc - ok
01:22:38.0312 4780 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
01:22:38.0312 4780 stexstor - ok
01:22:38.0359 4780 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
01:22:38.0359 4780 stisvc - ok
01:22:38.0406 4780 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
01:22:38.0406 4780 stllssvr - ok
01:22:38.0437 4780 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
01:22:38.0437 4780 StorSvc - ok
01:22:38.0452 4780 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
01:22:38.0452 4780 storvsc - ok
01:22:38.0468 4780 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
01:22:38.0468 4780 swenum - ok
01:22:38.0484 4780 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
01:22:38.0484 4780 swprv - ok
01:22:38.0499 4780 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
01:22:38.0499 4780 SynthVid - ok
01:22:38.0546 4780 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
01:22:38.0577 4780 SysMain - ok
01:22:38.0640 4780 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
01:22:38.0640 4780 TabletInputService - ok
01:22:38.0655 4780 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
01:22:38.0655 4780 TapiSrv - ok
01:22:38.0671 4780 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
01:22:38.0671 4780 TBS - ok
01:22:38.0749 4780 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
01:22:38.0764 4780 Tcpip - ok
01:22:38.0874 4780 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
01:22:38.0889 4780 TCPIP6 - ok
01:22:38.0967 4780 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:22:38.0967 4780 tcpipreg - ok
01:22:38.0983 4780 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:22:38.0983 4780 TDPIPE - ok
01:22:39.0014 4780 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
01:22:39.0014 4780 TDTCP - ok
01:22:39.0030 4780 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:22:39.0030 4780 tdx - ok
01:22:39.0045 4780 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
01:22:39.0061 4780 TermDD - ok
01:22:39.0092 4780 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
01:22:39.0108 4780 TermService - ok
01:22:39.0123 4780 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
01:22:39.0123 4780 Themes - ok
01:22:39.0139 4780 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:22:39.0139 4780 THREADORDER - ok
01:22:39.0170 4780 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
01:22:39.0170 4780 TrkWks - ok
01:22:39.0217 4780 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
01:22:39.0217 4780 trufos - ok
01:22:39.0248 4780 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
01:22:39.0248 4780 TrustedInstaller - ok
01:22:39.0264 4780 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:22:39.0264 4780 tssecsrv - ok
01:22:39.0264 4780 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:22:39.0264 4780 TsUsbFlt - ok
01:22:39.0279 4780 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
01:22:39.0279 4780 TsUsbGD - ok
01:22:39.0295 4780 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:22:39.0295 4780 tunnel - ok
01:22:39.0310 4780 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
01:22:39.0310 4780 uagp35 - ok
01:22:39.0310 4780 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:22:39.0326 4780 udfs - ok
01:22:39.0342 4780 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
01:22:39.0342 4780 UI0Detect - ok
01:22:39.0357 4780 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:22:39.0357 4780 uliagpkx - ok
01:22:39.0373 4780 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
01:22:39.0373 4780 umbus - ok
01:22:39.0388 4780 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
01:22:39.0388 4780 UmPass - ok
01:22:39.0404 4780 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
01:22:39.0420 4780 UmRdpService - ok
01:22:39.0513 4780 Update Server (7de3f30967cf77bd1fc440c2b847629a) C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
01:22:39.0513 4780 Update Server - ok
01:22:39.0544 4780 UPDATESRV (6fa5ffc3765c9c444d82faf1d46c1cae) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
01:22:39.0544 4780 UPDATESRV - ok
01:22:39.0576 4780 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
01:22:39.0576 4780 upnphost - ok
01:22:39.0591 4780 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
01:22:39.0607 4780 usbccgp - ok
01:22:39.0607 4780 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:22:39.0607 4780 usbcir - ok
01:22:39.0622 4780 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
01:22:39.0622 4780 usbehci - ok
01:22:39.0654 4780 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
01:22:39.0654 4780 usbhub - ok
01:22:39.0669 4780 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
01:22:39.0669 4780 usbohci - ok
01:22:39.0685 4780 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
01:22:39.0685 4780 usbprint - ok
01:22:39.0700 4780 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:22:39.0716 4780 usbscan - ok
01:22:39.0732 4780 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:22:39.0732 4780 USBSTOR - ok
01:22:39.0747 4780 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
01:22:39.0747 4780 usbuhci - ok
01:22:39.0763 4780 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
01:22:39.0763 4780 UxSms - ok
01:22:39.0794 4780 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:22:39.0794 4780 VaultSvc - ok
01:22:39.0810 4780 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:22:39.0810 4780 vdrvroot - ok
01:22:39.0841 4780 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
01:22:39.0841 4780 vds - ok
01:22:39.0856 4780 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:22:39.0856 4780 vga - ok
01:22:39.0872 4780 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:22:39.0872 4780 VgaSave - ok
