Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very stubborn google redirect


  • This topic is locked This topic is locked
15 replies to this topic

#1 kiwiklogg

kiwiklogg

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 26 May 2012 - 08:52 PM

I have tried everything.
TDSSkiller, Kaspersky, Combofix, Malwarebytes and a bunch of other scanners and anti malware software. Nothing has worked.
I am one step away from wiping everything and starting again. :(
I'm really hoping you guys can help!

Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by MIMKIWI at 14:24:07 on 2012-05-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.2046.968 [GMT 10:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Mesh\WLSync.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WinMTSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Windows Live\Mesh\MOE.exe
C:\Windows\system32\java.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\MIMKIWI\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MIMKIWI\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MIMKIWI\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MIMKIWI\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MIMKIWI\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120507190205.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://apmoller.webex.com/client/T26L10NSP49EP12/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{60725EDC-4CF4-4807-A6C6-749A2ECA85AA} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C97806D9-BB78-4D23-9020-03E3F97CA66A} : DhcpNameServer = 10.4.176.231 10.4.85.135
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-12-21 464304]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-12-21 169608]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-12-21 64912]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-5-12 223864]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-4-6 217600]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-13 654408]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-20 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-20 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-20 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-21 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-21 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-21 151880]
R2 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2011-5-17 366872]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-4-6 9334784]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-6 275968]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-21 57600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-13 22344]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-15 180848]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-21 340920]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-5-12 94584]
R3 WinMTBus;WinMount Bus;c:\windows\system32\drivers\WinMTBus.sys [2011-7-31 196224]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-30 136176]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 253600]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-30 136176]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-21 59456]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-21 87656]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-5-12 94584]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-5-12 93816]
S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-5 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-27 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-05-20 03:59:36 -------- d-----w- c:\users\mimkiwi\appdata\local\{ED84C592-46AF-4167-B014-4CA82CACFACB}
2012-05-20 03:59:25 -------- d-----w- c:\users\mimkiwi\appdata\local\{D36F6879-6254-44DA-AA02-184EDD6D43D2}
2012-05-19 23:32:05 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1d7f1c74-99c0-4756-9196-9ccf81f9c463}\mpengine.dll
2012-05-19 23:22:21 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-19 15:58:57 -------- d-----w- c:\users\mimkiwi\appdata\local\{123B5706-10F0-4CDE-9E2F-7BB46C7E2F1E}
2012-05-19 15:58:46 -------- d-----w- c:\users\mimkiwi\appdata\local\{B9289F88-9E63-40A6-B580-72656C927C2E}
2012-05-19 05:01:33 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-19 04:46:12 -------- d-----w- C:\ComboFix
2012-05-19 03:58:04 -------- d-----w- c:\users\mimkiwi\appdata\local\{77A06390-67BD-456F-A4F8-A30A1D6BEC44}
2012-05-19 03:57:49 -------- d-----w- c:\users\mimkiwi\appdata\local\{B0480265-C5BB-4E9B-8E24-C20DB22B49F9}
2012-05-14 01:44:12 -------- d-----w- c:\users\mimkiwi\appdata\local\{979AC9FC-19B9-446B-B58B-509DC8E8F2C5}
2012-05-13 13:43:11 -------- d-----w- c:\users\mimkiwi\appdata\local\{E320BD59-BFDE-4866-9BD9-121BDBC477BC}
2012-05-13 13:43:00 -------- d-----w- c:\users\mimkiwi\appdata\local\{4B09E0DC-6D01-4685-9AE9-8E49E1F77197}
2012-05-13 04:18:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 04:18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-13 03:48:04 -------- d-----w- c:\program files\ESET
2012-05-13 02:16:44 -------- d-----w- c:\programdata\Kaspersky Lab
2012-05-13 01:42:30 -------- d-----w- c:\users\mimkiwi\appdata\local\{7CABC335-BFCD-4E6F-9156-3AA2A765BF9E}
2012-05-13 01:42:14 -------- d-----w- c:\users\mimkiwi\appdata\local\{438A8EA0-7DD7-411B-A248-89A88F70FA1E}
2012-05-12 05:19:31 -------- d-----w- c:\windows\pss
2012-05-12 04:30:32 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-05-12 04:29:54 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-05-12 04:29:53 223864 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-05-12 04:28:17 -------- d-----w- c:\users\mimkiwi\appdata\roaming\Ad-Aware Antivirus
2012-05-12 01:57:54 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 01:57:48 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-12 01:57:46 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-12 01:57:45 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-12 01:57:44 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-12 01:57:34 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 01:57:33 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-12 01:57:32 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 01:57:21 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 01:57:17 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 01:50:33 -------- d-----w- c:\users\mimkiwi\appdata\local\{E71F7D58-C984-4C6F-B751-6DA8268BEB17}
2012-05-12 01:50:19 -------- d-----w- c:\users\mimkiwi\appdata\local\{7A1B201D-DFC0-43B8-A4E6-C0685DFB014D}
2012-05-10 07:55:40 -------- d-----w- c:\users\mimkiwi\appdata\roaming\Malwarebytes
2012-05-10 07:55:25 -------- d-----w- c:\programdata\Malwarebytes
2012-05-10 03:38:53 -------- d-----w- c:\users\mimkiwi\appdata\local\{9C4F5B22-8F68-48BC-B8AF-0A05D78F7DFE}
2012-05-09 15:38:26 -------- d-----w- c:\users\mimkiwi\appdata\local\{BC02246A-C4D0-40A5-82D5-0E9B6D1F3F82}
2012-05-09 15:38:14 -------- d-----w- c:\users\mimkiwi\appdata\local\{D4B9A763-FFAB-4C20-9862-2AB52907961C}
2012-05-09 08:41:38 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-05-09 08:36:54 -------- d-----w- c:\programdata\HitmanPro
2012-05-09 07:00:22 98816 ----a-w- c:\windows\sed.exe
2012-05-09 07:00:22 518144 ----a-w- c:\windows\SWREG.exe
2012-05-09 07:00:22 256000 ----a-w- c:\windows\PEV.exe
2012-05-09 07:00:22 208896 ----a-w- c:\windows\MBR.exe
2012-05-09 03:37:43 -------- d-----w- c:\users\mimkiwi\appdata\local\{5074CD0A-BE88-4C98-BBFF-CE3AB8856F74}
2012-05-08 15:36:41 -------- d-----w- c:\users\mimkiwi\appdata\local\{291E59BA-AE50-4E32-A81F-83DFA25A0EA4}
2012-05-08 15:36:28 -------- d-----w- c:\users\mimkiwi\appdata\local\{FA33DD04-BC69-4531-817B-C602A08D4AA0}
2012-05-08 03:36:00 -------- d-----w- c:\users\mimkiwi\appdata\local\{E938BE77-B277-47F4-94A1-71C5470FFAF9}
2012-05-07 15:35:31 -------- d-----w- c:\users\mimkiwi\appdata\local\{B5F5345C-4758-413A-A903-8449E52BF180}
2012-05-07 15:35:19 -------- d-----w- c:\users\mimkiwi\appdata\local\{6D020982-5AF8-479B-B8F3-D392526B1D62}
2012-05-07 03:34:38 -------- d-----w- c:\users\mimkiwi\appdata\local\{D9CA3F21-76FD-4BE8-BCCB-0E3CF66FCA79}
2012-05-07 03:34:23 -------- d-----w- c:\users\mimkiwi\appdata\local\{4EC0A55E-9513-488A-B146-F36CE409CB8B}
2012-05-06 04:32:32 147456 --sha-r- c:\windows\system32\winload4.dll
2012-05-06 02:54:31 -------- d-----w- c:\users\mimkiwi\appdata\local\{2557D293-FFF1-4E12-9C33-F4C394154AB4}
2012-05-06 02:54:17 -------- d-----w- c:\users\mimkiwi\appdata\local\{43E99538-F356-45EC-977A-249E1FC4DE59}
2012-05-05 04:09:51 -------- d-----w- c:\program files\iPod
2012-05-05 04:09:50 -------- d-----w- c:\program files\iTunes
2012-05-05 02:21:06 -------- d-----w- c:\users\mimkiwi\appdata\local\{2FE47DAE-DB20-4F43-9729-776B3FC4CBF7}
2012-05-05 02:20:55 -------- d-----w- c:\users\mimkiwi\appdata\local\{14068ADA-C7D5-4870-9B94-F6F1FA545220}
2012-05-05 02:20:36 -------- d-----w- c:\users\mimkiwi\appdata\local\{38AF0B4B-6E48-4FDE-B906-21B74A9A535B}
2012-05-04 14:20:05 -------- d-----w- c:\users\mimkiwi\appdata\local\{84DF9165-BF1F-4AB7-8021-CF61CC5D28D1}
2012-05-04 14:19:54 -------- d-----w- c:\users\mimkiwi\appdata\local\{8D8E462D-C744-402E-989E-AADDFC628392}
2012-05-04 14:19:32 -------- d-----w- c:\users\mimkiwi\appdata\local\{4232303A-170E-45A9-A2E8-031E46917416}
2012-05-04 02:19:17 -------- d-----w- c:\users\mimkiwi\appdata\local\{65E9E2E7-561A-4FB4-B7F9-F21597FD1AEF}
2012-05-04 02:19:06 -------- d-----w- c:\users\mimkiwi\appdata\local\{5FB031F9-71A7-401E-9755-44524F17B9B5}
2012-05-04 02:18:54 -------- d-----w- c:\users\mimkiwi\appdata\local\{2153F06B-DC40-4539-8798-586B81977C68}
2012-05-03 14:18:29 -------- d-----w- c:\users\mimkiwi\appdata\local\{50D60DCE-6B91-4097-873A-6F136748123F}
2012-05-03 14:18:18 -------- d-----w- c:\users\mimkiwi\appdata\local\{AEF416C8-AE91-4380-AA63-24FE8015D016}
2012-05-03 14:17:56 -------- d-----w- c:\users\mimkiwi\appdata\local\{741B0DCE-0AF6-4210-A4B5-9341356F164C}
2012-05-03 02:17:43 -------- d-----w- c:\users\mimkiwi\appdata\local\{C367382F-A34E-4280-B017-11C9E37ADAA6}
2012-05-03 02:17:31 -------- d-----w- c:\users\mimkiwi\appdata\local\{485117C8-33A7-400B-A985-453371F07AF1}
2012-05-03 02:17:09 -------- d-----w- c:\users\mimkiwi\appdata\local\{90A92063-4389-4136-B6AF-8B02AD12AD32}
2012-05-02 14:16:55 -------- d-----w- c:\users\mimkiwi\appdata\local\{1B7D45A1-A78D-4795-A3E2-BFEF2044B38A}
2012-05-02 14:16:45 -------- d-----w- c:\users\mimkiwi\appdata\local\{408D4888-7C00-48B4-9DAA-64BCED46638D}
2012-05-02 14:16:33 -------- d-----w- c:\users\mimkiwi\appdata\local\{6AB57F50-BBD8-4E8C-BC6D-BDA4F7FCFAF8}
2012-05-02 02:16:09 -------- d-----w- c:\users\mimkiwi\appdata\local\{E523D17A-0AA5-4AA3-9879-91C35AA1CCE4}
2012-05-02 02:15:58 -------- d-----w- c:\users\mimkiwi\appdata\local\{5B087ED7-B0C0-4AE2-BC34-6F417E98399E}
2012-05-02 02:15:35 -------- d-----w- c:\users\mimkiwi\appdata\local\{F84FF7E6-7369-418D-9688-F0B14B3B87E8}
2012-05-01 14:15:22 -------- d-----w- c:\users\mimkiwi\appdata\local\{0A5BD312-4749-4676-8C88-263340B188FF}
2012-05-01 14:15:11 -------- d-----w- c:\users\mimkiwi\appdata\local\{BCB46CAA-D377-4E9B-AB3A-C713FFCFE93C}
2012-05-01 14:14:49 -------- d-----w- c:\users\mimkiwi\appdata\local\{33CDEBC9-95C6-4310-9B9A-524A636E2300}
2012-05-01 02:14:35 -------- d-----w- c:\users\mimkiwi\appdata\local\{77AAD966-D69C-49FE-93A5-C7459A13CEC9}
2012-05-01 02:14:24 -------- d-----w- c:\users\mimkiwi\appdata\local\{E9688BFA-6ABA-4891-A496-20BE8675AB2A}
2012-05-01 02:14:01 -------- d-----w- c:\users\mimkiwi\appdata\local\{5BE53E0A-64B6-4950-915F-56C2146F694C}
2012-04-30 14:13:44 -------- d-----w- c:\users\mimkiwi\appdata\local\{99F79AB9-0C1A-47D7-982D-442FC0A98E6F}
2012-04-30 14:13:33 -------- d-----w- c:\users\mimkiwi\appdata\local\{4E88E119-9AC6-4022-BD26-278281DBAA06}
2012-04-30 02:13:05 -------- d-----w- c:\users\mimkiwi\appdata\local\{381A0ECC-CE0C-47E7-907A-9FFBA5F9FA5B}
2012-04-29 14:12:35 -------- d-----w- c:\users\mimkiwi\appdata\local\{4E6884AF-20E9-422D-845F-96BCB6E66B4C}
2012-04-29 02:11:59 -------- d-----w- c:\users\mimkiwi\appdata\local\{F883C8F9-0B5B-42FF-9411-BCC4D23C0B24}
2012-04-29 02:11:44 -------- d-----w- c:\users\mimkiwi\appdata\local\{B049EADB-E52A-46E9-A8DF-1EB4249B4053}
2012-04-29 02:05:00 -------- d-----w- C:\AMD
2012-04-29 01:53:13 -------- d-----w- c:\users\mimkiwi\appdata\roaming\Xilisoft
2012-04-29 01:50:59 -------- d-----w- c:\programdata\Xilisoft
2012-04-29 01:50:59 -------- d-----w- c:\program files\Xilisoft
2012-04-28 20:34:54 -------- d-----w- c:\users\mimkiwi\appdata\local\{6AFCD849-6512-4176-96BD-6DFD3C492B51}
2012-04-28 01:03:05 -------- d-----w- c:\users\mimkiwi\appdata\local\{1C7DD429-38E3-471A-BA6E-A781F0024ED6}
2012-04-28 01:02:53 -------- d-----w- c:\users\mimkiwi\appdata\local\{FCF2DB50-A57C-4538-AA01-5D728BA945A1}
2012-04-26 17:06:05 -------- d-----w- c:\users\mimkiwi\appdata\local\{9E173FD7-BCFE-4E94-8E27-B86198045818}
2012-04-26 05:05:37 -------- d-----w- c:\users\mimkiwi\appdata\local\{88AC8D27-D1C7-45E3-A5F9-6624F9F18DC2}
2012-04-25 17:05:09 -------- d-----w- c:\users\mimkiwi\appdata\local\{DCC13D20-062F-4F7A-AEB7-5314C2C15F0A}
2012-04-25 05:23:29 -------- d-----w- c:\users\mimkiwi\.dvdcss
2012-04-25 05:04:39 -------- d-----w- c:\users\mimkiwi\appdata\local\{C8B2DCE5-CEAD-4937-AEFC-C8A6F2C1BF84}
2012-04-25 05:04:17 -------- d-----w- c:\users\mimkiwi\appdata\local\{0036C347-5BA6-41C1-A64C-5E4C1E8994C4}
2012-04-24 05:26:31 -------- d-----w- c:\users\mimkiwi\appdata\local\{E05EC607-A4A3-47E5-ADE9-8A9DB8D91366}
2012-04-24 05:26:18 -------- d-----w- c:\users\mimkiwi\appdata\local\{E784AC15-FF31-4239-8269-5366FDF25B16}
2012-04-22 18:03:29 -------- d-----w- c:\users\mimkiwi\appdata\local\{CAB09C05-B491-49C3-B029-744109D315B3}
2012-04-22 06:03:00 -------- d-----w- c:\users\mimkiwi\appdata\local\{EE691735-C267-4B0F-988E-77EF88FE995B}
2012-04-22 06:02:47 -------- d-----w- c:\users\mimkiwi\appdata\local\{40CF4F8A-5322-4547-B7B7-0A343668889D}
.
==================== Find3M ====================
.
2012-04-06 05:21:10 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22:00 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- c:\windows\system32\aticfx32.dll
2012-04-06 02:16:52 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16:24 451072 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:15:50 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14:36 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-04-06 02:14:28 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-04-06 02:13:42 6800896 ----a-w- c:\windows\system32\atidxx32.dll
2012-04-06 02:00:08 52736 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:50:56 19753984 ----a-w- c:\windows\system32\atioglxx.dll
2012-04-06 01:34:50 1831424 ----a-w- c:\windows\system32\atiumdmv.dll
2012-04-06 01:34:04 6203392 ----a-w- c:\windows\system32\atiumdag.dll
2012-04-06 01:30:14 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-04-06 01:30:06 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-04-06 01:25:30 13764096 ----a-w- c:\windows\system32\aticaldd.dll
2012-04-06 01:22:54 4795904 ----a-w- c:\windows\system32\atiumdva.dll
2012-04-06 01:11:18 360448 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11:04 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:10:52 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-04-06 01:10:22 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09:48 41984 ----a-w- c:\windows\system32\atiuxpag.dll
2012-04-06 01:09:34 32256 ----a-w- c:\windows\system32\atiu9pag.dll
2012-04-06 01:09:02 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06:04 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-04-06 01:06:04 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-03-31 00:00:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-31 00:00:01 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-20 10:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 10:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-20 03:11:32 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-18 06:51:46 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-03-08 08:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 08:37:20 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-01 05:46:57 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37:41 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 03:29:46 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-22 03:29:46 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-02-22 03:29:46 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-02-22 03:29:46 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-02-22 03:29:46 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-02-22 03:29:46 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-02-22 03:29:46 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-02-22 03:29:46 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-02-22 03:29:46 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-02-22 03:29:46 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
============= FINISH: 14:24:45.08 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 27 May 2012 - 06:28 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kiwiklogg

