Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista 64-bit/Google Re-directs/Loss of Administrator Tools


  • This topic is locked This topic is locked
9 replies to this topic

#1 tjnunamaker

tjnunamaker

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 19 June 2012 - 10:56 PM

Hello!

Thanks in advance for your help. I have a Google re-direct problem. Also, I have lost control over several administrator-level functions. For example, I had required a password entry when waking the notebook up. That's been disabled, and the radio button to re-enable it is greyed out (even though my user account shows administrator). Additionally, when I tried to run HJT as part of my troubleshooting, I was unable to run it as an administrator (again, greyed out).

Best,

Ted

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Ted at 20:35:45 on 2012-06-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4026.2336 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Users\Ted\Downloads\Defogger.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120424163754.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Ted\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [hpqSRMon]
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [<NO NAME>]
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Seagate Dashboard] "C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" --silent --no_ui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{5C647357-B782-44B3-BA84-C55560AFC1D0} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{9BD9EB15-B45D-497E-B827-CE3E00C22E60} : DhcpNameServer = 192.168.1.250
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120424163754.dll
BHO-X64: scriptproxy - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [hpqSRMon]
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [(Default)]
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Seagate Dashboard] "C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" --silent --no_ui
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\hz5k1ol1.default\
FF - prefs.js: browser.startup.homepage - www.postimees.ee
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Gradkell Systems, Inc\DBsign Data Security Suite\Common\Lib\npDbsGscInfo.dll
FF - plugin: C:\Program Files (x86)\Gradkell Systems, Inc\DBsign Data Security Suite\Common\Lib\npDBsignWeb.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Users\Ted\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Ted\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R2 accoca;ActivClient Middleware Service;C:\Program Files\ActivIdentity\ActivClient\accoca.exe [2008-5-30 263720]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-6-19 107848]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2009-11-23 103440]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-20 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-20 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-20 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-1-20 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-1-20 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\WINDOWS\SMINST\BLService.exe [2008-7-1 341328]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2011-6-26 376352]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 257224]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-20 89920]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-7-1 193840]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys --> C:\Windows\system32\DRIVERS\motport.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 113120]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 QSerBus64;Quatech PCI/PCMCIA/ISA Multiport Serial Device Enumerator;C:\Windows\system32\DRIVERS\qserbus64.sys --> C:\Windows\system32\DRIVERS\qserbus64.sys [?]
S3 QTSerial64;Quatech Multiport Serial Driver;C:\Windows\system32\DRIVERS\qtserial64.sys --> C:\Windows\system32\DRIVERS\qtserial64.sys [?]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\system32\DRIVERS\S3XXx64.sys --> C:\Windows\system32\DRIVERS\S3XXx64.sys [?]
S3 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
S3 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-9-29 24652]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-9-24 306416]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-06-20 03:07:22 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-06-20 02:51:13 -------- d-----w- C:\Program Files\HitmanPro
2012-06-20 02:50:36 -------- d-----w- C:\ProgramData\HitmanPro
2012-06-20 00:41:25 388096 ----a-r- C:\Users\Ted\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-20 00:41:22 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-19 00:40:48 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-19 00:40:48 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-13 05:29:46 -------- d-----w- C:\Users\Ted\AppData\Local\Macromedia
2012-06-13 00:38:15 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 00:38:13 2767360 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2012-06-13 05:29:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 05:29:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-04 21:10:06 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 20:37:23.83 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 tjnunamaker

tjnunamaker
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 19 June 2012 - 10:58 PM

Also, the Google re-direct is present in Firefox, but not IE.

Best,

Ted

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 AM

Posted 23 June 2012 - 09:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets start with this.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#4 tjnunamaker

tjnunamaker
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 23 June 2012 - 10:47 AM

Hello, nasdaq!

Thanks for the help. Here are the logs you requested.

Regards,

Ted

TDSS:

08:01:10.0981 22668 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
08:01:12.0790 22668 ============================================================
08:01:12.0790 22668 Current date / time: 2012/06/23 08:01:12.0790
08:01:12.0790 22668 SystemInfo:
08:01:12.0790 22668
08:01:12.0790 22668 OS Version: 6.0.6002 ServicePack: 2.0
08:01:12.0790 22668 Product type: Workstation
08:01:12.0790 22668 ComputerName: TED-PC
08:01:12.0791 22668 UserName: Ted
08:01:12.0791 22668 Windows directory: C:\Windows
08:01:12.0791 22668 System windows directory: C:\Windows
08:01:12.0791 22668 Running under WOW64
08:01:12.0791 22668 Processor architecture: Intel x64
08:01:12.0791 22668 Number of processors: 2
08:01:12.0791 22668 Page size: 0x1000
08:01:12.0791 22668 Boot type: Normal boot
08:01:12.0791 22668 ============================================================
08:01:13.0625 22668 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:01:13.0635 22668 ============================================================
08:01:13.0635 22668 \Device\Harddisk0\DR0:
08:01:13.0646 22668 MBR partitions:
08:01:13.0646 22668 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BC117C1
08:01:13.0646 22668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BC11800, BlocksNum 0x15B2800
08:01:13.0646 22668 ============================================================
08:01:13.0695 22668 C: <-> \Device\Harddisk0\DR0\Partition0
08:01:13.0833 22668 D: <-> \Device\Harddisk0\DR0\Partition1
08:01:13.0833 22668 ============================================================
08:01:13.0833 22668 Initialize success
08:01:13.0833 22668 ============================================================
08:01:59.0729 21448 ============================================================
08:01:59.0729 21448 Scan started
08:01:59.0729 21448 Mode: Manual;
08:01:59.0729 21448 ============================================================
08:02:00.0185 21448 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
08:02:00.0291 21448 Accelerometer - ok
08:02:00.0410 21448 accoca (d278c3019e0ce30140c02cf7ad74d009) C:\Program Files\ActivIdentity\ActivClient\accoca.exe
08:02:00.0475 21448 accoca - ok
08:02:00.0526 21448 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
08:02:00.0564 21448 ACPI - ok
08:02:00.0934 21448 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:02:00.0936 21448 AdobeFlashPlayerUpdateSvc - ok
08:02:00.0988 21448 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
08:02:01.0028 21448 adp94xx - ok
08:02:01.0064 21448 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
08:02:01.0089 21448 adpahci - ok
08:02:01.0125 21448 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
08:02:01.0148 21448 adpu160m - ok
08:02:01.0258 21448 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
08:02:01.0267 21448 adpu320 - ok
08:02:01.0384 21448 ADVService (7233688fc422ef657e082309e6180142) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
08:02:01.0491 21448 ADVService - ok
08:02:01.0527 21448 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
08:02:01.0541 21448 AeLookupSvc - ok
08:02:02.0725 21448 AESTFilters (05f4262fdbdfaeca7ef9b3f0807508fc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe
08:02:02.0838 21448 AESTFilters - ok
08:02:02.0912 21448 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
08:02:02.0989 21448 AFD - ok
08:02:03.0037 21448 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
08:02:03.0043 21448 agp440 - ok
08:02:03.0095 21448 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
08:02:03.0107 21448 aic78xx - ok
08:02:03.0126 21448 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
08:02:03.0135 21448 ALG - ok
08:02:03.0159 21448 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
08:02:03.0163 21448 aliide - ok
08:02:03.0169 21448 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
08:02:03.0173 21448 amdide - ok
08:02:03.0202 21448 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
08:02:03.0216 21448 AmdK8 - ok
08:02:03.0277 21448 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
08:02:03.0284 21448 Appinfo - ok
08:02:03.0309 21448 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
08:02:03.0317 21448 arc - ok
08:02:03.0356 21448 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
08:02:03.0370 21448 arcsas - ok
08:02:03.0398 21448 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
08:02:03.0404 21448 AsyncMac - ok
08:02:03.0435 21448 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
08:02:03.0446 21448 atapi - ok
08:02:03.0526 21448 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
08:02:03.0548 21448 AudioEndpointBuilder - ok
08:02:03.0554 21448 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
08:02:03.0559 21448 AudioSrv - ok
08:02:03.0668 21448 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
08:02:03.0713 21448 BCM43XV - ok
08:02:03.0772 21448 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
08:02:03.0815 21448 BFE - ok
08:02:03.0942 21448 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
08:02:03.0953 21448 BITS - ok
08:02:04.0023 21448 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
08:02:04.0238 21448 blbdrive - ok
08:02:04.0333 21448 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
08:02:04.0511 21448 bowser - ok
08:02:04.0539 21448 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
08:02:04.0546 21448 BrFiltLo - ok
08:02:04.0579 21448 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
08:02:04.0589 21448 BrFiltUp - ok
08:02:05.0565 21448 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
08:02:05.0574 21448 Browser - ok
08:02:05.0619 21448 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
08:02:05.0633 21448 Brserid - ok
08:02:05.0640 21448 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
08:02:05.0648 21448 BrSerWdm - ok
08:02:05.0657 21448 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
08:02:05.0679 21448 BrUsbMdm - ok
08:02:05.0700 21448 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
08:02:05.0704 21448 BrUsbSer - ok
08:02:05.0743 21448 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
08:02:05.0749 21448 BthEnum - ok
08:02:05.0761 21448 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
08:02:05.0769 21448 BTHMODEM - ok
08:02:05.0901 21448 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
08:02:06.0123 21448 BthPan - ok
08:02:06.0237 21448 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys
08:02:06.0610 21448 BTHPORT - ok
08:02:06.0657 21448 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
08:02:06.0665 21448 BthServ - ok
08:02:06.0686 21448 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys
08:02:06.0875 21448 BTHUSB - ok
08:02:06.0972 21448 btwaudio (5c73e29f176a0a258ef2d339c1bd9e3e) C:\Windows\system32\drivers\btwaudio.sys
08:02:07.0032 21448 btwaudio - ok
08:02:07.0279 21448 btwavdt (73b4341807e3398dac73102e4709ecb0) C:\Windows\system32\drivers\btwavdt.sys
08:02:07.0351 21448 btwavdt - ok
08:02:07.0409 21448 btwrchid (da0386aed062087147a4a9e09a23f6f1) C:\Windows\system32\DRIVERS\btwrchid.sys
08:02:07.0486 21448 btwrchid - ok
08:02:08.0495 21448 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
08:02:08.0510 21448 cdfs - ok
08:02:08.0558 21448 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
08:02:08.0567 21448 cdrom - ok
08:02:08.0599 21448 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
08:02:08.0602 21448 CertPropSvc - ok
08:02:08.0663 21448 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
08:02:08.0769 21448 cfwids - ok
08:02:08.0899 21448 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
08:02:08.0917 21448 circlass - ok
08:02:09.0324 21448 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
08:02:09.0339 21448 CLFS - ok
08:02:09.0470 21448 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:02:09.0489 21448 clr_optimization_v2.0.50727_32 - ok
08:02:09.0764 21448 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:02:09.0788 21448 clr_optimization_v2.0.50727_64 - ok
08:02:09.0831 21448 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
08:02:09.0840 21448 CmBatt - ok
08:02:09.0851 21448 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
08:02:09.0856 21448 cmdide - ok
08:02:10.0337 21448 Com4QLBEx (a94146208170d78906c93ee39cebdd9f) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
08:02:10.0491 21448 Com4QLBEx - ok
08:02:10.0568 21448 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
08:02:11.0246 21448 Compbatt - ok
08:02:11.0256 21448 COMSysApp - ok
08:02:11.0281 21448 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
08:02:11.0288 21448 crcdisk - ok
08:02:11.0339 21448 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
08:02:11.0347 21448 CryptSvc - ok
08:02:11.0750 21448 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
08:02:11.0782 21448 DcomLaunch - ok
08:02:11.0867 21448 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
08:02:11.0944 21448 DfsC - ok
08:02:12.0578 21448 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
08:02:12.0618 21448 DFSR - ok
08:02:13.0297 21448 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
08:02:13.0318 21448 Dhcp - ok
08:02:14.0069 21448 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
08:02:14.0075 21448 disk - ok
08:02:14.0157 21448 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
08:02:14.0172 21448 Dnscache - ok
08:02:14.0217 21448 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
08:02:14.0261 21448 dot3svc - ok
08:02:14.0307 21448 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
08:02:14.0311 21448 DPS - ok
08:02:14.0387 21448 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
08:02:14.0392 21448 drmkaud - ok
08:02:14.0599 21448 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