01:22:39.0888 4780 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:22:39.0888 4780 vhdmp - ok
01:22:39.0888 4780 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:22:39.0903 4780 viaide - ok
01:22:39.0919 4780 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
01:22:39.0919 4780 VMBusHID - ok
01:22:39.0934 4780 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:22:39.0934 4780 volmgr - ok
01:22:39.0966 4780 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:22:39.0966 4780 volmgrx - ok
01:22:39.0966 4780 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:22:39.0966 4780 volsnap - ok
01:22:39.0997 4780 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
01:22:39.0997 4780 vsmraid - ok
01:22:40.0044 4780 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
01:22:40.0075 4780 VSS - ok
01:22:40.0106 4780 VSSERV - ok
01:22:40.0184 4780 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
01:22:40.0184 4780 vwifibus - ok
01:22:40.0200 4780 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
01:22:40.0215 4780 W32Time - ok
01:22:40.0215 4780 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
01:22:40.0215 4780 WacomPen - ok
01:22:40.0231 4780 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:22:40.0231 4780 WANARP - ok
01:22:40.0246 4780 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:22:40.0246 4780 Wanarpv6 - ok
01:22:40.0293 4780 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
01:22:40.0324 4780 WatAdminSvc - ok
01:22:40.0371 4780 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
01:22:40.0387 4780 wbengine - ok
01:22:40.0480 4780 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
01:22:40.0480 4780 WbioSrvc - ok
01:22:40.0496 4780 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
01:22:40.0496 4780 wcncsvc - ok
01:22:40.0512 4780 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
01:22:40.0512 4780 WcsPlugInService - ok
01:22:40.0512 4780 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
01:22:40.0512 4780 Wd - ok
01:22:40.0543 4780 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:22:40.0543 4780 Wdf01000 - ok
01:22:40.0558 4780 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:22:40.0558 4780 WdiServiceHost - ok
01:22:40.0558 4780 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:22:40.0558 4780 WdiSystemHost - ok
01:22:40.0574 4780 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
01:22:40.0574 4780 WebClient - ok
01:22:40.0605 4780 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
01:22:40.0605 4780 Wecsvc - ok
01:22:40.0605 4780 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
01:22:40.0621 4780 wercplsupport - ok
01:22:40.0652 4780 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
01:22:40.0652 4780 WerSvc - ok
01:22:40.0652 4780 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:22:40.0652 4780 WfpLwf - ok
01:22:40.0699 4780 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
01:22:40.0699 4780 WimFltr - ok
01:22:40.0714 4780 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:22:40.0714 4780 WIMMount - ok
01:22:40.0730 4780 WinDefend - ok
01:22:40.0730 4780 WinHttpAutoProxySvc - ok
01:22:40.0777 4780 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
01:22:40.0777 4780 Winmgmt - ok
01:22:40.0824 4780 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
01:22:40.0855 4780 WinRM - ok
01:22:40.0933 4780 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
01:22:40.0933 4780 WinUsb - ok
01:22:40.0964 4780 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
01:22:40.0980 4780 Wlansvc - ok
01:22:41.0026 4780 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:22:41.0026 4780 wlcrasvc - ok
01:22:41.0089 4780 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:22:41.0120 4780 wlidsvc - ok
01:22:41.0198 4780 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:22:41.0198 4780 WmiAcpi - ok
01:22:41.0229 4780 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
01:22:41.0229 4780 wmiApSrv - ok
01:22:41.0245 4780 WMPNetworkSvc - ok
01:22:41.0276 4780 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
01:22:41.0276 4780 WPCSvc - ok
01:22:41.0307 4780 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
01:22:41.0307 4780 WPDBusEnum - ok
01:22:41.0307 4780 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:22:41.0307 4780 ws2ifsl - ok
01:22:41.0338 4780 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
01:22:41.0354 4780 wscsvc - ok
01:22:41.0370 4780 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
01:22:41.0370 4780 WSDPrintDevice - ok
01:22:41.0370 4780 WSearch - ok
01:22:41.0416 4780 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
01:22:41.0448 4780 wuauserv - ok
01:22:41.0526 4780 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:22:41.0526 4780 WudfPf - ok
01:22:41.0557 4780 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:22:41.0557 4780 WUDFRd - ok
01:22:41.0572 4780 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
01:22:41.0572 4780 wudfsvc - ok
01:22:41.0588 4780 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
01:22:41.0588 4780 WwanSvc - ok
01:22:41.0635 4780 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
01:22:41.0791 4780 \Device\Harddisk0\DR0 - ok
01:22:41.0791 4780 Boot (0x1200) (cc6c3dd2c2f8d18b166de7c13384d321) \Device\Harddisk0\DR0\Partition0
01:22:41.0791 4780 \Device\Harddisk0\DR0\Partition0 - ok
01:22:41.0806 4780 Boot (0x1200) (31539745a7fde933ea25aa624456fde7) \Device\Harddisk0\DR0\Partition1
01:22:41.0806 4780 \Device\Harddisk0\DR0\Partition1 - ok
01:22:41.0806 4780 ============================================================
01:22:41.0806 4780 Scan finished
01:22:41.0806 4780 ============================================================
01:22:41.0806 9720 Detected object count: 0
01:22:41.0806 9720 Actual detected object count: 0


