Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Trojan Detected on PC


  • This topic is locked This topic is locked
21 replies to this topic

#1 shock_er

shock_er

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 22 June 2012 - 07:18 PM

Hello,

It looks like my home PC (Windows 7) may have been infected with the ZeroAccess trojan. It started yesterday with some kind of fake anti-virus software appearing on the desktop saying that the PC was infected with various things and under attack. The IE browser was displaying a page saying the same thing and I was unable to browse to other pages. I have McAfee installed on the PC and then the McAfee warning box popped up saying that it had removed a trojan called ZeroAccess. I then ran a full scan but nothing was found. The McAfee warning box then started popping up continually, referring to three files, ZeroAccess, ZeroAccess.ee and ZerAccess.eh in C:\Installed Applications.

All I have done since is run another scan in safe mode. After I re-started, the McAfee warning boxes have stopped popping up and I am able to use the IE browser. After reading up about this virus on the web, decided it would be best is to leave it at that and hopefully get some advice on the best way to tackle it from someone who knows a lot more about this than me! Any advice would be very gratefully received.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by nicola at 0:03:14 on 2012-06-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3327.1777 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\O2 Assistant\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\O2 Assistant\bin\tgsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\msi\OSD hot keys\WMI_Hook_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\O2 Assistant\bin\sprtcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\nicola\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\nicola\AppData\Local\Akamai\netsession_win.exe
C:\Users\nicola\AppData\Local\{0290EFBE-1705-83D8-FA9F-33C1DA5A6F96}\syshost.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.aldi.com
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
mURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120621233955.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Akamai NetSession Interface] "c:\users\nicola\appdata\local\akamai\netsession_win.exe"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [syshost32] c:\users\nicola\appdata\local\{0290efbe-1705-83d8-fa9f-33c1da5a6f96}\syshost.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [McENUI] \McENUI.exe /hide
mRun: [O2DA] "c:\program files\o2 assistant\bin\sprtcmd.exe" /P O2DA
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio\PhAutoRun.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: craneware.com\portal
Trusted Zone: craneware.com\tportal
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{45AB881A-9766-463A-B115-C7EF41F0A7B1} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{789D0083-4FCF-4146-B027-8139909E2F2C} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{789D0083-4FCF-4146-B027-8139909E2F2C}\F42377962756C6563737548363033343 : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nicola\appdata\roaming\mozilla\firefox\profiles\onanrowa.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XRxdm004YYgb&ptb=A207F361-BF6B-4422-A083-7B01EDDF2814&psa=&ind=2011010209&ptnrS=XRxdm004YYgb&si=&st=kwd&n=77dd94a1&searchfor=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-11-14 464304]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-11-14 169608]
R0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\drivers\nvamacpi.sys [2009-8-13 24608]
R1 AEP_TDI_DRV;AEP NSP Port Forwarder TDI Driver;c:\windows\system32\drivers\aeptdipfwd.sys [2010-4-14 36659]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-11-14 64912]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2012-2-25 95200]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-23 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-23 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-11-14 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-11-14 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-14 151880]
R2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files\o2 assistant\bin\sprtsvc.exe [2010-4-23 206120]
R2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files\o2 assistant\bin\tgsrvc.exe [2010-4-23 185640]
R2 WMI_Hook_Service;WMI_Hook_Service;c:\program files\msi\osd hot keys\WMI_Hook_Service.exe [2009-9-4 101176]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-11-14 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-11-14 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-14 340920]
R3 NxpCap;CTX capture service;c:\windows\system32\drivers\NxpCap.sys [2009-8-13 1488096]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-23 214904]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 257224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-14 57600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-14 87656]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MSIDriver_IO_2;MSIDriver_IO_2;c:\program files\msi\osd hot keys\MSI_MAINSYS.sys [2009-8-25 26936]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1011232]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-3 1343400]
.
=============== Created Last 30 ================
.