kiwiklogg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 28 May 2012 - 04:38 AM

Thanks for the quick reply.

Overnight it seems that my McAfee scanner updated itself, scanned the computer and identified/fixed a bunch of issues. One of them was Generic.dx!b2jf

Microsoft Security Center is running again.

Combofix also seemed to now identify something.

The google redirect seems to have stopped now too! Perhaps was just a matter of a new strain/variant now catered for by these programs.

Anyway, here are the logs:

Results of screen317's Security Check version 0.99.32
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET Online Scanner v3
McAfee AntiVirus Plus
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 7 Update 4
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````



And ComboFix:
ComboFix 12-05-27.03 - MIMKIWI 28/05/2012 18:41:47.7.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.2046.883 [GMT 10:00]
Running from: c:\users\MIMKIWI\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 08:52 . 2012-05-28 08:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-27 02:03 . 2012-05-27 02:03 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-27 02:00 . 2012-05-27 02:00 -------- d-----w- c:\windows\Sun
2012-05-26 02:27 . 2012-05-26 02:27 -------- d-----w- c:\program files\ColorByNumbers
2012-05-19 23:32 . 2012-05-14 15:43 6737808 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D7F1C74-99C0-4756-9196-9CCF81F9C463}\mpengine.dll
2012-05-19 23:22 . 2012-05-19 23:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-13 04:18 . 2012-05-13 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-13 04:18 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 03:48 . 2012-05-13 03:48 -------- d-----w- c:\program files\ESET
2012-05-13 02:16 . 2012-05-13 02:16 -------- d-----w- c:\programdata\Kaspersky Lab
2012-05-12 04:30 . 2011-12-19 02:44 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-05-12 04:29 . 2011-09-29 02:16 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-05-12 04:29 . 2011-12-19 02:44 223864 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-05-12 04:28 . 2012-05-12 04:30 -------- d-----w- c:\users\MIMKIWI\AppData\Roaming\Ad-Aware Antivirus
2012-05-12 01:57 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 01:57 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 01:57 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 01:57 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 01:57 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 01:57 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 01:57 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-12 01:57 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 01:57 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 01:57 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 07:55 . 2012-05-10 07:55 -------- d-----w- c:\users\MIMKIWI\AppData\Roaming\Malwarebytes
2012-05-10 07:55 . 2012-05-10 07:55 -------- d-----w- c:\programdata\Malwarebytes
2012-05-09 08:41 . 2012-05-09 08:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-05-09 08:36 . 2012-05-09 08:41 -------- d-----w- c:\programdata\HitmanPro
2012-05-06 04:32 . 2012-05-06 04:32 147456 --sha-r- c:\windows\system32\winload4.dll
2012-05-06 03:59 . 2012-05-06 03:59 -------- d-----w- c:\program files\Common Files\Skype
2012-05-05 04:09 . 2012-05-05 04:09 -------- d-----w- c:\program files\iPod
2012-05-05 04:09 . 2012-05-05 04:10 -------- d-----w- c:\program files\iTunes
2012-04-29 02:05 . 2012-04-29 02:05 -------- d-----w- C:\AMD
2012-04-29 01:53 . 2012-04-29 01:53 -------- d-----w- c:\users\MIMKIWI\AppData\Roaming\Xilisoft
2012-04-29 01:50 . 2012-04-29 01:50 -------- d-----w- c:\programdata\Xilisoft
2012-04-29 01:50 . 2012-04-29 01:50 -------- d-----w- c:\program files\Xilisoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-27 02:03 . 2012-01-15 08:21 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-06 05:21 . 2012-04-06 05:21 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2010-05-27 17:02 909312 ----a-w- c:\windows\system32\aticfx32.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 451072 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:15 . 2012-04-06 02:15 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-04-06 02:14 . 2012-04-06 02:14 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-04-06 02:13 . 2010-05-27 16:54 6800896 ----a-w- c:\windows\system32\atidxx32.dll
2012-04-06 02:00 . 2010-05-27 16:35 52736 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\system32\atioglxx.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\system32\atiumdmv.dll
2012-04-06 01:34 . 2010-05-27 16:37 6203392 ----a-w- c:\windows\system32\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\system32\aticaldd.dll
2012-04-06 01:22 . 2010-05-27 16:31 4795904 ----a-w- c:\windows\system32\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-05-27 16:24 41984 ----a-w- c:\windows\system32\atiuxpag.dll
2012-04-06 01:09 . 2010-05-27 16:24 32256 ----a-w- c:\windows\system32\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-03-31 00:00 . 2012-03-31 00:00 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 00:00 . 2011-07-10 01:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-20 10:44 . 2012-03-20 10:44 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 10:44 . 2012-03-20 10:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-20 03:11 . 2010-12-21 07:41 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-18 06:51 . 2011-02-05 22:53 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-03-08 08:50 . 2012-03-08 08:50 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 08:37 . 2012-03-08 08:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-01 05:46 . 2012-04-11 22:59 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-11 22:59 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-11 22:59 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 22:59 5120 ----a-w- c:\windows\system32\wmi.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-13_03.22.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-26 09:47 . 2012-05-27 02:08 54802 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-05-28 08:57 48330 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-26 09:40 . 2012-05-28 08:57 19750 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3536688752-1842355533-2872877329-1001_UserData.bin
+ 2002-05-15 01:13 . 2002-05-15 01:13 81920 c:\windows\System32\SipCal.dll
+ 1999-09-17 09:12 . 1999-09-17 09:12 44344 c:\windows\System32\Seqcal.sys
- 2009-07-14 04:50 . 2012-05-12 04:30 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2009-07-14 04:50 . 2012-05-27 02:38 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2012-02-15 01:01 . 2012-02-15 01:01 43520 c:\windows\System32\drivers\usbaapl.sys
- 2010-07-27 02:12 . 2012-05-13 02:39 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-27 02:12 . 2012-05-28 06:30 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-27 02:12 . 2012-05-13 02:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-27 02:12 . 2012-05-28 06:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2012-05-13 02:39 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2012-05-28 06:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:34 . 2012-05-20 10:23 94352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-26 02:27 . 2012-05-26 02:27 65536 c:\windows\Installer\{09A8D062-576E-4826-88BA-A89E7A7FD9AA}\NewShortcut1_E315B145946249EFBE4370EC33664B51.exe
+ 2012-05-26 02:27 . 2012-05-26 02:27 65536 c:\windows\Installer\{09A8D062-576E-4826-88BA-A89E7A7FD9AA}\CBNSelector21_E315B145946249EFBE4370EC33664B51.exe
- 2011-02-06 09:57 . 2012-05-12 08:42 1638 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2011-02-06 09:57 . 2012-05-27 02:05 1638 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-05-27 02:06 . 2012-05-28 08:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-13 01:41 . 2012-05-13 02:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-13 01:41 . 2012-05-13 02:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-27 02:06 . 2012-05-28 08:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2012-05-27 02:12 669306 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2012-05-27 02:12 126882 c:\windows\System32\perfc009.dat
+ 2010-07-26 10:04 . 2012-01-30 18:59 237072 c:\windows\System32\MpSigStub.exe
+ 2012-05-27 02:03 . 2012-05-27 02:03 227784 c:\windows\System32\javaws.exe
+ 2012-05-27 02:03 . 2012-05-27 02:03 174024 c:\windows\System32\javaw.exe
- 2009-07-14 04:50 . 2012-05-12 04:30 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2012-05-27 02:38 143360 c:\windows\System32\DriverStore\infstrng.dat
- 2009-07-14 04:47 . 2012-05-12 08:42 477672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-05-27 02:05 477672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-19 23:22 . 2012-05-19 23:22 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
+ 2012-05-19 23:22 . 2012-05-19 23:22 123352 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\MSE.exe
+ 2012-05-19 23:22 . 2012-05-19 23:22 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
+ 2012-05-19 23:22 . 2012-05-19 23:22 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
+ 2012-05-19 23:22 . 2012-05-19 23:22 109563 c:\windows\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
+ 2012-02-15 01:01 . 2012-02-15 01:01 4547944 c:\windows\System32\usbaaplrc.dll
+ 2006-12-07 08:11 . 2006-12-07 08:11 1870848 c:\windows\System32\CalibratorControlDLL.dll
+ 2012-05-15 22:51 . 2012-05-15 22:51 8074240 c:\windows\Installer\f4f0cd.msi
+ 2012-03-26 07:35 . 2012-03-26 07:35 6533120 c:\windows\Installer\7f089.msi
+ 2010-12-24 06:35 . 2012-05-27 02:05 16317704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3536688752-1842355533-2872877329-1001-12288.dat
+ 2012-05-26 02:26 . 2012-05-26 02:26 10254336 c:\windows\Installer\6ba26b.msi
+ 2012-05-27 02:01 . 2012-05-27 02:01 17379840 c:\windows\Installer\1523ae.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-23 59240]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-28 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-01 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-01 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 136176]
R2 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [2011-05-17 366872]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-28 77816]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-28 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 253600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 87656]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-09 18432]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 94584]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 93816]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 72312]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-27 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 169608]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 64912]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 223864]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 217600]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 161632]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 151880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 9334784]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 275968]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 57600]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 340920]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-08-07 47360]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 94584]
S3 WinMTBus;WinMount Bus;c:\windows\system32\DRIVERS\WinMTBus.sys [2007-04-11 196224]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:00]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 09:26]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 09:26]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536688752-1842355533-2872877329-1001Core.job
- c:\users\MIMKIWI\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 08:42]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536688752-1842355533-2872877329-1001UA.job
- c:\users\MIMKIWI\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 08:42]
.
2012-05-28 c:\windows\Tasks\LIOK.job
- c:\windows\system32\winload4.dll [2012-05-06 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WinMTSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\UI0Detect.exe
c:\program files\Logitech\SetPointP\LBTWiz.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Windows Live\Mesh\MOE.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-05-28 19:13:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-28 09:12
ComboFix2.txt 2012-05-19 05:06
ComboFix3.txt 2012-05-13 03:35
ComboFix4.txt 2012-05-12 07:41
ComboFix5.txt 2012-05-28 08:39
.
Pre-Run: 268,769,480,704 bytes free
Post-Run: 268,978,831,360 bytes free
.
- - End Of File - - 9FF5BE2B475A1411E551F247608F7CEC

#4 kiwiklogg

kiwiklogg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 28 May 2012 - 05:22 AM

I spoke too soon...

It stopped for a little while but its back again.

The redirect is still going :(

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 28 May 2012 - 10:24 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 kiwiklogg

kiwiklogg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 29 May 2012 - 03:49 AM

TDSS Killer:


17:50:34.0843 6080 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
17:50:36.0373 6080 ============================================================
17:50:36.0373 6080 Current date / time: 2012/05/29 17:50:36.0373
17:50:36.0373 6080 SystemInfo:
17:50:36.0373 6080
17:50:36.0373 6080 OS Version: 6.1.7601 ServicePack: 1.0
17:50:36.0374 6080 Product type: Workstation
17:50:36.0374 6080 ComputerName: MIMKIWI-PC
17:50:36.0374 6080 UserName: MIMKIWI
17:50:36.0374 6080 Windows directory: C:\Windows
17:50:36.0374 6080 System windows directory: C:\Windows
17:50:36.0374 6080 Processor architecture: Intel x86
17:50:36.0374 6080 Number of processors: 2
17:50:36.0374 6080 Page size: 0x1000
17:50:36.0374 6080 Boot type: Normal boot
17:50:36.0374 6080 ============================================================
17:50:37.0816 6080 Drive \Device\Harddisk0\DR0 - Size: 0x950B600000 (596.18 Gb), SectorSize: 0x200, Cylinders: 0x13002, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:50:37.0824 6080 ============================================================
17:50:37.0824 6080 \Device\Harddisk0\DR0:
17:50:37.0824 6080 MBR partitions:
17:50:37.0824 6080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A85A000
17:50:37.0824 6080 ============================================================
17:50:37.0904 6080 C: <-> \Device\Harddisk0\DR0\Partition0
17:50:37.0905 6080 ============================================================
17:50:37.0905 6080 Initialize success
17:50:37.0905 6080 ============================================================
17:50:48.0776 2592 ============================================================
17:50:48.0776 2592 Scan started
17:50:48.0776 2592 Mode: Manual;
17:50:48.0776 2592 ============================================================
17:50:50.0428 2592 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
17:50:50.0430 2592 1394ohci - ok
17:50:50.0477 2592 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
17:50:50.0487 2592 ACPI - ok
17:50:50.0516 2592 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
17:50:50.0586 2592 AcpiPmi - ok
17:50:50.0702 2592 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:50:50.0762 2592 AdobeFlashPlayerUpdateSvc - ok
17:50:50.0826 2592 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:50:50.0839 2592 adp94xx - ok
17:50:50.0876 2592 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:50:50.0886 2592 adpahci - ok
17:50:50.0912 2592 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:50:50.0921 2592 adpu320 - ok
17:50:50.0950 2592 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
17:50:50.0952 2592 AeLookupSvc - ok
17:50:51.0011 2592 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:50:51.0016 2592 AFD - ok
17:50:51.0033 2592 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:50:51.0045 2592 agp440 - ok
17:50:51.0073 2592 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:50:51.0076 2592 aic78xx - ok
17:50:51.0126 2592 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
17:50:51.0135 2592 ALG - ok
17:50:51.0153 2592 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:50:51.0160 2592 aliide - ok
17:50:51.0222 2592 AMD External Events Utility (50ebbb86e493bd9ab7ddf914a90eef8e) C:\Windows\system32\atiesrxx.exe
17:50:51.0277 2592 AMD External Events Utility - ok
17:50:51.0295 2592 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:50:51.0307 2592 amdagp - ok
17:50:51.0316 2592 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:50:51.0319 2592 amdide - ok
17:50:51.0330 2592 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:50:51.0334 2592 AmdK8 - ok
17:50:51.0901 2592 amdkmdag (70eb74785ab7fc603fef19d87b7a7946) C:\Windows\system32\DRIVERS\atikmdag.sys
17:50:52.0080 2592 amdkmdag - ok
17:50:52.0238 2592 amdkmdap (ba99833bbde9c4ff389fc8114fb14843) C:\Windows\system32\DRIVERS\atikmpag.sys
17:50:52.0380 2592 amdkmdap - ok
17:50:52.0405 2592 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:50:52.0409 2592 AmdPPM - ok
17:50:52.0444 2592 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
17:50:52.0563 2592 amdsata - ok
17:50:52.0637 2592 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:50:52.0642 2592 amdsbs - ok
17:50:52.0652 2592 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
17:50:52.0653 2592 amdxata - ok
17:50:52.0706 2592 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:50:52.0836 2592 AppID - ok
17:50:52.0901 2592 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
17:50:52.0903 2592 AppIDSvc - ok
17:50:52.0947 2592 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
17:50:52.0948 2592 Appinfo - ok
17:50:53.0074 2592 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:50:53.0075 2592 Apple Mobile Device - ok
17:50:53.0113 2592 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:50:53.0123 2592 arc - ok
17:50:53.0172 2592 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:50:53.0184 2592 arcsas - ok
17:50:53.0301 2592 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:50:53.0302 2592 aspnet_state - ok
17:50:53.0327 2592 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:50:53.0331 2592 AsyncMac - ok
17:50:53.0379 2592 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:50:53.0380 2592 atapi - ok
17:50:53.0485 2592 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:50:53.0505 2592 AudioEndpointBuilder - ok
17:50:53.0510 2592 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:50:53.0513 2592 Audiosrv - ok
17:50:53.0548 2592 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
17:50:53.0582 2592 AxInstSV - ok
17:50:53.0682 2592 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:50:53.0706 2592 b06bdrv - ok
17:50:53.0767 2592 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:50:53.0788 2592 b57nd60x - ok
17:50:53.0837 2592 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
17:50:53.0864 2592 BDESVC - ok
17:50:53.0895 2592 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:50:53.0898 2592 Beep - ok
17:50:53.0976 2592 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
17:50:53.0998 2592 BFE - ok
17:50:54.0083 2592 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
17:50:54.0189 2592 BITS - ok
17:50:54.0218 2592 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:50:54.0223 2592 blbdrive - ok
17:50:54.0754 2592 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:50:54.0788 2592 Bonjour Service - ok
17:50:54.0824 2592 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:50:54.0834 2592 bowser - ok
17:50:54.0870 2592 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:50:54.0881 2592 BrFiltLo - ok
17:50:54.0891 2592 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:50:54.0895 2592 BrFiltUp - ok
17:50:54.0951 2592 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
17:50:54.0960 2592 BridgeMP - ok
17:50:55.0009 2592 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
17:50:55.0015 2592 Browser - ok
17:50:55.0048 2592 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:50:55.0061 2592 Brserid - ok
17:50:55.0077 2592 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:50:55.0082 2592 BrSerWdm - ok
17:50:55.0089 2592 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:50:55.0092 2592 BrUsbMdm - ok
17:50:55.0106 2592 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:50:55.0111 2592 BrUsbSer - ok
17:50:55.0135 2592 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
17:50:55.0139 2592 BthEnum - ok
17:50:55.0153 2592 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:50:55.0158 2592 BTHMODEM - ok
17:50:55.0214 2592 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
17:50:55.0215 2592 BthPan - ok
17:50:55.0275 2592 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
17:50:55.0321 2592 BTHPORT - ok
17:50:55.0362 2592 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
17:50:55.0366 2592 bthserv - ok
17:50:55.0391 2592 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
17:50:55.0392 2592 BTHUSB - ok
17:50:55.0434 2592 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
17:50:55.0484 2592 BVRPMPR5 - ok
17:50:55.0688 2592 catchme - ok
17:50:55.0714 2592 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:50:55.0715 2592 cdfs - ok
17:50:55.0769 2592 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
17:50:55.0843 2592 cdrom - ok
17:50:55.0904 2592 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:50:55.0909 2592 CertPropSvc - ok
17:50:55.0935 2592 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys
17:50:55.0983 2592 cfwids - ok
17:50:56.0009 2592 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:50:56.0013 2592 circlass - ok
17:50:56.0045 2592 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:50:56.0055 2592 CLFS - ok
17:50:56.0135 2592 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:50:56.0155 2592 clr_optimization_v2.0.50727_32 - ok
17:50:56.0236 2592 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:50:56.0283 2592 clr_optimization_v4.0.30319_32 - ok
17:50:56.0298 2592 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:50:56.0301 2592 CmBatt - ok
17:50:56.0315 2592 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:50:56.0317 2592 cmdide - ok
17:50:56.0362 2592 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
17:50:56.0364 2592 CNG - ok
17:50:56.0374 2592 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:50:56.0378 2592 Compbatt - ok
17:50:56.0404 2592 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
17:50:56.0473 2592 CompositeBus - ok
17:50:56.0502 2592 COMSysApp - ok
17:50:56.0512 2592 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:50:56.0516 2592 crcdisk - ok
17:50:56.0598 2592 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
17:50:56.0629 2592 CryptSvc - ok
17:50:56.0663 2592 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:50:56.0671 2592 DcomLaunch - ok
17:50:56.0723 2592 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
17:50:56.0726 2592 defragsvc - ok
17:50:56.0767 2592 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
17:50:56.0768 2592 DfsC - ok
17:50:56.0784 2592 DFUBTUSB (31273c758c6df7fc27b00be78c7220e9) C:\Windows\system32\Drivers\frmupgr.sys
17:50:56.0843 2592 DFUBTUSB - ok
17:50:56.0921 2592 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
17:50:56.0932 2592 Dhcp - ok
17:50:56.0943 2592 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:50:56.0944 2592 discache - ok
17:50:56.0956 2592 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:50:56.0957 2592 Disk - ok
17:50:56.0984 2592 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
17:50:56.0987 2592 Dnscache - ok
17:50:57.0035 2592 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
17:50:57.0121 2592 dot3svc - ok
17:50:57.0176 2592 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
17:50:57.0189 2592 DPS - ok
17:50:57.0225 2592 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:50:57.0228 2592 drmkaud - ok
17:50:57.0307 2592 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\Windows\system32\DRIVERS\dvd43llh.sys
17:50:57.0351 2592 dvd43llh - ok
17:50:57.0403 2592 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:50:57.0489 2592 DXGKrnl - ok
17:50:57.0522 2592 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
17:50:57.0525 2592 EapHost - ok
17:50:57.0755 2592 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:50:57.0810 2592 ebdrv - ok
17:50:57.0929 2592 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
17:50:57.0931 2592 EFS - ok
17:50:57.0992 2592 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
17:50:58.0087 2592 ehRecvr - ok
17:50:58.0144 2592 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
17:50:58.0152 2592 ehSched - ok
17:50:58.0220 2592 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:50:58.0237 2592 elxstor - ok
17:50:58.0263 2592 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:50:58.0265 2592 ErrDev - ok
17:50:58.0303 2592 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
17:50:58.0311 2592 EventSystem - ok
17:50:58.0340 2592 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:50:58.0352 2592 exfat - ok
17:50:58.0380 2592 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:50:58.0394 2592 fastfat - ok
17:50:58.0458 2592 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
17:50:58.0473 2592 Fax - ok
17:50:58.0483 2592 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:50:58.0486 2592 fdc - ok
17:50:58.0517 2592 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
17:50:58.0520 2592 fdPHost - ok
17:50:58.0531 2592 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
