Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplore.exe virus, Google redirects


  • This topic is locked This topic is locked
34 replies to this topic

#1 dustroid

dustroid

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 18 June 2012 - 10:32 AM

I'm getting audio ads playing on my computer with no web browser open. A quick glance at my Task Manager shows several instances of iexplore.exe running at a given time, even though I don't have IE open. In general, my machine gets bogged down frequently and CPU usage is much higher than it should be.

I'm not sure if it's related, but I'm getting redirects when I click on Google links, typically to some sort of ad website. I use Firefox exclusively.

Here is my DDS.txt log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0
Run by Administrator at 10:00:10 on 2012-06-18
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1917.807 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\GFI\LanGuard 10 Agent\lnssatt.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\WxMesgNet\WxMcli.exe
C:\Program Files\WxMesgNet\WxMap.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe
C:\windows\System32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101014101405.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW
mRun: [<NO NAME>]
mRun: [WxMcli] c:\program files\wxmesgnet\WxMcli.exe
mRun: [WxMap] c:\program files\wxmesgnet\WxMap.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe"
mRun: [McAfee Managed Services Tray] c:\program files\mcafee\managed virusscan\agent\StartMyAgtTry.Exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [HP Color LaserJet CM2320 MFP Series Fax] c:\program files\hp\hp color laserjet cm2320 mfp series\hppfaxprintersrv.exe "HP Color LaserJet CM2320 MFP Series Fax"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BizCover] c:\bizcover\StartBizCover.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRunOnce: [Trojan Remover] "c:\program files\trojan remover\RMVTRJAN.EXE" /restart
mRunOnce: [NoIE4StubProcessing] c:\windows\system32\reg.exe delete "hklm\software\microsoft\active setup\Installed Components" /v "NoIE4StubProcessing" /f
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{828B6D8C-5301-43A5-902B-5511A2D968A9} : NameServer = 8.8.8.8,4.2.2.2
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\myRmProt4.9.2.358.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Hosts: 192.168.20.201 charon # HP Proliant Linux server
Hosts: 192.168.20.202 europa # Science workstation # 1
Hosts: 192.168.20.203 ganymede # Science workstation # 2
Hosts: 192.168.20.204 callisto # Science workstation # 3
Hosts: 192.168.20.205 bigej # Vanessa PC - Win7
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\ri64esjo.default\
FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-7-25 434624]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-12 163592]
R0 phylock;phylock;c:\windows\system32\drivers\phylock.sys [2010-11-12 20960]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-12 64016]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;c:\program files\gfi\languard 10 agent\lnssatt.exe [2011-8-12 115568]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2010-3-25 226624]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-14 158296]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-14 154152]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-14 145424]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2010-7-25 291064]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-7-25 635416]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RumorServer;McAfee Peer Distribution Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2010-7-25 291064]
R3 MfeAVFK;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-25 170912]
R3 MfeBOPK;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-25 59096]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-12 327952]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-8-20 189440]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2011-6-16 59520]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 257224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-12 85760]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-7-25 34248]
S3 PCAlertDriver;PCAlertDriver;c:\bizcover\NTGLM7X.sys [2010-7-25 30208]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TBIMount;TBIMount;c:\windows\system32\drivers\TBIMount.sys [2010-11-12 87648]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-26 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-12 1343400]
.
=============== Created Last 30 ================
.
2012-06-17 10:01:03 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fc45e0e9-3ad2-4b95-86ce-6a5311a89c3a}\offreg.dll
2012-06-15 21:05:15 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-06-15 21:05:15 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-06-15 21:05:05 -------- d-----w- c:\programdata\Simply Super Software
2012-06-15 21:05:05 -------- d-----w- c:\program files\Trojan Remover
2012-06-15 20:33:27 -------- d-----w- c:\windows\pss
2012-06-15 18:08:49 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-15 18:08:49 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-15 18:08:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-06-15 18:08:49 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-15 17:04:30 -------- d-----w- c:\program files\trend micro
2012-06-15 16:18:19 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fc45e0e9-3ad2-4b95-86ce-6a5311a89c3a}\mpengine.dll
2012-06-15 16:18:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-06-15 16:17:59 -------- d-----w- c:\users\administrator\appdata\roaming\Anvisoft
2012-06-15 16:13:37 -------- d-----w- c:\program files\Anvisoft
2012-06-15 15:51:37 -------- d-----w- c:\programdata\GFI Software
2012-06-15 15:37:58 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-06-15 15:36:55 -------- d-----w- c:\users\administrator\appdata\roaming\Ad-Aware Antivirus
.
==================== Find3M ====================
.
2012-06-13 12:24:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 12:24:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-15 01:05:38 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-07 11:26:29 2342400 ----a-w- c:\windows\system32\msi.dll
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 10:00:37.03 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 PM

Posted 19 June 2012 - 12:07 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dustroid

dustroid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 19 June 2012 - 08:38 AM

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
McAfee Virus and Spyware Protection Service
McAfee SiteAdvisor Enterprise Plus
Java™ 6 Update 27
Java™ 7
Java version out of Date!
Adobe Flash Player 11.3.300.257
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (7.0.1)
Mozilla Thunderbird 11.0.1 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
McAfee Managed VirusScan Agent myAgtSvc.Exe
McAfee Managed VirusScan Agent myAgtSvc.exe
McAfee Managed VirusScan DesktopUI XTray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````




ComboFix 12-06-19.01 - Administrator 06/19/2012 8:13.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1917.1033 [GMT -5:00]
Running from: c:\users\Dustin\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 13:21 . 2012-06-19 13:21 -------- d-----w- c:\users\Tom\AppData\Local\temp
2012-06-19 13:21 . 2012-06-19 13:21 -------- d-----w- c:\users\mike\AppData\Local\temp
2012-06-19 13:21 . 2012-06-19 13:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-19 10:03 . 2012-06-19 10:03 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD2B3872-3ABD-47CE-88AF-444CA0A9D434}\offreg.dll
2012-06-19 10:00 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD2B3872-3ABD-47CE-88AF-444CA0A9D434}\mpengine.dll
2012-06-15 21:05 . 2003-02-03 01:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-06-15 21:05 . 2002-03-06 06:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-06-15 21:05 . 2012-06-15 22:05 -------- d-----w- c:\program files\Trojan Remover
2012-06-15 21:05 . 2012-06-15 21:05 -------- d-----w- c:\programdata\Simply Super Software
2012-06-15 18:40 . 2012-06-15 18:40 -------- d-----w- c:\users\Dustin\AppData\Roaming\Malwarebytes
2012-06-15 18:08 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-15 18:08 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-06-15 18:08 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-15 18:08 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-15 17:04 . 2012-06-15 17:04 -------- d-----w- C:\rsit
2012-06-15 17:04 . 2012-06-15 17:04 -------- d-----w- c:\program files\trend micro
2012-06-15 16:18 . 2012-02-23 15:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-06-15 16:17 . 2012-06-15 16:17 -------- d-----w- c:\users\Administrator\AppData\Roaming\Anvisoft
2012-06-15 16:13 . 2012-06-15 16:58 -------- d-----w- c:\program files\Anvisoft
2012-06-15 15:51 . 2012-06-15 15:51 -------- d-----w- c:\programdata\GFI Software
2012-06-15 15:41 . 2012-06-15 15:44 -------- d-----w- c:\users\Dustin\AppData\Local\adaware
2012-06-15 15:37 . 2012-06-15 15:51 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-06-15 15:36 . 2012-06-15 15:40 -------- d-----w- c:\users\Administrator\AppData\Roaming\Ad-Aware Antivirus
2012-06-13 20:14 . 2012-06-13 20:14 -------- d-----w- c:\users\Dustin\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 17:45 . 2012-04-02 12:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-18 17:45 . 2011-09-30 19:19 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-06 15:01 . 2011-09-30 19:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WxMcli"="c:\program files\WxMesgNet\WxMcli.exe" [2010-05-07 186784]
"WxMap"="c:\program files\WxMesgNet\WxMap.exe" [2010-05-07 305056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 144384]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-09-21 476480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 135168]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"HP Color LaserJet CM2320 MFP Series Fax"="c:\program files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe" [2009-09-23 2453504]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 167424]
"BizCover"="c:\bizcover\StartBizCover.exe" [2009-10-28 204088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NoIE4StubProcessing"="c:\windows\system32\reg.exe DELETE HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 257224]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-12 85760]
R3 PCAlertDriver;PCAlertDriver;c:\bizcover\NTGLM7X.sys [2008-09-19 30208]
R3 TBIMount;TBIMount;c:\windows\System32\drivers\tbimount.sys [2010-09-09 87648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-12 1343400]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-12 163592]
S0 phylock;phylock;c:\windows\system32\drivers\phylock.sys [2010-06-08 20960]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-12 64016]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;c:\program files\GFI\LanGuard 10 Agent\lnssatt.exe [2011-08-12 115568]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-03-25 226624]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-05 154152]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-08-12 145424]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [2010-09-21 291064]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 RumorServer;McAfee Peer Distribution Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2010-09-21 291064]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-12 327952]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2011-06-16 59520]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - fxldrpow
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:45]
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: Interfaces\{828B6D8C-5301-43A5-902B-5511A2D968A9}: NameServer = 8.8.8.8,4.2.2.2
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ri64esjo.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-McAfee Managed Services Tray - c:\program files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe
HKLM-RunOnce-Trojan Remover - c:\program files\Trojan Remover\RMVTRJAN.EXE
AddRemove-MVS - c:\progra~1\McAfee\MANAGE~1\Agent\myinx
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3812118618-3519713718-615325280-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,3b,1b,ff,59,e0,
39,58,65,3d,08,81,05,c0,c9,d0,64,d4,7d
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,3b,1b,29,28,99,
5f,f0,82,4b,04,85,a2,42,59,e1,ac,e8,86
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,3b,1b,58,a3,a1,
16,e1,e8,22,0e,94,50,1b,2a,bd,8c,a4,71
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,c5,
00,98,ba,ed,07,bf,9c,b0,17,8f,68,f9,d6
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,3b,1b,95,69,a5,
76,aa,47,91,0e,bb,45,f3,a3,a9,82,02,4e
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,3b,1b,b0,c8,a8,
65,74,20,17,0b,ac,87,29,49,f3,5a,16,24
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c9,2a,
88,37,1e,d1,0f,94,c6,1b,24,75,4e,27,d3
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,3b,1b,55,cd,66,
b6,54,ba,21,0d,98,79,4e,05,ed,50,5d,05
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,39,f4,7e,
a9,83,f3,68,0f,ab,0e,66,90,ea,4c,cc,ea
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,d2,
c3,70,f6,35,06,a6,7e,d6,65,c2,83,cc,bc
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,3b,1b,d0,90,40,
f9,23,d7,cf,07,9b,e0,96,d4,ef,5c,8b,05
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,3b,1b,f7,03,8d,
ec,95,88,3d,05,83,6e,2c,1d,8d,a0,e4,62
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,1f,
e7,6f,9e,40,0b,a5,31,dc,a9,2a,90,11,16
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c3,f0,
a5,50,90,be,54,a6,e7,4a,e0,ca,4c,f1,1a
.
[HKEY_USERS\S-1-5-21-3812118618-3519713718-615325280-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:d6,5c,f0,91,f4,7d,cc,01
.
[HKEY_USERS\S-1-5-21-3812118618-3519713718-615325280-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,54,65,fe,2a,59,9e,4b,98,62,b0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,54,65,fe,2a,59,9e,4b,98,62,b0,\
.
[HKEY_USERS\S-1-5-21-3812118618-3519713718-615325280-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3812118618-3519713718-615325280-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3812118618-3519713718-615325280-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3812118618-3519713718-615325280-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3812118618-3519713718-615325280-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(704)
c:\program files\ActivIdentity\ActivClient\accsp.dll
c:\program files\ActivIdentity\ActivClient\Resources\accsprc.dll
c:\program files\ActivIdentity\ActivClient\asphat32.dll
c:\program files\ActivIdentity\ActivClient\ackpbsc.dll
c:\program files\ActivIdentity\ActivClient\aclog.dll
c:\program files\ActivIdentity\ActivClient\accrypto.dll
c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll
c:\program files\ActivIdentity\ActivClient\acerrmes.dll
c:\program files\ActivIdentity\ActivClient\acevtsub.dll
c:\program files\ActivIdentity\ActivClient\aiwinext.dll
c:\program files\ActivIdentity\ActivClient\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll
.
- - - - - - - > 'Explorer.exe'(4120)
c:\users\Dustin\AppData\Local\Microsoft\xqzxqbbo.dll
.
Completion time: 2012-06-19 08:25:04
ComboFix-quarantined-files.txt 2012-06-19 13:25
.
Pre-Run: 268,380,532,736 bytes free
Post-Run: 269,779,832,832 bytes free
.
- - End Of File - - 6C3433A4D33BBFB57386B2F43C38009B




The only problem I had when I ran ComboFix was that I kept getting a pop-up that said:
"Windows cannot find 'NIRKMD'. Make sure you typed the name correctly, and then try again."