I ran aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-27 01:25:29
-----------------------------
01:25:29.344 OS Version: Windows x64 6.1.7601 Service Pack 1
01:25:29.344 Number of processors: 8 586 0x2A07
01:25:29.344 ComputerName: WMRUTAH-PC UserName: WMRutah
01:25:32.791 Initialize success
01:26:44.101 AVAST engine defs: 12052601
01:27:32.898 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
01:27:32.898 Disk 0 Vendor: ST310005 JC4A Size: 953869MB BusType: 3
01:27:32.914 Disk 0 MBR read successfully
01:27:32.930 Disk 0 MBR scan
01:27:32.945 Disk 0 Windows VISTA default MBR code
01:27:32.945 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
01:27:33.195 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13468 MB offset 81920
01:27:33.210 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 940360 MB offset 27664384
01:27:33.226 Disk 0 scanning C:\Windows\system32\drivers
01:27:43.772 Service scanning
01:27:56.751 Modules scanning
01:27:56.751 Disk 0 trace - called modules:
01:27:56.766 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
01:27:57.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009d18790]
01:27:57.281 3 CLASSPNP.SYS[fffff88001f6943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa80075dd050]
01:28:06.329 AVAST engine scan C:\Windows
01:28:12.039 AVAST engine scan C:\Windows\system32
01:30:40.801 AVAST engine scan C:\Windows\system32\drivers
01:30:49.256 AVAST engine scan C:\Users\WMRutah
01:34:26.892 Disk 0 MBR has been saved successfully to "C:\Users\WMRutah\Desktop\MBR.dat"
01:34:26.892 The log file has been saved successfully to "C:\Users\WMRutah\Desktop\aswMBR.txt"