17:50:58.0535 2592 FDResPub - ok
17:50:58.0585 2592 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:50:58.0586 2592 FileInfo - ok
17:50:58.0617 2592 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:50:58.0622 2592 Filetrace - ok
17:50:58.0737 2592 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:50:58.0750 2592 FLEXnet Licensing Service - ok
17:50:58.0762 2592 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:50:58.0765 2592 flpydisk - ok
17:50:58.0788 2592 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:50:58.0789 2592 FltMgr - ok
17:50:58.0863 2592 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
17:50:58.0924 2592 FontCache - ok
17:50:59.0014 2592 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:50:59.0017 2592 FontCache3.0.0.0 - ok
17:50:59.0043 2592 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:50:59.0046 2592 FsDepends - ok
17:50:59.0065 2592 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
17:50:59.0130 2592 Fs_Rec - ok
17:50:59.0221 2592 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:50:59.0224 2592 fvevol - ok
17:50:59.0240 2592 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:50:59.0246 2592 gagp30kx - ok
17:50:59.0283 2592 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:50:59.0325 2592 GEARAspiWDM - ok
17:50:59.0378 2592 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
17:50:59.0451 2592 gpsvc - ok
17:50:59.0593 2592 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:50:59.0719 2592 gupdate - ok
17:50:59.0738 2592 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:50:59.0739 2592 gupdatem - ok
17:50:59.0750 2592 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:50:59.0755 2592 hcw85cir - ok
17:50:59.0814 2592 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
17:50:59.0923 2592 HdAudAddService - ok
17:50:59.0965 2592 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
17:50:59.0970 2592 HDAudBus - ok
17:50:59.0992 2592 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:51:00.0001 2592 HidBatt - ok
17:51:00.0027 2592 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:51:00.0038 2592 HidBth - ok
17:51:00.0057 2592 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:51:00.0069 2592 HidIr - ok
17:51:00.0102 2592 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
17:51:00.0104 2592 hidserv - ok
17:51:00.0148 2592 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
17:51:00.0227 2592 HidUsb - ok
17:51:00.0260 2592 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
17:51:00.0263 2592 hkmsvc - ok
17:51:00.0304 2592 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
17:51:00.0401 2592 HomeGroupListener - ok
17:51:00.0471 2592 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
17:51:00.0483 2592 HomeGroupProvider - ok
17:51:00.0514 2592 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:51:00.0519 2592 HpSAMD - ok
17:51:00.0623 2592 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:51:00.0629 2592 HTTP - ok
17:51:00.0650 2592 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:51:00.0651 2592 hwpolicy - ok
17:51:00.0683 2592 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
17:51:00.0693 2592 i8042prt - ok
17:51:00.0727 2592 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
17:51:00.0729 2592 iaStorV - ok
17:51:00.0875 2592 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:51:00.0947 2592 idsvc - ok
17:51:00.0965 2592 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:51:00.0970 2592 iirsp - ok
17:51:01.0036 2592 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
17:51:01.0046 2592 IKEEXT - ok
17:51:01.0079 2592 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:51:01.0103 2592 intelide - ok
17:51:01.0143 2592 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:51:01.0145 2592 intelppm - ok
17:51:01.0188 2592 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
17:51:01.0201 2592 IPBusEnum - ok
17:51:01.0224 2592 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:51:01.0234 2592 IpFilterDriver - ok
17:51:01.0305 2592 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
17:51:01.0321 2592 iphlpsvc - ok
17:51:01.0341 2592 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
17:51:01.0410 2592 IPMIDRV - ok
17:51:01.0458 2592 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:51:01.0462 2592 IPNAT - ok
17:51:01.0558 2592 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
17:51:01.0602 2592 iPod Service - ok
17:51:01.0636 2592 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:51:01.0639 2592 IRENUM - ok
17:51:01.0674 2592 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:51:01.0681 2592 isapnp - ok
17:51:01.0731 2592 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
17:51:01.0808 2592 iScsiPrt - ok
17:51:01.0834 2592 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:51:01.0837 2592 kbdclass - ok
17:51:01.0874 2592 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
17:51:01.0988 2592 kbdhid - ok
17:51:02.0012 2592 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:51:02.0014 2592 KeyIso - ok
17:51:02.0034 2592 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
17:51:02.0035 2592 KSecDD - ok
17:51:02.0078 2592 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
17:51:02.0079 2592 KSecPkg - ok
17:51:02.0121 2592 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
17:51:02.0136 2592 KtmRm - ok
17:51:02.0195 2592 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
17:51:02.0207 2592 LanmanServer - ok
17:51:02.0243 2592 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
17:51:02.0251 2592 LanmanWorkstation - ok
17:51:02.0366 2592 LBTServ (0f98b9384c37c8c29904b8ae4359a54f) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:51:02.0435 2592 LBTServ - ok
17:51:02.0470 2592 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:51:02.0512 2592 LHidFilt - ok
17:51:02.0554 2592 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:51:02.0557 2592 lltdio - ok
17:51:02.0619 2592 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
17:51:02.0667 2592 lltdsvc - ok
17:51:02.0680 2592 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
17:51:02.0686 2592 lmhosts - ok
17:51:02.0712 2592 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:51:02.0754 2592 LMouFilt - ok
17:51:02.0777 2592 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:51:02.0784 2592 LSI_FC - ok
17:51:02.0806 2592 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:51:02.0813 2592 LSI_SAS - ok
17:51:02.0842 2592 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:51:02.0848 2592 LSI_SAS2 - ok
17:51:02.0867 2592 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:51:02.0874 2592 LSI_SCSI - ok
17:51:02.0895 2592 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:51:02.0896 2592 luafv - ok
17:51:02.0951 2592 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
17:51:02.0960 2592 LVPr2Mon - ok
17:51:03.0031 2592 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
17:51:03.0032 2592 LVPrcSrv - ok
17:51:03.0070 2592 LVRS (87ecce893d8aec5a9337b917742d339c) C:\Windows\system32\DRIVERS\lvrs.sys
17:51:03.0172 2592 LVRS - ok
17:51:03.0177 2592 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\drivers\LVUSBSta.sys
17:51:03.0286 2592 LVUSBSta - ok
17:51:03.0356 2592 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
17:51:03.0357 2592 MBAMProtector - ok
17:51:03.0409 2592 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:51:03.0413 2592 MBAMService - ok
17:51:03.0491 2592 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:51:03.0538 2592 McMPFSvc - ok
17:51:03.0543 2592 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:51:03.0544 2592 mcmscsvc - ok
17:51:03.0602 2592 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:51:03.0603 2592 McNaiAnn - ok
17:51:03.0606 2592 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:51:03.0608 2592 McNASvc - ok
17:51:03.0704 2592 McODS (42117cbc4849a5cf11129912dabbdeca) C:\Program Files\McAfee\VirusScan\mcods.exe
17:51:03.0712 2592 McODS - ok
17:51:03.0725 2592 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:51:03.0727 2592 McProxy - ok
17:51:03.0803 2592 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:51:03.0851 2592 McShield - ok
17:51:03.0976 2592 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
17:51:04.0030 2592 Mcx2Svc - ok
17:51:04.0106 2592 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:51:04.0110 2592 megasas - ok
17:51:04.0157 2592 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:51:04.0171 2592 MegaSR - ok
17:51:04.0203 2592 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys
17:51:04.0271 2592 mfeapfk - ok
17:51:04.0321 2592 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys
17:51:04.0397 2592 mfeavfk - ok
17:51:04.0431 2592 mfeavfk01 - ok
17:51:04.0457 2592 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys
17:51:04.0547 2592 mfebopk - ok
17:51:04.0594 2592 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:51:04.0647 2592 mfefire - ok
17:51:04.0711 2592 mfefirek (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys
17:51:04.0769 2592 mfefirek - ok
17:51:04.0816 2592 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys
17:51:04.0819 2592 mfehidk - ok
17:51:04.0840 2592 mfenlfk (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys
17:51:04.0919 2592 mfenlfk - ok
17:51:05.0023 2592 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\Windows\system32\drivers\mferkdet.sys
17:51:05.0069 2592 mferkdet - ok
17:51:05.0107 2592 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Windows\system32\mfevtps.exe
17:51:05.0184 2592 mfevtp - ok
17:51:05.0246 2592 mfewfpk (f284337aedb7483df8a5fa840647e2b0) C:\Windows\system32\drivers\mfewfpk.sys
17:51:05.0248 2592 mfewfpk - ok
17:51:05.0274 2592 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:51:05.0277 2592 MMCSS - ok
17:51:05.0303 2592 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:51:05.0308 2592 Modem - ok
17:51:05.0332 2592 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:51:05.0333 2592 monitor - ok
17:51:05.0388 2592 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
17:51:05.0403 2592 mouclass - ok
17:51:05.0431 2592 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:51:05.0434 2592 mouhid - ok
17:51:05.0472 2592 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:51:05.0473 2592 mountmgr - ok
17:51:05.0515 2592 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
17:51:05.0525 2592 MpFilter - ok
17:51:05.0625 2592 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
17:51:05.0737 2592 mpio - ok
17:51:05.0743 2592 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:51:05.0746 2592 mpsdrv - ok
17:51:05.0822 2592 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
17:51:05.0836 2592 MpsSvc - ok
17:51:05.0861 2592 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:51:05.0999 2592 MRxDAV - ok
17:51:06.0053 2592 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:51:06.0055 2592 mrxsmb - ok
17:51:06.0107 2592 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:51:06.0115 2592 mrxsmb10 - ok
17:51:06.0136 2592 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:51:06.0138 2592 mrxsmb20 - ok
17:51:06.0152 2592 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
17:51:06.0236 2592 msahci - ok
17:51:06.0273 2592 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
17:51:06.0407 2592 msdsm - ok
17:51:06.0461 2592 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
17:51:06.0472 2592 MSDTC - ok
17:51:06.0491 2592 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:51:06.0492 2592 Msfs - ok
17:51:06.0502 2592 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:51:06.0505 2592 mshidkmdf - ok
17:51:06.0515 2592 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:51:06.0515 2592 msisadrv - ok
17:51:06.0602 2592 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
17:51:06.0628 2592 MSiSCSI - ok
17:51:06.0633 2592 msiserver - ok
17:51:06.0655 2592 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:51:06.0661 2592 MSKSSRV - ok
17:51:06.0736 2592 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:51:06.0737 2592 MsMpSvc - ok
17:51:06.0751 2592 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:51:06.0758 2592 MSPCLOCK - ok
17:51:06.0776 2592 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:51:06.0782 2592 MSPQM - ok
17:51:06.0809 2592 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:51:06.0819 2592 MsRPC - ok
17:51:06.0835 2592 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:51:06.0837 2592 mssmbios - ok