I'm still getting multiple instances of iexplore.exe running that hog my CPU and play audio ads in the background, even though IE is not open. The Google link redirection seems to be better.

EDIT: Spoke too soon. Still getting Google link redirection. <insert sad face>

Edited by dustroid, 19 June 2012 - 11:09 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 PM

Posted 19 June 2012 - 12:44 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dustroid

dustroid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 19 June 2012 - 01:11 PM

12:51:33.0785 5428 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
12:51:34.0227 5428 ============================================================
12:51:34.0227 5428 Current date / time: 2012/06/19 12:51:34.0227
12:51:34.0227 5428 SystemInfo:
12:51:34.0227 5428
12:51:34.0228 5428 OS Version: 6.1.7601 ServicePack: 1.0
12:51:34.0228 5428 Product type: Workstation
12:51:34.0228 5428 ComputerName: ROI
12:51:34.0228 5428 UserName: Administrator
12:51:34.0228 5428 Windows directory: C:\Windows
12:51:34.0228 5428 System windows directory: C:\Windows
12:51:34.0228 5428 Processor architecture: Intel x86
12:51:34.0228 5428 Number of processors: 2
12:51:34.0228 5428 Page size: 0x1000
12:51:34.0228 5428 Boot type: Normal boot
12:51:34.0228 5428 ============================================================
12:51:35.0163 5428 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:51:35.0170 5428 ============================================================
12:51:35.0170 5428 \Device\Harddisk0\DR0:
12:51:35.0170 5428 MBR partitions:
12:51:35.0170 5428 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3FF800
12:51:35.0170 5428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x400000, BlocksNum 0x2412E800
12:51:35.0170 5428 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2452E800, BlocksNum 0xEFB000
12:51:35.0170 5428 ============================================================
12:51:35.0186 5428 C: <-> \Device\Harddisk0\DR0\Partition1
12:51:35.0230 5428 D: <-> \Device\Harddisk0\DR0\Partition2
12:51:35.0257 5428 ============================================================
12:51:35.0257 5428 Initialize success
12:51:35.0257 5428 ============================================================
12:52:41.0997 5016 ============================================================
12:52:41.0997 5016 Scan started
12:52:41.0997 5016 Mode: Manual;
12:52:41.0997 5016 ============================================================
12:52:43.0177 5016 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:52:43.0257 5016 1394ohci - ok
12:52:43.0380 5016 ac.sharedstore (00659e56339389469473aec41587e706) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
12:52:43.0460 5016 ac.sharedstore - ok
12:52:43.0610 5016 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:52:43.0633 5016 ACPI - ok
12:52:43.0675 5016 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:52:43.0762 5016 AcpiPmi - ok
12:52:43.0928 5016 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:52:43.0931 5016 AdobeFlashPlayerUpdateSvc - ok
12:52:43.0990 5016 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:52:44.0036 5016 adp94xx - ok
12:52:44.0117 5016 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:52:44.0143 5016 adpahci - ok
12:52:44.0215 5016 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:52:44.0231 5016 adpu320 - ok
12:52:44.0275 5016 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:52:44.0277 5016 AeLookupSvc - ok
12:52:44.0336 5016 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:52:44.0339 5016 AFD - ok
12:52:44.0370 5016 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:52:44.0383 5016 agp440 - ok
12:52:44.0416 5016 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:52:44.0420 5016 aic78xx - ok
12:52:44.0461 5016 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:52:44.0470 5016 ALG - ok
12:52:44.0504 5016 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:52:44.0511 5016 aliide - ok
12:52:44.0533 5016 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:52:44.0540 5016 amdagp - ok
12:52:44.0562 5016 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:52:44.0566 5016 amdide - ok
12:52:44.0596 5016 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:52:44.0600 5016 AmdK8 - ok
12:52:44.0616 5016 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:52:44.0622 5016 AmdPPM - ok
12:52:44.0655 5016 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
12:52:44.0781 5016 amdsata - ok
12:52:44.0805 5016 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:52:44.0819 5016 amdsbs - ok
12:52:44.0848 5016 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
12:52:44.0986 5016 amdxata - ok
12:52:45.0017 5016 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:52:45.0137 5016 AppID - ok
12:52:45.0175 5016 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:52:45.0189 5016 AppIDSvc - ok
12:52:45.0227 5016 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
12:52:45.0228 5016 Appinfo - ok
12:52:45.0258 5016 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
12:52:45.0273 5016 AppMgmt - ok
12:52:45.0307 5016 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:52:45.0315 5016 arc - ok
12:52:45.0341 5016 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:52:45.0353 5016 arcsas - ok
12:52:45.0378 5016 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:52:45.0383 5016 AsyncMac - ok
12:52:45.0413 5016 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:52:45.0418 5016 atapi - ok
12:52:45.0464 5016 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:52:45.0518 5016 AudioEndpointBuilder - ok
12:52:45.0527 5016 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:52:45.0531 5016 Audiosrv - ok
12:52:45.0582 5016 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
12:52:45.0632 5016 AxInstSV - ok
12:52:45.0682 5016 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:52:45.0699 5016 b06bdrv - ok
12:52:45.0728 5016 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:52:45.0739 5016 b57nd60x - ok
12:52:45.0815 5016 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
12:52:45.0890 5016 BBSvc - ok
12:52:45.0931 5016 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
12:52:45.0992 5016 BBUpdate - ok
12:52:46.0014 5016 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:52:46.0021 5016 BDESVC - ok
12:52:46.0051 5016 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:52:46.0055 5016 Beep - ok
12:52:46.0105 5016 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
12:52:46.0162 5016 BFE - ok
12:52:46.0217 5016 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
12:52:46.0232 5016 BITS - ok
12:52:46.0248 5016 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:52:46.0256 5016 blbdrive - ok
12:52:46.0285 5016 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:52:46.0346 5016 bowser - ok
12:52:46.0364 5016 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:52:46.0371 5016 BrFiltLo - ok
12:52:46.0384 5016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:52:46.0391 5016 BrFiltUp - ok
12:52:46.0425 5016 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
12:52:46.0432 5016 BridgeMP - ok
12:52:46.0465 5016 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
12:52:46.0504 5016 Browser - ok
12:52:46.0536 5016 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:52:46.0548 5016 Brserid - ok
12:52:46.0561 5016 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:52:46.0568 5016 BrSerWdm - ok
12:52:46.0583 5016 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:52:46.0586 5016 BrUsbMdm - ok
12:52:46.0596 5016 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:52:46.0603 5016 BrUsbSer - ok
12:52:46.0616 5016 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:52:46.0622 5016 BTHMODEM - ok
12:52:46.0654 5016 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:52:46.0659 5016 bthserv - ok
12:52:46.0770 5016 catchme - ok
12:52:46.0807 5016 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:52:46.0814 5016 cdfs - ok
12:52:46.0850 5016 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
12:52:46.0920 5016 cdrom - ok
12:52:46.0953 5016 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:52:46.0989 5016 CertPropSvc - ok
12:52:47.0000 5016 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:52:47.0005 5016 circlass - ok
12:52:47.0046 5016 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:52:47.0049 5016 CLFS - ok
12:52:47.0104 5016 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:52:47.0109 5016 clr_optimization_v2.0.50727_32 - ok
12:52:47.0164 5016 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:52:47.0176 5016 clr_optimization_v4.0.30319_32 - ok
12:52:47.0199 5016 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:52:47.0203 5016 CmBatt - ok
12:52:47.0226 5016 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:52:47.0229 5016 cmdide - ok
12:52:47.0264 5016 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
12:52:47.0356 5016 CNG - ok
12:52:47.0367 5016 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:52:47.0371 5016 Compbatt - ok
12:52:47.0410 5016 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:52:47.0457 5016 CompositeBus - ok
12:52:47.0472 5016 COMSysApp - ok
12:52:47.0491 5016 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:52:47.0496 5016 crcdisk - ok
12:52:47.0535 5016 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
12:52:47.0588 5016 CryptSvc - ok
12:52:47.0637 5016 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
12:52:47.0704 5016 CSC - ok
12:52:47.0759 5016 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
12:52:47.0766 5016 CscService - ok
12:52:47.0802 5016 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:52:47.0809 5016 DcomLaunch - ok
12:52:47.0850 5016 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:52:47.0871 5016 defragsvc - ok
12:52:47.0914 5016 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:52:47.0972 5016 DfsC - ok
12:52:48.0020 5016 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
12:52:48.0073 5016 Dhcp - ok
12:52:48.0098 5016 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:52:48.0099 5016 discache - ok
12:52:48.0119 5016 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:52:48.0123 5016 Disk - ok
12:52:48.0158 5016 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
12:52:48.0218 5016 Dnscache - ok
12:52:48.0256 5016 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
12:52:48.0308 5016 dot3svc - ok
12:52:48.0339 5016 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
12:52:48.0351 5016 DPS - ok
12:52:48.0383 5016 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:52:48.0388 5016 drmkaud - ok
12:52:48.0457 5016 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:52:48.0543 5016 DXGKrnl - ok
12:52:48.0568 5016 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:52:48.0576 5016 EapHost - ok
12:52:48.0767 5016 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:52:48.0837 5016 ebdrv - ok
12:52:49.0242 5016 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
12:52:49.0245 5016 EFS - ok
12:52:49.0445 5016 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
12:52:49.0552 5016 ehRecvr - ok
12:52:49.0575 5016 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:52:49.0582 5016 ehSched - ok
12:52:49.0639 5016 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:52:49.0657 5016 elxstor - ok
12:52:49.0683 5016 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:52:49.0686 5016 ErrDev - ok
12:52:49.0746 5016 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:52:49.0753 5016 EventSystem - ok
12:52:49.0772 5016 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:52:49.0787 5016 exfat - ok
12:52:49.0809 5016 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:52:49.0816 5016 fastfat - ok
12:52:49.0877 5016 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
12:52:49.0954 5016 Fax - ok
12:52:49.0972 5016 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:52:49.0976 5016 fdc - ok
12:52:49.0998 5016 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:52:50.0000 5016 fdPHost - ok
12:52:50.0010 5016 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:52:50.0014 5016 FDResPub - ok
12:52:50.0027 5016 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:52:50.0035 5016 FileInfo - ok
12:52:50.0045 5016 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:52:50.0052 5016 Filetrace - ok
12:52:50.0159 5016 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:52:50.0248 5016 FLEXnet Licensing Service - ok
12:52:50.0283 5016 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:52:50.0287 5016 flpydisk - ok
