Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Ads playing randomly; SERPs links redirecting


  • This topic is locked This topic is locked
17 replies to this topic

#1 RicinAndBeans

RicinAndBeans

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 14 June 2012 - 06:34 AM

Hello,

I seem to have two annoying problems:

- Audio ads playing randomly no matter what I'm doing. The ads are random from all sorts of sources, and sometimes get cut off and dont play completely.
- If I click a link in Google search results pages it gets redirected to weird random websites. I have to hit back button three times before the page I wanted "sticks" and I can view it.



Also, a couple months ago I got whacked with the really nasty FakeAlert! virus which was a massive pain in the bum to remove. I think I got it all but I'm not positive.It hid every file on my hard drive and was a nightmare. I had to get Malwarebytes in a Chameleon file from another computer and was able to remove it, I think.

In the past week my anti-virus did remove a couple viruses but my problems have remained. Something like "Blacoll.f" or something was removed as well as some spy/ad tracking cookies.

I use McAfee and Malwarebytes. I tried to use TDSSKiller.exe from Kapersky but I can't get it to run, even if I change the name of the file it still won't run. I think a virus is blocking it.



DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by userName at 14:36:25 on 2012-06-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4175 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\xampp\apache\bin\httpd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120510171035.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ISUSPM] -scheduler
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
mRun: [BATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Converter 7\RegistryController.exe
mRun: [Nuance PDF Converter 7-reminder] "C:\Program Files (x86)\Nuance\PDF Converter 7\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter 7\Ereg\Ereg.ini"
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 7.0 - C:\Program Files (x86)\Nuance\PDF Converter 7\cnvres_eng.dll /100
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.116.46.115 24.205.192.61
TCP: Interfaces\{6A0BD49E-579D-41CB-A98E-2C12BEDF916D} : DhcpNameServer = 192.168.1.1 68.116.46.115 24.205.192.61
TCP: Interfaces\{6A0BD49E-579D-41CB-A98E-2C12BEDF916D}\35B697E45445 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6A0BD49E-579D-41CB-A98E-2C12BEDF916D}\A416A7D697E6D27657563747 : DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120510171035.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
mRun-x64: [BATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Converter 7\RegistryController.exe
mRun-x64: [Nuance PDF Converter 7-reminder] "C:\Program Files (x86)\Nuance\PDF Converter 7\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter 7\Ereg\Ereg.ini"
mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\userName\AppData\Roaming\Mozilla\Firefox\Profiles\zk1wnx9f.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-20 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [2011-9-10 18432]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2010-8-5 16384]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-4-19 1047336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-29 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-29 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-29 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-29 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-10-25 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-10-25 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-5-20 1121304]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-5-20 109168]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 257224]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-20 135584]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-10-25 220528]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-12 113120]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-29 249936]
.
=============== Created Last 30 ================
.
2012-06-12 19:50:50 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-12 15:42:04 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-12 13:48:23 -------- d-----w- C:\Users\userName\AppData\Roaming\VS Revo Group
2012-06-12 13:37:59 -------- d-----w- C:\Users\userName\AppData\Local\VS Revo Group
2012-06-12 13:37:52 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-06-12 13:37:50 -------- d-----w- C:\Program Files\VS Revo Group
2012-06-12 12:53:46 -------- d-----w- C:\Users\userName\AppData\Roaming\Resource Tuner
2012-06-12 12:53:40 -------- d-----w- C:\Program Files (x86)\Resource Tuner
2012-06-12 12:05:10 -------- d-----w- C:\Users\userName\AppData\Local\Macromedia
2012-06-03 13:30:52 -------- d-----w- C:\ProgramData\Graboid Inc
2012-06-03 13:30:49 -------- d-----w- C:\Users\userName\AppData\Local\Geckofx
2012-06-03 13:29:27 -------- d-----w- C:\Program Files (x86)\Graboid
.
==================== Find3M ====================
.
2012-06-12 12:04:48 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-12 12:04:48 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-05 11:15:06 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-17 17:11:54 49152 ----a-w- C:\Windows\System32\iolobtdfg.exe
2012-04-17 17:11:38 17920 ----a-w- C:\Windows\System32\smrgdf.exe
2012-04-17 16:37:06 2154032 ----a-w- C:\Windows\System32\Incinerator64.dll
2012-04-17 16:37:02 2095816 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-20 20:11:30 162192 ----a-w- C:\Windows\System32\mfevtps.exe
2012-03-18 17:03:53 16200 ----a-w- C:\Windows\stinger.sys
2012-03-18 15:37:50 1008141 ----a-w- C:\Program Files (x86)\rkill.com
2012-03-18 15:31:40 607260 ----a-w- C:\Program Files (x86)\dds.scr
2012-03-18 15:31:20 389024 ----a-w- C:\Program Files (x86)\unhide.exe
2012-03-18 14:23:54 9262656 ----a-w- C:\Program Files (x86)\stinger.exe
2012-03-18 12:13:57 389024 ----a-w- C:\unhide.exe
2012-03-18 12:12:11 15400968 ----a-w- C:\SUPERAntiSpyware.exe
2012-03-18 12:11:03 9502424 ----a-w- C:\mbam-setup-1.60.1.1000.exe
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 14:52:15.38 ===============

Edited by RicinAndBeans, 14 June 2012 - 06:38 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 AM

Posted 15 June 2012 - 12:17 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 RicinAndBeans

RicinAndBeans
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 15 June 2012 - 08:42 AM

I ran ComboFix, after disabling my AV program/s. It took over an hour to complete, so McAfee restarted as I had set it to do so after one hour (I thought COmboFix would take 20 minutes or so haha), it initially blocked combofix but I clicked "allow" and then turned McAfee off again (this was while Combo was creating the log file this all happened) and about 10-15 minutes later the it finally finished and created the logfile text.

Audio ads started playing from nowhere minutes after Combo finished, and a test of Google also confirms all the links are still redirecting to random websites. So, still infected unfortunately. The logs:




Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 22
Java™ 6 Update 30
Java version out of date!
Mozilla Firefox (13.0)
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Symantec Norton Online Backup NOBuAgent.exe
iolo Common Lib ioloServiceManager.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 13% Defragment your hard drive soon!
````````````````````End of Log``````````````````````







ComboFix 12-06-15.02 - userName1 06/15/2012 5:13.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4421 [GMT -7:00]
Running from: c:\users\userName1\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\userName1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\userName1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\userName1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
.
----- File Replicators -----
.
c:\windows\Installer\{05CA9AF2-E06D-3991-887C-FC5822D5468A}\ARPPRODUCTICON.exe
c:\windows\Installer\{07BF9DB6-69AE-4070-EFBC-44C5BB3E10D2}\ARPPRODUCTICON.exe
c:\windows\Installer\{07FA4960-B038-49EB-891B-9F95930AA544}\ARPPRODUCTICON.exe
c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
c:\windows\Installer\{104BEA41-8EC0-B483-04AA-FAB143CBBCAE}\ARPPRODUCTICON.exe
c:\windows\Installer\{1D4B453A-6C34-FEDF-4B69-C026E2E58655}\ARPPRODUCTICON.exe
c:\windows\Installer\{22139F5D-9405-455A-BDEB-658B1A4E4861}\ARPPRODUCTICON.exe
c:\windows\Installer\{338556DF-B61E-26A0-4DF9-F95658B3454B}\ARPPRODUCTICON.exe
c:\windows\Installer\{37220538-53F8-728A-C7EA-92ABD78CA94B}\ARPPRODUCTICON.exe
c:\windows\Installer\{3DAB1C09-2B6C-4FEE-2B95-EABAAF7002FB}\ARPPRODUCTICON.exe
c:\windows\Installer\{433EACD8-4747-4A6A-826A-FFA9F39B0D40}\ARPPRODUCTICON.exe
c:\windows\Installer\{4513B67A-61E4-D7BF-6381-657581C9097C}\ARPPRODUCTICON.exe
c:\windows\Installer\{5031851B-1BC3-EAB0-AC16-7D5FF880502C}\ARPPRODUCTICON.exe
c:\windows\Installer\{5924CA2E-D145-87A2-CB65-39313C0D825C}\ARPPRODUCTICON.exe
c:\windows\Installer\{67AAEC8B-9A0C-154E-21F8-0AEF4A05E98D}\ARPPRODUCTICON.exe
c:\windows\Installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}\ARPPRODUCTICON.exe
c:\windows\Installer\{6FA22C59-53A4-6C24-4E2B-8024838F1016}\ARPPRODUCTICON.exe
c:\windows\Installer\{713578E2-16BA-B3C5-A1D3-147F4BD6CE14}\ARPPRODUCTICON.exe
c:\windows\Installer\{777E6DA6-2487-4A56-0FAB-07C9F82B9C18}\ARPPRODUCTICON.exe
c:\windows\Installer\{858CA5A0-9A7E-3D84-679F-5934B22255A8}\ARPPRODUCTICON.exe
c:\windows\Installer\{88B6E7E4-2D44-9C8D-1B7E-1131C8B0D111}\ARPPRODUCTICON.exe
c:\windows\Installer\{88E2586F-E0D5-A3E3-B84F-4CC6E86F4D23}\ARPPRODUCTICON.exe
c:\windows\Installer\{8D016DB5-8672-0757-F228-32BF04278665}\ARPPRODUCTICON.exe
c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
c:\windows\Installer\{95251A23-7B7A-BFA7-C812-9A0E4EC04120}\ARPPRODUCTICON.exe
c:\windows\Installer\{9B51638F-A1F3-05B5-46A1-B54A025766E1}\ARPPRODUCTICON.exe
c:\windows\Installer\{A6D0B261-9CF1-1C7E-5A5C-6D42EE9AE9E6}\ARPPRODUCTICON.exe
c:\windows\Installer\{AB92BB15-CF56-0490-64D9-06DD82522CC5}\ARPPRODUCTICON.exe
c:\windows\Installer\{B1588559-57A0-5948-0A3F-F768AC350F29}\ARPPRODUCTICON.exe
c:\windows\Installer\{B191C95B-7E4A-6419-F332-307810CE4FA5}\ARPPRODUCTICON.exe
c:\windows\Installer\{B4DFE240-836F-3EA4-B764-BE778EB7B86B}\ARPPRODUCTICON.exe
c:\windows\Installer\{BD30FF0E-FFD3-8200-68F1-7772F0C091DD}\ARPPRODUCTICON.exe
c:\windows\Installer\{C1441CC5-D9DC-C781-F5FC-B7CA0FBA0914}\ARPPRODUCTICON.exe
c:\windows\Installer\{CBF9CADC-3F81-44E4-3B0F-B0E288D0FBEC}\ARPPRODUCTICON.exe
c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
c:\windows\Installer\{EB235F08-D1FC-D35F-BD8A-84C232184AF2}\ARPPRODUCTICON.exe
c:\windows\Installer\{EB69F7A5-778B-2F95-1FFD-949157FB94CA}\ARPPRODUCTICON.exe
c:\windows\Installer\{F6A4B871-A06A-0EB2-DA8F-BD26CA4B7D90}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 12:53 . 2012-06-15 12:53 -------- d-----w- c:\users\userName2\AppData\Local\temp
2012-06-15 12:53 . 2012-06-15 12:53 -------- d-----w- c:\users\userName3\AppData\Local\temp
2012-06-15 12:53 . 2012-06-15 12:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 09:09 . 2012-06-15 09:09 -------- d-----w- c:\users\userName2\AppData\Local\CrashDumps
2012-06-12 23:38 . 2012-06-12 23:38 -------- d-----w- c:\users\userName2\AppData\Local\Macromedia
2012-06-12 19:50 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 15:42 . 2012-06-12 15:42 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-12 13:48 . 2012-06-12 13:48 -------- d-----w- c:\users\userName1\AppData\Roaming\VS Revo Group
2012-06-12 13:37 . 2012-06-12 13:37 -------- d-----w- c:\users\userName1\AppData\Local\VS Revo Group
2012-06-12 13:37 . 2009-12-30 18:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-06-12 13:37 . 2012-06-12 13:37 -------- d-----w- c:\program files\VS Revo Group
2012-06-12 12:53 . 2012-06-13 15:46 -------- d-----w- c:\users\userName1\AppData\Roaming\Resource Tuner
2012-06-12 12:53 . 2012-06-12 12:53 -------- d-----w- c:\program files (x86)\Resource Tuner
2012-06-12 12:05 . 2012-06-12 12:05 -------- d-----w- c:\users\userName1\AppData\Local\Macromedia
2012-06-08 04:56 . 2012-06-08 04:56 -------- d-----w- c:\users\userName2\AppData\Local\Diagnostics
2012-06-03 13:36 . 2012-06-14 21:25 -------- d-----w- c:\users\userName1\AppData\Roaming\vlc
2012-06-03 13:30 . 2012-06-03 13:30 -------- d-----w- c:\programdata\Graboid Inc
2012-06-03 13:30 . 2012-06-03 13:30 -------- d-----w- c:\users\userName1\AppData\Local\Geckofx
2012-06-03 13:29 . 2012-06-06 18:34 -------- d-----w- c:\program files (x86)\Graboid
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 12:04 . 2012-03-30 20:20 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-12 12:04 . 2011-10-25 21:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 11:15 . 2012-03-30 21:15 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-17 17:11 . 2011-10-26 03:02 49152 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-04-17 17:11 . 2011-10-26 03:02 17920 ----a-w- c:\windows\system32\smrgdf.exe
2012-04-17 16:37 . 2012-03-30 11:25 2154032 ----a-w- c:\windows\system32\Incinerator64.dll
2012-04-17 16:37 . 2011-10-26 03:02 2095816 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2012-03-30 11:35 . 2012-05-08 19:17 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 20:11 . 2010-08-24 19:57 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-18 17:03 . 2012-03-18 17:03 16200 ----a-w- c:\windows\stinger.sys
2012-03-18 15:37 . 2012-03-18 15:37 1008141 ----a-w- c:\program files (x86)\rkill.com
2012-03-18 15:31 . 2012-03-18 15:31 607260 ----a-w- c:\program files (x86)\dds.scr
2012-03-18 15:31 . 2012-03-18 15:31 389024 ----a-w- c:\program files (x86)\unhide.exe
2012-03-18 14:23 . 2012-03-18 14:23 9262656 ----a-w- c:\program files (x86)\stinger.exe
2012-03-18 12:13 . 2012-03-18 12:13 389024 ----a-w- C:\unhide.exe
2012-03-18 12:12 . 2012-03-18 12:11 15400968 ----a-w- C:\SUPERAntiSpyware.exe
2012-03-18 12:11 . 2012-03-18 12:10 9502424 ----a-w- C:\mbam-setup-1.60.1.1000.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="-scheduler" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe" [2010-07-21 2095616]
"BATINDICATORHL"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe" [2010-07-23 557056]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-12-01 121456]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-10-22 895512]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Converter 7\RegistryController.exe" [2010-08-18 121120]
"Nuance PDF Converter 7-reminder"="c:\program files (x86)\Nuance\PDF Converter 7\Ereg\Ereg.exe" [2010-07-05 333088]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2012-04-17 938680]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 257224]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Scarlet Legacy\bin\GameGuard\dump_wmimmc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2010-08-05 16384]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-04-17 1047336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-10-22 1121304]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:04]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3133816111-1074800021-3642880424-1004Core.job
- c:\users\userName2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-10 05:10]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3133816111-1074800021-3642880424-1004UA.job
- c:\users\userName2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-10 05:10]
.
2012-06-15 c:\windows\Tasks\HPCeeScheduleForuserName4.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-06-14 c:\windows\Tasks\HPCeeScheduleForuserName1.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-05-24 c:\windows\Tasks\HPCeeScheduleForSKYNET$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 7.0 - c:\program files (x86)\Nuance\PDF Converter 7\cnvres_eng.dll /100
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 68.116.46.115 24.205.192.61
FF - ProfilePath - c:\users\userName1\AppData\Roaming\Mozilla\Firefox\Profiles\zk1wnx9f.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\xampp\mysql\bin\mysqld.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
.
**************************************************************************
.
Completion time: 2012-06-15 06:21:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 13:21
.
Pre-Run: 709,480,284,160 bytes free
Post-Run: 710,097,162,240 bytes free
.
- - End Of File - - B1DD74C1B0D3966B35A9D9CFFD2A14BC

Edited by RicinAndBeans, 15 June 2012 - 08:55 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 AM

Posted 15 June 2012 - 12:21 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 RicinAndBeans

RicinAndBeans
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 15 June 2012 - 04:47 PM

Combofix must have removed whatever was blocking TDSSKiller from starting, cause it worked this time.


14:17:04.0366 1180 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
14:17:04.0928 1180 ============================================================
14:17:04.0928 1180 Current date / time: 2012/06/15 14:17:04.0928
14:17:04.0928 1180 SystemInfo:
14:17:04.0928 1180
14:17:04.0928 1180 OS Version: 6.1.7601 ServicePack: 1.0
14:17:04.0928 1180 Product type: Workstation
14:17:04.0928 1180 ComputerName:
14:17:04.0928 1180 UserName:
14:17:04.0928 1180 Windows directory: C:\Windows
14:17:04.0928 1180 System windows directory: C:\Windows
14:17:04.0928 1180 Running under WOW64
14:17:04.0928 1180 Processor architecture: Intel x64
14:17:04.0928 1180 Number of processors: 2
14:17:04.0928 1180 Page size: 0x1000
14:17:04.0928 1180 Boot type: Normal boot
14:17:04.0928 1180 ============================================================
14:17:06.0098 1180 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:17:06.0113 1180 ============================================================
14:17:06.0113 1180 \Device\Harddisk0\DR0:
14:17:06.0113 1180 MBR partitions:
14:17:06.0113 1180 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:17:06.0113 1180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71B17800
14:17:06.0113 1180 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x71B4A000, BlocksNum 0x2BB7DB0
14:17:06.0113 1180 ============================================================