17:51:06.0845 2592 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:51:06.0851 2592 MSTEE - ok
17:51:06.0869 2592 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:51:06.0875 2592 MTConfig - ok
17:51:06.0899 2592 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:51:06.0900 2592 Mup - ok
17:51:06.0934 2592 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
17:51:06.0944 2592 napagent - ok
17:51:06.0997 2592 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:51:07.0008 2592 NativeWifiP - ok
17:51:07.0082 2592 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:51:07.0091 2592 NDIS - ok
17:51:07.0109 2592 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:51:07.0115 2592 NdisCap - ok
17:51:07.0136 2592 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:51:07.0141 2592 NdisTapi - ok
17:51:07.0199 2592 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:51:07.0247 2592 Ndisuio - ok
17:51:07.0284 2592 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:51:07.0423 2592 NdisWan - ok
17:51:07.0471 2592 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:51:07.0514 2592 NDProxy - ok
17:51:07.0541 2592 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
17:51:07.0582 2592 Netaapl - ok
17:51:07.0607 2592 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:51:07.0608 2592 NetBIOS - ok
17:51:07.0655 2592 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:51:07.0658 2592 NetBT - ok
17:51:07.0679 2592 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:51:07.0681 2592 Netlogon - ok
17:51:07.0745 2592 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
17:51:07.0755 2592 Netman - ok
17:51:07.0888 2592 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:51:07.0891 2592 NetMsmqActivator - ok
17:51:07.0894 2592 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:51:07.0895 2592 NetPipeActivator - ok
17:51:07.0939 2592 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
17:51:07.0946 2592 netprofm - ok
17:51:07.0950 2592 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:51:07.0952 2592 NetTcpActivator - ok
17:51:07.0955 2592 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:51:07.0957 2592 NetTcpPortSharing - ok
17:51:07.0978 2592 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:51:07.0983 2592 nfrd960 - ok
17:51:08.0042 2592 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:51:08.0093 2592 NisDrv - ok
17:51:08.0162 2592 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
17:51:08.0166 2592 NisSrv - ok
17:51:08.0230 2592 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
17:51:08.0239 2592 NlaSvc - ok
17:51:08.0260 2592 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:51:08.0267 2592 Npfs - ok
17:51:08.0303 2592 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
17:51:08.0312 2592 nsi - ok
17:51:08.0325 2592 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:51:08.0326 2592 nsiproxy - ok
17:51:08.0406 2592 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
17:51:08.0423 2592 Ntfs - ok
17:51:08.0435 2592 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:51:08.0438 2592 Null - ok
17:51:08.0481 2592 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
17:51:08.0589 2592 nvraid - ok
17:51:08.0649 2592 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
17:51:08.0764 2592 nvstor - ok
17:51:08.0825 2592 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:51:08.0828 2592 nv_agp - ok
17:51:08.0912 2592 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:51:08.0924 2592 odserv - ok
17:51:08.0953 2592 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:51:08.0958 2592 ohci1394 - ok
17:51:09.0001 2592 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:51:09.0011 2592 ose - ok
17:51:09.0063 2592 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:51:09.0076 2592 p2pimsvc - ok
17:51:09.0124 2592 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
17:51:09.0135 2592 p2psvc - ok
17:51:09.0171 2592 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:51:09.0180 2592 Parport - ok
17:51:09.0208 2592 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
17:51:09.0209 2592 partmgr - ok
17:51:09.0238 2592 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:51:09.0240 2592 Parvdm - ok
17:51:09.0284 2592 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
17:51:09.0297 2592 PcaSvc - ok
17:51:09.0308 2592 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
17:51:09.0309 2592 pci - ok
17:51:09.0337 2592 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:51:09.0338 2592 pciide - ok
17:51:09.0377 2592 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:51:09.0387 2592 pcmcia - ok
17:51:09.0437 2592 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
17:51:09.0478 2592 pcouffin - ok
17:51:09.0497 2592 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:51:09.0498 2592 pcw - ok
17:51:09.0550 2592 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:51:09.0612 2592 PEAUTH - ok
17:51:09.0648 2592 pepifilter (b20f958b207e6aaac5f70d04dd2c30d8) C:\Windows\system32\DRIVERS\lv302af.sys
17:51:09.0690 2592 pepifilter - ok
17:51:09.0892 2592 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
17:51:09.0972 2592 PID_PEPI - ok
17:51:10.0190 2592 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
17:51:10.0266 2592 pla - ok
17:51:10.0355 2592 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
17:51:10.0364 2592 PlugPlay - ok
17:51:10.0380 2592 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
17:51:10.0383 2592 PNRPAutoReg - ok
17:51:10.0427 2592 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:51:10.0430 2592 PNRPsvc - ok
17:51:10.0469 2592 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
17:51:10.0538 2592 PolicyAgent - ok
17:51:10.0616 2592 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
17:51:10.0619 2592 Power - ok
17:51:10.0674 2592 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:51:10.0678 2592 PptpMiniport - ok
17:51:10.0702 2592 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:51:10.0712 2592 Processor - ok
17:51:10.0766 2592 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
17:51:10.0778 2592 ProfSvc - ok
17:51:10.0808 2592 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:51:10.0809 2592 ProtectedStorage - ok
17:51:10.0975 2592 PS3 Media Server (e2e47486f9d39145daea03d007587a02) C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
17:51:10.0978 2592 PS3 Media Server - ok
17:51:11.0016 2592 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:51:11.0017 2592 Psched - ok
17:51:11.0120 2592 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:51:11.0155 2592 ql2300 - ok
17:51:11.0246 2592 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:51:11.0254 2592 ql40xx - ok
17:51:11.0310 2592 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
17:51:11.0323 2592 QWAVE - ok
17:51:11.0336 2592 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:51:11.0339 2592 QWAVEdrv - ok
17:51:11.0348 2592 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:51:11.0353 2592 RasAcd - ok
17:51:11.0391 2592 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:51:11.0402 2592 RasAgileVpn - ok
17:51:11.0414 2592 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
17:51:11.0419 2592 RasAuto - ok
17:51:11.0437 2592 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:51:11.0449 2592 Rasl2tp - ok
17:51:11.0507 2592 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
17:51:11.0546 2592 RasMan - ok
17:51:11.0599 2592 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:51:11.0605 2592 RasPppoe - ok
17:51:11.0636 2592 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:51:11.0650 2592 RasSstp - ok
17:51:11.0698 2592 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:51:11.0700 2592 rdbss - ok
17:51:11.0723 2592 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:51:11.0726 2592 rdpbus - ok
17:51:11.0755 2592 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:51:11.0756 2592 RDPCDD - ok
17:51:11.0770 2592 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:51:11.0771 2592 RDPENCDD - ok
17:51:11.0780 2592 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:51:11.0781 2592 RDPREFMP - ok
17:51:11.0832 2592 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
17:51:11.0945 2592 RDPWD - ok
17:51:11.0994 2592 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:51:11.0995 2592 rdyboost - ok
17:51:12.0034 2592 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
17:51:12.0044 2592 RemoteAccess - ok
17:51:12.0057 2592 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
17:51:12.0062 2592 RemoteRegistry - ok
17:51:12.0117 2592 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
17:51:12.0128 2592 RFCOMM - ok
17:51:12.0137 2592 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
17:51:12.0139 2592 RpcEptMapper - ok
17:51:12.0161 2592 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
17:51:12.0165 2592 RpcLocator - ok
17:51:12.0212 2592 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:51:12.0216 2592 RpcSs - ok
17:51:12.0231 2592 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:51:12.0236 2592 rspndr - ok
17:51:12.0271 2592 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:51:12.0272 2592 SamSs - ok
17:51:12.0321 2592 sbapifs (b5fb26f91ffe9b3543a4bf0de9a05662) C:\Windows\system32\DRIVERS\sbapifs.sys
17:51:12.0326 2592 Suspicious file (Forged): C:\Windows\system32\DRIVERS\sbapifs.sys. Real md5: b5fb26f91ffe9b3543a4bf0de9a05662, Fake md5: 833b92f084c52a913e2fa8d8e0458d9c
17:51:12.0326 2592 sbapifs ( ForgedFile.Multi.Generic ) - warning
17:51:12.0326 2592 sbapifs - detected ForgedFile.Multi.Generic (1)
17:51:12.0375 2592 SbFw (bcf3ba30c1cfa2942cf26c31384b37c7) C:\Windows\system32\drivers\SbFw.sys
17:51:12.0469 2592 SbFw - ok
17:51:12.0492 2592 SBFWIMCL (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\sbfwim.sys
17:51:12.0494 2592 SBFWIMCL - ok
17:51:12.0505 2592 SBFWIMCLMP (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\SBFWIM.sys
17:51:12.0507 2592 SBFWIMCLMP - ok
17:51:12.0535 2592 sbhips (1afd7178ab9c4fce2d332da7aa474fa6) C:\Windows\system32\drivers\sbhips.sys
17:51:12.0709 2592 sbhips - ok
17:51:12.0772 2592 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
17:51:12.0861 2592 sbp2port - ok
17:51:12.0887 2592 sbwtis (9bdf801a6c78e3f1e6fa1c5ca90baa8a) C:\Windows\system32\DRIVERS\sbwtis.sys
17:51:12.0988 2592 sbwtis - ok
17:51:13.0050 2592 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
17:51:13.0063 2592 SCardSvr - ok
17:51:13.0087 2592 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:51:13.0153 2592 scfilter - ok
17:51:13.0237 2592 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
17:51:13.0306 2592 Schedule - ok
17:51:13.0354 2592 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:51:13.0356 2592 SCPolicySvc - ok
17:51:13.0374 2592 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
17:51:13.0412 2592 SDRSVC - ok
17:51:13.0429 2592 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:51:13.0432 2592 secdrv - ok
17:51:13.0448 2592 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
17:51:13.0453 2592 seclogon - ok
17:51:13.0476 2592 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
17:51:13.0479 2592 SENS - ok
17:51:13.0507 2592 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
17:51:13.0513 2592 SensrSvc - ok
17:51:13.0550 2592 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:51:13.0553 2592 Serenum - ok
17:51:13.0600 2592 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:51:13.0603 2592 Serial - ok
17:51:13.0637 2592 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:51:13.0639 2592 sermouse - ok
17:51:13.0699 2592 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
17:51:13.0702 2592 SessionEnv - ok
17:51:13.0737 2592 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
17:51:13.0740 2592 sffdisk - ok
17:51:13.0753 2592 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:51:13.0758 2592 sffp_mmc - ok
17:51:13.0772 2592 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
17:51:13.0814 2592 sffp_sd - ok
17:51:13.0829 2592 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:51:13.0833 2592 sfloppy - ok
17:51:13.0884 2592 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
17:51:13.0900 2592 SharedAccess - ok
17:51:13.0958 2592 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
17:51:13.0971 2592 ShellHWDetection - ok
17:51:14.0010 2592 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:51:14.0017 2592 sisagp - ok