12:52:50.0328 5016 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:52:50.0339 5016 FltMgr - ok
12:52:50.0404 5016 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
12:52:50.0419 5016 FontCache - ok
12:52:50.0490 5016 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:52:50.0494 5016 FontCache3.0.0.0 - ok
12:52:50.0519 5016 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:52:50.0523 5016 FsDepends - ok
12:52:50.0543 5016 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
12:52:50.0610 5016 Fs_Rec - ok
12:52:50.0650 5016 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:52:50.0652 5016 fvevol - ok
12:52:50.0675 5016 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:52:50.0682 5016 gagp30kx - ok
12:52:50.0750 5016 gfi_lanss10_attservice (bd111c1a3a950f0e4cc2af6f5d7b0676) C:\Program Files\GFI\LanGuard 10 Agent\lnssatt.exe
12:52:50.0813 5016 gfi_lanss10_attservice - ok
12:52:50.0868 5016 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
12:52:50.0891 5016 gpsvc - ok
12:52:50.0907 5016 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:52:50.0914 5016 hcw85cir - ok
12:52:50.0963 5016 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
12:52:51.0209 5016 HdAudAddService - ok
12:52:51.0254 5016 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
12:52:51.0257 5016 HDAudBus - ok
12:52:51.0275 5016 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:52:51.0278 5016 HidBatt - ok
12:52:51.0293 5016 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:52:51.0298 5016 HidBth - ok
12:52:51.0314 5016 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:52:51.0320 5016 HidIr - ok
12:52:51.0340 5016 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
12:52:51.0345 5016 hidserv - ok
12:52:51.0373 5016 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
12:52:51.0496 5016 HidUsb - ok
12:52:51.0520 5016 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
12:52:51.0560 5016 hkmsvc - ok
12:52:51.0596 5016 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
12:52:51.0652 5016 HomeGroupListener - ok
12:52:51.0686 5016 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
12:52:51.0697 5016 HomeGroupProvider - ok
12:52:51.0776 5016 HP Health Check Service (00b239202f7756695c8ccdf8bafa7d3d) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
12:52:51.0781 5016 HP Health Check Service - ok
12:52:51.0882 5016 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:52:51.0892 5016 hpqcxs08 - ok
12:52:51.0911 5016 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:52:51.0916 5016 hpqddsvc - ok
12:52:51.0957 5016 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
12:52:52.0093 5016 hpqwmiex - ok
12:52:52.0156 5016 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:52:52.0161 5016 HpSAMD - ok
12:52:52.0208 5016 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:52:52.0213 5016 HTTP - ok
12:52:52.0240 5016 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:52:52.0241 5016 hwpolicy - ok
12:52:52.0282 5016 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:52:52.0287 5016 i8042prt - ok
12:52:52.0322 5016 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\drivers\iastor.sys
12:52:52.0325 5016 iaStor - ok
12:52:52.0381 5016 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
12:52:52.0518 5016 iaStorV - ok
12:52:52.0712 5016 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:52:52.0794 5016 idsvc - ok
12:52:53.0282 5016 igfx (36cc40b02ae593d6152ac8bd657720af) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:52:53.0453 5016 igfx - ok
12:52:53.0576 5016 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:52:53.0582 5016 iirsp - ok
12:52:53.0644 5016 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
12:52:53.0707 5016 IKEEXT - ok
12:52:53.0917 5016 IntcAzAudAddService (8ea8cd3e6f5835b0ba85e5b67a1a9bb1) C:\Windows\system32\drivers\RTKVHDA.sys
12:52:54.0071 5016 IntcAzAudAddService - ok
12:52:54.0235 5016 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:52:54.0239 5016 intelide - ok
12:52:54.0280 5016 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:52:54.0282 5016 intelppm - ok
12:52:54.0311 5016 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:52:54.0317 5016 IPBusEnum - ok
12:52:54.0339 5016 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:52:54.0346 5016 IpFilterDriver - ok
12:52:54.0401 5016 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
12:52:54.0467 5016 iphlpsvc - ok
12:52:54.0501 5016 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:52:54.0565 5016 IPMIDRV - ok
12:52:54.0585 5016 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:52:54.0591 5016 IPNAT - ok
12:52:54.0613 5016 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:52:54.0615 5016 IRENUM - ok
12:52:54.0626 5016 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:52:54.0632 5016 isapnp - ok
12:52:54.0671 5016 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:52:54.0736 5016 iScsiPrt - ok
12:52:54.0782 5016 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
12:52:54.0874 5016 IviRegMgr - ok
12:52:54.0911 5016 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
12:52:54.0914 5016 kbdclass - ok
12:52:54.0946 5016 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
12:52:55.0048 5016 kbdhid - ok
12:52:55.0076 5016 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:52:55.0079 5016 KeyIso - ok
12:52:55.0090 5016 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
12:52:55.0172 5016 KSecDD - ok
12:52:55.0192 5016 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
12:52:55.0345 5016 KSecPkg - ok
12:52:55.0389 5016 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:52:55.0419 5016 KtmRm - ok
12:52:55.0469 5016 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
12:52:55.0520 5016 LanmanServer - ok
12:52:55.0553 5016 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
12:52:55.0607 5016 LanmanWorkstation - ok
12:52:55.0652 5016 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:52:55.0656 5016 lltdio - ok
12:52:55.0687 5016 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:52:55.0702 5016 lltdsvc - ok
12:52:55.0717 5016 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:52:55.0723 5016 lmhosts - ok
12:52:55.0750 5016 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:52:55.0758 5016 LSI_FC - ok
12:52:55.0771 5016 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:52:55.0781 5016 LSI_SAS - ok
12:52:55.0801 5016 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:52:55.0808 5016 LSI_SAS2 - ok
12:52:55.0827 5016 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:52:55.0843 5016 LSI_SCSI - ok
12:52:55.0862 5016 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:52:55.0873 5016 luafv - ok
12:52:55.0948 5016 McAfee SiteAdvisor Enterprise Service (20f77f14fe972aa028454047632b2ac8) C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
12:52:56.0024 5016 McAfee SiteAdvisor Enterprise Service - ok
12:52:56.0088 5016 McShield (90a4dac0693825a5aaabdc10b224a025) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
12:52:56.0178 5016 McShield - ok
12:52:56.0208 5016 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
12:52:56.0247 5016 Mcx2Svc - ok
12:52:56.0271 5016 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:52:56.0276 5016 megasas - ok
12:52:56.0325 5016 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:52:56.0338 5016 MegaSR - ok
12:52:56.0371 5016 mfeapfk (20336b83e175a9320e59f146c3097b3d) C:\Windows\system32\drivers\mfeapfk.sys
12:52:56.0373 5016 mfeapfk - ok
12:52:56.0399 5016 MfeAVFK (9a29155620e8ae5d01c6ccfb115b52aa) C:\Windows\system32\drivers\mfeavfk.sys
12:52:56.0479 5016 MfeAVFK - ok
12:52:56.0517 5016 mfeavfk01 - ok
12:52:56.0538 5016 MfeBOPK (d0009b191d57f193fdea5093c2d763e1) C:\Windows\system32\drivers\mfebopk.sys
12:52:56.0539 5016 MfeBOPK - ok
12:52:56.0577 5016 mfefire (85a165a07fabec9c8314e3c1e5d48cd1) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
12:52:56.0650 5016 mfefire - ok
12:52:56.0682 5016 mfefirek (cd787a876ab85114afd8d4f88484c4b7) C:\Windows\system32\drivers\mfefirek.sys
12:52:56.0771 5016 mfefirek - ok
12:52:56.0808 5016 mfehidk (9a6628facd51987888dfc31fe8ddfefa) C:\Windows\system32\drivers\mfehidk.sys
12:52:56.0975 5016 mfehidk - ok
12:52:56.0995 5016 mfenlfk (409f16ccfa93223563a7a85a7e8dd526) C:\Windows\system32\DRIVERS\mfenlfk.sys
12:52:57.0056 5016 mfenlfk - ok
12:52:57.0086 5016 mferkdet (e5c9795d2ed3c6d01c08275198c37935) C:\Windows\system32\drivers\mferkdet.sys
12:52:57.0145 5016 mferkdet - ok
12:52:57.0170 5016 MfeRKDK (e0842f67dc9bc4d21d1e319610ebe9e5) C:\Windows\system32\drivers\MfeRKDK.sys
12:52:57.0246 5016 MfeRKDK - ok
12:52:57.0271 5016 mfetdik (43a7acbbd70ecd62f0b63486c72089a3) C:\Windows\system32\drivers\mfetdik.sys
12:52:57.0330 5016 mfetdik - ok
12:52:57.0368 5016 mfevtp (a60f7b389ad5f6318c2b14bdcbc26238) C:\Windows\system32\mfevtps.exe
12:52:57.0443 5016 mfevtp - ok
12:52:57.0476 5016 mfewfpk (7e8a9253bd8ea4a9792e3fefa716a8c6) C:\Windows\system32\drivers\mfewfpk.sys
12:52:57.0547 5016 mfewfpk - ok
12:52:57.0571 5016 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:52:57.0574 5016 MMCSS - ok
12:52:57.0592 5016 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:52:57.0599 5016 Modem - ok
12:52:57.0622 5016 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:52:57.0624 5016 monitor - ok
12:52:57.0651 5016 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
12:52:57.0654 5016 mouclass - ok
12:52:57.0689 5016 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:52:57.0692 5016 mouhid - ok
12:52:57.0717 5016 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:52:57.0718 5016 mountmgr - ok
12:52:57.0745 5016 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:52:57.0874 5016 mpio - ok
12:52:57.0888 5016 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:52:57.0892 5016 mpsdrv - ok
12:52:57.0937 5016 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
12:52:57.0951 5016 MpsSvc - ok
12:52:57.0986 5016 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:52:58.0104 5016 MRxDAV - ok
12:52:58.0130 5016 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:52:58.0243 5016 mrxsmb - ok
12:52:58.0266 5016 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:52:58.0373 5016 mrxsmb10 - ok
12:52:58.0451 5016 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:52:58.0580 5016 mrxsmb20 - ok
12:52:58.0608 5016 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:52:58.0708 5016 msahci - ok
12:52:58.0783 5016 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:52:58.0912 5016 msdsm - ok
12:52:58.0932 5016 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:52:58.0948 5016 MSDTC - ok
12:52:58.0989 5016 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:52:58.0995 5016 Msfs - ok
12:52:59.0007 5016 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:52:59.0011 5016 mshidkmdf - ok
12:52:59.0031 5016 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:52:59.0037 5016 msisadrv - ok
12:52:59.0073 5016 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:52:59.0081 5016 MSiSCSI - ok
12:52:59.0087 5016 msiserver - ok
12:52:59.0114 5016 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:52:59.0120 5016 MSKSSRV - ok
12:52:59.0130 5016 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:52:59.0136 5016 MSPCLOCK - ok
12:52:59.0145 5016 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:52:59.0151 5016 MSPQM - ok
12:52:59.0175 5016 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:52:59.0191 5016 MsRPC - ok
12:52:59.0228 5016 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:52:59.0230 5016 mssmbios - ok
12:52:59.0253 5016 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:52:59.0259 5016 MSTEE - ok
12:52:59.0269 5016 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:52:59.0272 5016 MTConfig - ok
12:52:59.0284 5016 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:52:59.0289 5016 Mup - ok
12:52:59.0364 5016 myAgtSvc (736d72f88ae0b969185a9a4044eabb05) C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
12:52:59.0368 5016 myAgtSvc - ok
12:52:59.0405 5016 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
12:52:59.0420 5016 napagent - ok
12:52:59.0462 5016 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:52:59.0477 5016 NativeWifiP - ok
12:52:59.0542 5016 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:52:59.0550 5016 NDIS - ok
12:52:59.0565 5016 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:52:59.0572 5016 NdisCap - ok
12:52:59.0594 5016 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:52:59.0600 5016 NdisTapi - ok
12:52:59.0630 5016 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:52:59.0688 5016 Ndisuio - ok