If the problem is isolated to Firefox, I do not have an issue with not using it.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 PM

Posted 27 May 2012 - 07:11 AM

Greetings

I would reinstall firefox now and see if it is redirecting

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 GLFNSKI

GLFNSKI
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 27 May 2012 - 09:48 AM

I reinstalled Firefox and tried a couple searches and it did not redirect. I did not import bookmarks. I will import bookmarks later in case that is the source so I can delete that.


ComboFix 12-05-27.02 - WMRutah 05/27/2012 8:33.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8174.6074 [GMT -6:00]
Running from: c:\users\WMRutah\Desktop\Combo-Fix.exe
Command switches used :: c:\users\WMRutah\Desktop\CFScript.txt
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\a0b7da8a-c390-46f6-b2b6-21325fedceac.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-27 14:37 . 2012-05-27 14:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-17 18:02 . 2012-05-17 18:02 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-17 18:02 . 2012-05-17 18:02 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-10 21:25 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 21:25 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 21:25 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 21:25 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 21:25 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 21:25 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 21:24 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 21:24 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 21:24 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 21:24 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 21:24 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 21:24 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 21:24 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-05 22:29 . 2009-08-20 05:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-05-05 09:35 . 2012-05-05 10:35 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-05 01:14 . 2009-08-20 05:50 52568 ----a-w- c:\windows\system32\AdobePDF.dll
2012-05-03 14:37 . 2012-05-03 14:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-03 14:37 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-27 14:41 . 2012-05-27 14:41 0 ----a-w- c:\windows\system32\bda5254.tmp
2012-05-05 10:35 . 2012-04-02 19:02 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 10:35 . 2012-03-15 22:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-20 16:34 . 2012-04-20 16:34 129024 ----a-w- c:\windows\RegBootClean64.exe
2012-04-20 16:34 . 2012-04-20 16:34 21520 ----a-w- c:\windows\DCEBoot64.exe
2012-03-23 19:41 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-21 02:22 . 2012-03-21 02:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-03-16 00:47 . 2012-03-16 00:47 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-03-16 00:47 . 2012-03-16 00:47 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-03-16 00:47 . 2012-03-16 00:47 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2012-03-16 00:47 . 2012-03-16 00:47 778752 ----a-w- c:\windows\system32\mssvp.dll
2012-03-16 00:47 . 2012-03-16 00:47 75264 ----a-w- c:\windows\system32\msscntrs.dll
2012-03-16 00:47 . 2012-03-16 00:47 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2012-03-16 00:47 . 2012-03-16 00:47 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2012-03-16 00:47 . 2012-03-16 00:47 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2012-03-16 00:47 . 2012-03-16 00:47 491520 ----a-w- c:\windows\system32\mssph.dll
2012-03-16 00:47 . 2012-03-16 00:47 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-03-16 00:47 . 2012-03-16 00:47 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2012-03-16 00:47 . 2012-03-16 00:47 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2012-03-16 00:47 . 2012-03-16 00:47 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-03-16 00:47 . 2012-03-16 00:47 288256 ----a-w- c:\windows\system32\mssphtb.dll
2012-03-16 00:47 . 2012-03-16 00:47 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2012-03-16 00:47 . 2012-03-16 00:47 2315776 ----a-w- c:\windows\system32\tquery.dll
2012-03-16 00:47 . 2012-03-16 00:47 2223616 ----a-w- c:\windows\system32\mssrch.dll
2012-03-16 00:47 . 2012-03-16 00:47 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2012-03-16 00:47 . 2012-03-16 00:47 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2012-03-16 00:47 . 2012-03-16 00:47 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2012-03-16 00:47 . 2012-03-16 00:47 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2012-03-16 00:47 . 2012-03-16 00:47 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2012-03-16 00:47 . 2012-03-16 00:47 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-03-16 00:47 . 2012-03-16 00:47 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-03-16 00:47 . 2012-03-16 00:47 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-03-16 00:47 . 2012-03-16 00:47 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-03-16 00:47 . 2012-03-16 00:47 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-03-16 00:47 . 2012-03-16 00:47 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-03-16 00:47 . 2012-03-16 00:47 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-03-16 00:47 . 2012-03-16 00:47 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-03-16 00:47 . 2012-03-16 00:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2012-03-16 00:47 . 2012-03-16 00:47 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-03-16 00:47 . 2012-03-16 00:47 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-03-16 00:47 . 2012-03-16 00:47 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-03-16 00:47 . 2012-03-16 00:47 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-03-16 00:47 . 2012-03-16 00:47 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-03-16 00:47 . 2012-03-16 00:47 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-03-16 00:47 . 2012-03-16 00:47 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-03-16 00:47 . 2012-03-16 00:47 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-03-16 00:47 . 2012-03-16 00:47 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-03-16 00:47 . 2012-03-16 00:47 2871808 ----a-w- c:\windows\explorer.exe