17:51:14.0043 2592 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:51:14.0053 2592 SiSRaid2 - ok
17:51:14.0076 2592 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:51:14.0081 2592 SiSRaid4 - ok
17:51:14.0151 2592 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
17:51:14.0154 2592 SkypeUpdate - ok
17:51:14.0192 2592 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:51:14.0200 2592 Smb - ok
17:51:14.0227 2592 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
17:51:14.0234 2592 SNMPTRAP - ok
17:51:14.0246 2592 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:51:14.0247 2592 spldr - ok
17:51:14.0310 2592 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
17:51:14.0360 2592 Spooler - ok
17:51:14.0660 2592 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
17:51:14.0716 2592 sppsvc - ok
17:51:14.0807 2592 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
17:51:14.0892 2592 sppuinotify - ok
17:51:14.0990 2592 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:51:15.0001 2592 srv - ok
17:51:15.0045 2592 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:51:15.0055 2592 srv2 - ok
17:51:15.0083 2592 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:51:15.0088 2592 srvnet - ok
17:51:15.0111 2592 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
17:51:15.0127 2592 SSDPSRV - ok
17:51:15.0184 2592 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
17:51:15.0204 2592 SstpSvc - ok
17:51:15.0215 2592 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:51:15.0219 2592 stexstor - ok
17:51:15.0288 2592 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
17:51:15.0350 2592 StiSvc - ok
17:51:15.0383 2592 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:51:15.0387 2592 swenum - ok
17:51:15.0545 2592 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:51:15.0662 2592 SwitchBoard - ok
17:51:15.0699 2592 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
17:51:15.0712 2592 swprv - ok
17:51:15.0804 2592 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
17:51:15.0868 2592 SysMain - ok
17:51:15.0902 2592 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
17:51:15.0962 2592 TabletInputService - ok
17:51:16.0028 2592 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
17:51:16.0100 2592 TapiSrv - ok
17:51:16.0144 2592 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
17:51:16.0151 2592 TBS - ok
17:51:16.0273 2592 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
17:51:16.0286 2592 Tcpip - ok
17:51:16.0301 2592 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
17:51:16.0308 2592 TCPIP6 - ok
17:51:16.0348 2592 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:51:16.0428 2592 tcpipreg - ok
17:51:16.0466 2592 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:51:16.0609 2592 TDPIPE - ok
17:51:16.0651 2592 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
17:51:16.0763 2592 TDTCP - ok
17:51:16.0803 2592 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:51:16.0918 2592 tdx - ok
17:51:16.0973 2592 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
17:51:17.0091 2592 TermDD - ok
17:51:17.0171 2592 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
17:51:17.0184 2592 TermService - ok
17:51:17.0197 2592 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
17:51:17.0200 2592 Themes - ok
17:51:17.0227 2592 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:51:17.0228 2592 THREADORDER - ok
17:51:17.0268 2592 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
17:51:17.0279 2592 TrkWks - ok
17:51:17.0351 2592 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
17:51:17.0402 2592 TrustedInstaller - ok
17:51:17.0451 2592 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:51:17.0554 2592 tssecsrv - ok
17:51:17.0636 2592 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:51:17.0703 2592 TsUsbFlt - ok
17:51:17.0763 2592 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:51:17.0847 2592 tunnel - ok
17:51:17.0905 2592 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:51:17.0913 2592 uagp35 - ok
17:51:17.0967 2592 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:51:18.0041 2592 udfs - ok
17:51:18.0069 2592 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
17:51:18.0075 2592 UI0Detect - ok
17:51:18.0099 2592 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:51:18.0105 2592 uliagpkx - ok
17:51:18.0148 2592 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
17:51:18.0189 2592 umbus - ok
17:51:18.0200 2592 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:51:18.0203 2592 UmPass - ok
17:51:18.0228 2592 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
17:51:18.0236 2592 upnphost - ok
17:51:18.0265 2592 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
17:51:18.0345 2592 USBAAPL - ok
17:51:18.0363 2592 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
17:51:18.0432 2592 usbaudio - ok
17:51:18.0473 2592 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
17:51:18.0515 2592 usbccgp - ok
17:51:18.0552 2592 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:51:18.0605 2592 usbcir - ok
17:51:18.0639 2592 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
17:51:18.0751 2592 usbehci - ok
17:51:18.0810 2592 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
17:51:18.0907 2592 usbhub - ok
17:51:18.0922 2592 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
17:51:18.0925 2592 usbohci - ok
17:51:18.0934 2592 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:51:18.0939 2592 usbprint - ok
17:51:18.0966 2592 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:51:19.0080 2592 USBSTOR - ok
17:51:19.0090 2592 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
17:51:19.0093 2592 usbuhci - ok
17:51:19.0100 2592 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
17:51:19.0103 2592 UxSms - ok
17:51:19.0136 2592 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:51:19.0137 2592 VaultSvc - ok
17:51:19.0167 2592 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:51:19.0168 2592 vdrvroot - ok
17:51:19.0213 2592 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
17:51:19.0278 2592 vds - ok
17:51:19.0290 2592 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:51:19.0294 2592 vga - ok
17:51:19.0307 2592 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:51:19.0313 2592 VgaSave - ok
17:51:19.0343 2592 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
17:51:19.0398 2592 vhdmp - ok
17:51:19.0412 2592 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:51:19.0418 2592 viaagp - ok
17:51:19.0450 2592 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:51:19.0453 2592 ViaC7 - ok
17:51:19.0477 2592 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:51:19.0480 2592 viaide - ok
17:51:19.0508 2592 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
17:51:19.0509 2592 volmgr - ok
17:51:19.0546 2592 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:51:19.0553 2592 volmgrx - ok
17:51:19.0646 2592 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
17:51:19.0649 2592 volsnap - ok
17:51:19.0682 2592 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:51:19.0691 2592 vsmraid - ok
17:51:19.0775 2592 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
17:51:19.0782 2592 VSS - ok
17:51:19.0796 2592 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
17:51:19.0799 2592 vwifibus - ok
17:51:19.0830 2592 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
17:51:19.0841 2592 W32Time - ok
17:51:19.0856 2592 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:51:19.0860 2592 WacomPen - ok
17:51:19.0902 2592 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:51:20.0032 2592 WANARP - ok
17:51:20.0035 2592 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:51:20.0036 2592 Wanarpv6 - ok
17:51:20.0198 2592 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
17:51:20.0268 2592 WatAdminSvc - ok
17:51:20.0352 2592 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
17:51:20.0453 2592 wbengine - ok
17:51:20.0523 2592 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
17:51:20.0535 2592 WbioSrvc - ok
17:51:20.0642 2592 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
17:51:20.0703 2592 wcncsvc - ok
17:51:20.0729 2592 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
17:51:20.0735 2592 WcsPlugInService - ok
17:51:20.0774 2592 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:51:20.0777 2592 Wd - ok
17:51:20.0841 2592 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:51:20.0844 2592 Wdf01000 - ok
17:51:20.0862 2592 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:51:20.0870 2592 WdiServiceHost - ok
17:51:20.0873 2592 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:51:20.0876 2592 WdiSystemHost - ok
17:51:20.0927 2592 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
17:51:20.0988 2592 WebClient - ok
17:51:21.0041 2592 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
17:51:21.0056 2592 Wecsvc - ok
17:51:21.0076 2592 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
17:51:21.0079 2592 wercplsupport - ok
17:51:21.0117 2592 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
17:51:21.0128 2592 WerSvc - ok
17:51:21.0142 2592 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:51:21.0145 2592 WfpLwf - ok
17:51:21.0164 2592 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:51:21.0167 2592 WIMMount - ok
17:51:21.0262 2592 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
17:51:21.0282 2592 WinDefend - ok
17:51:21.0289 2592 WinHttpAutoProxySvc - ok
17:51:21.0368 2592 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
17:51:21.0378 2592 Winmgmt - ok
17:51:21.0448 2592 WinMTBus (8ec98659777283d944b436ad9772912d) C:\Windows\system32\DRIVERS\WinMTBus.sys
17:51:21.0559 2592 WinMTBus - ok
17:51:21.0654 2592 WinMTSrv (ecb66ae9b196a81a25af6706e5b93c21) C:\Windows\system32\WinMTSrv.exe
17:51:21.0747 2592 WinMTSrv - ok
17:51:21.0853 2592 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
17:51:21.0873 2592 WinRM - ok
17:51:21.0930 2592 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
17:51:21.0986 2592 WinUsb - ok
17:51:22.0072 2592 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
17:51:22.0092 2592 Wlansvc - ok
17:51:22.0195 2592 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:51:22.0197 2592 wlcrasvc - ok
17:51:22.0523 2592 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:51:22.0587 2592 wlidsvc - ok
17:51:22.0699 2592 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:51:22.0704 2592 WmiAcpi - ok
17:51:22.0760 2592 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
17:51:22.0774 2592 wmiApSrv - ok
17:51:22.0883 2592 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:51:22.0939 2592 WMPNetworkSvc - ok
17:51:22.0970 2592 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
17:51:22.0976 2592 WPCSvc - ok
17:51:23.0006 2592 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
17:51:23.0066 2592 WPDBusEnum - ok
17:51:23.0074 2592 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:51:23.0075 2592 ws2ifsl - ok
17:51:23.0132 2592 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
17:51:23.0137 2592 wscsvc - ok
17:51:23.0145 2592 WSearch - ok
17:51:23.0323 2592 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
17:51:23.0357 2592 wuauserv - ok
17:51:23.0447 2592 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:51:23.0675 2592 WudfPf - ok
17:51:23.0824 2592 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:51:23.0973 2592 WUDFRd - ok
17:51:24.0027 2592 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
17:51:24.0062 2592 wudfsvc - ok
17:51:24.0111 2592 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
17:51:24.0150 2592 WwanSvc - ok
17:51:24.0221 2592 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
17:51:24.0233 2592 yukonw7 - ok
17:51:24.0258 2592 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:51:24.0512 2592 \Device\Harddisk0\DR0 - ok
17:51:24.0515 2592 Boot (0x1200) (ec3cb2fd3882e9863bab98d70131dbc0) \Device\Harddisk0\DR0\Partition0
17:51:24.0518 2592 \Device\Harddisk0\DR0\Partition0 - ok
17:51:24.0518 2592 ============================================================
17:51:24.0518 2592 Scan finished
17:51:24.0518 2592 ============================================================
17:51:24.0528 5340 Detected object count: 1
17:51:24.0528 5340 Actual detected object count: 1
17:51:42.0051 5340 sbapifs ( ForgedFile.Multi.Generic ) - skipped by user
17:51:42.0051 5340 sbapifs ( ForgedFile.Multi.Generic ) - User select action: Skip


aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-29 17:58:26
-----------------------------
17:58:26.546 OS Version: Windows 6.1.7601 Service Pack 1
17:58:26.546 Number of processors: 2 586 0xF06
17:58:26.546 ComputerName: MIMKIWI-PC UserName: MIMKIWI
17:58:28.730 Initialize success
17:58:34.848 AVAST engine defs: 12052800
17:58:41.464 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:58:41.466 Disk 0 Vendor: Intel___ 1.0. Size: 610486MB BusType: 8
17:58:41.489 Disk 0 MBR read successfully
17:58:41.492 Disk 0 MBR scan
17:58:41.496 Disk 0 Windows 7 default MBR code
17:58:41.503 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610484 MB offset 2048
17:58:41.509 Disk 0 scanning sectors +1250273280
17:58:41.621 Disk 0 scanning C:\Windows\system32\drivers
17:59:02.440 Service scanning
17:59:24.989 Modules scanning
17:59:34.491 Disk 0 trace - called modules:
17:59:34.514 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll
17:59:34.518 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86de9030]
17:59:34.847 3 CLASSPNP.SYS[899c159e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85f85028]
17:59:37.293 AVAST engine scan C:\Windows
17:59:46.214 AVAST engine scan C:\Windows\system32
18:05:38.692 AVAST engine scan C:\Windows\system32\drivers
18:06:12.960 AVAST engine scan C:\Users\MIMKIWI
18:42:26.790 AVAST engine scan C:\ProgramData
18:47:07.009 Scan finished successfully
18:48:28.262 Disk 0 MBR has been saved successfully to "C:\Users\MIMKIWI\Desktop\Logs for BleepingComputer\MBR.dat"
18:48:28.271 The log file has been saved successfully to "C:\Users\MIMKIWI\Desktop\Logs for BleepingComputer\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 29 May 2012 - 07:43 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\windows\system32\winload4.dll
c:\windows\Tasks\LIOK.job