12:52:59.0725 5016 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:52:59.0850 5016 NdisWan - ok
12:52:59.0875 5016 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:52:59.0926 5016 NDProxy - ok
12:52:59.0962 5016 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
12:53:00.0011 5016 Net Driver HPZ12 - ok
12:53:00.0042 5016 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:53:00.0049 5016 NetBIOS - ok
12:53:00.0085 5016 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:53:00.0087 5016 NetBT - ok
12:53:00.0109 5016 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:53:00.0112 5016 Netlogon - ok
12:53:00.0149 5016 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:53:00.0159 5016 Netman - ok
12:53:00.0187 5016 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:53:00.0194 5016 netprofm - ok
12:53:00.0356 5016 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:53:00.0447 5016 NetTcpPortSharing - ok
12:53:00.0498 5016 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:53:00.0504 5016 nfrd960 - ok
12:53:00.0573 5016 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
12:53:00.0581 5016 NlaSvc - ok
12:53:00.0592 5016 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:53:00.0598 5016 Npfs - ok
12:53:00.0623 5016 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:53:00.0629 5016 nsi - ok
12:53:00.0640 5016 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:53:00.0641 5016 nsiproxy - ok
12:53:00.0736 5016 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
12:53:00.0838 5016 Ntfs - ok
12:53:00.0945 5016 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:53:00.0948 5016 Null - ok
12:53:00.0987 5016 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
12:53:01.0053 5016 nvraid - ok
12:53:01.0070 5016 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
12:53:01.0209 5016 nvstor - ok
12:53:01.0240 5016 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:53:01.0246 5016 nv_agp - ok
12:53:01.0332 5016 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:53:01.0413 5016 odserv - ok
12:53:01.0442 5016 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:53:01.0449 5016 ohci1394 - ok
12:53:01.0477 5016 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:53:01.0556 5016 ose - ok
12:53:01.0647 5016 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:53:01.0718 5016 p2pimsvc - ok
12:53:01.0753 5016 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:53:01.0773 5016 p2psvc - ok
12:53:01.0801 5016 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:53:01.0809 5016 Parport - ok
12:53:01.0838 5016 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
12:53:01.0963 5016 partmgr - ok
12:53:01.0976 5016 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:53:01.0980 5016 Parvdm - ok
12:53:02.0009 5016 PCAlertDriver (ce0bf0fa2c3f8cf2549ebf508242a2c9) C:\BizCover\NTGLM7X.sys
12:53:02.0118 5016 PCAlertDriver - ok
12:53:02.0157 5016 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:53:02.0168 5016 PcaSvc - ok
12:53:02.0201 5016 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:53:02.0264 5016 pci - ok
12:53:02.0311 5016 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:53:02.0316 5016 pciide - ok
12:53:02.0348 5016 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:53:02.0365 5016 pcmcia - ok
12:53:02.0375 5016 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:53:02.0380 5016 pcw - ok
12:53:02.0423 5016 pdfcDispatcher - ok
12:53:02.0469 5016 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:53:02.0489 5016 PEAUTH - ok
12:53:02.0557 5016 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
12:53:02.0591 5016 PeerDistSvc - ok
12:53:02.0663 5016 phylock (aba988df7d1b85f1df71396f2afc7dca) C:\Windows\system32\drivers\phylock.sys
12:53:02.0712 5016 phylock - ok
12:53:02.0831 5016 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
12:53:02.0906 5016 pla - ok
12:53:03.0047 5016 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
12:53:03.0071 5016 PlugPlay - ok
12:53:03.0110 5016 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
12:53:03.0152 5016 Pml Driver HPZ12 - ok
12:53:03.0177 5016 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:53:03.0182 5016 PNRPAutoReg - ok
12:53:03.0203 5016 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:53:03.0208 5016 PNRPsvc - ok
12:53:03.0250 5016 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
12:53:03.0273 5016 PolicyAgent - ok
12:53:03.0309 5016 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
12:53:03.0366 5016 Power - ok
12:53:03.0412 5016 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:53:03.0416 5016 PptpMiniport - ok
12:53:03.0435 5016 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:53:03.0441 5016 Processor - ok
12:53:03.0472 5016 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
12:53:03.0484 5016 ProfSvc - ok
12:53:03.0509 5016 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:53:03.0511 5016 ProtectedStorage - ok
12:53:03.0538 5016 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:53:03.0540 5016 Psched - ok
12:53:03.0603 5016 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:53:03.0727 5016 PSI_SVC_2 - ok
12:53:03.0813 5016 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:53:03.0861 5016 ql2300 - ok
12:53:03.0992 5016 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:53:04.0016 5016 ql40xx - ok
12:53:04.0047 5016 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:53:04.0061 5016 QWAVE - ok
12:53:04.0087 5016 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:53:04.0092 5016 QWAVEdrv - ok
12:53:04.0118 5016 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:53:04.0125 5016 RasAcd - ok
12:53:04.0151 5016 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:53:04.0159 5016 RasAgileVpn - ok
12:53:04.0174 5016 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:53:04.0190 5016 RasAuto - ok
12:53:04.0209 5016 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:53:04.0218 5016 Rasl2tp - ok
12:53:04.0265 5016 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
12:53:04.0325 5016 RasMan - ok
12:53:04.0345 5016 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:53:04.0353 5016 RasPppoe - ok
12:53:04.0369 5016 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:53:04.0375 5016 RasSstp - ok
12:53:04.0415 5016 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:53:04.0548 5016 rdbss - ok
12:53:04.0560 5016 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:53:04.0564 5016 rdpbus - ok
12:53:04.0600 5016 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:53:04.0601 5016 RDPCDD - ok
12:53:04.0640 5016 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
12:53:04.0661 5016 RDPDR - ok
12:53:04.0682 5016 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:53:04.0683 5016 RDPENCDD - ok
12:53:04.0699 5016 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:53:04.0700 5016 RDPREFMP - ok
12:53:04.0735 5016 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
12:53:04.0746 5016 RDPWD - ok
12:53:04.0790 5016 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:53:04.0914 5016 rdyboost - ok
12:53:04.0930 5016 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
12:53:04.0985 5016 regi - ok
12:53:05.0006 5016 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:53:05.0016 5016 RemoteAccess - ok
12:53:05.0037 5016 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:53:05.0059 5016 RemoteRegistry - ok
12:53:05.0076 5016 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:53:05.0082 5016 RpcEptMapper - ok
12:53:05.0097 5016 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:53:05.0103 5016 RpcLocator - ok
12:53:05.0143 5016 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:53:05.0149 5016 RpcSs - ok
12:53:05.0183 5016 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:53:05.0190 5016 rspndr - ok
12:53:05.0239 5016 RTL8167 (05c2613f661584190c752f6184d1c8ef) C:\Windows\system32\DRIVERS\Rt86win7.sys
12:53:05.0349 5016 RTL8167 - ok
12:53:05.0455 5016 RumorServer (736d72f88ae0b969185a9a4044eabb05) C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
12:53:05.0458 5016 RumorServer - ok
12:53:05.0612 5016 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
12:53:05.0660 5016 s3cap - ok
12:53:05.0684 5016 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:53:05.0686 5016 SamSs - ok
12:53:05.0741 5016 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:53:05.0850 5016 sbp2port - ok
12:53:05.0864 5016 SBRE - ok
12:53:05.0903 5016 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:53:05.0918 5016 SCardSvr - ok
12:53:05.0948 5016 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:53:05.0996 5016 scfilter - ok
12:53:06.0061 5016 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
12:53:06.0138 5016 Schedule - ok
12:53:06.0178 5016 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:53:06.0179 5016 SCPolicySvc - ok
12:53:06.0217 5016 SCR3XX2K (cc0ecd80978f29a41f5d4b4f5af890e8) C:\Windows\system32\DRIVERS\SCR3XX2K.sys
12:53:06.0317 5016 SCR3XX2K - ok
12:53:06.0343 5016 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
12:53:06.0356 5016 SDRSVC - ok
12:53:06.0388 5016 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:53:06.0392 5016 secdrv - ok
12:53:06.0418 5016 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:53:06.0425 5016 seclogon - ok
12:53:06.0447 5016 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
12:53:06.0453 5016 SENS - ok
12:53:06.0482 5016 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:53:06.0492 5016 SensrSvc - ok
12:53:06.0514 5016 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:53:06.0518 5016 Serenum - ok
12:53:06.0533 5016 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:53:06.0540 5016 Serial - ok
12:53:06.0567 5016 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:53:06.0570 5016 sermouse - ok
12:53:06.0619 5016 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
12:53:06.0632 5016 SessionEnv - ok
12:53:06.0657 5016 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:53:06.0660 5016 sffdisk - ok
12:53:06.0680 5016 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:53:06.0687 5016 sffp_mmc - ok
12:53:06.0693 5016 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:53:06.0746 5016 sffp_sd - ok
12:53:06.0765 5016 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:53:06.0770 5016 sfloppy - ok
12:53:06.0818 5016 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
12:53:06.0840 5016 SharedAccess - ok
12:53:06.0882 5016 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
12:53:06.0937 5016 ShellHWDetection - ok
12:53:06.0974 5016 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:53:06.0981 5016 sisagp - ok
12:53:07.0014 5016 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:53:07.0019 5016 SiSRaid2 - ok
12:53:07.0037 5016 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:53:07.0043 5016 SiSRaid4 - ok
12:53:07.0073 5016 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:53:07.0077 5016 Smb - ok
12:53:07.0115 5016 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:53:07.0122 5016 SNMPTRAP - ok
12:53:07.0144 5016 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:53:07.0147 5016 spldr - ok
12:53:07.0194 5016 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
12:53:07.0209 5016 Spooler - ok
12:53:07.0417 5016 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
12:53:07.0470 5016 sppsvc - ok
12:53:07.0708 5016 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
12:53:07.0762 5016 sppuinotify - ok
12:53:07.0821 5016 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:53:07.0937 5016 srv - ok
12:53:07.0988 5016 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:53:08.0173 5016 srv2 - ok
12:53:08.0217 5016 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:53:08.0351 5016 srvnet - ok
12:53:08.0381 5016 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:53:08.0402 5016 SSDPSRV - ok
12:53:08.0421 5016 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:53:08.0438 5016 SstpSvc - ok
12:53:08.0459 5016 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:53:08.0465 5016 stexstor - ok
12:53:08.0504 5016 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
12:53:08.0508 5016 StillCam - ok
12:53:08.0554 5016 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
12:53:08.0624 5016 StiSvc - ok
12:53:08.0648 5016 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
12:53:08.0707 5016 storflt - ok
12:53:08.0734 5016 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
12:53:08.0784 5016 StorSvc - ok
12:53:08.0804 5016 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
12:53:08.0861 5016 storvsc - ok
12:53:08.0898 5016 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:53:08.0903 5016 swenum - ok