08:02:14.0779 21448 DXGKrnl - ok
08:02:14.0864 21448 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
08:02:14.0886 21448 E1G60 - ok
08:02:14.0984 21448 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
08:02:14.0988 21448 EapHost - ok
08:02:15.0034 21448 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
08:02:15.0055 21448 Ecache - ok
08:02:15.0126 21448 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
08:02:15.0150 21448 ehRecvr - ok
08:02:15.0174 21448 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
08:02:15.0196 21448 ehSched - ok
08:02:15.0219 21448 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
08:02:15.0229 21448 ehstart - ok
08:02:15.0360 21448 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
08:02:15.0416 21448 elxstor - ok
08:02:15.0503 21448 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
08:02:15.0510 21448 EMDMgmt - ok
08:02:15.0558 21448 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys
08:02:15.0654 21448 enecir - ok
08:02:15.0701 21448 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
08:02:15.0707 21448 ErrDev - ok
08:02:15.0939 21448 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
08:02:15.0974 21448 EventSystem - ok
08:02:16.0908 21448 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
08:02:16.0916 21448 exfat - ok
08:02:16.0988 21448 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
08:02:17.0007 21448 fastfat - ok
08:02:17.0204 21448 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
08:02:17.0228 21448 fdc - ok
08:02:17.0259 21448 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
08:02:17.0269 21448 fdPHost - ok
08:02:17.0304 21448 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
08:02:17.0308 21448 FDResPub - ok
08:02:17.0345 21448 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
08:02:17.0353 21448 FileInfo - ok
08:02:17.0378 21448 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
08:02:17.0388 21448 Filetrace - ok
08:02:17.0395 21448 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
08:02:17.0401 21448 flpydisk - ok
08:02:17.0456 21448 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
08:02:17.0477 21448 FltMgr - ok
08:02:18.0029 21448 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
08:02:18.0155 21448 FontCache - ok
08:02:18.0242 21448 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:02:18.0249 21448 FontCache3.0.0.0 - ok
08:02:18.0329 21448 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
08:02:18.0399 21448 Fs_Rec - ok
08:02:18.0428 21448 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
08:02:18.0436 21448 gagp30kx - ok
08:02:18.0933 21448 GameConsoleService (6139ae70e943b2a57ad04b70a316c0a0) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
08:02:19.0043 21448 GameConsoleService - ok
08:02:19.0849 21448 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
08:02:19.0922 21448 gpsvc - ok
08:02:19.0981 21448 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
08:02:20.0005 21448 HdAudAddService - ok
08:02:20.0551 21448 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:02:20.0643 21448 HDAudBus - ok
08:02:20.0675 21448 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
08:02:20.0685 21448 HidBth - ok
08:02:20.0911 21448 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
08:02:20.0928 21448 HidIr - ok
08:02:20.0974 21448 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
08:02:20.0993 21448 hidserv - ok
08:02:21.0033 21448 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
08:02:21.0052 21448 HidUsb - ok
08:02:21.0378 21448 HitmanProScheduler (7eeab103b4d0d4844a90b0a11f9f95a0) C:\Program Files\HitmanPro\hmpsched.exe
08:02:21.0478 21448 HitmanProScheduler - ok
08:02:22.0478 21448 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
08:02:22.0487 21448 hkmsvc - ok
08:02:22.0785 21448 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
08:02:22.0895 21448 HP Health Check Service - ok
08:02:22.0950 21448 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
08:02:22.0954 21448 HpCISSs - ok
08:02:22.0983 21448 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
08:02:23.0041 21448 hpdskflt - ok
08:02:23.0071 21448 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
08:02:23.0126 21448 HpqKbFiltr - ok
08:02:23.0172 21448 HpqRemHid (e53d53d66d61794af8160741946d0b43) C:\Windows\system32\DRIVERS\HpqRemHid.sys
08:02:23.0226 21448 HpqRemHid - ok
08:02:23.0333 21448 hpqwmiex (d50fdad1e57aa60f1973cfc77d905f0e) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
08:02:23.0344 21448 hpqwmiex - ok
08:02:23.0472 21448 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
08:02:23.0542 21448 hpsrv - ok
08:02:23.0872 21448 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
08:02:23.0902 21448 HSFHWAZL - ok
08:02:24.0153 21448 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
08:02:24.0251 21448 HSF_DPV - ok
08:02:24.0499 21448 HTCAND64 (81fc369485c12837de3d708b7c8fda7d) C:\Windows\system32\Drivers\ANDROIDUSB.sys
08:02:24.0606 21448 HTCAND64 - ok
08:02:25.0383 21448 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
08:02:25.0449 21448 HTTP - ok
08:02:25.0515 21448 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
08:02:25.0523 21448 i2omp - ok
08:02:25.0554 21448 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
08:02:25.0559 21448 i8042prt - ok
08:02:25.0931 21448 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
08:02:26.0115 21448 IAANTMON - ok
08:02:26.0184 21448 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
08:02:26.0187 21448 iaStor - ok
08:02:26.0341 21448 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
08:02:26.0352 21448 iaStorV - ok
08:02:26.0456 21448 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:02:26.0524 21448 IDriverT - ok
08:02:26.0967 21448 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:02:27.0011 21448 idsvc - ok
08:02:29.0761 21448 igfx (663e7364f650a915d415eeb2da98d86a) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:02:30.0080 21448 igfx - ok
08:02:31.0331 21448 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
08:02:31.0340 21448 iirsp - ok
08:02:31.0932 21448 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
08:02:31.0979 21448 IKEEXT - ok
08:02:32.0342 21448 IntcHdmiAddService (c7c9720a5b0fd2b974fc4f72e405204b) C:\Windows\system32\drivers\IntcHdmi.sys
08:02:32.0449 21448 IntcHdmiAddService - ok
08:02:32.0533 21448 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
08:02:32.0549 21448 intelide - ok
08:02:32.0571 21448 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
08:02:32.0581 21448 intelppm - ok
08:02:32.0618 21448 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
08:02:32.0637 21448 IPBusEnum - ok
08:02:32.0690 21448 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:02:32.0699 21448 IpFilterDriver - ok
08:02:32.0777 21448 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
08:02:32.0798 21448 iphlpsvc - ok
08:02:32.0805 21448 IpInIp - ok
08:02:32.0940 21448 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
08:02:32.0952 21448 IPMIDRV - ok
08:02:32.0992 21448 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
08:02:33.0038 21448 IPNAT - ok
08:02:33.0066 21448 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
08:02:33.0073 21448 IRENUM - ok
08:02:33.0792 21448 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
08:02:33.0798 21448 isapnp - ok
08:02:33.0945 21448 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
08:02:33.0968 21448 iScsiPrt - ok
08:02:34.0110 21448 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
08:02:34.0126 21448 iteatapi - ok
08:02:34.0183 21448 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
08:02:34.0191 21448 iteraid - ok
08:02:34.0225 21448 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
08:02:34.0230 21448 kbdclass - ok
08:02:34.0262 21448 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
08:02:34.0274 21448 kbdhid - ok
08:02:34.0339 21448 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
08:02:34.0343 21448 KeyIso - ok
08:02:34.0563 21448 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
08:02:34.0703 21448 KSecDD - ok
08:02:34.0748 21448 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
08:02:34.0758 21448 ksthunk - ok
08:02:34.0846 21448 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
08:02:34.0884 21448 KtmRm - ok
08:02:34.0950 21448 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
08:02:34.0966 21448 LanmanServer - ok
08:02:35.0012 21448 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
08:02:35.0028 21448 LanmanWorkstation - ok
08:02:35.0063 21448 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
08:02:35.0073 21448 lltdio - ok
08:02:35.0137 21448 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
08:02:35.0176 21448 lltdsvc - ok
08:02:35.0195 21448 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
08:02:35.0200 21448 lmhosts - ok
08:02:35.0348 21448 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
08:02:35.0356 21448 LSI_FC - ok
08:02:35.0391 21448 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
08:02:35.0400 21448 LSI_SAS - ok
08:02:35.0427 21448 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
08:02:35.0439 21448 LSI_SCSI - ok
08:02:35.0451 21448 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
08:02:35.0470 21448 luafv - ok
08:02:36.0558 21448 McAfee SiteAdvisor Service (be8c524313db75fa26fb2b0c0aaff88e) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
08:02:36.0660 21448 McAfee SiteAdvisor Service - ok
08:02:36.0936 21448 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
08:02:37.0049 21448 McMPFSvc - ok
08:02:37.0065 21448 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