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 kiwiklogg

kiwiklogg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 30 May 2012 - 05:46 AM

Hi there,

Ran combofix with the script. So far so good. No redirections and now microsoft security essentials seems to be running. I'll give it a few days to be sure that it is totally gone. But its looking positive!

Here is the log:


ComboFix 12-05-30.02 - MIMKIWI 30/05/2012 20:15:38.8.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.2046.1081 [GMT 10:00]
Running from: c:\users\MIMKIWI\Desktop\ComboFix.exe
Command switches used :: c:\users\MIMKIWI\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\winload4.dll"
"c:\windows\Tasks\LIOK.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\winload4.dll
c:\windows\Tasks\LIOK.job
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-30 10:24 . 2012-05-30 10:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-27 02:03 . 2012-05-27 02:03 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-27 02:00 . 2012-05-27 02:00 -------- d-----w- c:\windows\Sun
2012-05-26 02:27 . 2012-05-26 02:27 -------- d-----w- c:\program files\ColorByNumbers
2012-05-19 23:32 . 2012-05-14 15:43 6737808 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D7F1C74-99C0-4756-9196-9CCF81F9C463}\mpengine.dll
2012-05-19 23:22 . 2012-05-19 23:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-13 04:18 . 2012-05-13 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-13 04:18 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 03:48 . 2012-05-13 03:48 -------- d-----w- c:\program files\ESET
2012-05-13 02:16 . 2012-05-13 02:16 -------- d-----w- c:\programdata\Kaspersky Lab
2012-05-12 04:30 . 2011-12-19 02:44 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-05-12 04:29 . 2011-09-29 02:16 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-05-12 04:29 . 2011-12-19 02:44 223864 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-05-12 04:28 . 2012-05-12 04:30 -------- d-----w- c:\users\MIMKIWI\AppData\Roaming\Ad-Aware Antivirus
2012-05-12 01:57 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 01:57 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 01:57 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 01:57 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 01:57 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 01:57 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 01:57 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-12 01:57 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 01:57 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 01:57 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 07:55 . 2012-05-10 07:55 -------- d-----w- c:\users\MIMKIWI\AppData\Roaming\Malwarebytes
2012-05-10 07:55 . 2012-05-10 07:55 -------- d-----w- c:\programdata\Malwarebytes
2012-05-09 08:41 . 2012-05-09 08:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-05-09 08:36 . 2012-05-09 08:41 -------- d-----w- c:\programdata\HitmanPro
2012-05-06 03:59 . 2012-05-06 03:59 -------- d-----w- c:\program files\Common Files\Skype
2012-05-05 04:09 . 2012-05-05 04:09 -------- d-----w- c:\program files\iPod
2012-05-05 04:09 . 2012-05-05 04:10 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-27 02:03 . 2012-01-15 08:21 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-06 05:21 . 2012-04-06 05:21 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2010-05-27 17:02 909312 ----a-w- c:\windows\system32\aticfx32.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 451072 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:15 . 2012-04-06 02:15 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-04-06 02:14 . 2012-04-06 02:14 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-04-06 02:13 . 2010-05-27 16:54 6800896 ----a-w- c:\windows\system32\atidxx32.dll
2012-04-06 02:00 . 2010-05-27 16:35 52736 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\system32\atioglxx.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\system32\atiumdmv.dll
2012-04-06 01:34 . 2010-05-27 16:37 6203392 ----a-w- c:\windows\system32\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\system32\aticaldd.dll
2012-04-06 01:22 . 2010-05-27 16:31 4795904 ----a-w- c:\windows\system32\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-05-27 16:24 41984 ----a-w- c:\windows\system32\atiuxpag.dll
2012-04-06 01:09 . 2010-05-27 16:24 32256 ----a-w- c:\windows\system32\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-03-31 00:00 . 2012-03-31 00:00 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 00:00 . 2011-07-10 01:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-20 10:44 . 2012-03-20 10:44 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 10:44 . 2012-03-20 10:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-20 03:11 . 2010-12-21 07:41 151880 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-18 06:51 . 2011-02-05 22:53 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-03-08 08:50 . 2012-03-08 08:50 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 08:37 . 2012-03-08 08:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-23 59240]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-28 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-01 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-01 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 136176]
R2 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [2011-05-17 366872]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-28 77816]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-28 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 253600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 87656]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-09 18432]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 94584]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 93816]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 72312]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-27 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 169608]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 64912]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 223864]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 217600]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 161632]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 151880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 9334784]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 275968]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 57600]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 340920]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-08-07 47360]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 94584]
S3 WinMTBus;WinMount Bus;c:\windows\system32\DRIVERS\WinMTBus.sys [2007-04-11 196224]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:00]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 09:26]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-30 09:26]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536688752-1842355533-2872877329-1001Core.job
- c:\users\MIMKIWI\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 08:42]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536688752-1842355533-2872877329-1001UA.job
- c:\users\MIMKIWI\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 08:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\WinMTSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\UI0Detect.exe
c:\program files\Logitech\SetPointP\LBTWiz.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Windows Live\Mesh\MOE.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-05-30 20:31:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-30 10:31
ComboFix2.txt 2012-05-28 09:13
ComboFix3.txt 2012-05-19 05:06
ComboFix4.txt 2012-05-13 03:35
ComboFix5.txt 2012-05-30 10:14
.
Pre-Run: 268,919,148,544 bytes free
Post-Run: 269,096,095,744 bytes free
.
- - End Of File - - 895C7618B77CEA2753A5504B1576EE84

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 30 May 2012 - 07:53 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 kiwiklogg

kiwiklogg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 01 June 2012 - 04:05 AM

Here you go:



Update for Microsoft Office 2007 (KB2508958)
1Click DVD Copy Pro 4.2.2.1
AC3Filter 1.63b
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.5.0
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
AviSynth 2.5
Bonjour
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MG5200 series MP Drivers
Canon MP Navigator EX 4.0
Canon My Printer
Canon RAW Codec
Canon Solution Menu EX
Catalyst Control Center InstallProxy
CBN Selector 3
CD-LabelPrint
Cisco WebEx Meetings
Clone2Go DVD Ripper 1.9.7
Clone2Go Video Converter Free Version 2.0.0
Clone2Go Video Converter Professional 2.0.0
D3DX10
dBpoweramp DSP Effects
dBpoweramp Music Converter
dBpoweramp Windows Media Audio 10 Codec
DivX Setup
DVD43 v4.6.0
e-tax 2011
eReg
ESET Online Scanner v3
Family Tree Maker 2012
Garmin BaseCamp
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
iCloud
iTunes
Java Auto Updater
Java™ 7 Update 4
Junk Mail filter update
jZip
Logitech SetPoint 6.20
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee AntiVirus Plus
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
MSVCRT
OGA Notifier 2.0.0048.0
PDF Settings CS5
PS3 Media Server
QuickTime
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Click to Call
Skype™ 5.8
The Lord of the Rings FREE Trial
TheMatrix Screen Saver version 1.14
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
Videora iPad Converter 6
VLC media player 1.1.11
VLC Streamer 1.50
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinMount V1.7
WinRAR 4.10 (32-bit)
WinX DVD Ripper Platinum 6.8.2
Xilisoft Video Converter Ultimate
YouTube Downloader App 3.00

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 02 June 2012 - 05:37 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.0
µTorrent
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 kiwiklogg

kiwiklogg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 02 June 2012 - 09:57 PM

Thanks for the advice, Gringo.

Here is the MBAM log:

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.02.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
MIMKIWI :: MIMKIWI-PC [administrator]

Protection: Disabled

3/06/2012 12:43:20 PM
mbam-log-2012-06-03 (12-43-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204790
Time elapsed: 11 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Here is the Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:26:05 AM, on 3/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Mesh\WLSync.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\Program Files\Windows Live\Mesh\MOE.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Java\jre7\bin\javaw.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120507190205.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [WLSync] "C:\Program Files\Windows Live\Mesh\WLSync.exe" /background
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://apmoller.webex.com/client/T26L10NSP49EP12/webex/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: C:\Windows\System32\acaptuser32.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WinMTSrv - WinMount International Inc. - C:\Windows\system32\WinMTSrv.exe

--
End of file - 12012 bytes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 04 June 2012 - 08:54 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
      O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
      O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
      O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
      O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [WLSync] "C:\Program Files\Windows Live\Mesh\WLSync.exe" /background
      O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
      O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 07 June 2012 - 12:51 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 10 June 2012 - 12:06 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users