14:17:06.0129 1180 C: <-> \Device\Harddisk0\DR0\Partition1
14:17:06.0176 1180 D: <-> \Device\Harddisk0\DR0\Partition2
14:17:06.0176 1180 ============================================================
14:17:06.0176 1180 Initialize success
14:17:06.0176 1180 ============================================================
14:17:19.0389 13604 ============================================================
14:17:19.0389 13604 Scan started
14:17:19.0389 13604 Mode: Manual;
14:17:19.0389 13604 ============================================================
14:17:21.0245 13604 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:17:21.0245 13604 !SASCORE - ok
14:17:21.0401 13604 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:17:21.0401 13604 1394ohci - ok
14:17:21.0448 13604 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:17:21.0464 13604 ACPI - ok
14:17:21.0479 13604 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:17:21.0479 13604 AcpiPmi - ok
14:17:21.0573 13604 AdobeActiveFileMonitor9.0 (c004f38974f4d321b4c20a240e1175c0) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
14:17:21.0573 13604 AdobeActiveFileMonitor9.0 - ok
14:17:21.0745 13604 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:17:21.0745 13604 AdobeFlashPlayerUpdateSvc - ok
14:17:21.0823 13604 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:17:21.0823 13604 adp94xx - ok
14:17:21.0869 13604 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:17:21.0869 13604 adpahci - ok
14:17:21.0885 13604 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:17:21.0901 13604 adpu320 - ok
14:17:21.0916 13604 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:17:21.0932 13604 AeLookupSvc - ok
14:17:21.0979 13604 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
14:17:21.0994 13604 AERTFilters - ok
14:17:22.0072 13604 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:17:22.0072 13604 AFD - ok
14:17:22.0119 13604 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:17:22.0119 13604 agp440 - ok
14:17:22.0150 13604 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:17:22.0150 13604 ALG - ok
14:17:22.0181 13604 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:17:22.0181 13604 aliide - ok
14:17:22.0213 13604 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
14:17:22.0213 13604 AMD External Events Utility - ok
14:17:22.0228 13604 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:17:22.0228 13604 amdide - ok
14:17:22.0259 13604 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:17:22.0259 13604 AmdK8 - ok
14:17:22.0727 13604 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
14:17:22.0790 13604 amdkmdag - ok
14:17:22.0899 13604 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
14:17:22.0915 13604 amdkmdap - ok
14:17:22.0930 13604 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:17:22.0946 13604 AmdPPM - ok
14:17:22.0961 13604 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys
14:17:22.0961 13604 amdsata - ok
14:17:23.0008 13604 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:17:23.0008 13604 amdsbs - ok
14:17:23.0008 13604 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys
14:17:23.0008 13604 amdxata - ok
14:17:23.0149 13604 Apache2.2 (f41e453a90ef19217cee1675f5256ee7) C:\xampp\apache\bin\httpd.exe
14:17:23.0149 13604 Apache2.2 - ok
14:17:23.0258 13604 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:17:23.0258 13604 AppID - ok
14:17:23.0289 13604 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:17:23.0289 13604 AppIDSvc - ok
14:17:23.0320 13604 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:17:23.0320 13604 Appinfo - ok
14:17:23.0414 13604 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:17:23.0414 13604 Apple Mobile Device - ok
14:17:23.0461 13604 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:17:23.0476 13604 arc - ok
14:17:23.0492 13604 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:17:23.0492 13604 arcsas - ok
14:17:23.0570 13604 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:17:23.0570 13604 aspnet_state - ok
14:17:23.0601 13604 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:17:23.0601 13604 AsyncMac - ok
14:17:23.0741 13604 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:17:23.0741 13604 atapi - ok
14:17:23.0773 13604 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
14:17:23.0773 13604 AtiPcie - ok
14:17:23.0866 13604 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:17:23.0882 13604 AudioEndpointBuilder - ok
14:17:23.0897 13604 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:17:23.0897 13604 AudioSrv - ok
14:17:24.0007 13604 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:17:24.0022 13604 AxInstSV - ok
14:17:24.0085 13604 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:17:24.0100 13604 b06bdrv - ok
14:17:24.0131 13604 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:17:24.0131 13604 b57nd60a - ok
14:17:24.0163 13604 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:17:24.0163 13604 BDESVC - ok
14:17:24.0178 13604 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:17:24.0178 13604 Beep - ok
14:17:24.0272 13604 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:17:24.0287 13604 BFE - ok
14:17:24.0381 13604 BITCOMET_HELPER_SERVICE - ok
14:17:24.0459 13604 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:17:24.0475 13604 BITS - ok
14:17:24.0521 13604 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:17:24.0521 13604 blbdrive - ok
14:17:24.0631 13604 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:17:24.0631 13604 Bonjour Service - ok
14:17:24.0677 13604 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:17:24.0677 13604 bowser - ok
14:17:24.0709 13604 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:17:24.0709 13604 BrFiltLo - ok
14:17:24.0709 13604 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:17:24.0709 13604 BrFiltUp - ok
14:17:24.0724 13604 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:17:24.0724 13604 BridgeMP - ok
14:17:24.0771 13604 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:17:24.0771 13604 Browser - ok
14:17:24.0802 13604 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:17:24.0818 13604 Brserid - ok
14:17:24.0818 13604 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:17:24.0833 13604 BrSerWdm - ok
14:17:24.0833 13604 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:17:24.0833 13604 BrUsbMdm - ok
14:17:24.0849 13604 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:17:24.0849 13604 BrUsbSer - ok
14:17:24.0849 13604 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:17:24.0849 13604 BTHMODEM - ok
14:17:24.0896 13604 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:17:24.0896 13604 bthserv - ok
14:17:24.0958 13604 CalendarSynchService (c2600ea81c3e0a9b55fd91a55fdb2307) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
14:17:24.0958 13604 CalendarSynchService - ok
14:17:25.0036 13604 catchme - ok
14:17:25.0067 13604 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:17:25.0067 13604 cdfs - ok
14:17:25.0114 13604 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:17:25.0114 13604 cdrom - ok
14:17:25.0161 13604 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:17:25.0161 13604 CertPropSvc - ok
14:17:25.0208 13604 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
14:17:25.0208 13604 cfwids - ok
14:17:25.0255 13604 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:17:25.0255 13604 circlass - ok
14:17:25.0301 13604 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:17:25.0317 13604 CLFS - ok
14:17:25.0364 13604 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:17:25.0364 13604 clr_optimization_v2.0.50727_32 - ok
14:17:25.0395 13604 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:17:25.0411 13604 clr_optimization_v2.0.50727_64 - ok
14:17:25.0457 13604 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:17:25.0473 13604 clr_optimization_v4.0.30319_32 - ok
14:17:25.0504 13604 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:17:25.0504 13604 clr_optimization_v4.0.30319_64 - ok
14:17:25.0535 13604 clwvd (d68d9f4d53010b7e84d4e80a2e485554) C:\Windows\system32\DRIVERS\clwvd.sys
14:17:25.0535 13604 clwvd - ok
14:17:25.0567 13604 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:17:25.0567 13604 CmBatt - ok
14:17:25.0598 13604 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:17:25.0598 13604 cmdide - ok
14:17:25.0707 13604 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:17:25.0723 13604 CNG - ok
14:17:25.0738 13604 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:17:25.0738 13604 Compbatt - ok
14:17:25.0769 13604 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:17:25.0769 13604 CompositeBus - ok
14:17:25.0785 13604 COMSysApp - ok
14:17:25.0847 13604 cpuz135 - ok
14:17:25.0863 13604 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:17:25.0879 13604 crcdisk - ok
14:17:25.0925 13604 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:17:25.0925 13604 CryptSvc - ok
14:17:25.0988 13604 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:17:26.0003 13604 DcomLaunch - ok
14:17:26.0050 13604 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:17:26.0050 13604 defragsvc - ok
14:17:26.0097 13604 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:17:26.0097 13604 DfsC - ok
14:17:26.0144 13604 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:17:26.0159 13604 Dhcp - ok
14:17:26.0175 13604 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:17:26.0175 13604 discache - ok
14:17:26.0206 13604 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:17:26.0222 13604 Disk - ok
14:17:26.0300 13604 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:17:26.0315 13604 Dnscache - ok
14:17:26.0362 13604 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:17:26.0362 13604 dot3svc - ok
14:17:26.0393 13604 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:17:26.0393 13604 DPS - ok
14:17:26.0425 13604 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:17:26.0425 13604 drmkaud - ok
14:17:26.0471 13604 DTSRVC (b1b7de1ea520c84ab689be8c964fb850) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
14:17:26.0471 13604 DTSRVC - ok
14:17:26.0549 13604 dump_wmimmc - ok
14:17:26.0659 13604 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:17:26.0690 13604 DXGKrnl - ok
14:17:26.0721 13604 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:17:26.0721 13604 EapHost - ok
14:17:26.0924 13604 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:17:26.0955 13604 ebdrv - ok
14:17:27.0064 13604 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:17:27.0064 13604 EFS - ok
14:17:27.0158 13604 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:17:27.0173 13604 ehRecvr - ok
14:17:27.0205 13604 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:17:27.0205 13604 ehSched - ok
14:17:27.0251 13604 ElRawDisk (d38a883309e04b9fbffe1aca60ea3bbf) C:\Windows\system32\drivers\ElRawDsk.sys
14:17:27.0251 13604 ElRawDisk - ok
14:17:27.0314 13604 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:17:27.0329 13604 elxstor - ok
14:17:27.0361 13604 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:17:27.0361 13604 ErrDev - ok