08:02:37.0070 21448 mcmscsvc - ok
08:02:37.0098 21448 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
08:02:37.0102 21448 McNaiAnn - ok
08:02:37.0109 21448 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
08:02:37.0112 21448 McNASvc - ok
08:02:37.0311 21448 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\McAfee\VirusScan\mcods.exe
08:02:37.0315 21448 McODS - ok
08:02:37.0344 21448 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
08:02:37.0347 21448 McProxy - ok
08:02:37.0392 21448 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
08:02:37.0458 21448 McShield - ok
08:02:37.0925 21448 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
08:02:37.0932 21448 Mcx2Svc - ok
08:02:38.0113 21448 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
08:02:38.0123 21448 megasas - ok
08:02:38.0193 21448 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
08:02:38.0231 21448 MegaSR - ok
08:02:38.0290 21448 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
08:02:38.0391 21448 mfeapfk - ok
08:02:38.0423 21448 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
08:02:38.0493 21448 mfeavfk - ok
08:02:38.0506 21448 mfeavfk01 - ok
08:02:38.0550 21448 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
08:02:38.0620 21448 mfefire - ok
08:02:39.0329 21448 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
08:02:39.0428 21448 mfefirek - ok
08:02:39.0509 21448 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
08:02:39.0630 21448 mfehidk - ok
08:02:39.0717 21448 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
08:02:39.0797 21448 mfenlfk - ok
08:02:39.0906 21448 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
08:02:39.0910 21448 mferkdet - ok
08:02:39.0945 21448 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
08:02:40.0034 21448 mfevtp - ok
08:02:40.0270 21448 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
08:02:40.0351 21448 mfewfpk - ok
08:02:40.0382 21448 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
08:02:40.0385 21448 MMCSS - ok
08:02:40.0412 21448 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
08:02:40.0416 21448 Modem - ok
08:02:40.0449 21448 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
08:02:40.0456 21448 monitor - ok
08:02:40.0482 21448 motccgp (7bd101253058db30c52c6ea8d3911754) C:\Windows\system32\DRIVERS\motccgp.sys
08:02:40.0532 21448 motccgp - ok
08:02:40.0552 21448 motccgpfl (1a700e7063ca7f2b29a4e761da604dfb) C:\Windows\system32\DRIVERS\motccgpfl.sys
08:02:40.0600 21448 motccgpfl - ok
08:02:40.0649 21448 motmodem (940f4da752e28e6c4b1090d21aeb7b80) C:\Windows\system32\DRIVERS\motmodem.sys
08:02:40.0701 21448 motmodem - ok
08:02:40.0747 21448 motport (940f4da752e28e6c4b1090d21aeb7b80) C:\Windows\system32\DRIVERS\motport.sys
08:02:40.0796 21448 motport - ok
08:02:40.0820 21448 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
08:02:40.0824 21448 mouclass - ok
08:02:40.0858 21448 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
08:02:40.0864 21448 mouhid - ok
08:02:40.0877 21448 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
08:02:40.0889 21448 MountMgr - ok
08:02:41.0323 21448 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:02:41.0418 21448 MozillaMaintenance - ok
08:02:42.0333 21448 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
08:02:42.0344 21448 mpio - ok
08:02:42.0458 21448 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
08:02:42.0469 21448 mpsdrv - ok
08:02:42.0634 21448 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
08:02:42.0693 21448 MpsSvc - ok
08:02:42.0828 21448 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
08:02:42.0833 21448 Mraid35x - ok
08:02:42.0880 21448 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
08:02:42.0928 21448 MRxDAV - ok
08:02:43.0048 21448 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:02:43.0181 21448 mrxsmb - ok
08:02:43.0226 21448 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:02:43.0292 21448 mrxsmb10 - ok
08:02:43.0310 21448 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:02:43.0371 21448 mrxsmb20 - ok
08:02:43.0436 21448 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
08:02:43.0450 21448 msahci - ok
08:02:43.0462 21448 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
08:02:43.0474 21448 msdsm - ok
08:02:43.0507 21448 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
08:02:43.0523 21448 MSDTC - ok
08:02:43.0553 21448 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
08:02:43.0560 21448 Msfs - ok
08:02:43.0611 21448 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
08:02:43.0615 21448 msisadrv - ok
08:02:43.0737 21448 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
08:02:43.0784 21448 MSiSCSI - ok
08:02:43.0788 21448 msiserver - ok
08:02:43.0882 21448 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
08:02:43.0884 21448 MSKSSRV - ok
08:02:43.0915 21448 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
08:02:43.0921 21448 MSPCLOCK - ok
08:02:43.0949 21448 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
08:02:43.0955 21448 MSPQM - ok
08:02:45.0082 21448 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
08:02:45.0108 21448 MsRPC - ok
08:02:45.0134 21448 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
08:02:45.0140 21448 mssmbios - ok
08:02:45.0166 21448 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
08:02:45.0172 21448 MSTEE - ok
08:02:45.0296 21448 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
08:02:45.0303 21448 Mup - ok
08:02:45.0376 21448 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
08:02:45.0448 21448 napagent - ok
08:02:45.0522 21448 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
08:02:45.0643 21448 NativeWifiP - ok
08:02:46.0424 21448 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
08:02:46.0506 21448 NDIS - ok
08:02:46.0556 21448 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
08:02:46.0568 21448 NdisTapi - ok
08:02:46.0623 21448 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
08:02:46.0633 21448 Ndisuio - ok
08:02:46.0739 21448 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
08:02:46.0761 21448 NdisWan - ok
08:02:46.0808 21448 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
08:02:46.0815 21448 NDProxy - ok
08:02:46.0927 21448 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
08:02:46.0947 21448 NetBIOS - ok
08:02:47.0040 21448 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
08:02:47.0082 21448 netbt - ok
08:02:48.0028 21448 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
08:02:48.0031 21448 Netlogon - ok
08:02:48.0081 21448 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
08:02:48.0120 21448 Netman - ok
08:02:48.0173 21448 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
08:02:48.0183 21448 netprofm - ok
08:02:48.0260 21448 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:02:48.0271 21448 NetTcpPortSharing - ok
08:02:48.0736 21448 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
08:02:49.0024 21448 NETw5v64 - ok
08:02:49.0455 21448 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
08:02:49.0461 21448 nfrd960 - ok
08:02:49.0520 21448 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
08:02:49.0534 21448 NlaSvc - ok
08:02:49.0582 21448 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
08:02:49.0586 21448 Npfs - ok
08:02:49.0619 21448 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
08:02:49.0622 21448 nsi - ok
08:02:49.0641 21448 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
08:02:49.0645 21448 nsiproxy - ok
08:02:49.0904 21448 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
08:02:51.0121 21448 Ntfs - ok
08:02:51.0342 21448 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
08:02:51.0359 21448 Null - ok
08:02:51.0584 21448 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
08:02:51.0783 21448 NVENETFD - ok
08:02:51.0825 21448 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
08:02:51.0858 21448 nvraid - ok
08:02:51.0897 21448 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
08:02:51.0902 21448 nvstor - ok
08:02:51.0924 21448 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
08:02:51.0935 21448 nv_agp - ok
08:02:51.0942 21448 NwlnkFlt - ok
08:02:51.0955 21448 NwlnkFwd - ok
08:02:52.0910 21448 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:02:52.0992 21448 odserv - ok
08:02:53.0806 21448 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
08:02:53.0813 21448 ohci1394 - ok
08:02:53.0932 21448 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:02:54.0029 21448 ose - ok
08:02:54.0905 21448 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
08:02:55.0001 21448 p2pimsvc - ok
08:02:55.0012 21448 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
08:02:55.0019 21448 p2psvc - ok
08:02:56.0585 21448 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
08:02:56.0744 21448 Parport - ok
08:02:56.0902 21448 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
08:02:57.0016 21448 partmgr - ok
08:02:57.0252 21448 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
08:02:57.0258 21448 PcaSvc - ok
08:02:57.0294 21448 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
08:02:57.0348 21448 pci - ok
08:02:57.0372 21448 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
08:02:57.0379 21448 pciide - ok
08:02:57.0404 21448 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
08:02:57.0425 21448 pcmcia - ok
08:02:57.0574 21448 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
08:02:57.0608 21448 PEAUTH - ok
08:02:57.0815 21448 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
08:02:57.0823 21448 PerfHost - ok
08:02:58.0024 21448 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
08:02:58.0117 21448 pla - ok