12:53:08.0934 5016 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:53:08.0955 5016 swprv - ok
12:53:09.0037 5016 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
12:53:09.0062 5016 SysMain - ok
12:53:09.0093 5016 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
12:53:09.0151 5016 TabletInputService - ok
12:53:09.0191 5016 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
12:53:09.0255 5016 TapiSrv - ok
12:53:09.0300 5016 TBIMount (0ee1b84dff6beb425e32056b8b4c75d4) C:\Windows\System32\drivers\tbimount.sys
12:53:09.0366 5016 TBIMount - ok
12:53:09.0393 5016 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:53:09.0405 5016 TBS - ok
12:53:09.0500 5016 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
12:53:09.0598 5016 Tcpip - ok
12:53:09.0768 5016 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
12:53:09.0778 5016 TCPIP6 - ok
12:53:09.0846 5016 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:53:09.0936 5016 tcpipreg - ok
12:53:09.0963 5016 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:53:10.0069 5016 TDPIPE - ok
12:53:10.0097 5016 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
12:53:10.0099 5016 TDTCP - ok
12:53:10.0128 5016 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:53:10.0223 5016 tdx - ok
12:53:10.0251 5016 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:53:10.0342 5016 TermDD - ok
12:53:10.0385 5016 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
12:53:10.0401 5016 TermService - ok
12:53:10.0426 5016 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:53:10.0435 5016 Themes - ok
12:53:10.0462 5016 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:53:10.0466 5016 THREADORDER - ok
12:53:10.0491 5016 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:53:10.0518 5016 TrkWks - ok
12:53:10.0565 5016 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
12:53:10.0568 5016 TrustedInstaller - ok
12:53:10.0588 5016 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:53:10.0589 5016 tssecsrv - ok
12:53:10.0631 5016 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:53:10.0690 5016 TsUsbFlt - ok
12:53:10.0743 5016 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:53:10.0798 5016 tunnel - ok
12:53:10.0818 5016 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:53:10.0822 5016 uagp35 - ok
12:53:10.0866 5016 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:53:10.0935 5016 udfs - ok
12:53:10.0968 5016 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:53:10.0972 5016 UI0Detect - ok
12:53:11.0024 5016 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:53:11.0031 5016 uliagpkx - ok
12:53:11.0078 5016 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
12:53:11.0125 5016 umbus - ok
12:53:11.0168 5016 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:53:11.0171 5016 UmPass - ok
12:53:11.0206 5016 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
12:53:11.0226 5016 UmRdpService - ok
12:53:11.0266 5016 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:53:11.0294 5016 upnphost - ok
12:53:11.0340 5016 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
12:53:11.0407 5016 usbccgp - ok
12:53:11.0437 5016 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:53:11.0442 5016 usbcir - ok
12:53:11.0468 5016 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
12:53:11.0563 5016 usbehci - ok
12:53:11.0609 5016 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
12:53:11.0722 5016 usbhub - ok
12:53:11.0753 5016 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
12:53:11.0885 5016 usbohci - ok
12:53:11.0914 5016 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:53:11.0920 5016 usbprint - ok
12:53:11.0945 5016 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:53:12.0048 5016 USBSTOR - ok
12:53:12.0159 5016 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:53:12.0258 5016 usbuhci - ok
12:53:12.0300 5016 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:53:12.0309 5016 UxSms - ok
12:53:12.0343 5016 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:53:12.0345 5016 VaultSvc - ok
12:53:12.0383 5016 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:53:12.0389 5016 vdrvroot - ok
12:53:12.0437 5016 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
12:53:12.0529 5016 vds - ok
12:53:12.0561 5016 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:53:12.0566 5016 vga - ok
12:53:12.0583 5016 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:53:12.0591 5016 VgaSave - ok
12:53:12.0623 5016 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:53:12.0686 5016 vhdmp - ok
12:53:12.0725 5016 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:53:12.0736 5016 viaagp - ok
12:53:12.0753 5016 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:53:12.0757 5016 ViaC7 - ok
12:53:12.0770 5016 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:53:12.0773 5016 viaide - ok
12:53:12.0796 5016 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
12:53:12.0867 5016 vmbus - ok
12:53:12.0877 5016 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
12:53:12.0923 5016 VMBusHID - ok
12:53:12.0941 5016 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:53:12.0999 5016 volmgr - ok
12:53:13.0046 5016 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:53:13.0048 5016 volmgrx - ok
12:53:13.0081 5016 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:53:13.0161 5016 volsnap - ok
12:53:13.0191 5016 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
12:53:13.0253 5016 vpcbus - ok
12:53:13.0282 5016 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
12:53:13.0342 5016 vpcnfltr - ok
12:53:13.0376 5016 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
12:53:13.0437 5016 vpcusb - ok
12:53:13.0477 5016 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
12:53:13.0507 5016 vpcvmm - ok
12:53:13.0540 5016 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:53:13.0553 5016 vsmraid - ok
12:53:13.0639 5016 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
12:53:13.0720 5016 VSS - ok
12:53:13.0741 5016 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
12:53:13.0745 5016 vwifibus - ok
12:53:13.0777 5016 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:53:13.0798 5016 W32Time - ok
12:53:13.0829 5016 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:53:13.0833 5016 WacomPen - ok
12:53:13.0904 5016 wampapache (f41e453a90ef19217cee1675f5256ee7) c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
12:53:13.0985 5016 wampapache - ok
12:53:14.0031 5016 wampmysqld - ok
12:53:14.0065 5016 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:53:14.0170 5016 WANARP - ok
12:53:14.0175 5016 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:53:14.0177 5016 Wanarpv6 - ok
12:53:14.0282 5016 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
12:53:14.0392 5016 WatAdminSvc - ok
12:53:14.0541 5016 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
12:53:14.0652 5016 wbengine - ok
12:53:14.0681 5016 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:53:14.0695 5016 WbioSrvc - ok
12:53:14.0735 5016 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
12:53:14.0741 5016 wcncsvc - ok
12:53:14.0773 5016 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:53:14.0782 5016 WcsPlugInService - ok
12:53:14.0827 5016 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:53:14.0830 5016 Wd - ok
12:53:14.0860 5016 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:53:14.0879 5016 Wdf01000 - ok
12:53:14.0901 5016 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:53:14.0906 5016 WdiServiceHost - ok
12:53:14.0912 5016 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:53:14.0917 5016 WdiSystemHost - ok
12:53:14.0958 5016 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
12:53:15.0029 5016 WebClient - ok
12:53:15.0051 5016 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:53:15.0069 5016 Wecsvc - ok
12:53:15.0088 5016 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:53:15.0093 5016 wercplsupport - ok
12:53:15.0136 5016 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:53:15.0143 5016 WerSvc - ok
12:53:15.0161 5016 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:53:15.0164 5016 WfpLwf - ok
12:53:15.0178 5016 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:53:15.0182 5016 WIMMount - ok
12:53:15.0330 5016 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:53:15.0352 5016 WinDefend - ok
12:53:15.0362 5016 WinHttpAutoProxySvc - ok
12:53:15.0418 5016 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:53:15.0439 5016 Winmgmt - ok
12:53:15.0584 5016 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
12:53:15.0659 5016 WinRM - ok
12:53:15.0718 5016 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\drivers\WinUSB.sys
12:53:15.0772 5016 WinUsb - ok
12:53:15.0849 5016 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:53:15.0874 5016 Wlansvc - ok
12:53:15.0915 5016 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:53:15.0922 5016 WmiAcpi - ok
12:53:15.0973 5016 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:53:15.0998 5016 wmiApSrv - ok
12:53:16.0147 5016 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:53:16.0263 5016 WMPNetworkSvc - ok
12:53:16.0522 5016 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:53:16.0532 5016 WPCSvc - ok
12:53:16.0562 5016 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
12:53:16.0576 5016 WPDBusEnum - ok
12:53:16.0621 5016 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:53:16.0625 5016 ws2ifsl - ok
12:53:16.0641 5016 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
12:53:16.0655 5016 wscsvc - ok
12:53:16.0690 5016 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
12:53:16.0697 5016 WSDPrintDevice - ok
12:53:16.0703 5016 WSearch - ok
12:53:16.0853 5016 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
12:53:16.0886 5016 wuauserv - ok
12:53:17.0007 5016 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:53:17.0110 5016 WudfPf - ok
12:53:17.0143 5016 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:53:17.0254 5016 WUDFRd - ok
12:53:17.0299 5016 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
12:53:17.0353 5016 wudfsvc - ok
12:53:17.0384 5016 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:53:17.0398 5016 WwanSvc - ok
12:53:17.0428 5016 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:53:17.0615 5016 \Device\Harddisk0\DR0 - ok
12:53:17.0630 5016 Boot (0x1200) (b4b67010917a0cbd2a8c0d442be6f6c4) \Device\Harddisk0\DR0\Partition0
12:53:17.0631 5016 \Device\Harddisk0\DR0\Partition0 - ok
12:53:17.0651 5016 Boot (0x1200) (f1f8f36fbed1c51dbf307e0541d00454) \Device\Harddisk0\DR0\Partition1
12:53:17.0653 5016 \Device\Harddisk0\DR0\Partition1 - ok
12:53:17.0684 5016 Boot (0x1200) (4ddfd7a512499695d639ddad67a3d21a) \Device\Harddisk0\DR0\Partition2
12:53:17.0686 5016 \Device\Harddisk0\DR0\Partition2 - ok
12:53:17.0686 5016 ============================================================
12:53:17.0686 5016 Scan finished
12:53:17.0686 5016 ============================================================
12:53:17.0713 4156 Detected object count: 0
12:53:17.0713 4156 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-19 12:54:45
-----------------------------
12:54:45.702 OS Version: Windows 6.1.7601 Service Pack 1
12:54:45.702 Number of processors: 2 586 0x170A
12:54:45.704 ComputerName: ROI UserName:
12:54:46.883 Initialize success
12:55:43.432 AVAST engine defs: 12061900
12:55:59.251 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:55:59.253 Disk 0 Vendor: WDC_WD32 03.0 Size: 305245MB BusType: 3
12:55:59.267 Disk 0 MBR read successfully
12:55:59.269 Disk 0 MBR scan
12:55:59.297 Disk 0 Windows 7 default MBR code
12:55:59.310 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 2047 MB offset 2048
12:55:59.340 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 295517 MB offset 4194304
12:55:59.382 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 7670 MB offset 609413120
12:55:59.423 Disk 0 scanning sectors +625121280
12:55:59.505 Disk 0 scanning C:\Windows\system32\drivers
12:56:41.018 Service scanning
12:57:35.638 Modules scanning
12:57:43.216 Disk 0 trace - called modules:
12:57:43.240
12:57:44.764 AVAST engine scan C:\Windows
12:57:57.630 AVAST engine scan C:\Windows\system32
13:03:54.152 AVAST engine scan C:\Windows\system32\drivers
13:04:52.982 AVAST engine scan C:\Users\Administrator
13:05:22.982 AVAST engine scan C:\ProgramData
13:06:52.152 Scan finished successfully
13:07:50.232 Disk 0 MBR has been saved successfully to "C:\Users\Dustin\Desktop\MBR.dat"
13:07:50.242 The log file has been saved successfully to "C:\Users\Dustin\Desktop\aswMBR.txt"