14:17:27.0407 13604 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:17:27.0407 13604 EventSystem - ok
14:17:27.0454 13604 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:17:27.0454 13604 exfat - ok
14:17:27.0470 13604 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:17:27.0470 13604 fastfat - ok
14:17:27.0548 13604 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:17:27.0563 13604 Fax - ok
14:17:27.0579 13604 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:17:27.0579 13604 fdc - ok
14:17:27.0595 13604 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:17:27.0595 13604 fdPHost - ok
14:17:27.0610 13604 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:17:27.0626 13604 FDResPub - ok
14:17:27.0657 13604 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:17:27.0657 13604 FileInfo - ok
14:17:27.0657 13604 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:17:27.0657 13604 Filetrace - ok
14:17:27.0673 13604 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:17:27.0673 13604 flpydisk - ok
14:17:27.0735 13604 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:17:27.0735 13604 FltMgr - ok
14:17:27.0860 13604 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
14:17:27.0875 13604 FontCache - ok
14:17:27.0938 13604 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:17:27.0938 13604 FontCache3.0.0.0 - ok
14:17:27.0969 13604 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:17:27.0969 13604 FsDepends - ok
14:17:28.0016 13604 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:17:28.0016 13604 Fs_Rec - ok
14:17:28.0109 13604 Futuremark SystemInfo Service (0d015d3584704ec814a58276232f143b) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
14:17:28.0109 13604 Futuremark SystemInfo Service - ok
14:17:28.0172 13604 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:17:28.0172 13604 fvevol - ok
14:17:28.0203 13604 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:17:28.0203 13604 gagp30kx - ok
14:17:28.0265 13604 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
14:17:28.0281 13604 GameConsoleService - ok
14:17:28.0375 13604 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:17:28.0390 13604 gpsvc - ok
14:17:28.0406 13604 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:17:28.0406 13604 hcw85cir - ok
14:17:28.0468 13604 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:17:28.0484 13604 HdAudAddService - ok
14:17:28.0515 13604 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:17:28.0531 13604 HDAudBus - ok
14:17:28.0546 13604 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:17:28.0562 13604 HidBatt - ok
14:17:28.0577 13604 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:17:28.0577 13604 HidBth - ok
14:17:28.0593 13604 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:17:28.0593 13604 HidIr - ok
14:17:28.0702 13604 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:17:28.0702 13604 hidserv - ok
14:17:28.0765 13604 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:17:28.0765 13604 HidUsb - ok
14:17:28.0811 13604 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:17:28.0811 13604 hkmsvc - ok
14:17:28.0858 13604 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:17:28.0858 13604 HomeGroupListener - ok
14:17:28.0921 13604 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:17:28.0921 13604 HomeGroupProvider - ok
14:17:28.0999 13604 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:17:28.0999 13604 HP Support Assistant Service - ok
14:17:29.0139 13604 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
14:17:29.0155 13604 HPClientSvc - ok
14:17:29.0217 13604 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:17:29.0217 13604 HPDrvMntSvc.exe - ok
14:17:29.0279 13604 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
14:17:29.0295 13604 hpqwmiex - ok
14:17:29.0467 13604 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:17:29.0467 13604 HpSAMD - ok
14:17:29.0560 13604 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:17:29.0576 13604 HTTP - ok
14:17:29.0623 13604 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:17:29.0623 13604 hwpolicy - ok
14:17:29.0669 13604 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:17:29.0669 13604 i8042prt - ok
14:17:29.0747 13604 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:17:29.0747 13604 iaStorV - ok
14:17:29.0857 13604 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:17:29.0888 13604 idsvc - ok
14:17:29.0919 13604 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:17:29.0919 13604 iirsp - ok
14:17:29.0997 13604 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:17:29.0997 13604 IKEEXT - ok
14:17:30.0184 13604 IntcAzAudAddService (cb5fd9b681ad43b560490b5283ddc1c1) C:\Windows\system32\drivers\RTKVHD64.sys
14:17:30.0200 13604 IntcAzAudAddService - ok
14:17:30.0309 13604 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:17:30.0309 13604 intelide - ok
14:17:30.0356 13604 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:17:30.0356 13604 intelppm - ok
14:17:30.0496 13604 ioloSystemService (440a02fa25be8dccd2103d820036eda1) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
14:17:30.0512 13604 ioloSystemService - ok
14:17:30.0543 13604 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:17:30.0543 13604 IPBusEnum - ok
14:17:30.0574 13604 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:17:30.0590 13604 IpFilterDriver - ok
14:17:30.0652 13604 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:17:30.0668 13604 iphlpsvc - ok
14:17:30.0699 13604 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:17:30.0699 13604 IPMIDRV - ok
14:17:30.0746 13604 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:17:30.0746 13604 IPNAT - ok
14:17:30.0886 13604 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
14:17:30.0902 13604 iPod Service - ok
14:17:30.0917 13604 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:17:30.0917 13604 IRENUM - ok
14:17:30.0933 13604 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:17:30.0933 13604 isapnp - ok
14:17:30.0964 13604 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:17:30.0964 13604 iScsiPrt - ok
14:17:30.0995 13604 itecir (8d990a44b4f2b68e2c56a3724ec3eb84) C:\Windows\system32\DRIVERS\itecir.sys
14:17:30.0995 13604 itecir - ok
14:17:31.0042 13604 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:17:31.0042 13604 kbdclass - ok
14:17:31.0058 13604 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:17:31.0058 13604 kbdhid - ok
14:17:31.0105 13604 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:17:31.0105 13604 KeyIso - ok
14:17:31.0151 13604 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:17:31.0151 13604 KSecDD - ok
14:17:31.0183 13604 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:17:31.0198 13604 KSecPkg - ok
14:17:31.0214 13604 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:17:31.0229 13604 ksthunk - ok
14:17:31.0276 13604 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:17:31.0292 13604 KtmRm - ok
14:17:31.0339 13604 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:17:31.0339 13604 LanmanServer - ok
14:17:31.0385 13604 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:17:31.0385 13604 LanmanWorkstation - ok
14:17:31.0463 13604 LightScribeService (b1e1c8bb1392537e4d415fcdcb93b1d3) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:17:31.0463 13604 LightScribeService - ok
14:17:31.0510 13604 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:17:31.0526 13604 lltdio - ok
14:17:31.0573 13604 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:17:31.0573 13604 lltdsvc - ok
14:17:31.0604 13604 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:17:31.0604 13604 lmhosts - ok
14:17:31.0651 13604 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:17:31.0651 13604 LSI_FC - ok
14:17:31.0666 13604 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:17:31.0666 13604 LSI_SAS - ok
14:17:31.0682 13604 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:17:31.0682 13604 LSI_SAS2 - ok
14:17:31.0682 13604 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:17:31.0697 13604 LSI_SCSI - ok
14:17:31.0713 13604 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:17:31.0713 13604 luafv - ok
14:17:31.0807 13604 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:17:31.0807 13604 McAfee SiteAdvisor Service - ok
14:17:31.0853 13604 McAWFwk (b6bd99c3e23507a732c474caa620c0d7) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
14:17:31.0853 13604 McAWFwk - ok
14:17:31.0978 13604 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
14:17:31.0978 13604 McComponentHostService - ok
14:17:32.0009 13604 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:17:32.0009 13604 McMPFSvc - ok
14:17:32.0025 13604 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:17:32.0025 13604 mcmscsvc - ok
14:17:32.0025 13604 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:17:32.0025 13604 McNaiAnn - ok
14:17:32.0041 13604 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:17:32.0041 13604 McNASvc - ok
14:17:32.0134 13604 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\McAfee\VirusScan\mcods.exe
14:17:32.0150 13604 McODS - ok
14:17:32.0150 13604 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:17:32.0165 13604 McOobeSv - ok
14:17:32.0165 13604 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:17:32.0181 13604 McProxy - ok
14:17:32.0243 13604 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
14:17:32.0243 13604 McShield - ok
14:17:32.0368 13604 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:17:32.0384 13604 Mcx2Svc - ok
14:17:32.0431 13604 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:17:32.0431 13604 megasas - ok
14:17:32.0462 13604 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:17:32.0462 13604 MegaSR - ok
14:17:32.0509 13604 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
14:17:32.0509 13604 mfeapfk - ok
14:17:32.0571 13604 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
14:17:32.0571 13604 mfeavfk - ok
14:17:32.0602 13604 mfeavfk01 - ok
14:17:32.0665 13604 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
14:17:32.0665 13604 mfefire - ok
14:17:32.0743 13604 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
14:17:32.0758 13604 mfefirek - ok
14:17:32.0836 13604 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
14:17:32.0852 13604 mfehidk - ok
14:17:32.0852 13604 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
14:17:32.0867 13604 mfenlfk - ok
14:17:32.0883 13604 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
14:17:32.0883 13604 mferkdet - ok
14:17:32.0930 13604 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
14:17:32.0930 13604 mfevtp - ok
14:17:32.0977 13604 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
14:17:32.0992 13604 mfewfpk - ok
14:17:33.0039 13604 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:17:33.0039 13604 MMCSS - ok
14:17:33.0070 13604 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:17:33.0070 13604 Modem - ok
14:17:33.0101 13604 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:17:33.0101 13604 monitor - ok
14:17:33.0133 13604 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:17:33.0133 13604 mouclass - ok