2012-03-16 00:47 . 2012-03-16 00:47 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-03-16 00:47 . 2012-03-16 00:47 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-03-16 00:47 . 2012-03-16 00:47 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-16 00:47 . 2012-03-16 00:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-16 00:47 . 2012-03-16 00:47 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-03-16 00:47 . 2012-03-16 00:47 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-03-16 00:47 . 2012-03-16 00:47 100864 ----a-w- c:\windows\system32\fontsub.dll
2012-03-16 00:47 . 2012-03-16 00:47 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-16 00:47 . 2012-03-16 00:47 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-16 00:47 . 2012-03-16 00:47 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-16 00:47 . 2012-03-16 00:47 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-03-16 00:47 . 2012-03-16 00:47 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-03-16 00:47 . 2012-03-16 00:47 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-16 00:47 . 2012-03-16 00:47 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-03-16 00:47 . 2012-03-16 00:47 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-03-16 00:47 . 2012-03-16 00:47 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-03-16 00:47 . 2012-03-16 00:47 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-03-16 00:47 . 2012-03-16 00:47 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-03-16 00:47 . 2012-03-16 00:47 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2012-03-16 00:47 . 2012-03-16 00:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-03-16 00:47 . 2012-03-16 00:47 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-03-16 00:47 . 2012-03-16 00:47 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-03-16 00:47 . 2012-03-16 00:47 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-03-16 00:47 . 2012-03-16 00:47 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-03-16 00:47 . 2012-03-16 00:47 421888 ----a-w- c:\windows\system32\KernelBase.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-03-16 00:47 . 2012-03-16 00:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-25_18.13.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-05-25 18:14 39226 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-23 19:43 . 2012-05-27 08:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-23 19:43 . 2012-05-24 12:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-23 19:43 . 2012-05-27 08:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-23 19:43 . 2012-05-24 12:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-27 08:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-24 12:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-17 18:07 . 2012-05-25 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-17 18:07 . 2012-05-27 14:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-17 18:07 . 2012-05-25 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-17 18:07 . 2012-05-27 14:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-05-25 15:58 686912 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-26 00:56 686912 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-26 00:56 129924 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-25 15:58 129924 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 03:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 03:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 03:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-26 39408]
"gSyncit"="c:\program files (x86)\Fieldston Software\gSyncit\gsyncit.exe" [2012-03-12 98016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\WMRutah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Kaleidescape Conductor.lnk - c:\users\WMRutah\AppData\Roaming\Kaleidescape\Kaleidescape.exe [2012-4-15 1517056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2012-3-26 77824]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2012-3-26 15360]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2012-3-26 1146880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-12-20 1691848]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 136176]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-15 466736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-15 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [2012-04-12 5230256]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-14 66096]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 10:35]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 23:05]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-26 23:05]
.
2012-05-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-05-27 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 02:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 02:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 02:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-04-26 1067256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.weather.com/weather/right-now/Sandy+UT+84092
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\WMRutah\AppData\Roaming\Mozilla\Firefox\Profiles\tfj3kyko.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2012-05-27 08:43:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-27 14:43
ComboFix2.txt 2012-05-25 18:17
.
Pre-Run: 831,558,148,096 bytes free
Post-Run: 831,387,541,504 bytes free
.
- - End Of File - - D4C7C310E6C12D1FE4170A33858114BD