#6 dustroid

dustroid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 21 June 2012 - 01:49 PM

Bumping after no reply in 48 hours.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 PM

Posted 21 June 2012 - 10:20 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 dustroid

dustroid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 22 June 2012 - 07:32 AM

OTL logfile created on: 6/22/2012 7:24:14 AM - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Dustin\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 54.57% Memory free
3.74 Gb Paging File | 2.60 Gb Available in Paging File | 69.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.59 Gb Total Space | 251.59 Gb Free Space | 87.18% Space Free | Partition Type: NTFS
Drive D: | 7.49 Gb Total Space | 0.83 Gb Free Space | 11.11% Space Free | Partition Type: NTFS

Computer Name: ROI | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dustin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\windows\System32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\GFI\LanGuard 10 Agent\lnssatt.exe (GFI Software Ltd.)
PRC - C:\windows\explorer.exe (Microsoft Corporation)
PRC - C:\windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
PRC - C:\windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\WxMesgNet\WxMcli.exe (Weather Message Software)
PRC - C:\Program Files\WxMesgNet\WxMap.exe (Weather Message Software)
PRC - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
PRC - C:\Program Files\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WxPurge\a6ed4b3cf36c016e9d61500827362e87\WxPurge.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WxMcli\77b4af73a842c2acd74d2b7c1cd9274d\WxMcli.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WxImage\a6c90d2e842aaadd83003c2596d2d619\WxImage.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Speech\83053c3eeb3255672d84c1ddc0ce8ef3\System.Speech.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WxSpeak\ea63f3726e7118ea9d4f97ced1eeac6e\WxSpeak.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WxFtp\18db03482aed1595e613008d5734b32c\WxFtp.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WxUtils\6ed603b1d9079746388ad10ef330a0ff\WxUtils.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.TatukGIS_DK\468e6e360226901d3aa57737d055fd98\Interop.TatukGIS_DK.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\0eb60a417f950ff100495f3f65b60dd9\stdole.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\AxInterop.TatukGIS_#\3fe27d80d1b9688bb12379bc7d6537ed\AxInterop.TatukGIS_DK.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\nsoftware.System\d6b5a431c97e1a318e9cfdd509411142\nsoftware.System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\nsoftware.IPWorks\506eb87b117c7c10e803308865342119\nsoftware.IPWorks.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WxMap\4048e7a860122a963db79798fa2d6dfc\WxMap.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\McAfee\Managed VirusScan\Agent\Res\0409\OEMRes_l.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe ()
SRV - (wampapache) -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe (Apache Software Foundation)
SRV - (gfi_lanss10_attservice) -- C:\Program Files\GFI\LanGuard 10 Agent\lnssatt.exe (GFI Software Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WatAdminSvc) -- C:\windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (RumorServer) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
SRV - (myAgtSvc) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (McAfee SiteAdvisor Enterprise Service) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe (McAfee, Inc.)
SRV - (StorSvc) -- C:\windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (ac.sharedstore) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (mfeavfk01) -- File not found
DRV - (catchme) -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\Users\ADMINI~1\AppData\Local\Temp\aswMBR.sys File not found
DRV - (SCR3XX2K) -- C:\windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (vpcvmm) -- C:\windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (TBIMount) -- C:\windows\System32\drivers\TBIMount.sys (TeraByte, Inc.)
DRV - (mfehidk) -- C:\windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (MfeAVFK) -- C:\windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (MfeBOPK) -- C:\windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (phylock) -- C:\windows\System32\drivers\phylock.sys (TeraByte, Inc.)
DRV - (WSDPrintDevice) -- C:\windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (mfetdik) -- C:\windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MfeRKDK) -- C:\windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (PCAlertDriver) -- C:\BizCover\NTGLM7X.sys (MICRO-STAR INT'L CO., LTD.)
DRV - (regi) -- C:\windows\System32\drivers\regi.sys (InterVideo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE - HKLM\..\SearchScopes,DefaultScope = {687EC98E-C012-4C4A-B382-CA7570998CBE}
IE - HKLM\..\SearchScopes\{687EC98E-C012-4C4A-B382-CA7570998CBE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3812118618-3519713718-615325280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
IE - HKU\S-1-5-21-3812118618-3519713718-615325280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE - HKU\S-1-5-21-3812118618-3519713718-615325280-1001\..\SearchScopes,DefaultScope = {687EC98E-C012-4C4A-B382-CA7570998CBE}
IE - HKU\S-1-5-21-3812118618-3519713718-615325280-1001\..\SearchScopes\{687EC98E-C012-4C4A-B382-CA7570998CBE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3812118618-3519713718-615325280-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3812118618-3519713718-615325280-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE - HKU\S-1-5-21-3812118618-3519713718-615325280-500\..\SearchScopes,DefaultScope = {687EC98E-C012-4C4A-B382-CA7570998CBE}
IE - HKU\S-1-5-21-3812118618-3519713718-615325280-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.561
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2011/09/26 08:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/06 10:01:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 07:17:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/03/30 07:21:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/06/14 09:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/06/14 09:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ri64esjo.default\extensions
[2011/09/30 14:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/28 10:46:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/09/30 14:20:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/10/06 10:01:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/30 14:20:12 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/06 10:01:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/27 16:51:47 | 000,004,404 | ---- | M]) - C:\windows\System32\drivers\etc\hosts
O1 - Hosts: 192.168.20.201 charon # HP Proliant Linux server
O1 - Hosts: 192.168.20.202 europa # Science workstation # 1
O1 - Hosts: 192.168.20.203 ganymede # Science workstation # 2
O1 - Hosts: 192.168.20.204 callisto # Science workstation # 3
O1 - Hosts: 192.168.20.205 bigej # Vanessa PC - Win7
O1 - Hosts: 192.168.20.206 roi # Dustin PC - Win7
O1 - Hosts: 192.168.20.207 hp_cm2320 # Network fax/scan/printer
O1 - Hosts: 192.168.20.208 legan # Nick PC - Win7
O1 - Hosts: 192.168.20.209 io # HMCC science workstation 1 - Linux
O1 - Hosts: 192.168.20.210 amalthea # HMCC science workstation 2 - Linux
O1 - Hosts: 192.168.20.211 himalia # HMCC science workstation 3 - Linux
O1 - Hosts: 192.168.20.212 gagan # ITS PC - Win7
O1 - Hosts: 192.168.20.213 meck # Mike laptop - WinXP
O1 - Hosts: 192.168.20.214 omelek # Tom laptop - Win7
O1 - Hosts: 192.168.20.215 charon-iL0 # Charon Integrated Lights Out Port
O1 - Hosts: 192.168.20.216 phobos # JackVID host - Linux
O1 - Hosts: 192.168.20.217 callisto-lnx # Calliso Virtual Linux
O1 - Hosts: 156.110.99.155 aristotle # WeatherWeb Server (on DMZ)
O1 - Hosts: 172.25.133.130 kong # DOE Linux workstation (on VLAN)
O1 - Hosts: 192.168.19.8 bamboo_lnx # Nate PC virtual Linux
O1 - Hosts: 192.168.19.9 nasa-ingest # KPOL data ingest Linux server
O1 - Hosts: 192.168.19.15 hp2600n # HP 2600n Color Laser Printer
O1 - Hosts: 192.168.19.108 hpCLJ3525 # HP Color LaserJet CP3525 PCL6
O1 - Hosts: 192.168.19.119 thor # Small Business Server
O1 - Hosts: 192.168.19.173 bigtank # 6TB storage
O1 - Hosts: 46 more lines...
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101014101405.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3812118618-3519713718-615325280-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3812118618-3519713718-615325280-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3812118618-3519713718-615325280-500\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3812118618-3519713718-615325280-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BizCover] C:\BizCover\StartBizCover.exe (TODO: <Company name>)
O4 - HKLM..\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [WxMap] C:\Program Files\WxMesgNet\WxMap.exe (Weather Message Software)
O4 - HKLM..\Run: [WxMcli] C:\Program Files\WxMesgNet\WxMcli.exe (Weather Message Software)
O4 - HKU\S-1-5-21-3812118618-3519713718-615325280-1001..\Run: [Microsoft] C:\Users\Dustin\AppData\Local\Microsoft\xqzxqbbo.dll (Cyberlink)
O4 - HKU\S-1-5-21-3812118618-3519713718-615325280-1001..\Run: [VwQGJwSURThVmE.exe] C:\ProgramData\VwQGJwSURThVmE.exe File not found
O4 - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3812118618-3519713718-615325280-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3812118618-3519713718-615325280-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3812118618-3519713718-615325280-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3812118618-3519713718-615325280-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{828B6D8C-5301-43A5-902B-5511A2D968A9}: NameServer = 8.8.8.8,4.2.2.2
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.358.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/21 04:16:43 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/21 04:16:43 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/21 04:16:38 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/21 04:16:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/19 08:25:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2012/06/19 08:23:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/19 08:09:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/19 08:09:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/19 08:09:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/19 08:09:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/19 08:09:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/19 08:09:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/17 03:01:10 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/06/17 03:01:10 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/17 03:01:10 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/17 03:01:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/17 03:01:10 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/06/17 03:01:10 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/06/17 03:01:10 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/06/17 03:01:10 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/06/17 03:01:10 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/06/17 03:01:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/17 03:01:10 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/06/17 03:01:10 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/06/17 03:01:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/17 03:01:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/06/17 03:01:10 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/06/17 03:01:10 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/06/17 03:01:10 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/06/17 03:01:10 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/06/17 03:01:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/17 03:01:10 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/06/17 03:01:10 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/06/17 03:01:10 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/06/17 03:01:10 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/06/17 03:01:10 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/06/17 03:01:10 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/06/17 03:01:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/06/17 03:01:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/06/17 03:01:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/06/17 03:01:10 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/06/17 03:01:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/17 03:01:10 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/06/17 03:01:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/06/17 03:01:10 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/06/17 03:01:10 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/06/17 03:01:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/06/17 03:01:10 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/06/17 03:01:10 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/06/15 16:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012/06/15 16:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012/06/15 15:33:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/06/15 12:53:27 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/06/15 12:53:26 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/06/15 12:53:18 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/15 12:53:16 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/15 12:53:16 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/15 12:53:16 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/15 12:53:13 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/06/15 12:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012/06/15 12:04:30 | 000,000,000 | ---D | C] -- C:\rsit
[2012/06/15 11:18:05 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/06/15 11:17:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Anvisoft
[2012/06/15 11:14:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2012/06/15 11:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
[2012/06/15 10:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/06/15 10:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/06/15 10:36:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Ad-Aware Antivirus

========== Files - Modified Within 30 Days ==========

[2012/06/22 07:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/19 08:36:34 | 000,016,976 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/19 08:36:34 | 000,016,976 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/19 08:32:06 | 000,625,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/19 08:32:06 | 000,106,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/19 08:27:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/19 08:27:26 | 1507,725,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/18 12:45:56 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/18 12:45:55 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/18 09:50:40 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2012/06/17 03:01:10 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/06/17 03:01:10 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/17 03:01:10 | 001,800,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/17 03:01:10 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/17 03:01:10 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/06/17 03:01:10 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/06/17 03:01:10 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/06/17 03:01:10 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/06/17 03:01:10 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/06/17 03:01:10 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/17 03:01:10 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/06/17 03:01:10 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/06/17 03:01:10 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/17 03:01:10 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/06/17 03:01:10 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/06/17 03:01:10 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/06/17 03:01:10 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/06/17 03:01:10 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/06/17 03:01:10 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/17 03:01:10 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/06/17 03:01:10 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/06/17 03:01:10 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/06/17 03:01:10 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/06/17 03:01:10 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/06/17 03:01:10 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/06/17 03:01:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/06/17 03:01:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/06/17 03:01:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/06/17 03:01:10 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/06/17 03:01:10 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/06/17 03:01:10 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/17 03:01:10 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/06/17 03:01:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/06/17 03:01:10 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/06/17 03:01:10 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/06/17 03:01:10 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/06/17 03:01:10 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/06/17 03:01:10 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/06/15 17:27:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/15 15:34:42 | 000,000,440 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/06/15 13:32:38 | 000,471,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/02 17:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 17:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

========== Files Created - No Company Name ==========

[2012/06/19 08:09:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/19 08:09:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/19 08:09:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/19 08:09:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/19 08:09:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/18 09:50:40 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2012/06/17 03:01:10 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/06/15 16:05:15 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012/06/15 16:05:15 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012/06/15 15:48:38 | 000,002,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
[2012/06/15 15:48:38 | 000,002,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/06/15 12:46:10 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/17 12:03:12 | 000,000,272 | ---- | C] () -- C:\ProgramData\~hzE2Gd5winBTuW
[2012/03/17 12:03:12 | 000,000,192 | ---- | C] () -- C:\ProgramData\~hzE2Gd5winBTuWr
[2012/03/17 12:03:07 | 000,000,464 | ---- | C] () -- C:\ProgramData\hzE2Gd5winBTuW
[2011/11/11 17:21:54 | 000,000,218 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2011/10/06 09:21:12 | 000,000,222 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
[2011/10/06 09:18:53 | 000,176,773 | ---- | C] () -- C:\Windows\hppins12.dat
[2011/10/06 09:18:53 | 000,007,855 | ---- | C] () -- C:\Windows\hppmdl12.dat
[2011/10/06 08:50:02 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2011/10/06 08:47:00 | 000,000,193 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2011/10/06 08:46:46 | 000,000,691 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2011/10/06 08:35:37 | 000,000,665 | ---- | C] () -- C:\Windows\System32\hppapr12.dat
[2011/09/28 16:22:16 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd
[2011/09/26 09:13:24 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/14 09:35:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/12 11:09:37 | 000,083,968 | ---- | C] () -- C:\Windows\tbicd2hd.exe
[2010/10/12 12:51:23 | 000,000,440 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 PM

Posted 22 June 2012 - 07:54 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKU\S-1-5-21-3812118618-3519713718-615325280-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3812118618-3519713718-615325280-500\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKU\S-1-5-21-3812118618-3519713718-615325280-1001..\Run: [VwQGJwSURThVmE.exe] C:\ProgramData\VwQGJwSURThVmE.exe File not found
    O4 - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CB0AACC9  
    [2012/03/17 12:03:12 | 000,000,272 | ---- | C] () -- C:\ProgramData\~hzE2Gd5winBTuW
    [2012/03/17 12:03:12 | 000,000,192 | ---- | C] () -- C:\ProgramData\~hzE2Gd5winBTuWr
    [2012/03/17 12:03:07 | 000,000,464 | ---- | C] () -- C:\ProgramData\hzE2Gd5winBTuW
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 dustroid

dustroid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 22 June 2012 - 08:15 AM

I was not asked to reboot.

I still have multiple instances of iexplore.exe running and the Google link redirection is still happening.