2012-06-22 22:45:03 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 22:44:37 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 22:44:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 22:44:12 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 22:37:31 -------- d-----w- c:\users\nicola\appdata\local\{E293B43B-B661-4CF8-9F0A-31CF74B51A7D}
2012-06-21 22:39:53 29312 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
2012-06-21 22:01:32 335360 ----a-w- c:\users\nicola\appdata\local\dimfqyiss.exe
2012-06-21 22:01:21 -------- d-----w- c:\users\nicola\appdata\local\{0290EFBE-1705-83D8-FA9F-33C1DA5A6F96}
2012-06-21 18:29:07 -------- d-----w- c:\users\nicola\appdata\local\{5FDD8397-37D8-42C7-B399-1A11B9121F66}
2012-06-21 06:28:39 -------- d-----w- c:\users\nicola\appdata\local\{64501F74-E8C9-4426-ADC3-5E269F4359C9}
2012-06-21 06:28:27 -------- d-----w- c:\users\nicola\appdata\local\{7C366816-B6CC-49FE-92A1-939E53114027}
2012-06-20 18:27:58 -------- d-----w- c:\users\nicola\appdata\local\{F5AE041F-220F-4FBB-BC10-D4237EA8CB2E}
2012-06-20 18:27:47 -------- d-----w- c:\users\nicola\appdata\local\{E9D9A834-D8B5-4FC3-9585-84703121C168}
2012-06-20 06:21:52 -------- d-----w- c:\users\nicola\appdata\local\{9A5DEB5C-A9C9-4B52-8BFF-2BED1F66BF2D}
2012-06-20 06:21:40 -------- d-----w- c:\users\nicola\appdata\local\{FB73AEA7-66A1-4741-84D0-0E30ECB13750}
2012-06-19 18:21:08 -------- d-----w- c:\users\nicola\appdata\local\{C668BCCB-6540-473D-964E-503891710AA1}
2012-06-19 18:20:57 -------- d-----w- c:\users\nicola\appdata\local\{A20E7B99-E296-4723-A05D-0CCF22062967}
2012-06-19 06:20:16 -------- d-----w- c:\users\nicola\appdata\local\{99DD2007-31C4-44BC-AFA2-A1738CBD6F2A}
2012-06-19 06:20:01 -------- d-----w- c:\users\nicola\appdata\local\{291565ED-B441-4A4F-94DD-1EFA14AA18D6}
2012-06-18 17:13:12 -------- d-----w- c:\users\nicola\appdata\local\{FFE67A63-B379-4C0A-B69C-8397C726B902}
2012-06-18 05:12:43 -------- d-----w- c:\users\nicola\appdata\local\{6B3A4F2C-3D04-41CB-8A76-BDFEC08072C7}
2012-06-17 10:28:33 -------- d-----w- c:\users\nicola\appdata\local\{7A0B3B3E-D918-4A04-8824-CE8FD5C856CC}
2012-06-16 07:50:08 -------- d-----w- c:\users\nicola\appdata\local\{2323AE42-D8BC-4469-82E8-9830E7781AC0}
2012-06-15 06:38:11 -------- d-----w- c:\users\nicola\appdata\local\{D4C29A8C-D2B1-4C5C-AFC8-40E851BB5072}
2012-06-14 18:12:59 -------- d-----w- c:\users\nicola\appdata\local\{1F7E082F-58FD-4A42-8A76-828B8FF82406}
2012-06-14 07:37:14 -------- d-----w- c:\program files\iPod
2012-06-14 07:37:13 -------- d-----w- c:\program files\iTunes
2012-06-14 06:12:31 -------- d-----w- c:\users\nicola\appdata\local\{264F3FCF-54C4-4F00-8A49-71DC474BB66C}
2012-06-13 18:12:03 -------- d-----w- c:\users\nicola\appdata\local\{384F5063-0232-4122-BF45-E5D0522EC365}
2012-06-13 18:11:51 -------- d-----w- c:\users\nicola\appdata\local\{C7D5D59A-1CA2-4449-81FC-770D03D8C0AF}
2012-06-13 06:19:11 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 06:19:07 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 06:19:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 06:19:03 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 06:19:02 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 06:19:02 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 06:19:00 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 06:18:50 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 06:18:50 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 06:18:49 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 06:10:55 -------- d-----w- c:\users\nicola\appdata\local\{F0B8D6EC-6DA5-470A-816C-C818726FA147}
2012-06-13 06:10:28 -------- d-----w- c:\users\nicola\appdata\local\{1B823A5A-5E13-4B15-AA48-F3B48BADAD2F}
2012-06-12 17:21:20 -------- d-----w- c:\users\nicola\appdata\local\{F8FCAA59-20FF-46E9-B620-71151C32F7AC}
2012-06-12 17:21:08 -------- d-----w- c:\users\nicola\appdata\local\{124D9C43-D804-4FCA-91B1-101A8061E59B}
2012-06-11 20:26:19 -------- d-----w- c:\users\nicola\appdata\local\{4AF110F7-C20F-4792-B673-28FA57FD077D}
2012-06-11 20:26:08 -------- d-----w- c:\users\nicola\appdata\local\{4CC540BA-24DA-4BA1-8727-3EE7161DE486}
2012-06-11 08:25:40 -------- d-----w- c:\users\nicola\appdata\local\{3AC037F5-3C24-463F-B803-749619789E6C}
2012-06-11 08:25:28 -------- d-----w- c:\users\nicola\appdata\local\{8E19AE9A-8B1C-467C-885B-7AF1A8FDFC86}
2012-06-10 20:25:01 -------- d-----w- c:\users\nicola\appdata\local\{7B3AEE10-FF65-4CD9-89F3-B122037F96C5}
2012-06-10 08:24:36 -------- d-----w- c:\users\nicola\appdata\local\{BEA45F70-A792-4042-AED6-BC9B9F57E065}
2012-06-10 08:24:25 -------- d-----w- c:\users\nicola\appdata\local\{CED953A8-D905-4276-ACE9-53C6B8A84C0C}
2012-06-09 20:23:58 -------- d-----w- c:\users\nicola\appdata\local\{D2427AE0-AFFF-49EB-AC34-9A9DA614DA2D}
2012-06-09 08:23:32 -------- d-----w- c:\users\nicola\appdata\local\{1A4B0036-4508-4172-B624-81FE06A52781}
2012-06-09 08:23:19 -------- d-----w- c:\users\nicola\appdata\local\{6BCA93B9-F68A-400C-B72D-F1D2EEAF76B1}
2012-06-08 19:32:30 -------- d-----w- c:\users\nicola\appdata\local\{46724535-100C-4E1D-900D-FFCE9F905513}
2012-06-08 07:32:04 -------- d-----w- c:\users\nicola\appdata\local\{195577F9-D5B6-4E3C-ABAF-B6D5B1445A11}
2012-06-08 07:31:52 -------- d-----w- c:\users\nicola\appdata\local\{8FC7F9F0-E3CA-424C-A9C8-810D5BB76C1B}
2012-06-07 19:31:20 -------- d-----w- c:\users\nicola\appdata\local\{1B91611E-8FBA-4832-94EF-A000BFF5EA49}