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 PM

Posted 27 May 2012 - 10:31 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 GLFNSKI

GLFNSKI
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 27 May 2012 - 10:40 AM

6000E609_eDocs
ABBYY FineReader for ScanSnap ™ 4.1
Accidental Damage Services Agreement
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe Reader X (10.1.3)
Apple Application Support
Apple Software Update
Banctec Service Agreement
BPDSoftware
BPDSoftware_Ini
BufferChm
Carbonite
CardMinder
CardMinder V4.1
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Home Systems Service Agreement
DeviceDiscovery
DirectX 9 Runtime
EPSON Scan
EpsonNet Config V3
EpsonNet SetupManager
Garmin Training Center
Garmin USB Drivers
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
gSyncit
Intel® Control Center
Intel® Rapid Storage Technology
iSEEK AnswerWorks English Runtime
Junk Mail filter update
Kaleidescape Conductor
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PhotoShowExpress
QualxServ Service Agreement
Quicken 2012
RadioComm v11.11.11
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
ScanSnap
ScanSnap Manager
ScanSnap Organizer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Sonic CinePlayer Decoder Pack
Status
Toolbox
TrayApp
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2011 wutiper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Toolbar

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 PM

Posted 27 May 2012 - 11:03 AM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 GLFNSKI

GLFNSKI
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 27 May 2012 - 11:57 AM

I installed Java

I installed and ran cclean

I updated and ran MBAM. WHen completed, I clicked OK. Its said nothing found, but there was no Show Results. It just closed.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.27.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
WMRutah :: WMRUTAH-PC [administrator]

5/27/2012 10:19:43 AM
mbam-log-2012-05-27 (10-19-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207438
Time elapsed: 1 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I downloaded HijackThis. Right click did not give me the option to run as administrator, so I installed it anyway. I right clicked new desktop icon and again, no option to run as administator so I ran anyway. Igot the following pop up window:

For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click start, Run and type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as ‘hosts.’ (with quotes), and reboot.
For Vista: simply, exit HijackThis, right click on the HijackThis icon, choose ‘run as administrator’.

I ran it anyway, and afterwards got the following pop up:

Cannot find the C:\Program Files (x86)\Trend Micro/HiHackThis\hihackthis.log file.
Do you want to create a new file?

I clicked yes, but nothing happened and there was no file.

I tried uninstalling and installing again, still no administrator option. This time, I searched under the C:\ and navigated to the exe and was able to right click and run as administrator. Finally got my log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:49:54 AM, on 5/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/right-now/Sandy+UT+84092
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
O4 - Startup: Kaleidescape Conductor.lnk = ?
O4 - Global Startup: CardMinder Viewer.lnk = ?
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ScanSnap Manager.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (file missing)
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: GoodSync Server (GsServer) - Unknown owner - C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15039 bytes

Now, is there anything I need to clean up in C:\WIndows\System32 since I ran it wrong the first time?

I have googled a few things using FireFox and have not been redirected yet :)

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 PM

Posted 27 May 2012 - 01:25 PM

Greetings

This time, I searched under the C:\ and navigated to the exe and was able to right click and run as administrator. Finally got my log:

See my note in my instruction above

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
      O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
      O4 - Startup: Kaleidescape Conductor.lnk = ?
      O4 - Global Startup: CardMinder Viewer.lnk = ?
      O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ?
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: ScanSnap Manager.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 GLFNSKI

GLFNSKI
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 27 May 2012 - 03:26 PM

Hi Gringo,



I removed all but one startup program, thanks.

Ran eset and it looks like you found it... item #3

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Users\WMRutah\AppData\Local\{7B376B2B-89A2-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users