========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3812118618-3519713718-615325280-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3812118618-3519713718-615325280-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3812118618-3519713718-615325280-1001\Software\Microsoft\Windows\CurrentVersion\Run\\VwQGJwSURThVmE.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NoIE4StubProcessing deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
C:\ProgramData\~hzE2Gd5winBTuW moved successfully.
C:\ProgramData\~hzE2Gd5winBTuWr moved successfully.
C:\ProgramData\hzE2Gd5winBTuW moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dustin\Desktop\cmd.bat deleted successfully.
C:\Users\Dustin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator
->Java cache emptied: 2027 bytes

User: All Users

User: Default

User: Default User

User: Dustin
->Java cache emptied: 2071475 bytes

User: mike
->Java cache emptied: 0 bytes

User: Public

User: Tom

Total Java Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 57122 bytes

User: All Users

User: Default
->Flash cache emptied: 56468 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Dustin
->Flash cache emptied: 79938 bytes

User: mike
->Flash cache emptied: 56504 bytes

User: Public

User: Tom
->Flash cache emptied: 56504 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.51.0 log created on 06222012_080642

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 PM

Posted 22 June 2012 - 08:29 AM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 dustroid

dustroid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 22 June 2012 - 08:48 AM

I don't have a flash drive handy. Can I use a CD or DVD instead?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 PM

Posted 22 June 2012 - 09:00 AM

you can put it on the C:drive and run it from there


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 dustroid

dustroid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 22 June 2012 - 09:26 AM

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 22-06-2012 09:22:51
Running from C:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [WxMcli] C:\Program Files\WxMesgNet\WxMcli.exe [186784 2010-05-06] (Weather Message Software)
HKLM\...\Run: [WxMap] C:\Program Files\WxMesgNet\WxMap.exe [305056 2010-05-06] (Weather Message Software)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252136 2011-05-04] (Sun Microsystems, Inc.)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [144384 2009-09-02] (Intel Corporation)
HKLM\...\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)
HKLM\...\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [476480 2010-09-21] (McAfee, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [135168 2009-09-02] (Intel Corporation)
HKLM\...\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" [24576 2009-05-11] (Hewlett-Packard Company)
HKLM\...\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM2320 MFP Series Fax" [2453504 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [167424 2009-09-02] (Intel Corporation)
HKLM\...\Run: [BizCover] C:\BizCover\StartBizCover.exe [204088 2009-10-28] (TODO: <Company name>)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [38768 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2009-02-27] (Adobe Systems Inc.)
HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [153640 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [400936 2009-06-03] (ActivIdentity)
HKU\Administrator\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1685048 2009-09-29] (Hewlett-Packard)
HKU\Dustin\...\Run: [Microsoft] Rundll32.exe C:\Users\Dustin\AppData\Local\Microsoft\xqzxqbbo.dll,ReleasePfxEngineTemplate [339968 2012-01-25] (Cyberlink)
HKU\mike\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
HKU\Tom\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\..\Interfaces\{828B6D8C-5301-43A5-902B-5511A2D968A9}: [NameServer]8.8.8.8,4.2.2.2
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

================================ Services (Whitelisted) ==================

2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
2 BBUpdate; "C:\Program Files\Microsoft\BingBar\SeaPort.EXE" [249648 2011-10-13] (Microsoft Corporation)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 gfi_lanss10_attservice; "C:\Program Files\GFI\LanGuard 10 Agent\lnssatt.exe" -service [115568 2011-08-12] (GFI Software Ltd.)
2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [125440 2009-09-24] (Hewlett-Packard)
2 McAfee SiteAdvisor Enterprise Service; "C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe" [226624 2010-03-25] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [158296 2010-08-05] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [154152 2010-08-05] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [145424 2010-08-12] (McAfee, Inc.)
2 myAgtSvc; "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe" /ServiceStart [291064 2010-09-21] (McAfee, Inc.)
2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [635416 2009-06-18] (PDF Complete Inc)
2 PSI_SVC_2; "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [185632 2007-07-24] (Protexis Inc.)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1203200 2010-11-20] (Microsoft Corporation)
2 RumorServer; "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" /RunDLL=RumorServer.dll;ServiceHost [x]
3 wampapache; "c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" -k runservice [x]
3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe wampmysqld [x]

========================== Drivers (Whitelisted) =============

3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [118368 2010-08-12] (McAfee, Inc.)
3 MfeAVFK; C:\Windows\System32\drivers\mfeavfk.sys [170912 2010-08-12] (McAfee, Inc.)
3 MfeBOPK; C:\Windows\System32\drivers\mfebopk.sys [59096 2010-08-12] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [327952 2010-08-12] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [434624 2010-08-12] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64016 2010-08-12] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [85760 2010-08-12] (McAfee, Inc.)
3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-05-15] (McAfee, Inc.)
1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55336 2009-05-15] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [163592 2010-08-12] (McAfee, Inc.)
3 PCAlertDriver; \??\C:\BizCover\NTGLM7X.sys [30208 2008-09-19] (MICRO-STAR INT'L CO., LTD.)
0 phylock; C:\Windows\System32\drivers\phylock.sys [20960 2010-06-08] (TeraByte, Inc.)
3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59520 2011-06-16] (SCM Microsystems Inc.)
3 TBIMount; C:\Windows\System32\drivers\tbimount.sys [87648 2010-09-09] (TeraByte, Inc.)
3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [17920 2009-07-13] (Microsoft Corporation)
3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [x]
3 mfeavfk01; [x]
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-22 05:32 - 2012-06-22 05:32 - 00882236 ____A C:\FRST.exe
2012-06-22 05:07 - 2012-06-22 05:07 - 00004898 ____A C:\Users\Administrator\Desktop\06222012_080642.log
2012-06-22 05:06 - 2012-06-22 05:06 - 00000000 ____D C:\_OTL
2012-06-22 04:30 - 2012-06-22 04:30 - 00058328 ____A C:\Users\Dustin\Desktop\Extras.Txt
2012-06-22 04:28 - 2012-06-22 04:28 - 00085998 ____A C:\Users\Dustin\Desktop\OTL.Txt
2012-06-22 04:22 - 2012-06-22 04:22 - 00595968 ____A (OldTimer Tools) C:\Users\Dustin\Desktop\OTL.exe
2012-06-21 01:16 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 01:16 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 01:16 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 01:16 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 01:16 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 01:16 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 01:16 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 01:16 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 01:16 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-19 10:07 - 2012-06-19 10:07 - 00001693 ____A C:\Users\Dustin\Desktop\aswMBR.txt
2012-06-19 10:07 - 2012-06-19 10:07 - 00000512 ____A C:\Users\Dustin\Desktop\MBR.dat
2012-06-19 09:54 - 2012-06-19 09:54 - 00064825 ____A C:\Users\Dustin\Desktop\tdss.txt
2012-06-19 09:52 - 2012-06-19 09:52 - 04731392 ____A (AVAST Software) C:\Users\Dustin\Desktop\aswMBR.exe
2012-06-19 09:51 - 2012-06-19 09:51 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Dustin\Desktop\tdsskiller.exe
2012-06-19 05:25 - 2012-06-19 05:25 - 00015837 ____A C:\ComboFix.txt
2012-06-19 05:09 - 2012-06-19 05:25 - 00000000 ____D C:\Qoobox
2012-06-19 05:09 - 2012-06-19 05:25 - 00000000 ____D C:\ComboFix
2012-06-19 05:09 - 2012-06-19 05:23 - 00000000 ____D C:\Windows\erdnt
2012-06-19 05:09 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-19 05:09 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-19 05:09 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-19 05:09 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-19 05:09 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-19 05:09 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-19 05:09 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-19 05:09 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-19 05:07 - 2012-06-19 05:07 - 04560556 ____R (Swearware) C:\Users\Dustin\Desktop\ComboFix.exe
2012-06-19 04:36 - 2012-06-19 04:36 - 00001177 ____A C:\Users\Dustin\Desktop\checkup.txt
2012-06-19 04:33 - 2012-06-22 05:34 - 00007906 ____A C:\Users\Dustin\Desktop\inst.txt
2012-06-19 04:33 - 2012-06-19 04:33 - 00881475 ____A C:\Users\Dustin\Desktop\SecurityCheck.exe
2012-06-18 07:28 - 2012-06-18 07:28 - 00131162 ____A C:\Users\Dustin\Desktop\ark.txt
2012-06-18 07:02 - 2012-06-18 07:02 - 00000000 ____D C:\Users\Dustin\Desktop\gmer
2012-06-18 07:01 - 2012-06-18 07:01 - 00294216 ____A C:\Users\Dustin\Desktop\gmer.zip
2012-06-18 07:01 - 2012-06-18 07:01 - 00016958 ____A C:\Users\Dustin\Desktop\DDS.txt
2012-06-18 06:59 - 2012-06-18 07:01 - 00014720 ____A C:\Users\Dustin\Desktop\Attach.txt
2012-06-18 06:54 - 2012-06-18 06:58 - 00016985 ____A C:\Users\Administrator\Desktop\DDS.txt
2012-06-18 06:54 - 2012-06-18 06:54 - 00014720 ____A C:\Users\Administrator\Desktop\Attach.txt
2012-06-18 06:51 - 2012-06-18 06:51 - 00607260 ____R (Swearware) C:\Users\Dustin\Desktop\dds.scr
2012-06-18 06:50 - 2012-06-18 06:51 - 00000488 ____A C:\Users\Dustin\Desktop\defogger_disable.log
2012-06-18 06:50 - 2012-06-18 06:50 - 00050477 ____A C:\Users\Dustin\Desktop\Defogger.exe
2012-06-18 06:50 - 2012-06-18 06:50 - 00000000 ____A C:\Users\Administrator\defogger_reenable
2012-06-17 00:01 - 2012-06-17 00:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-06-17 00:01 - 2012-06-17 00:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-17 00:01 - 2012-06-17 00:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-17 00:01 - 2012-06-17 00:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-17 00:01 - 2012-06-17 00:01 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-06-17 00:01 - 2012-06-17 00:01 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-06-17 00:01 - 2012-06-17 00:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-17 00:01 - 2012-06-17 00:01 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-06-17 00:01 - 2012-06-17 00:01 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-06-17 00:01 - 2012-06-17 00:01 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-06-17 00:01 - 2012-06-17 00:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-06-17 00:01 - 2012-06-17 00:01 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-06-17 00:01 - 2012-06-17 00:01 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-15 13:05 - 2012-06-15 14:05 - 00000000 ____D C:\Program Files\Trojan Remover
2012-06-15 13:05 - 2012-06-15 13:05 - 00000000 ____D C:\Users\All Users\Simply Super Software
2012-06-15 13:05 - 2003-02-02 17:06 - 00153088 ____A C:\Windows\System32\UNRAR3.dll
2012-06-15 13:05 - 2002-03-05 22:00 - 00075264 ____A C:\Windows\System32\unacev2.dll
2012-06-15 12:33 - 2012-06-15 12:48 - 00000000 ____D C:\Windows\pss
2012-06-15 10:40 - 2012-06-15 10:40 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\Malwarebytes
2012-06-15 10:08 - 2012-02-29 21:46 - 00019824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-06-15 10:08 - 2012-02-29 21:37 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-06-15 10:08 - 2012-02-29 21:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-06-15 10:08 - 2012-02-29 21:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-06-15 09:53 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-15 09:53 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-15 09:53 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-15 09:53 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-15 09:53 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-15 09:53 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-15 09:53 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-15 09:53 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-15 09:53 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-15 09:53 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-15 09:53 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-06-15 09:53 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-15 09:53 - 2012-03-30 02:23 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-06-15 09:53 - 2012-03-16 23:27 - 00056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-06-15 09:53 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-06-15 09:46 - 2012-06-15 14:27 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-15 09:42 - 2012-06-15 09:42 - 00173474 ____A C:\Users\Administrator\Desktop\GMER.log
2012-06-15 09:04 - 2012-06-15 09:04 - 00000000 ____D C:\rsit
2012-06-15 09:04 - 2012-06-15 09:04 - 00000000 ____D C:\Program Files\trend micro
2012-06-15 08:18 - 2012-02-23 07:18 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-06-15 08:17 - 2012-06-15 08:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Anvisoft
2012-06-15 08:13 - 2012-06-15 08:58 - 00000000 ____D C:\Program Files\Anvisoft
2012-06-15 07:51 - 2012-06-15 07:51 - 00000000 ____D C:\Users\All Users\GFI Software
2012-06-15 07:41 - 2012-06-15 07:44 - 00000000 ____D C:\Users\Dustin\AppData\Local\adaware
2012-06-15 07:37 - 2012-06-15 07:51 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2012-06-15 07:36 - 2012-06-15 07:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Ad-Aware Antivirus
2012-06-13 12:14 - 2012-06-13 12:14 - 00000000 ____D C:\Users\Dustin\AppData\Local\Macromedia