14:17:33.0164 13604 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:17:33.0164 13604 mouhid - ok
14:17:33.0226 13604 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:17:33.0226 13604 mountmgr - ok
14:17:33.0320 13604 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:17:33.0335 13604 MozillaMaintenance - ok
14:17:33.0382 13604 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:17:33.0382 13604 mpio - ok
14:17:33.0413 13604 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:17:33.0429 13604 mpsdrv - ok
14:17:33.0507 13604 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:17:33.0523 13604 MpsSvc - ok
14:17:33.0569 13604 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:17:33.0569 13604 MRxDAV - ok
14:17:33.0601 13604 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:17:33.0616 13604 mrxsmb - ok
14:17:33.0663 13604 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:17:33.0663 13604 mrxsmb10 - ok
14:17:33.0679 13604 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:17:33.0679 13604 mrxsmb20 - ok
14:17:33.0725 13604 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:17:33.0725 13604 msahci - ok
14:17:33.0741 13604 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:17:33.0741 13604 msdsm - ok
14:17:33.0788 13604 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:17:33.0788 13604 MSDTC - ok
14:17:33.0819 13604 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:17:33.0819 13604 Msfs - ok
14:17:33.0835 13604 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:17:33.0835 13604 mshidkmdf - ok
14:17:33.0835 13604 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:17:33.0835 13604 msisadrv - ok
14:17:33.0866 13604 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:17:33.0881 13604 MSiSCSI - ok
14:17:33.0881 13604 msiserver - ok
14:17:33.0897 13604 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:17:33.0897 13604 MSKSSRV - ok
14:17:33.0913 13604 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:17:33.0913 13604 MSPCLOCK - ok
14:17:33.0913 13604 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:17:33.0928 13604 MSPQM - ok
14:17:33.0959 13604 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:17:33.0975 13604 MsRPC - ok
14:17:34.0006 13604 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:17:34.0006 13604 mssmbios - ok
14:17:34.0006 13604 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:17:34.0006 13604 MSTEE - ok
14:17:34.0022 13604 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:17:34.0022 13604 MTConfig - ok
14:17:34.0037 13604 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:17:34.0037 13604 Mup - ok
14:17:34.0115 13604 mysql - ok
14:17:34.0193 13604 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:17:34.0209 13604 napagent - ok
14:17:34.0240 13604 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:17:34.0256 13604 NativeWifiP - ok
14:17:34.0334 13604 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:17:34.0349 13604 NDIS - ok
14:17:34.0365 13604 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:17:34.0365 13604 NdisCap - ok
14:17:34.0396 13604 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:17:34.0396 13604 NdisTapi - ok
14:17:34.0427 13604 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:17:34.0427 13604 Ndisuio - ok
14:17:34.0474 13604 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:17:34.0474 13604 NdisWan - ok
14:17:34.0505 13604 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:17:34.0505 13604 NDProxy - ok
14:17:34.0537 13604 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:17:34.0537 13604 NetBIOS - ok
14:17:34.0583 13604 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:17:34.0583 13604 NetBT - ok
14:17:34.0630 13604 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:17:34.0630 13604 Netlogon - ok
14:17:34.0677 13604 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:17:34.0677 13604 Netman - ok
14:17:34.0755 13604 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:17:34.0755 13604 NetMsmqActivator - ok
14:17:34.0771 13604 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:17:34.0771 13604 NetPipeActivator - ok
14:17:34.0817 13604 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:17:34.0833 13604 netprofm - ok
14:17:34.0942 13604 netr28x (24cf1304d899124336f67f88f3c15e21) C:\Windows\system32\DRIVERS\netr28x.sys
14:17:34.0958 13604 netr28x - ok
14:17:34.0973 13604 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:17:34.0973 13604 NetTcpActivator - ok
14:17:34.0973 13604 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:17:34.0973 13604 NetTcpPortSharing - ok
14:17:35.0005 13604 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:17:35.0005 13604 nfrd960 - ok
14:17:35.0083 13604 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:17:35.0098 13604 NlaSvc - ok
14:17:35.0363 13604 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
14:17:35.0379 13604 NOBU - ok
14:17:35.0473 13604 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:17:35.0473 13604 Npfs - ok
14:17:35.0504 13604 npggsvc - ok
14:17:35.0519 13604 NPPTNT2 - ok
14:17:35.0551 13604 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:17:35.0551 13604 nsi - ok
14:17:35.0566 13604 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:17:35.0566 13604 nsiproxy - ok
14:17:35.0707 13604 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:17:35.0722 13604 Ntfs - ok
14:17:35.0847 13604 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:17:35.0847 13604 Null - ok
14:17:35.0894 13604 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:17:35.0894 13604 nvraid - ok
14:17:35.0925 13604 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:17:35.0941 13604 nvstor - ok
14:17:35.0972 13604 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:17:35.0987 13604 nv_agp - ok
14:17:36.0003 13604 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:17:36.0003 13604 ohci1394 - ok
14:17:36.0081 13604 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:17:36.0081 13604 ose - ok
14:17:36.0502 13604 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:17:36.0549 13604 osppsvc - ok
14:17:36.0658 13604 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:17:36.0658 13604 p2pimsvc - ok
14:17:36.0705 13604 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:17:36.0705 13604 p2psvc - ok
14:17:36.0752 13604 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:17:36.0752 13604 Parport - ok
14:17:36.0783 13604 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:17:36.0783 13604 partmgr - ok
14:17:36.0814 13604 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:17:36.0814 13604 PcaSvc - ok
14:17:36.0861 13604 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:17:36.0861 13604 pci - ok
14:17:36.0877 13604 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:17:36.0877 13604 pciide - ok
14:17:36.0908 13604 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:17:36.0908 13604 pcmcia - ok
14:17:36.0923 13604 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:17:36.0923 13604 pcw - ok
14:17:36.0970 13604 pdfcDispatcher - ok
14:17:37.0001 13604 PdiService (0a098df98ec8facaa30bd7db4c7aea06) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
14:17:37.0017 13604 PdiService - ok
14:17:37.0064 13604 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:17:37.0079 13604 PEAUTH - ok
14:17:37.0157 13604 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:17:37.0157 13604 PerfHost - ok
14:17:37.0282 13604 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:17:37.0298 13604 pla - ok
14:17:37.0360 13604 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:17:37.0360 13604 PlugPlay - ok
14:17:37.0391 13604 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:17:37.0391 13604 PNRPAutoReg - ok
14:17:37.0423 13604 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:17:37.0438 13604 PNRPsvc - ok
14:17:37.0485 13604 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:17:37.0485 13604 PolicyAgent - ok
14:17:37.0516 13604 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:17:37.0516 13604 Power - ok
14:17:37.0594 13604 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:17:37.0594 13604 PptpMiniport - ok
14:17:37.0641 13604 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:17:37.0641 13604 Processor - ok
14:17:37.0688 13604 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:17:37.0703 13604 ProfSvc - ok
14:17:37.0735 13604 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:17:37.0735 13604 ProtectedStorage - ok
14:17:37.0797 13604 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:17:37.0797 13604 Psched - ok
14:17:37.0828 13604 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
14:17:37.0828 13604 PxHlpa64 - ok
14:17:37.0984 13604 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:17:38.0015 13604 ql2300 - ok
14:17:38.0093 13604 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:17:38.0093 13604 ql40xx - ok
14:17:38.0125 13604 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:17:38.0125 13604 QWAVE - ok
14:17:38.0140 13604 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:17:38.0140 13604 QWAVEdrv - ok
14:17:38.0156 13604 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:17:38.0156 13604 RasAcd - ok
14:17:38.0171 13604 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:17:38.0171 13604 RasAgileVpn - ok
14:17:38.0203 13604 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:17:38.0203 13604 RasAuto - ok
14:17:38.0234 13604 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:17:38.0249 13604 Rasl2tp - ok
14:17:38.0281 13604 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:17:38.0281 13604 RasMan - ok
14:17:38.0296 13604 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:17:38.0296 13604 RasPppoe - ok
14:17:38.0327 13604 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:17:38.0327 13604 RasSstp - ok
14:17:38.0390 13604 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:17:38.0390 13604 rdbss - ok
14:17:38.0405 13604 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:17:38.0405 13604 rdpbus - ok
14:17:38.0421 13604 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:17:38.0437 13604 RDPCDD - ok
14:17:38.0437 13604 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:17:38.0437 13604 RDPENCDD - ok
14:17:38.0452 13604 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:17:38.0452 13604 RDPREFMP - ok
14:17:38.0483 13604 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:17:38.0499 13604 RDPWD - ok
14:17:38.0546 13604 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:17:38.0546 13604 rdyboost - ok
14:17:38.0577 13604 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:17:38.0577 13604 RemoteAccess - ok
14:17:38.0608 13604 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:17:38.0608 13604 RemoteRegistry - ok
14:17:38.0671 13604 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
14:17:38.0671 13604 Revoflt - ok
14:17:38.0764 13604 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
14:17:38.0764 13604 RoxioNow Service - ok
14:17:38.0795 13604 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:17:38.0795 13604 RpcEptMapper - ok
14:17:38.0811 13604 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:17:38.0811 13604 RpcLocator - ok