08:02:58.0196 21448 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
08:02:58.0237 21448 PlugPlay - ok
08:02:58.0335 21448 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
08:02:58.0343 21448 PNRPAutoReg - ok
08:02:58.0357 21448 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
08:02:58.0365 21448 PNRPsvc - ok
08:02:59.0389 21448 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
08:02:59.0414 21448 PolicyAgent - ok
08:02:59.0965 21448 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
08:03:00.0008 21448 PptpMiniport - ok
08:03:00.0202 21448 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
08:03:00.0229 21448 Processor - ok
08:03:00.0284 21448 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
08:03:00.0313 21448 ProfSvc - ok
08:03:00.0383 21448 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
08:03:00.0387 21448 ProtectedStorage - ok
08:03:00.0473 21448 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
08:03:00.0475 21448 PSched - ok
08:03:00.0633 21448 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
08:03:00.0729 21448 ql2300 - ok
08:03:00.0767 21448 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
08:03:00.0803 21448 ql40xx - ok
08:03:01.0015 21448 QPCapSvc (2d757e14216e643e7885ebc0cfb0b906) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
08:03:01.0133 21448 QPCapSvc - ok
08:03:02.0077 21448 QPSched (ea8b29ead23da9da2f5df1da7c82e308) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
08:03:02.0155 21448 QPSched - ok
08:03:02.0209 21448 QSerBus64 (83416de1cec5befbc5a4b91e59330abc) C:\Windows\system32\DRIVERS\qserbus64.sys
08:03:02.0274 21448 QSerBus64 - ok
08:03:02.0304 21448 QTSerial64 (db4fc7970199861dd5bdfd8939d7b850) C:\Windows\system32\DRIVERS\qtserial64.sys
08:03:02.0373 21448 QTSerial64 - ok
08:03:02.0988 21448 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
08:03:03.0016 21448 QWAVE - ok
08:03:03.0035 21448 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
08:03:03.0037 21448 QWAVEdrv - ok
08:03:03.0118 21448 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
08:03:03.0124 21448 RasAcd - ok
08:03:03.0178 21448 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
08:03:03.0207 21448 RasAuto - ok
08:03:03.0255 21448 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:03:03.0284 21448 Rasl2tp - ok
08:03:03.0322 21448 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
08:03:03.0338 21448 RasMan - ok
08:03:03.0542 21448 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
08:03:03.0557 21448 RasPppoe - ok
08:03:03.0575 21448 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
08:03:03.0582 21448 RasSstp - ok
08:03:03.0639 21448 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
08:03:03.0653 21448 rdbss - ok
08:03:03.0682 21448 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:03:03.0687 21448 RDPCDD - ok
08:03:03.0723 21448 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
08:03:03.0743 21448 rdpdr - ok
08:03:03.0761 21448 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
08:03:03.0765 21448 RDPENCDD - ok
08:03:03.0982 21448 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
08:03:04.0043 21448 RDPWD - ok
08:03:05.0205 21448 Recovery Service for Windows (b9570481a1babcc4a9e941c553596077) C:\Windows\SMINST\BLService.exe
08:03:05.0347 21448 Recovery Service for Windows - ok
08:03:05.0697 21448 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
08:03:05.0718 21448 RemoteAccess - ok
08:03:05.0756 21448 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
08:03:05.0782 21448 RemoteRegistry - ok
08:03:05.0834 21448 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
08:03:05.0856 21448 RFCOMM - ok
08:03:06.0168 21448 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
08:03:06.0327 21448 RichVideo - ok
08:03:06.0393 21448 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
08:03:06.0413 21448 RpcLocator - ok
08:03:06.0465 21448 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
08:03:06.0472 21448 RpcSs - ok
08:03:06.0506 21448 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
08:03:06.0522 21448 rspndr - ok
08:03:06.0578 21448 RTL8169 (af7074e1d6a8a66204067ee8b2a8327a) C:\Windows\system32\DRIVERS\Rtlh64.sys
08:03:06.0630 21448 RTL8169 - ok
08:03:06.0682 21448 RTSTOR (325eeec3c29c8bfc495cc422b4449b2b) C:\Windows\system32\drivers\RTSTOR64.SYS
08:03:06.0736 21448 RTSTOR - ok
08:03:06.0768 21448 S3XXx64 (1baacb69dc6c99fa6b249ef27d4642ed) C:\Windows\system32\DRIVERS\S3XXx64.sys
08:03:06.0827 21448 S3XXx64 - ok
08:03:06.0884 21448 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
08:03:06.0886 21448 SamSs - ok
08:03:06.0983 21448 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
08:03:08.0739 21448 sbp2port - ok
08:03:08.0820 21448 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
08:03:08.0838 21448 SCardSvr - ok
08:03:08.0895 21448 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
08:03:08.0936 21448 Schedule - ok
08:03:08.0965 21448 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
08:03:08.0967 21448 SCPolicySvc - ok
08:03:09.0737 21448 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
08:03:09.0752 21448 sdbus - ok
08:03:09.0806 21448 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
08:03:09.0832 21448 SDRSVC - ok
08:03:10.0009 21448 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
08:03:10.0124 21448 SeagateDashboardService - ok
08:03:10.0286 21448 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:03:10.0296 21448 secdrv - ok
08:03:10.0323 21448 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
08:03:10.0327 21448 seclogon - ok
08:03:10.0366 21448 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
08:03:10.0370 21448 SENS - ok
08:03:10.0419 21448 Ser2pl (9f6490423ac3271e84a90a0dd9d30a3b) C:\Windows\system32\DRIVERS\ser2pl64.sys
08:03:10.0475 21448 Ser2pl - ok
08:03:10.0599 21448 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\DRIVERS\serenum.sys
08:03:10.0722 21448 Serenum - ok
08:03:11.0599 21448 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
08:03:11.0994 21448 Serial - ok
08:03:12.0080 21448 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
08:03:12.0092 21448 sermouse - ok
08:03:12.0168 21448 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
08:03:12.0189 21448 SessionEnv - ok
08:03:12.0212 21448 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
08:03:12.0225 21448 sffdisk - ok
08:03:12.0282 21448 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
08:03:12.0288 21448 sffp_mmc - ok
08:03:12.0340 21448 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
08:03:12.0461 21448 sffp_sd - ok
08:03:12.0489 21448 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
08:03:12.0493 21448 sfloppy - ok
08:03:12.0973 21448 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
08:03:13.0190 21448 SharedAccess - ok
08:03:14.0493 21448 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
08:03:14.0512 21448 ShellHWDetection - ok
08:03:14.0530 21448 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
08:03:14.0540 21448 SiSRaid2 - ok
08:03:14.0584 21448 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
08:03:14.0593 21448 SiSRaid4 - ok
08:03:14.0904 21448 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
08:03:15.0021 21448 slsvc - ok
08:03:15.0472 21448 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
08:03:15.0480 21448 SLUINotify - ok
08:03:15.0583 21448 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
08:03:15.0596 21448 Smb - ok
08:03:15.0648 21448 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
08:03:15.0664 21448 SNMPTRAP - ok
08:03:15.0790 21448 Soluto (f9369327409492097b0bb7ce86bd29de) C:\Windows\system32\DRIVERS\Soluto.sys
08:03:15.0909 21448 Soluto - ok
08:03:17.0558 21448 SolutoService (e33ee6977a58fc2b42fd4637a6bde167) C:\Program Files\Soluto\SolutoService.exe
08:03:17.0690 21448 SolutoService - ok
08:03:17.0762 21448 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
08:03:17.0774 21448 spldr - ok
08:03:17.0815 21448 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
08:03:17.0822 21448 Spooler - ok
08:03:18.0020 21448 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
08:03:18.0142 21448 srv - ok
08:03:18.0486 21448 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
08:03:18.0585 21448 srv2 - ok
08:03:18.0825 21448 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
08:03:18.0881 21448 srvnet - ok
08:03:18.0917 21448 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
08:03:18.0935 21448 SSDPSRV - ok
08:03:18.0981 21448 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
08:03:19.0003 21448 SstpSvc - ok
08:03:19.0096 21448 STacSV (810199dcc3bdc38304d7d649992ea7bc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
08:03:19.0186 21448 STacSV - ok
08:03:19.0238 21448 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
08:03:19.0326 21448 STHDA - ok
08:03:20.0354 21448 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
08:03:20.0404 21448 stisvc - ok
08:03:20.0440 21448 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
08:03:20.0458 21448 swenum - ok
08:03:20.0563 21448 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
08:03:20.0607 21448 swprv - ok
08:03:20.0726 21448 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
08:03:20.0733 21448 Symc8xx - ok
08:03:20.0774 21448 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
08:03:20.0781 21448 Sym_hi - ok
08:03:20.0834 21448 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
08:03:20.0838 21448 Sym_u3 - ok
08:03:20.0913 21448 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
08:03:20.0989 21448 SynTP - ok
08:03:21.0064 21448 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