2012-06-07 07:30:55 -------- d-----w- c:\users\nicola\appdata\local\{A19F103F-DEE8-4543-8ABA-9914A49DEAE1}
2012-06-07 07:30:44 -------- d-----w- c:\users\nicola\appdata\local\{2CEE42A1-4451-4903-8C16-4928C7CF080E}
2012-06-06 19:30:19 -------- d-----w- c:\users\nicola\appdata\local\{D0A739CC-1BA1-4EFC-9FBB-7B9BB0A15785}
2012-06-06 19:30:08 -------- d-----w- c:\users\nicola\appdata\local\{2EDE564C-C267-40F3-B68E-23DFE3088922}
2012-06-06 07:29:40 -------- d-----w- c:\users\nicola\appdata\local\{6E8D2CF7-CDB8-4740-9F19-AA1D71F92ABC}
2012-06-06 07:29:29 -------- d-----w- c:\users\nicola\appdata\local\{200CE74E-14A9-4CB3-9DFE-17EF4C8DBFD9}
2012-06-05 19:29:01 -------- d-----w- c:\users\nicola\appdata\local\{FC9C60D4-2998-41DD-9A02-5318D397B69C}
2012-06-05 19:28:49 -------- d-----w- c:\users\nicola\appdata\local\{79974763-4ACB-4F9B-8185-50F0FCF4CD08}
2012-06-05 07:23:01 -------- d-----w- c:\users\nicola\appdata\local\{ABF2E7DC-232F-4CE9-B9C7-71ECD9358B5E}
2012-06-05 07:22:49 -------- d-----w- c:\users\nicola\appdata\local\{7BCCDD29-B9E3-4C51-9C3D-6012FAB861AA}
2012-06-04 19:22:24 -------- d-----w- c:\users\nicola\appdata\local\{57241B79-703F-4A7F-9760-942FB0D43798}
2012-06-04 19:22:13 -------- d-----w- c:\users\nicola\appdata\local\{683DB507-D7F1-4240-9CF1-678E938E4CA1}
2012-06-04 07:21:45 -------- d-----w- c:\users\nicola\appdata\local\{F9CA3D25-B12A-47DE-A30E-868FBD98A4D6}
2012-06-04 07:21:29 -------- d-----w- c:\users\nicola\appdata\local\{D78C5477-EC3A-4BDF-BC04-AFF27F7A9FA4}
2012-06-03 14:24:23 -------- d-----w- c:\users\nicola\appdata\local\{92EB02CC-F0AC-4065-9B63-06700569CBEC}
2012-06-03 14:24:08 -------- d-----w- c:\users\nicola\appdata\local\{40725B5A-A4AB-4075-8DE2-DD6668FEC083}
2012-06-02 19:51:45 -------- d-----w- c:\users\nicola\appdata\local\{DE7A3AEC-5226-484B-ACD4-159B1DA97ACB}
2012-06-02 07:50:44 -------- d-----w- c:\users\nicola\appdata\local\{4A1EEF67-5389-4960-A28C-6E7832622768}
2012-06-02 07:50:23 -------- d-----w- c:\users\nicola\appdata\local\{2CE6ECFF-15C8-46C3-8FEF-4A9BAE074CAD}
2012-06-01 18:42:48 -------- d-----w- c:\users\nicola\appdata\local\{989501DE-153D-44F6-9864-A111B6F78634}
2012-06-01 06:42:11 -------- d-----w- c:\users\nicola\appdata\local\{B0779800-E382-460C-9F82-460EA4AB8B85}
2012-06-01 06:41:56 -------- d-----w- c:\users\nicola\appdata\local\{061E7CA9-B582-4A8B-AC13-797BE6E32134}
2012-05-31 18:41:22 -------- d-----w- c:\users\nicola\appdata\local\{1B90B978-BA0F-44D8-A15C-AEB060584823}
2012-05-31 06:40:52 -------- d-----w- c:\users\nicola\appdata\local\{FF0E94B6-E165-4D0C-BB55-9EF8887E833C}
2012-05-31 06:40:36 -------- d-----w- c:\users\nicola\appdata\local\{2CCAC2A8-474C-4DCF-9C52-18ED40EA3D77}
2012-05-30 18:31:44 -------- d-----w- c:\users\nicola\appdata\local\{42C1E63E-D213-4177-B8BB-D681F9A9E29C}
2012-05-30 18:31:32 -------- d-----w- c:\users\nicola\appdata\local\{FD798996-0C47-4393-90B6-3B12AA95212A}
2012-05-30 06:31:01 -------- d-----w- c:\users\nicola\appdata\local\{67973563-94B8-4CFF-9738-5C004907D5AD}
2012-05-30 06:30:50 -------- d-----w- c:\users\nicola\appdata\local\{F8971BCD-FE52-4E12-9552-235641A05651}
2012-05-29 18:30:20 -------- d-----w- c:\users\nicola\appdata\local\{7233626C-CEAD-4B72-BC67-25A795078A4F}
2012-05-29 18:30:07 -------- d-----w- c:\users\nicola\appdata\local\{B7418E4F-30F4-45A0-A307-1D11ABAD9A45}
2012-05-29 06:29:36 -------- d-----w- c:\users\nicola\appdata\local\{B7939658-CFF5-4584-AD37-5A05E8DDF900}
2012-05-29 06:29:22 -------- d-----w- c:\users\nicola\appdata\local\{72C9CAB2-AB48-4C0C-B635-170F6275740E}
2012-05-28 17:29:15 -------- d-----w- c:\users\nicola\appdata\local\{74D9953F-B000-4D7B-8AF1-8BC9625F69C7}
2012-05-28 17:29:03 -------- d-----w- c:\users\nicola\appdata\local\{F0BF7F2E-B4A9-443A-8262-85A43D42EB72}
2012-05-28 05:28:34 -------- d-----w- c:\users\nicola\appdata\local\{1833FBEE-2FDF-460D-AFD4-6C81EF8FBF87}
2012-05-28 05:28:23 -------- d-----w- c:\users\nicola\appdata\local\{84D44BD0-DD90-43BA-A6B4-D49E9F7E24C2}
2012-05-27 07:25:09 -------- d-----w- c:\users\nicola\appdata\local\{4FAD9416-3088-41F3-8E93-BB3E3306834A}
2012-05-27 07:24:54 -------- d-----w- c:\users\nicola\appdata\local\{0FD00B03-8F5A-4638-B0B0-424C121F724E}
2012-05-26 07:47:36 -------- d-----w- c:\users\nicola\appdata\local\{EFC93B75-96D5-4CFB-9FC3-5666DB027F57}
2012-05-26 07:47:24 -------- d-----w- c:\users\nicola\appdata\local\{378DC754-3467-42C6-972F-DBE58DBC2291}
2012-05-25 18:55:24 -------- d-----w- c:\users\nicola\appdata\local\{A4F62C6C-A2C9-44A6-9D63-FD71E227FA73}
2012-05-25 06:54:51 -------- d-----w- c:\users\nicola\appdata\local\{F56618A5-255A-4AB2-AD57-29FA268007F6}
2012-05-25 06:54:35 -------- d-----w- c:\users\nicola\appdata\local\{D4BBEC59-16B3-4257-8AC2-EDC6D9A038A8}
2012-05-24 18:44:28 -------- d-----w- c:\users\nicola\appdata\local\{B7234B6A-519B-4E5C-8D9D-0A89E212B949}
2012-05-24 06:43:59 -------- d-----w- c:\users\nicola\appdata\local\{C90789F1-8E38-475C-9B74-595DEF4F667F}
2012-05-24 06:43:47 -------- d-----w- c:\users\nicola\appdata\local\{BD588797-E75F-4BB8-8A61-7F1A412ADDAC}
.
==================== Find3M ====================
.
2012-06-10 08:00:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-10 08:00:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-18 19:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 0:04:46.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:52 PM