14:17:38.0873 13604 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:17:38.0889 13604 RpcSs - ok
14:17:38.0936 13604 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:17:38.0936 13604 rspndr - ok
14:17:38.0998 13604 RTL8167 (fcaf9c2c9eadf8f397c3350760ef500f) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:17:39.0014 13604 RTL8167 - ok
14:17:39.0045 13604 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:17:39.0045 13604 SamSs - ok
14:17:39.0123 13604 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:17:39.0123 13604 SASDIFSV - ok
14:17:39.0154 13604 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:17:39.0154 13604 SASKUTIL - ok
14:17:39.0201 13604 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:17:39.0201 13604 sbp2port - ok
14:17:39.0232 13604 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:17:39.0248 13604 SCardSvr - ok
14:17:39.0279 13604 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:17:39.0279 13604 scfilter - ok
14:17:39.0388 13604 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:17:39.0404 13604 Schedule - ok
14:17:39.0435 13604 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:17:39.0435 13604 SCPolicySvc - ok
14:17:39.0466 13604 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:17:39.0466 13604 SDRSVC - ok
14:17:39.0497 13604 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:17:39.0497 13604 secdrv - ok
14:17:39.0529 13604 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:17:39.0529 13604 seclogon - ok
14:17:39.0560 13604 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:17:39.0560 13604 SENS - ok
14:17:39.0591 13604 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:17:39.0591 13604 SensrSvc - ok
14:17:39.0607 13604 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:17:39.0607 13604 Serenum - ok
14:17:39.0622 13604 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:17:39.0622 13604 Serial - ok
14:17:39.0685 13604 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:17:39.0685 13604 sermouse - ok
14:17:39.0716 13604 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:17:39.0716 13604 SessionEnv - ok
14:17:39.0731 13604 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:17:39.0731 13604 sffdisk - ok
14:17:39.0747 13604 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:17:39.0747 13604 sffp_mmc - ok
14:17:39.0763 13604 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:17:39.0763 13604 sffp_sd - ok
14:17:39.0763 13604 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:17:39.0763 13604 sfloppy - ok
14:17:39.0825 13604 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:17:39.0825 13604 SharedAccess - ok
14:17:39.0887 13604 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:17:39.0887 13604 ShellHWDetection - ok
14:17:39.0903 13604 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:17:39.0903 13604 SiSRaid2 - ok
14:17:39.0919 13604 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:17:39.0919 13604 SiSRaid4 - ok
14:17:39.0934 13604 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:17:39.0950 13604 Smb - ok
14:17:39.0965 13604 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:17:39.0965 13604 SNMPTRAP - ok
14:17:39.0981 13604 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:17:39.0981 13604 spldr - ok
14:17:40.0028 13604 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:17:40.0028 13604 Spooler - ok
14:17:40.0262 13604 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:17:40.0277 13604 sppsvc - ok
14:17:40.0340 13604 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:17:40.0340 13604 sppuinotify - ok
14:17:40.0402 13604 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:17:40.0418 13604 srv - ok
14:17:40.0465 13604 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:17:40.0480 13604 srv2 - ok
14:17:40.0511 13604 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:17:40.0527 13604 srvnet - ok
14:17:40.0574 13604 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:17:40.0574 13604 SSDPSRV - ok
14:17:40.0605 13604 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:17:40.0605 13604 SstpSvc - ok
14:17:40.0652 13604 Steam Client Service - ok
14:17:40.0667 13604 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:17:40.0667 13604 stexstor - ok
14:17:40.0761 13604 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:17:40.0777 13604 stisvc - ok
14:17:40.0933 13604 Stuffit Archive Name Service (1db60cb3e53e2491d5d6c43c06676ca2) C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
14:17:40.0948 13604 Stuffit Archive Name Service - ok
14:17:41.0057 13604 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:17:41.0057 13604 swenum - ok
14:17:41.0120 13604 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:17:41.0135 13604 swprv - ok
14:17:41.0276 13604 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:17:41.0307 13604 SysMain - ok
14:17:41.0369 13604 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:17:41.0385 13604 TabletInputService - ok
14:17:41.0432 13604 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:17:41.0447 13604 TapiSrv - ok
14:17:41.0463 13604 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:17:41.0463 13604 TBS - ok
14:17:41.0650 13604 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:17:41.0681 13604 Tcpip - ok
14:17:41.0915 13604 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:17:41.0915 13604 TCPIP6 - ok
14:17:41.0993 13604 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:17:41.0993 13604 tcpipreg - ok
14:17:42.0025 13604 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:17:42.0025 13604 TDPIPE - ok
14:17:42.0040 13604 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:17:42.0040 13604 TDTCP - ok
14:17:42.0087 13604 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:17:42.0103 13604 tdx - ok
14:17:42.0149 13604 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:17:42.0149 13604 TermDD - ok
14:17:42.0212 13604 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:17:42.0227 13604 TermService - ok
14:17:42.0259 13604 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:17:42.0259 13604 Themes - ok
14:17:42.0274 13604 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:17:42.0274 13604 THREADORDER - ok
14:17:42.0290 13604 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:17:42.0305 13604 TrkWks - ok
14:17:42.0352 13604 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:17:42.0368 13604 TrustedInstaller - ok
14:17:42.0415 13604 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:17:42.0415 13604 tssecsrv - ok
14:17:42.0477 13604 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:17:42.0493 13604 TsUsbFlt - ok
14:17:42.0539 13604 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:17:42.0539 13604 tunnel - ok
14:17:42.0571 13604 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:17:42.0586 13604 uagp35 - ok
14:17:42.0633 13604 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:17:42.0649 13604 udfs - ok
14:17:42.0680 13604 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:17:42.0695 13604 UI0Detect - ok
14:17:42.0742 13604 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:17:42.0742 13604 uliagpkx - ok
14:17:42.0773 13604 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:17:42.0773 13604 umbus - ok
14:17:42.0773 13604 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:17:42.0773 13604 UmPass - ok
14:17:42.0820 13604 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:17:42.0820 13604 upnphost - ok
14:17:42.0851 13604 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:17:42.0867 13604 usbaudio - ok
14:17:42.0883 13604 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:17:42.0883 13604 usbccgp - ok
14:17:42.0914 13604 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:17:42.0929 13604 usbcir - ok
14:17:42.0945 13604 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:17:42.0945 13604 usbehci - ok
14:17:42.0976 13604 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
14:17:42.0976 13604 usbfilter - ok
14:17:43.0039 13604 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:17:43.0039 13604 usbhub - ok
14:17:43.0054 13604 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:17:43.0070 13604 usbohci - ok
14:17:43.0085 13604 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:17:43.0101 13604 usbprint - ok
14:17:43.0117 13604 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:17:43.0117 13604 USBSTOR - ok
14:17:43.0132 13604 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:17:43.0132 13604 usbuhci - ok
14:17:43.0179 13604 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:17:43.0179 13604 usbvideo - ok
14:17:43.0210 13604 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:17:43.0210 13604 UxSms - ok
14:17:43.0241 13604 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:17:43.0257 13604 VaultSvc - ok
14:17:43.0288 13604 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:17:43.0288 13604 vdrvroot - ok
14:17:43.0366 13604 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:17:43.0382 13604 vds - ok
14:17:43.0397 13604 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:17:43.0397 13604 vga - ok
14:17:43.0413 13604 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:17:43.0413 13604 VgaSave - ok
14:17:43.0444 13604 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:17:43.0444 13604 vhdmp - ok
14:17:43.0475 13604 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:17:43.0475 13604 viaide - ok
14:17:43.0491 13604 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:17:43.0491 13604 volmgr - ok
14:17:43.0553 13604 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:17:43.0553 13604 volmgrx - ok
14:17:43.0616 13604 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:17:43.0616 13604 volsnap - ok
14:17:43.0663 13604 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:17:43.0678 13604 vsmraid - ok
14:17:43.0803 13604 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:17:43.0819 13604 VSS - ok
14:17:43.0912 13604 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:17:43.0912 13604 vwifibus - ok
14:17:43.0943 13604 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:17:43.0959 13604 vwififlt - ok
14:17:43.0975 13604 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:17:43.0975 13604 vwifimp - ok
14:17:44.0053 13604 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:17:44.0068 13604 W32Time - ok
14:17:44.0084 13604 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:17:44.0084 13604 WacomPen - ok
14:17:44.0131 13604 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:17:44.0146 13604 WANARP - ok
14:17:44.0146 13604 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:17:44.0146 13604 Wanarpv6 - ok
14:17:44.0255 13604 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:17:44.0271 13604 WatAdminSvc - ok
14:17:44.0427 13604 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:17:44.0458 13604 wbengine - ok
14:17:44.0552 13604 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:17:44.0552 13604 WbioSrvc - ok
14:17:44.0614 13604 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:17:44.0630 13604 wcncsvc - ok