08:03:21.0200 21448 SysMain - ok
08:03:21.0242 21448 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
08:03:21.0275 21448 TabletInputService - ok
08:03:21.0352 21448 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
08:03:21.0368 21448 TapiSrv - ok
08:03:21.0394 21448 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
08:03:21.0398 21448 TBS - ok
08:03:22.0026 21448 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
08:03:22.0266 21448 Tcpip - ok
08:03:23.0848 21448 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
08:03:23.0858 21448 Tcpip6 - ok
08:03:25.0100 21448 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
08:03:25.0129 21448 tcpipreg - ok
08:03:25.0176 21448 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
08:03:25.0195 21448 TDPIPE - ok
08:03:25.0217 21448 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
08:03:25.0229 21448 TDTCP - ok
08:03:25.0325 21448 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
08:03:25.0346 21448 tdx - ok
08:03:25.0443 21448 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
08:03:25.0472 21448 TermDD - ok
08:03:26.0270 21448 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
08:03:26.0319 21448 TermService - ok
08:03:26.0549 21448 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
08:03:26.0556 21448 Themes - ok
08:03:26.0627 21448 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
08:03:26.0631 21448 THREADORDER - ok
08:03:26.0779 21448 TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
08:03:26.0897 21448 TomTomHOMEService - ok
08:03:26.0929 21448 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
08:03:26.0942 21448 TrkWks - ok
08:03:26.0986 21448 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
08:03:26.0993 21448 TrustedInstaller - ok
08:03:27.0025 21448 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:03:27.0028 21448 tssecsrv - ok
08:03:27.0059 21448 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
08:03:27.0062 21448 tunmp - ok
08:03:27.0095 21448 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
08:03:27.0099 21448 tunnel - ok
08:03:27.0126 21448 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
08:03:27.0130 21448 uagp35 - ok
08:03:27.0188 21448 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
08:03:27.0203 21448 udfs - ok
08:03:27.0249 21448 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
08:03:27.0259 21448 UI0Detect - ok
08:03:27.0303 21448 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
08:03:27.0308 21448 uliagpkx - ok
08:03:27.0342 21448 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
08:03:27.0362 21448 uliahci - ok
08:03:27.0378 21448 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
08:03:27.0399 21448 UlSata - ok
08:03:27.0416 21448 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
08:03:27.0446 21448 ulsata2 - ok
08:03:27.0464 21448 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
08:03:27.0472 21448 umbus - ok
08:03:27.0524 21448 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
08:03:27.0539 21448 upnphost - ok
08:03:27.0609 21448 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
08:03:27.0619 21448 usbccgp - ok
08:03:27.0642 21448 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
08:03:27.0651 21448 usbcir - ok
08:03:27.0699 21448 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
08:03:27.0708 21448 usbehci - ok
08:03:27.0743 21448 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
08:03:27.0765 21448 usbhub - ok
08:03:27.0794 21448 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
08:03:27.0800 21448 usbohci - ok
08:03:27.0816 21448 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
08:03:27.0821 21448 usbprint - ok
08:03:28.0230 21448 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:03:28.0235 21448 USBSTOR - ok
08:03:28.0268 21448 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
08:03:28.0273 21448 usbuhci - ok
08:03:28.0303 21448 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
08:03:29.0045 21448 usbvideo - ok
08:03:29.0080 21448 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
08:03:29.0088 21448 UxSms - ok
08:03:29.0258 21448 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
08:03:29.0305 21448 vds - ok
08:03:29.0463 21448 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
08:03:29.0486 21448 vga - ok
08:03:29.0520 21448 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
08:03:29.0531 21448 VgaSave - ok
08:03:29.0608 21448 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
08:03:29.0621 21448 viaide - ok
08:03:29.0959 21448 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
08:03:30.0099 21448 Viewpoint Manager Service - ok
08:03:30.0345 21448 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
08:03:30.0356 21448 volmgr - ok
08:03:30.0408 21448 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
08:03:30.0433 21448 volmgrx - ok
08:03:30.0484 21448 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
08:03:30.0511 21448 volsnap - ok
08:03:30.0568 21448 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
08:03:30.0579 21448 vsmraid - ok
08:03:33.0012 21448 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
08:03:33.0128 21448 VSS - ok
08:03:33.0401 21448 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
08:03:33.0422 21448 W32Time - ok
08:03:33.0518 21448 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
08:03:33.0531 21448 WacomPen - ok
08:03:33.0583 21448 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
08:03:33.0593 21448 Wanarp - ok
08:03:33.0598 21448 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
08:03:33.0600 21448 Wanarpv6 - ok
08:03:33.0644 21448 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
08:03:33.0680 21448 wcncsvc - ok
08:03:33.0712 21448 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
08:03:33.0717 21448 WcsPlugInService - ok
08:03:33.0736 21448 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
08:03:33.0746 21448 Wd - ok
08:03:33.0799 21448 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:03:33.0832 21448 Wdf01000 - ok
08:03:33.0852 21448 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
08:03:33.0862 21448 WdiServiceHost - ok
08:03:33.0867 21448 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
08:03:33.0871 21448 WdiSystemHost - ok
08:03:34.0640 21448 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
08:03:34.0657 21448 WebClient - ok
08:03:35.0016 21448 Wecsvc (bd9a749f36710ffa02e0e530f7451936) C:\Windows\system32\wecsvc.dll
08:03:35.0058 21448 Wecsvc - ok
08:03:35.0439 21448 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
08:03:35.0455 21448 wercplsupport - ok
08:03:35.0846 21448 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
08:03:35.0867 21448 WerSvc - ok
08:03:36.0055 21448 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
08:03:36.0138 21448 winachsf - ok
08:03:36.0229 21448 WinDefend - ok
08:03:36.0255 21448 WinHttpAutoProxySvc - ok
08:03:37.0448 21448 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
08:03:37.0466 21448 Winmgmt - ok
08:03:38.0032 21448 WinRM (42717db2be3a075d0f0cd5c927c27a43) C:\Windows\system32\WsmSvc.dll
08:03:38.0118 21448 WinRM - ok
08:03:38.0303 21448 WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys
08:03:38.0310 21448 WinUSB - ok
08:03:38.0382 21448 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
08:03:38.0434 21448 Wlansvc - ok
08:03:38.0461 21448 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:03:38.0469 21448 WmiAcpi - ok
08:03:39.0003 21448 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
08:03:39.0018 21448 wmiApSrv - ok
08:03:39.0192 21448 WMPNetworkSvc - ok
08:03:40.0241 21448 WMZuneComm (45de51db0950a4b8595520ef0bafcff1) c:\Program Files\Zune\WMZuneComm.exe
08:03:40.0380 21448 WMZuneComm - ok
08:03:40.0813 21448 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
08:03:40.0836 21448 WPCSvc - ok
08:03:40.0999 21448 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
08:03:41.0009 21448 WPDBusEnum - ok
08:03:41.0067 21448 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
08:03:41.0073 21448 ws2ifsl - ok
08:03:41.0289 21448 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
08:03:41.0318 21448 wscsvc - ok
08:03:41.0325 21448 WSearch - ok
08:03:43.0272 21448 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:03:43.0376 21448 wuauserv - ok
08:03:44.0863 21448 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
08:03:44.0938 21448 WudfPf - ok
08:03:45.0007 21448 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:03:45.0030 21448 WUDFRd - ok
08:03:45.0241 21448 wudfsvc (3dcc7bf5afa921b479e622bd999121f3) C:\Windows\System32\WUDFSvc.dll
08:03:45.0348 21448 wudfsvc - ok
08:03:47.0743 21448 ZuneNetworkSvc (b79c2ce5340a5eca38ca1f74aa445d2b) c:\Program Files\Zune\ZuneNss.exe
08:03:48.0101 21448 ZuneNetworkSvc - ok
08:03:50.0030 21448 ZuneWlanCfgSvc (e2859aea054422fe40517179ae867c2d) c:\Windows\system32\ZuneWlanCfgSvc.exe
08:03:50.0139 21448 ZuneWlanCfgSvc - ok
08:03:50.0178 21448 MBR (0x1B8) (85d751f0e41b8e520aee8c07a8da777b) \Device\Harddisk0\DR0
08:03:52.0555 21448 \Device\Harddisk0\DR0 - ok
08:03:52.0573 21448 Boot (0x1200) (e371bc9b941b22c4580a90e8271c7d73) \Device\Harddisk0\DR0\Partition0
08:03:52.0598 21448 \Device\Harddisk0\DR0\Partition0 - ok
08:03:52.0636 21448 Boot (0x1200) (e331315ecdc8c300d3186ff9a93d868e) \Device\Harddisk0\DR0\Partition1
08:03:52.0637 21448 \Device\Harddisk0\DR0\Partition1 - ok
08:03:52.0638 21448 ============================================================
08:03:52.0638 21448 Scan finished
08:03:52.0638 21448 ============================================================
08:03:52.0655 24384 Detected object count: 0
08:03:52.0655 24384 Actual detected object count: 0