============ 3 Months Modified Files and Folders ===============

2012-06-22 09:23 - 2012-06-22 09:22 - 00000000 ____D C:\FRST
2012-06-22 06:10 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-22 06:10 - 2009-07-13 20:39 - 00052145 ____A C:\Windows\setupact.log
2012-06-22 06:06 - 2010-10-12 10:00 - 00065984 ____A C:\Windows\PFRO.log
2012-06-22 06:05 - 2010-07-25 01:15 - 01070881 ____A C:\Windows\WindowsUpdate.log
2012-06-22 05:34 - 2012-06-19 04:33 - 00007906 ____A C:\Users\Dustin\Desktop\inst.txt
2012-06-22 05:32 - 2012-06-22 05:32 - 00882236 ____A C:\FRST.exe
2012-06-22 05:26 - 2012-04-02 04:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-22 05:07 - 2012-06-22 05:07 - 00004898 ____A C:\Users\Administrator\Desktop\06222012_080642.log
2012-06-22 05:06 - 2012-06-22 05:06 - 00000000 ____D C:\_OTL
2012-06-22 04:30 - 2012-06-22 04:30 - 00058328 ____A C:\Users\Dustin\Desktop\Extras.Txt
2012-06-22 04:28 - 2012-06-22 04:28 - 00085998 ____A C:\Users\Dustin\Desktop\OTL.Txt
2012-06-22 04:22 - 2012-06-22 04:22 - 00595968 ____A (OldTimer Tools) C:\Users\Dustin\Desktop\OTL.exe
2012-06-21 09:03 - 2011-09-30 09:55 - 00000000 ____D C:\Windows\Patches
2012-06-20 12:39 - 2012-03-06 10:21 - 00000000 ____D C:\Users\Dustin\Desktop\Missions - Old
2012-06-20 12:04 - 2010-10-12 10:20 - 00000000 ____D C:\Users\Dustin\Documents\Mozilla Backups
2012-06-20 07:54 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\FxsTmp
2012-06-20 07:09 - 2011-09-28 04:49 - 00000000 ____D C:\Users\Dustin\Desktop\schedules
2012-06-19 21:29 - 2010-07-25 01:27 - 00000000 ____D C:\Users\All Users\PDFC
2012-06-19 10:07 - 2012-06-19 10:07 - 00001693 ____A C:\Users\Dustin\Desktop\aswMBR.txt
2012-06-19 10:07 - 2012-06-19 10:07 - 00000512 ____A C:\Users\Dustin\Desktop\MBR.dat
2012-06-19 09:54 - 2012-06-19 09:54 - 00064825 ____A C:\Users\Dustin\Desktop\tdss.txt
2012-06-19 09:52 - 2012-06-19 09:52 - 04731392 ____A (AVAST Software) C:\Users\Dustin\Desktop\aswMBR.exe
2012-06-19 09:51 - 2012-06-19 09:51 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Dustin\Desktop\tdsskiller.exe
2012-06-19 05:36 - 2009-07-13 20:34 - 00016976 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-19 05:36 - 2009-07-13 20:34 - 00016976 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-19 05:32 - 2009-07-25 04:54 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-19 05:25 - 2012-06-19 05:25 - 00015837 ____A C:\ComboFix.txt
2012-06-19 05:25 - 2012-06-19 05:09 - 00000000 ____D C:\Qoobox
2012-06-19 05:25 - 2012-06-19 05:09 - 00000000 ____D C:\ComboFix
2012-06-19 05:25 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2012-06-19 05:25 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Default
2012-06-19 05:23 - 2012-06-19 05:09 - 00000000 ____D C:\Windows\erdnt
2012-06-19 05:22 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-06-19 05:07 - 2012-06-19 05:07 - 04560556 ____R (Swearware) C:\Users\Dustin\Desktop\ComboFix.exe
2012-06-19 04:36 - 2012-06-19 04:36 - 00001177 ____A C:\Users\Dustin\Desktop\checkup.txt
2012-06-19 04:33 - 2012-06-19 04:33 - 00881475 ____A C:\Users\Dustin\Desktop\SecurityCheck.exe
2012-06-18 11:40 - 2011-09-28 13:32 - 00000600 ____A C:\Users\Dustin\AppData\Roaming\winscp.rnd
2012-06-18 09:45 - 2012-04-02 04:06 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-18 09:45 - 2011-09-30 11:19 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-18 07:28 - 2012-06-18 07:28 - 00131162 ____A C:\Users\Dustin\Desktop\ark.txt
2012-06-18 07:02 - 2012-06-18 07:02 - 00000000 ____D C:\Users\Dustin\Desktop\gmer
2012-06-18 07:01 - 2012-06-18 07:01 - 00294216 ____A C:\Users\Dustin\Desktop\gmer.zip
2012-06-18 07:01 - 2012-06-18 07:01 - 00016958 ____A C:\Users\Dustin\Desktop\DDS.txt
2012-06-18 07:01 - 2012-06-18 06:59 - 00014720 ____A C:\Users\Dustin\Desktop\Attach.txt
2012-06-18 06:58 - 2012-06-18 06:54 - 00016985 ____A C:\Users\Administrator\Desktop\DDS.txt
2012-06-18 06:54 - 2012-06-18 06:54 - 00014720 ____A C:\Users\Administrator\Desktop\Attach.txt
2012-06-18 06:51 - 2012-06-18 06:51 - 00607260 ____R (Swearware) C:\Users\Dustin\Desktop\dds.scr
2012-06-18 06:51 - 2012-06-18 06:50 - 00000488 ____A C:\Users\Dustin\Desktop\defogger_disable.log
2012-06-18 06:50 - 2012-06-18 06:50 - 00050477 ____A C:\Users\Dustin\Desktop\Defogger.exe
2012-06-18 06:50 - 2012-06-18 06:50 - 00000000 ____A C:\Users\Administrator\defogger_reenable
2012-06-18 06:50 - 2010-10-14 06:59 - 00000000 ____D C:\users\Administrator
2012-06-17 00:42 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2012-06-17 00:01 - 2012-06-17 00:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-06-17 00:01 - 2012-06-17 00:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-17 00:01 - 2012-06-17 00:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-17 00:01 - 2012-06-17 00:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-17 00:01 - 2012-06-17 00:01 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-06-17 00:01 - 2012-06-17 00:01 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-06-17 00:01 - 2012-06-17 00:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-17 00:01 - 2012-06-17 00:01 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-06-17 00:01 - 2012-06-17 00:01 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-06-17 00:01 - 2012-06-17 00:01 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-06-17 00:01 - 2012-06-17 00:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-06-17 00:01 - 2012-06-17 00:01 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-17 00:01 - 2012-06-17 00:01 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-06-17 00:01 - 2012-06-17 00:01 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-17 00:01 - 2011-09-26 05:21 - 00008814 ____A C:\Windows\IE9_main.log
2012-06-15 14:27 - 2012-06-15 09:46 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-15 14:05 - 2012-06-15 13:05 - 00000000 ____D C:\Program Files\Trojan Remover
2012-06-15 13:05 - 2012-06-15 13:05 - 00000000 ____D C:\Users\All Users\Simply Super Software
2012-06-15 12:48 - 2012-06-15 12:33 - 00000000 ____D C:\Windows\pss
2012-06-15 12:34 - 2010-10-12 09:51 - 00000440 _RASH C:\Users\All Users\ntuser.pol
2012-06-15 11:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-06-15 10:40 - 2012-06-15 10:40 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\Malwarebytes
2012-06-15 10:32 - 2009-07-13 20:33 - 00471976 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-15 10:31 - 2012-01-07 13:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-06-15 10:30 - 2009-07-13 23:50 - 00000000 ____D C:\Program Files\Windows Journal
2012-06-15 10:29 - 2010-07-25 01:24 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-15 09:42 - 2012-06-15 09:42 - 00173474 ____A C:\Users\Administrator\Desktop\GMER.log
2012-06-15 09:04 - 2012-06-15 09:04 - 00000000 ____D C:\rsit
2012-06-15 09:04 - 2012-06-15 09:04 - 00000000 ____D C:\Program Files\trend micro
2012-06-15 08:58 - 2012-06-15 08:13 - 00000000 ____D C:\Program Files\Anvisoft
2012-06-15 08:58 - 2010-10-14 07:00 - 00000000 ___RD C:\Users\Administrator\Virtual Machines
2012-06-15 08:17 - 2012-06-15 08:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Anvisoft
2012-06-15 07:51 - 2012-06-15 07:51 - 00000000 ____D C:\Users\All Users\GFI Software
2012-06-15 07:51 - 2012-06-15 07:37 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2012-06-15 07:44 - 2012-06-15 07:41 - 00000000 ____D C:\Users\Dustin\AppData\Local\adaware
2012-06-15 07:40 - 2012-06-15 07:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Ad-Aware Antivirus
2012-06-15 07:38 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-06-15 07:37 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2012-06-13 12:14 - 2012-06-13 12:14 - 00000000 ____D C:\Users\Dustin\AppData\Local\Macromedia
2012-06-05 05:25 - 2011-12-01 18:59 - 00008786 ____A C:\Users\Dustin\Desktop\budget.xlsx
2012-06-03 20:35 - 2010-10-12 09:16 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 14:19 - 2012-06-21 01:16 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 01:16 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 01:16 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 01:16 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 01:16 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 01:16 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 01:16 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-21 01:16 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:12 - 2012-06-21 01:16 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-14 17:05 - 2012-06-15 09:53 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 06:47 - 2011-09-28 04:49 - 00008576 ____A C:\Users\Dustin\Desktop\pass.xlsx
2012-05-10 06:31 - 2012-05-10 06:29 - 00000000 ____D C:\Users\Dustin\Desktop\articles
2012-04-30 20:44 - 2012-06-15 09:53 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 12:50 - 2011-10-10 06:28 - 00000000 ____D C:\Users\Dustin\Desktop\wx warnings
2012-04-27 19:17 - 2012-06-15 09:53 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:45 - 2012-06-15 09:53 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-15 09:53 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-15 09:53 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:36 - 2012-06-15 09:53 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-06-15 09:53 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-06-15 09:53 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-20 10:17 - 2012-03-08 12:55 - 00000600 ____A C:\Users\Dustin\AppData\Local\PUTTY.RND
2012-04-18 13:03 - 2012-04-11 07:02 - 00000000 ____D C:\Users\Dustin\Desktop\certificates
2012-04-18 13:02 - 2012-04-18 13:02 - 00001223 ____A C:\Users\Dustin\Downloads\JOSHUA_GRIFFIN_1.cer
2012-04-13 10:18 - 2010-10-18 07:12 - 00000000 ____D C:\Program Files\WxMesgNet
2012-04-13 04:17 - 2012-01-25 04:25 - 00001986 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-10 09:25 - 2012-03-28 09:07 - 00000000 ____D C:\Users\Dustin\Desktop\SOPs
2012-04-10 06:41 - 2012-04-10 06:41 - 00000000 ___AH C:\Users\Dustin\Documents\Default.rdp
2012-04-10 06:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2012-04-07 03:26 - 2012-06-15 09:53 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-02 11:49 - 2012-04-02 11:49 - 08660240 ____A C:\Users\Dustin\Downloads\CM1310_CM2320_MFP_Series_FW_Update-20120104.exe
2012-03-30 20:39 - 2012-06-15 09:53 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-06-15 09:53 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 04:21 - 2010-10-12 09:41 - 00002034 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2012-03-30 04:21 - 2010-10-12 09:41 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2012-03-30 02:23 - 2012-06-15 09:53 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 27%
Total physical RAM: 1917.18 MB
Available physical RAM: 1390.34 MB
Total Pagefile: 1917.18 MB
Available Pagefile: 1396.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:288.59 GB) (Free:251.62 GB) NTFS
2 Drive e: (HP_RECOVERY) (Fixed) (Total:7.49 GB) (Free:0.83 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (SYSTEM) (Fixed) (Total:2 GB) (Free:1.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 9 MB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 2047 MB 1024 KB
Partition 2 Primary 288 GB 2048 MB
Partition 3 Primary 7670 MB 290 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 2047 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 288 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_RECOVERY NTFS Partition 7670 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-17 21:08

======================= End Of Log ==========================

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 PM

Posted 24 June 2012 - 01:36 AM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users