14:17:44.0645 13604 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:17:44.0645 13604 WcsPlugInService - ok
14:17:44.0677 13604 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:17:44.0677 13604 Wd - ok
14:17:44.0739 13604 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:17:44.0739 13604 Wdf01000 - ok
14:17:44.0755 13604 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:17:44.0755 13604 WdiServiceHost - ok
14:17:44.0770 13604 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:17:44.0770 13604 WdiSystemHost - ok
14:17:44.0817 13604 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:17:44.0817 13604 WebClient - ok
14:17:44.0864 13604 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:17:44.0864 13604 Wecsvc - ok
14:17:44.0879 13604 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:17:44.0879 13604 wercplsupport - ok
14:17:44.0895 13604 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:17:44.0895 13604 WerSvc - ok
14:17:44.0942 13604 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:17:44.0942 13604 WfpLwf - ok
14:17:44.0957 13604 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:17:44.0957 13604 WIMMount - ok
14:17:44.0973 13604 WinDefend - ok
14:17:45.0004 13604 WinHttpAutoProxySvc - ok
14:17:45.0051 13604 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:17:45.0067 13604 Winmgmt - ok
14:17:45.0254 13604 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:17:45.0285 13604 WinRM - ok
14:17:45.0425 13604 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:17:45.0457 13604 Wlansvc - ok
14:17:45.0691 13604 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:17:45.0722 13604 wlidsvc - ok
14:17:45.0847 13604 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:17:45.0847 13604 WmiAcpi - ok
14:17:45.0909 13604 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:17:45.0925 13604 wmiApSrv - ok
14:17:45.0940 13604 WMPNetworkSvc - ok
14:17:45.0971 13604 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:17:45.0987 13604 WPCSvc - ok
14:17:46.0081 13604 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:17:46.0096 13604 WPDBusEnum - ok
14:17:46.0112 13604 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:17:46.0127 13604 ws2ifsl - ok
14:17:46.0143 13604 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:17:46.0143 13604 wscsvc - ok
14:17:46.0159 13604 WSearch - ok
14:17:46.0377 13604 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:17:46.0455 13604 wuauserv - ok
14:17:46.0549 13604 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:17:46.0564 13604 WudfPf - ok
14:17:46.0595 13604 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:17:46.0595 13604 WUDFRd - ok
14:17:46.0627 13604 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:17:46.0642 13604 wudfsvc - ok
14:17:46.0736 13604 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:17:46.0751 13604 WwanSvc - ok
14:17:46.0798 13604 MBR (0x1B8) (7d7275f85a559cac9ff9e94041b8ebe4) \Device\Harddisk0\DR0
14:17:46.0845 13604 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
14:17:46.0845 13604 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
14:17:46.0861 13604 Boot (0x1200) (42df0a1cc730a5f511118f118967e38e) \Device\Harddisk0\DR0\Partition0
14:17:46.0861 13604 \Device\Harddisk0\DR0\Partition0 - ok
14:17:46.0907 13604 Boot (0x1200) (c3d145af7cc1c7ccc51d5a69b61da84c) \Device\Harddisk0\DR0\Partition1
14:17:46.0907 13604 \Device\Harddisk0\DR0\Partition1 - ok
14:17:46.0939 13604 Boot (0x1200) (928bab05e2891188357f1198e1d3f86b) \Device\Harddisk0\DR0\Partition2
14:17:46.0939 13604 \Device\Harddisk0\DR0\Partition2 - ok
14:17:46.0939 13604 ============================================================
14:17:46.0939 13604 Scan finished
14:17:46.0939 13604 ============================================================
14:17:46.0970 10512 Detected object count: 1
14:17:46.0970 10512 Actual detected object count: 1
14:18:43.0177 10512 \Device\Harddisk0\DR0\# - copied to quarantine
14:18:43.0177 10512 \Device\Harddisk0\DR0 - copied to quarantine
14:18:43.0208 10512 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
14:18:43.0208 10512 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
14:18:43.0224 10512 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
14:18:43.0224 10512 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
14:18:43.0224 10512 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
14:18:43.0224 10512 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
14:18:43.0224 10512 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
14:18:43.0224 10512 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
14:18:43.0224 10512 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
14:18:43.0224 10512 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:18:43.0224 10512 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:18:43.0224 10512 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:18:43.0224 10512 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:18:43.0239 10512 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
14:18:43.0239 10512 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
14:18:43.0239 10512 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
14:18:43.0239 10512 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
14:18:43.0442 10512 \Device\Harddisk0\DR0\TDLFS\sant32 - copied to quarantine
14:18:43.0614 10512 \Device\Harddisk0\DR0\TDLFS\sant64 - copied to quarantine
14:18:43.0676 10512 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
14:18:43.0754 10512 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
14:18:43.0754 10512 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
14:18:43.0816 10512 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
14:18:43.0863 10512 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
14:18:43.0879 10512 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
14:18:43.0879 10512 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
14:18:44.0082 10512 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
14:18:44.0113 10512 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
14:18:44.0160 10512 \Device\Harddisk0\DR0 - ok
14:18:44.0846 10512 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
14:19:12.0364 11808 Deinitialize success




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-15 14:23:07
-----------------------------
14:23:07.605 OS Version: Windows x64 6.1.7601 Service Pack 1
14:23:07.605 Number of processors: 2 586 0x603
14:23:07.605 ComputerName: UserName:
14:23:10.226 Initialize success
14:24:46.757 AVAST engine defs: 12061501
14:25:15.461 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
14:25:15.461 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
14:25:15.508 Disk 0 MBR read successfully
14:25:15.523 Disk 0 MBR scan
14:25:15.523 Disk 0 unknown MBR code
14:25:15.554 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:25:15.601 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 931375 MB offset 206848
14:25:15.648 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 22383 MB offset 1907662848
14:25:15.757 Disk 0 scanning C:\Windows\system32\drivers
14:25:25.351 Service scanning
14:25:51.793 Modules scanning
14:25:51.809 Disk 0 trace - called modules:
14:25:51.825 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
14:25:51.840 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800611a060]
14:25:51.856 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8005fcfb80]
14:25:51.871 5 amdxata.sys[fffff88000fc47a8] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa8005fca060]
14:25:55.288 AVAST engine scan C:\Windows
14:25:59.749 AVAST engine scan C:\Windows\system32
14:30:15.950 AVAST engine scan C:\Windows\system32\drivers
14:30:26.355 AVAST engine scan C:\Users\username1
14:34:11.370 AVAST engine scan C:\ProgramData
14:38:32.784 Scan finished successfully
14:43:10.792 Disk 0 MBR has been saved successfully to "C:\Users\username1\Desktop\MBR.dat"
14:43:10.792 The log file has been saved successfully to "C:\Users\username1\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 AM

Posted 15 June 2012 - 08:55 PM

Hello RicinAndBeans

Just looking at your Nickname and where I live that is the main part of thier diet out of curiosity why did you pick that name?

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 RicinAndBeans

RicinAndBeans
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 16 June 2012 - 04:29 PM

Hey Gringo,

The name is a joke basically. In the TV show Breaking Bad there is a really funny scene where one guy says he is going to make ricin poison from the beans, and his dumb sidekick says something like we're going to kill him with "Rice and Beans"? RicinAndBeans was just a joke based off that funny moment ;)

The two problems seem to have been fixed as ever since yesterday I have not had any redirection problems and those freakin audio ads are gone! McAfee did pop on ComboFix.exe, it said it had a virus called "Artemis!" in it. I had to download it again and run it again (I did so by moving the text file you mentioned onto it like instructed).



ComboFix 12-06-15.06 - user1 06/16/2012 14:00:46.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4575 [GMT -7:00]
Running from: c:\users\user1\Desktop\ComboFix.exe
Command switches used :: c:\users\user1\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 )))))))))))))))))))))))))))))))
.
.
2012-06-16 21:09 . 2012-06-16 21:09 -------- d-----w- c:\users\user2\AppData\Local\temp
2012-06-16 21:09 . 2012-06-16 21:09 -------- d-----w- c:\users\user4\AppData\Local\temp
2012-06-16 21:09 . 2012-06-16 21:09 -------- d-----w- c:\users\user3\AppData\Local\temp
2012-06-16 21:09 . 2012-06-16 21:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-16 21:09 . 2012-06-16 21:09 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-15 21:18 . 2012-06-15 21:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-15 09:09 . 2012-06-16 06:34 -------- d-----w- c:\users\user2\AppData\Local\CrashDumps
2012-06-12 23:38 . 2012-06-12 23:38 -------- d-----w- c:\users\user2\AppData\Local\Macromedia
2012-06-12 19:50 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 15:42 . 2012-06-16 21:09 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-12 13:48 . 2012-06-12 13:48 -------- d-----w- c:\users\user1\AppData\Roaming\VS Revo Group
2012-06-12 13:37 . 2012-06-12 13:37 -------- d-----w- c:\users\user1\AppData\Local\VS Revo Group
2012-06-12 13:37 . 2009-12-30 18:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-06-12 13:37 . 2012-06-12 13:37 -------- d-----w- c:\program files\VS Revo Group
2012-06-12 12:53 . 2012-06-13 15:46 -------- d-----w- c:\users\user1\AppData\Roaming\Resource Tuner
2012-06-12 12:53 . 2012-06-12 12:53 -------- d-----w- c:\program files (x86)\Resource Tuner
2012-06-12 12:05 . 2012-06-12 12:05 -------- d-----w- c:\users\user1\AppData\Local\Macromedia
2012-06-08 04:56 . 2012-06-08 04:56 -------- d-----w- c:\users\user2\AppData\Local\Diagnostics
2012-06-03 13:36 . 2012-06-16 20:50 -------- d-----w- c:\users\user1\AppData\Roaming\vlc
2012-06-03 13:30 . 2012-06-03 13:30 -------- d-----w- c:\programdata\Graboid Inc
2012-06-03 13:30 . 2012-06-03 13:30 -------- d-----w- c:\users\user1\AppData\Local\Geckofx