Posted 23 June 2012 - 07:26 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 shock_er

shock_er
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 23 June 2012 - 08:44 AM

Hi Gringo!

Thanks for getting back to me so quickly - here is the contents of the checkup.txt file. Think I've to post this first and then run the conmbofix? Also, as an update to my last post, I can no longer turn on the firewall on my PC - either McAfee or Windows - I know it says in the Guide to make sure it is switched on but the Windows one comes back with an error when I try and turn it on "Widows Firewall can't change some of your settings. Error code 0x80070424"

Thanks,

Nicola

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox 10.0.2 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
mcafee VIRUSS~1 mcvsshld.exe
mcafee VIRUSS~1 mcvsmap.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:52 PM

Posted 23 June 2012 - 08:46 AM

go ahead and run combofix and send me the report



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 shock_er

shock_er
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 23 June 2012 - 09:49 AM

Hi Gringo,

Sorry for taking so long - that part wasn't as straightforward as I hoped - my nerves are shot!! The main problem seemed to be that the MCAfee I have is some weird version that my ISP had bundled in with my subscription and there seemed to be no obvious way of actually switching it all off. I managed to disable the scanning anyway so hopefully that did the trick. PC seems to be ok now - Firewall is on and no pop ups from McAfee warning of any trojans.Here is combofix log file, thanks:

ComboFix 12-06-23.05 - nicola 23/06/2012 15:25:46.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3327.2320 [GMT 1:00]
Running from: c:\users\nicola\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\nicola\AppData\Local\{b0fb1451-e2ca-db8b-a24d-2f534e9eb0be}\@
c:\users\nicola\AppData\Local\{b0fb1451-e2ca-db8b-a24d-2f534e9eb0be}\n
c:\users\nicola\AppData\Local\dimfqyiss.exe
c:\users\nicola\Documents\~WRL1257.tmp
c:\windows\Installer\{b0fb1451-e2ca-db8b-a24d-2f534e9eb0be}\@
c:\windows\Installer\{b0fb1451-e2ca-db8b-a24d-2f534e9eb0be}\n
c:\windows\Installer\{b0fb1451-e2ca-db8b-a24d-2f534e9eb0be}\U\00000001.@
c:\windows\Installer\{b0fb1451-e2ca-db8b-a24d-2f534e9eb0be}\U\80000000.@
c:\windows\Installer\{b0fb1451-e2ca-db8b-a24d-2f534e9eb0be}\U\800000cb.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy3_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 14:35 . 2012-06-23 14:35 -------- d-----w- c:\users\gary\AppData\Local\temp
2012-06-23 14:35 . 2012-06-23 14:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 14:35 . 2012-06-23 14:35 -------- d-----w- c:\users\fern\AppData\Local\temp
2012-06-23 09:13 . 2012-06-23 09:13 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-22 22:45 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 22:45 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 22:45 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 22:45 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 22:44 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 22:44 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 22:44 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 22:44 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 22:44 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 22:39 . 2012-05-25 16:09 29312 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2012-06-21 22:01 . 2012-06-21 22:01 -------- d-----w- c:\users\nicola\AppData\Local\{0290EFBE-1705-83D8-FA9F-33C1DA5A6F96}
2012-06-14 07:37 . 2012-06-14 07:37 -------- d-----w- c:\program files\iPod
2012-06-14 07:37 . 2012-06-14 07:39 -------- d-----w- c:\program files\iTunes
2012-06-13 06:19 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 06:19 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 06:19 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 06:19 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 06:19 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 06:19 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 06:19 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 06:18 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 06:18 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 06:18 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 13:37 . 2009-11-28 11:32 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-23 13:36 . 2010-05-19 11:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-23 13:36 . 2009-11-28 11:32 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-10 08:00 . 2012-03-31 15:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-10 08:00 . 2011-05-20 07:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-03-31 04:39 . 2012-05-09 21:23 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 21:23 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-09 21:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-04-26 10:22 . 2012-02-03 18:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 13:01 . 2010-11-14 09:51 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
2011-05-09 09:49 176936 ----a-w- c:\program files\WiseConvert\prxtbWise.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-27 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-03-01 740216]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"Akamai NetSession Interface"="c:\users\nicola\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"syshost32"="c:\users\nicola\AppData\Local\{0290EFBE-1705-83D8-FA9F-33C1DA5A6F96}\syshost.exe" [2012-06-21 374272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 13797920]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-07-23 162912]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-10 7612960]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"O2DA"="c:\program files\O2 Assistant\bin\sprtcmd.exe" [2010-04-23 206120]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\fern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
.
c:\users\gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-1-2 44176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 87656]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MSIDriver_IO_2;MSIDriver_IO_2;c:\program files\msi\OSD hot keys\MSI_MAINSYS.sys [2009-08-25 26936]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1011232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 169608]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [2009-06-04 24608]
S1 AEP_TDI_DRV;AEP NSP Port Forwarder TDI Driver;c:\windows\system32\DRIVERS\aeptdipfwd.sys [2010-04-14 36659]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 64912]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2012-01-13 95200]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 161632]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 151880]
S2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files\O2 Assistant\bin\sprtsvc.exe [2010-04-23 206120]
S2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files\O2 Assistant\bin\tgsrvc.exe [2010-04-23 185640]
S2 WMI_Hook_Service;WMI_Hook_Service;c:\program files\msi\OSD hot keys\WMI_Hook_Service.exe [2009-09-04 101176]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 57600]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 340920]
S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [2009-07-30 1488096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 08:00]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 13:25]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 13:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4
Trusted Zone: craneware.com\portal
Trusted Zone: craneware.com\tportal
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\nicola\AppData\Roaming\Mozilla\Firefox\Profiles\onanrowa.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XRxdm004YYgb&ptb=A207F361-BF6B-4422-A083-7B01EDDF2814&psa=&ind=2011010209&ptnrS=XRxdm004YYgb&si=&st=kwd&n=77dd94a1&searchfor=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-McENUI - \McENUI.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1424)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2012-06-23 15:42:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 14:42
.
Pre-Run: 787,300,229,120 bytes free
Post-Run: 792,117,948,416 bytes free
.
- - End Of File - - 84D69DFA8FF631F66F0C7A1BE90DA998

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:52 PM

Posted 23 June 2012 - 11:28 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 shock_er

shock_er
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 23 June 2012 - 01:38 PM

Thank you - TDSSKiller report:

17:53:39.0603 1444 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
17:53:41.0476 1444 ============================================================
17:53:41.0476 1444 Current date / time: 2012/06/23 17:53:41.0476
17:53:41.0476 1444 SystemInfo:
17:53:41.0476 1444
17:53:41.0476 1444 OS Version: 6.1.7601 ServicePack: 1.0
17:53:41.0476 1444 Product type: Workstation
17:53:41.0476 1444 ComputerName: NICOLA-PC
17:53:41.0476 1444 UserName: nicola
17:53:41.0476 1444 Windows directory: C:\Windows
17:53:41.0476 1444 System windows directory: C:\Windows
17:53:41.0476 1444 Processor architecture: Intel x86
17:53:41.0476 1444 Number of processors: 2
17:53:41.0476 1444 Page size: 0x1000
17:53:41.0476 1444 Boot type: Normal boot
17:53:41.0476 1444 ============================================================
17:53:43.0083 1444 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:53:43.0083 1444 ============================================================
17:53:43.0083 1444 \Device\Harddisk0\DR0:
17:53:43.0083 1444 MBR partitions:
17:53:43.0083 1444 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:53:43.0083 1444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71CD3000
17:53:43.0083 1444 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x71D05800, BlocksNum 0x2800000
17:53:43.0083 1444 ============================================================
17:53:43.0114 1444 C: <-> \Device\Harddisk0\DR0\Partition1
17:53:43.0146 1444 D: <-> \Device\Harddisk0\DR0\Partition2
17:53:43.0146 1444 ============================================================
17:53:43.0146 1444 Initialize success
17:53:43.0146 1444 ============================================================
17:53:47.0857 5020 ============================================================
17:53:47.0857 5020 Scan started
17:53:47.0857 5020 Mode: Manual;
17:53:47.0857 5020 ============================================================
17:53:48.0652 5020 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
17:53:48.0699 5020 1394ohci - ok
17:53:48.0808 5020 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:53:48.0902 5020 ACDaemon - ok
17:53:48.0949 5020 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
17:53:48.0949 5020 ACPI - ok
17:53:48.0964 5020 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
17:53:49.0011 5020 AcpiPmi - ok
17:53:49.0183 5020 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:53:49.0245 5020 AdobeARMservice - ok
17:53:49.0417 5020 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:53:49.0479 5020 AdobeFlashPlayerUpdateSvc - ok
17:53:49.0510 5020 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:53:49.0510 5020 adp94xx - ok
17:53:49.0682 5020 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:53:49.0682 5020 adpahci - ok
17:53:49.0744 5020 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:53:49.0776 5020 adpu320 - ok
17:53:49.0869 5020 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
17:53:49.0869 5020 AeLookupSvc - ok
17:53:49.0947 5020 AEP_TDI_DRV (6ace9778c782b5470c40289f04a01919) C:\Windows\system32\DRIVERS\aeptdipfwd.sys
17:53:50.0010 5020 AEP_TDI_DRV - ok
17:53:50.0212 5020 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
17:53:50.0259 5020 Afc - ok
17:53:50.0322 5020 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:53:50.0400 5020 AFD - ok
17:53:50.0493 5020 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:53:50.0509 5020 agp440 - ok
17:53:50.0556 5020 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:53:50.0571 5020 aic78xx - ok
17:53:50.0790 5020 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files\common files\akamai/netsession_win_80c2ffa.dll
17:53:50.0790 5020 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
17:53:50.0790 5020 Akamai ( HiddenFile.Multi.Generic ) - warning
17:53:50.0790 5020 Akamai - detected HiddenFile.Multi.Generic (1)
17:53:50.0868 5020 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
17:53:50.0883 5020 ALG - ok
17:53:50.0914 5020 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:53:50.0914 5020 aliide - ok
17:53:50.0961 5020 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:53:50.0961 5020 amdagp - ok
17:53:50.0992 5020 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:53:50.0992 5020 amdide - ok
17:53:51.0024 5020 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:53:51.0024 5020 AmdK8 - ok
17:53:51.0039 5020 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:53:51.0039 5020 AmdPPM - ok
17:53:51.0086 5020 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
17:53:51.0180 5020 amdsata - ok
17:53:51.0226 5020 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:53:51.0226 5020 amdsbs - ok
17:53:51.0242 5020 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
17:53:51.0336 5020 amdxata - ok
17:53:51.0382 5020 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:53:51.0476 5020 AppID - ok
17:53:51.0492 5020 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
17:53:51.0492 5020 AppIDSvc - ok
17:53:51.0538 5020 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
17:53:51.0570 5020 Appinfo - ok
17:53:51.0710 5020 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:53:51.0772 5020 Apple Mobile Device - ok
17:53:51.0804 5020 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:53:51.0804 5020 arc - ok
17:53:51.0835 5020 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:53:51.0850 5020 arcsas - ok
17:53:51.0882 5020 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:53:51.0882 5020 AsyncMac - ok
17:53:51.0913 5020 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:53:51.0928 5020 atapi - ok
17:53:52.0006 5020 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:53:52.0084 5020 AudioEndpointBuilder - ok
17:53:52.0100 5020 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:53:52.0131 5020 Audiosrv - ok
17:53:52.0147 5020 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
17:53:52.0162 5020 AxInstSV - ok
17:53:52.0178 5020 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:53:52.0194 5020 b06bdrv - ok
17:53:52.0256 5020 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:53:52.0256 5020 b57nd60x - ok
17:53:52.0303 5020 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
17:53:52.0303 5020 BDESVC - ok
17:53:52.0334 5020 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:53:52.0334 5020 Beep - ok
17:53:52.0396 5020 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
17:53:52.0459 5020 BFE - ok
17:53:52.0552 5020 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
17:53:52.0584 5020 BITS - ok
17:53:52.0615 5020 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:53:52.0615 5020 blbdrive - ok
17:53:52.0724 5020 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:53:52.0786 5020 Bonjour Service - ok
17:53:52.0818 5020 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:53:52.0864 5020 bowser - ok
17:53:52.0911 5020 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:53:52.0911 5020 BrFiltLo - ok
17:53:52.0942 5020 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:53:52.0942 5020 BrFiltUp - ok
17:53:52.0958 5020 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
17:53:52.0958 5020 BridgeMP - ok
17:53:53.0098 5020 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
17:53:53.0145 5020 Browser - ok
17:53:53.0192 5020 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:53:53.0192 5020 Brserid - ok
17:53:53.0239 5020 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:53:53.0239 5020 BrSerWdm - ok