ASWMbr:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 08:32:00
-----------------------------
08:32:00.825 OS Version: Windows x64 6.0.6002 Service Pack 2
08:32:00.825 Number of processors: 2 586 0xF0D
08:32:00.825 ComputerName: TED-PC UserName: Ted
08:32:06.456 Initialize success
08:32:17.541 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:32:17.557 Disk 0 Vendor: ST925082 3.AH Size: 238475MB BusType: 3
08:32:17.557 Disk 0 MBR read successfully
08:32:17.573 Disk 0 MBR scan
08:32:17.573 Disk 0 unknown MBR code
08:32:17.588 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227362 MB offset 63
08:32:17.619 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11109 MB offset 465639424
08:32:17.682 Disk 0 scanning C:\Windows\system32\drivers
08:32:49.615 Service scanning
08:34:08.972 Modules scanning
08:34:08.972 Disk 0 trace - called modules:
08:34:09.019 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
08:34:09.019 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a0d060]
08:34:09.035 3 CLASSPNP.SYS[fffffa6000a31c33] -> nt!IofCallDriver -> [0xfffffa8006a0c9e0]
08:34:09.549 5 hpdskflt.sys[fffffa6001ab8189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c47050]
08:34:09.549 Scan finished successfully
08:34:26.475 Disk 0 MBR has been saved successfully to "C:\Users\Ted\Desktop\MBR.dat"
08:34:26.475 The log file has been saved successfully to "C:\Users\Ted\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   547bytes   0 downloads