2012-06-03 13:29 . 2012-06-06 18:34 -------- d-----w- c:\program files (x86)\Graboid
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 12:04 . 2012-03-30 20:20 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-12 12:04 . 2011-10-25 21:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 11:15 . 2012-03-30 21:15 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-17 17:11 . 2011-10-26 03:02 49152 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-04-17 17:11 . 2011-10-26 03:02 17920 ----a-w- c:\windows\system32\smrgdf.exe
2012-04-17 16:37 . 2012-03-30 11:25 2154032 ----a-w- c:\windows\system32\Incinerator64.dll
2012-04-17 16:37 . 2011-10-26 03:02 2095816 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2012-03-30 11:35 . 2012-05-08 19:17 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 20:11 . 2010-08-24 19:57 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-18 15:37 . 2012-03-18 15:37 1008141 ----a-w- c:\program files (x86)\rkill.com
2012-03-18 15:31 . 2012-03-18 15:31 607260 ----a-w- c:\program files (x86)\dds.scr
2012-03-18 15:31 . 2012-03-18 15:31 389024 ----a-w- c:\program files (x86)\unhide.exe
2012-03-18 14:23 . 2012-03-18 14:23 9262656 ----a-w- c:\program files (x86)\stinger.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-15_13.00.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-06-16 11:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-15 10:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-15 10:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-16 11:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-15 10:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-16 11:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-26 00:39 . 2012-06-16 11:45 58820 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-15 23:17 44082 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-25 14:44 . 2012-06-16 20:51 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-25 14:44 . 2012-06-15 10:58 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-25 14:44 . 2012-06-15 10:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-25 14:44 . 2012-06-16 20:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-15 10:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-16 20:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-15 18:31 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-11-30 18:25 . 2012-06-15 23:17 5684 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3133816111-1074800021-3642880424-1004_UserData.bin
+ 2011-10-26 01:57 . 2012-06-15 21:22 8850 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3133816111-1074800021-3642880424-1000_UserData.bin
- 2012-06-15 12:57 . 2012-06-15 12:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-16 21:09 . 2012-06-16 21:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-16 21:09 . 2012-06-16 21:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-15 12:57 . 2012-06-15 12:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-06-15 10:55 672282 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-16 11:47 672282 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-16 11:47 125014 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-15 10:55 125014 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-15 12:57 447248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-16 21:09 447248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-26 01:54 . 2012-06-16 08:46 3285024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-10-26 01:54 . 2012-06-14 21:58 3285024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-25 07:37 . 2012-06-16 08:46 2922572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3133816111-1074800021-3642880424-1004-8192.dat
- 2011-10-25 07:37 . 2012-06-15 09:09 2922572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3133816111-1074800021-3642880424-1004-8192.dat
+ 2011-11-30 06:42 . 2012-06-16 21:09 3763912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3133816111-1074800021-3642880424-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="-scheduler" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe" [2010-07-21 2095616]
"BATINDICATORHL"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe" [2010-07-23 557056]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-12-01 121456]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-10-22 895512]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Converter 7\RegistryController.exe" [2010-08-18 121120]
"Nuance PDF Converter 7-reminder"="c:\program files (x86)\Nuance\PDF Converter 7\Ereg\Ereg.exe" [2010-07-05 333088]
"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2012-04-17 938680]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 257224]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Scarlet Legacy\bin\GameGuard\dump_wmimmc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2010-08-05 16384]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-04-17 1047336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-10-22 1121304]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:04]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3133816111-1074800021-3642880424-1004Core.job
- c:\users\user2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-10 05:10]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3133816111-1074800021-3642880424-1004UA.job
- c:\users\user2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-10 05:10]
.
2012-06-16 c:\windows\Tasks\HPCeeScheduleForuser4.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-06-14 c:\windows\Tasks\HPCeeScheduleForuser1.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-05-24 c:\windows\Tasks\HPCeeScheduleForSKYNET$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 7.0 - c:\program files (x86)\Nuance\PDF Converter 7\cnvres_eng.dll /100
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 68.116.46.115 24.205.192.61
FF - ProfilePath - c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\zk1wnx9f.default\
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\xampp\mysql\bin\mysqld.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
.
**************************************************************************
.
Completion time: 2012-06-16 14:15:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-16 21:15
ComboFix2.txt 2012-06-15 13:22
.
Pre-Run: 708,445,265,920 bytes free
Post-Run: 708,208,418,816 bytes free
.
- - End Of File - - 51DB9856880F90E9A28A1959111BF73D

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 AM

Posted 16 June 2012 - 08:46 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 AM

Posted 19 June 2012 - 12:34 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 RicinAndBeans

RicinAndBeans
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 21 June 2012 - 09:37 AM

Hey, sorry I got busy the last few days and with the two main problems seemingly gone I forgot to reply. I will do another scan this afternoon and post the results. Sorry about that.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 AM

Posted 21 June 2012 - 09:56 PM

no problem and see you later


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 RicinAndBeans

RicinAndBeans
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 23 June 2012 - 09:25 AM

7-Zip 4.57
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Agatha Christie - Peril at End House
Airport Mania
Amazon MP3 Downloader 1.0.12
Ancient Hearts
Apple Application Support
Apple Software Update
Azteca
Bejeweled 2 Deluxe
Bing Rewards Client Installer
BitComet 1.31
Blasterball 3
Blio
Bob the Builder Can-Do-Zoo
Bounce Symphony
Build-a-lot
Build-a-Lot - The Elizabethan Era
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Collapse Crunch
Cook'n Deluxe
CyberLink DVD Suite Deluxe
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
DirectX for Managed Code Update (Summer 2004)
Dora's World Adventure
DVD Menu Pack for HP TouchSmart Video
Elements 9 Organizer
Elements STI Installer
Facebook for HP TouchSmart
Farm Frenzy
FATE
Futuremark SystemInfo
GIMP 2.6.11
GodsWar Online
GOM Player
Google Chrome
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP AppsCenter for TouchSmart
HP Customer Experience Enhancements
HP Game Console
HP Games
HP Keyboard
HP LinkUp
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP My Display TouchSmart Edition
HP Odometer
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP TouchSmart
HP TouchSmart Browser
HP TouchSmart Calendar
HP TouchSmart Canvas
HP TouchSmart Clock
HP TouchSmart Default Magnets
HP TouchSmart DVD
HP TouchSmart eBay
HP TouchSmart Music
HP TouchSmart Notes
HP TouchSmart Photo
HP TouchSmart RecipeBox
HP TouchSmart RSS
HP TouchSmart Tutorials
HP TouchSmart Twitter
HP TouchSmart Video
HP TouchSmart Weather
HP TouchSmart Webcam
HP Update
Hulu Desktop
iolo technologies' System Mechanic
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 30
Jewel Quest Solitaire 2
Junk Mail filter update
Kobo
LabelPrint
LightScribe System Software
Mah Jong Medley
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee AntiVirus Plus
McAfee Security Scan Plus
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Movie Theme Pack for HP TouchSmart Video
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Workbench 5.2 CE
Norton Online Backup
Notepad++
Nuance PDF Converter 7
OpenOffice.org 3.3
Pando Media Booster
PDF Complete Special Edition
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
Punch! Home and Landscape
Quassel (remove only)
R.U.S.E. for TouchSmart
Realtek High Definition Audio Driver
Recovery Manager
Remote Graphics Receiver
Resource Tuner 1.99 R6
RoxioNow Player
Scansoft PDF Converter
Scarlet Legacy
SDK
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skip-Bo - Castaway Caper
Slingo Deluxe
Steam
Tropical Fish Shop - Annabel's Adventure
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Virtual Villagers 4 - The Tree of Life
VLC media player 1.0.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
XAMPP 1.7.7
yEd Graph Editor 3.9.1
Zinio Reader 4
Zuma Deluxe

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 AM

Posted 23 June 2012 - 11:41 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Bing Rewards Client Installer
BitComet 1.31
Java™ 6 Update 22
Java™ 6 Update 30
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 RicinAndBeans

RicinAndBeans
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 25 June 2012 - 04:52 PM

Bing Rewards Client Installer <--- can't find this on Revo.


McAfee Security Scan Plus <--- why do you want me to remove McAfee?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 AM

Posted 25 June 2012 - 09:15 PM

Greetings

McAfee Security Scan Plus is not part of McAfee antivirus - http://techie-buzz.com/softwares/mcafee-security-scan-plus.html

Each recommendation is designed to offer McAfee a good chance to sell you something. This isn’t good free software – it’s a good marketing tool. I was very disappointed, and I only posted this review so that I can save others the trouble of downloading unwanted advertising. I would classify it as Adware.



gringo

Edited by gringo_pr, 25 June 2012 - 09:16 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users