17:53:53.0270 5020 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:53:53.0270 5020 BrUsbMdm - ok
17:53:53.0286 5020 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:53:53.0286 5020 BrUsbSer - ok
17:53:53.0301 5020 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:53:53.0317 5020 BTHMODEM - ok
17:53:53.0348 5020 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
17:53:53.0348 5020 bthserv - ok
17:53:53.0442 5020 catchme - ok
17:53:53.0473 5020 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:53:53.0473 5020 cdfs - ok
17:53:53.0504 5020 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
17:53:53.0551 5020 cdrom - ok
17:53:53.0582 5020 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:53:53.0644 5020 CertPropSvc - ok
17:53:53.0676 5020 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys
17:53:53.0738 5020 cfwids - ok
17:53:53.0754 5020 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:53:53.0754 5020 circlass - ok
17:53:53.0769 5020 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:53:53.0769 5020 CLFS - ok
17:53:53.0832 5020 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:53:53.0832 5020 clr_optimization_v2.0.50727_32 - ok
17:53:53.0910 5020 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:53:53.0910 5020 clr_optimization_v4.0.30319_32 - ok
17:53:53.0925 5020 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:53:53.0925 5020 CmBatt - ok
17:53:53.0956 5020 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:53:53.0956 5020 cmdide - ok
17:53:54.0003 5020 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
17:53:54.0097 5020 CNG - ok
17:53:54.0112 5020 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:53:54.0112 5020 Compbatt - ok
17:53:54.0128 5020 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
17:53:54.0128 5020 CompositeBus - ok
17:53:54.0144 5020 COMSysApp - ok
17:53:54.0159 5020 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:53:54.0159 5020 crcdisk - ok
17:53:54.0206 5020 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
17:53:54.0206 5020 CryptSvc - ok
17:53:54.0284 5020 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:53:54.0284 5020 DcomLaunch - ok
17:53:54.0346 5020 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
17:53:54.0362 5020 defragsvc - ok
17:53:54.0424 5020 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
17:53:54.0424 5020 DfsC - ok
17:53:54.0471 5020 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
17:53:54.0518 5020 Dhcp - ok
17:53:54.0534 5020 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:53:54.0534 5020 discache - ok
17:53:54.0565 5020 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:53:54.0565 5020 Disk - ok
17:53:54.0596 5020 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
17:53:54.0627 5020 Dnscache - ok
17:53:54.0674 5020 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
17:53:54.0674 5020 dot3svc - ok
17:53:54.0690 5020 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
17:53:54.0721 5020 DPS - ok
17:53:54.0752 5020 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:53:54.0752 5020 drmkaud - ok
17:53:54.0814 5020 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:53:54.0830 5020 DXGKrnl - ok
17:53:54.0846 5020 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
17:53:54.0861 5020 EapHost - ok
17:53:54.0955 5020 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:53:55.0002 5020 ebdrv - ok
17:53:55.0095 5020 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
17:53:55.0158 5020 EFS - ok
17:53:55.0204 5020 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
17:53:55.0267 5020 ehRecvr - ok
17:53:55.0282 5020 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
17:53:55.0282 5020 ehSched - ok
17:53:55.0314 5020 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:53:55.0329 5020 elxstor - ok
17:53:55.0360 5020 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:53:55.0376 5020 ErrDev - ok
17:53:55.0407 5020 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
17:53:55.0423 5020 EventSystem - ok
17:53:55.0438 5020 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:53:55.0454 5020 exfat - ok
17:53:55.0470 5020 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:53:55.0470 5020 fastfat - ok
17:53:55.0532 5020 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
17:53:55.0594 5020 Fax - ok
17:53:55.0626 5020 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:53:55.0626 5020 fdc - ok
17:53:55.0641 5020 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
17:53:55.0641 5020 fdPHost - ok
17:53:55.0657 5020 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
17:53:55.0657 5020 FDResPub - ok
17:53:55.0672 5020 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:53:55.0672 5020 FileInfo - ok
17:53:55.0688 5020 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:53:55.0688 5020 Filetrace - ok
17:53:55.0704 5020 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:53:55.0704 5020 flpydisk - ok
17:53:55.0719 5020 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:53:55.0735 5020 FltMgr - ok
17:53:55.0782 5020 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
17:53:55.0782 5020 FontCache - ok
17:53:55.0844 5020 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:53:55.0860 5020 FontCache3.0.0.0 - ok
17:53:55.0860 5020 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:53:55.0875 5020 FsDepends - ok
17:53:55.0891 5020 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
17:53:55.0891 5020 Fs_Rec - ok
17:53:55.0906 5020 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:53:55.0906 5020 fvevol - ok
17:53:55.0938 5020 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:53:55.0938 5020 gagp30kx - ok
17:53:55.0984 5020 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:53:56.0031 5020 GEARAspiWDM - ok
17:53:56.0062 5020 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
17:53:56.0094 5020 gpsvc - ok
17:53:56.0203 5020 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:53:56.0281 5020 gupdate - ok
17:53:56.0312 5020 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:53:56.0374 5020 gupdatem - ok
17:53:56.0437 5020 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:53:56.0530 5020 gusvc - ok
17:53:56.0562 5020 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:53:56.0562 5020 hcw85cir - ok
17:53:56.0608 5020 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
17:53:56.0608 5020 HdAudAddService - ok
17:53:56.0640 5020 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
17:53:56.0686 5020 HDAudBus - ok
17:53:56.0702 5020 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:53:56.0702 5020 HidBatt - ok
17:53:56.0733 5020 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:53:56.0733 5020 HidBth - ok
17:53:56.0749 5020 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:53:56.0764 5020 HidIr - ok
17:53:56.0780 5020 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
17:53:56.0780 5020 hidserv - ok
17:53:56.0811 5020 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
17:53:56.0905 5020 HidUsb - ok
17:53:56.0920 5020 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
17:53:56.0967 5020 hkmsvc - ok
17:53:56.0983 5020 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
17:53:56.0983 5020 HomeGroupListener - ok
17:53:57.0014 5020 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
17:53:57.0061 5020 HomeGroupProvider - ok
17:53:57.0076 5020 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:53:57.0076 5020 HpSAMD - ok