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 AM

Posted 23 June 2012 - 12:30 PM

The logs are clean.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

#6 tjnunamaker

tjnunamaker
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 23 June 2012 - 08:01 PM

I ran ComboFix... here's the log:

ComboFix 12-06-23.05 - Ted 06/23/2012 16:14:35.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4026.2635 [GMT -7:00]
Running from: c:\users\Ted\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Games.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 23:27 . 2012-06-23 23:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 02:14 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 02:14 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 02:14 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 02:14 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 02:12 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 02:12 . 2012-06-02 22:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-21 02:12 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 02:12 . 2012-06-02 22:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-20 03:07 . 2012-06-20 03:07 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-20 02:51 . 2012-06-20 02:51 -------- d-----w- c:\program files\HitmanPro
2012-06-20 02:50 . 2012-06-20 03:07 -------- d-----w- c:\programdata\HitmanPro
2012-06-20 00:41 . 2012-06-20 00:41 388096 ----a-r- c:\users\Ted\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-20 00:41 . 2012-06-20 00:41 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-19 00:40 . 2012-06-19 00:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-19 00:40 . 2012-06-19 00:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-13 05:29 . 2012-06-13 05:29 -------- d-----w- c:\users\Ted\AppData\Local\Macromedia
2012-06-13 00:38 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 00:38 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 23:03 . 2012-04-12 17:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 23:03 . 2011-05-24 00:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-03 08:22 . 2012-05-12 17:25 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:45 . 2012-05-12 17:27 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2008-5-30 160808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2008-05-30 263720]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 23:03]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2777322643-2634447279-1779781177-1000Core.job
- c:\users\Ted\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-14 02:30]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2777322643-2634447279-1779781177-1000UA.job
- c:\users\Ted\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-14 02:30]
.
2011-06-01 c:\windows\Tasks\HPCeeScheduleForAmy.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-01 03:03]
.
2012-06-23 c:\windows\Tasks\HPCeeScheduleForTed.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-01 03:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 181784]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2008-05-30 377384]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\hz5k1ol1.default\
FF - prefs.js: browser.startup.homepage - www.postimees.ee
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-hpqSRMon - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-06-23 16:30:45
ComboFix-quarantined-files.txt 2012-06-23 23:30
.
Pre-Run: 85,908,619,264 bytes free
Post-Run: 89,058,668,544 bytes free
.
- - End Of File - - E052DD8473629071E75FC144E32AACF8

I did a quick check, and I'm still getting the google redirects.

Thanks again for the help!

Best,

Ted

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 AM

Posted 24 June 2012 - 08:08 AM

Click the Posted Image button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

Continue if the problem is not solved.

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

On a Vista or Windows 7 operating system right click on the fixme.reg file and run as Administrator.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
===

Continue....

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html

Keep me posted.

#8 tjnunamaker

tjnunamaker
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 24 June 2012 - 10:54 AM

Good Morning, nasdaq. I have very good news to report... after running the ipconfig commands, I've regained full control over my machine. I didn't carry out any of the instructions after that. Is there anything else I should do?

Thanks so much for the help. It's been fantastic.

Best,

Ted

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 AM

Posted 24 June 2012 - 01:00 PM

Glad we could help.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Post this log for my review.

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 AM

Posted 30 June 2012 - 08:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users