17:53:57.0123 5020 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:53:57.0186 5020 HTTP - ok
17:53:57.0201 5020 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:53:57.0232 5020 hwpolicy - ok
17:53:57.0248 5020 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
17:53:57.0264 5020 i8042prt - ok
17:53:57.0295 5020 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
17:53:57.0404 5020 iaStorV - ok
17:53:57.0482 5020 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:53:57.0560 5020 idsvc - ok
17:53:57.0591 5020 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:53:57.0591 5020 iirsp - ok
17:53:57.0638 5020 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
17:53:57.0685 5020 IKEEXT - ok
17:53:57.0825 5020 IntcAzAudAddService (d991871aa47da7989540ac2c0f6ec533) C:\Windows\system32\drivers\RTKVHDA.sys
17:53:57.0919 5020 IntcAzAudAddService - ok
17:53:57.0997 5020 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:53:57.0997 5020 intelide - ok
17:53:58.0028 5020 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:53:58.0028 5020 intelppm - ok
17:53:58.0059 5020 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
17:53:58.0059 5020 IPBusEnum - ok
17:53:58.0075 5020 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:53:58.0090 5020 IpFilterDriver - ok
17:53:58.0106 5020 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
17:53:58.0153 5020 iphlpsvc - ok
17:53:58.0168 5020 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
17:53:58.0215 5020 IPMIDRV - ok
17:53:58.0356 5020 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:53:58.0371 5020 IPNAT - ok
17:53:58.0496 5020 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
17:53:58.0574 5020 iPod Service - ok
17:53:58.0590 5020 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:53:58.0605 5020 IRENUM - ok
17:53:58.0605 5020 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:53:58.0621 5020 isapnp - ok
17:53:58.0636 5020 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
17:53:58.0699 5020 iScsiPrt - ok
17:53:58.0714 5020 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
17:53:58.0714 5020 kbdclass - ok
17:53:58.0730 5020 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
17:53:58.0746 5020 kbdhid - ok
17:53:58.0761 5020 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:53:58.0761 5020 KeyIso - ok
17:53:58.0777 5020 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
17:53:58.0792 5020 KSecDD - ok
17:53:58.0824 5020 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
17:53:58.0824 5020 KSecPkg - ok
17:53:58.0855 5020 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
17:53:58.0855 5020 KtmRm - ok
17:53:58.0902 5020 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
17:53:58.0902 5020 LanmanServer - ok
17:53:58.0933 5020 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
17:53:58.0995 5020 LanmanWorkstation - ok
17:53:59.0026 5020 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:53:59.0026 5020 lltdio - ok
17:53:59.0058 5020 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
17:53:59.0058 5020 lltdsvc - ok
17:53:59.0073 5020 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
17:53:59.0089 5020 lmhosts - ok
17:53:59.0120 5020 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:53:59.0120 5020 LSI_FC - ok
17:53:59.0151 5020 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:53:59.0151 5020 LSI_SAS - ok
17:53:59.0182 5020 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:53:59.0182 5020 LSI_SAS2 - ok
17:53:59.0198 5020 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:53:59.0214 5020 LSI_SCSI - ok
17:53:59.0214 5020 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:53:59.0214 5020 luafv - ok
17:53:59.0323 5020 McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
17:53:59.0323 5020 McAfee SiteAdvisor Service - ok
17:53:59.0401 5020 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
17:53:59.0479 5020 McComponentHostService - ok
17:53:59.0572 5020 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:53:59.0572 5020 McMPFSvc - ok
17:53:59.0588 5020 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:53:59.0604 5020 mcmscsvc - ok
17:53:59.0604 5020 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:53:59.0604 5020 McNaiAnn - ok
17:53:59.0619 5020 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:53:59.0619 5020 McNASvc - ok
17:53:59.0697 5020 McODS (135aa9e9e7047b7dc1f753205d421a26) C:\Program Files\McAfee\VirusScan\mcods.exe
17:53:59.0697 5020 McODS - ok
17:53:59.0713 5020 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:53:59.0713 5020 McProxy - ok
17:53:59.0775 5020 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:53:59.0791 5020 McShield - ok
17:53:59.0822 5020 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
17:53:59.0853 5020 Mcx2Svc - ok
17:53:59.0916 5020 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:53:59.0916 5020 megasas - ok
17:53:59.0978 5020 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:53:59.0978 5020 MegaSR - ok
17:54:00.0025 5020 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys
17:54:00.0087 5020 mfeapfk - ok
17:54:00.0118 5020 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys
17:54:00.0165 5020 mfeavfk - ok
17:54:00.0181 5020 mfeavfk01 - ok
17:54:00.0196 5020 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys
17:54:00.0243 5020 mfebopk - ok
17:54:00.0259 5020 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:54:00.0321 5020 mfefire - ok
17:54:00.0368 5020 mfefirek (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys
17:54:00.0430 5020 mfefirek - ok
17:54:00.0462 5020 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys
17:54:00.0462 5020 mfehidk - ok
17:54:00.0493 5020 mfenlfk (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys
17:54:00.0493 5020 mfenlfk - ok
17:54:00.0524 5020 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\Windows\system32\drivers\mferkdet.sys
17:54:00.0524 5020 mferkdet - ok
17:54:00.0555 5020 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Windows\system32\mfevtps.exe
17:54:00.0602 5020 mfevtp - ok
17:54:00.0649 5020 mfewfpk (f284337aedb7483df8a5fa840647e2b0) C:\Windows\system32\drivers\mfewfpk.sys
17:54:00.0696 5020 mfewfpk - ok
17:54:00.0758 5020 Microsoft SharePoint Workspace Audit Service - ok
17:54:00.0805 5020 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:54:00.0805 5020 MMCSS - ok
17:54:00.0836 5020 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:54:00.0836 5020 Modem - ok
17:54:00.0852 5020 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:54:00.0867 5020 monitor - ok
17:54:00.0898 5020 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
17:54:00.0914 5020 mouclass - ok
17:54:00.0930 5020 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:54:00.0930 5020 mouhid - ok
17:54:00.0961 5020 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:54:00.0961 5020 mountmgr - ok
17:54:00.0976 5020 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
17:54:01.0070 5020 mpio - ok
17:54:01.0086 5020 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:54:01.0086 5020 mpsdrv - ok
17:54:01.0132 5020 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
17:54:01.0179 5020 MpsSvc - ok
17:54:01.0226 5020 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:54:01.0226 5020 MRxDAV - ok
17:54:01.0273 5020 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:54:01.0273 5020 mrxsmb - ok
17:54:01.0320 5020 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:54:01.0444 5020 mrxsmb10 - ok
17:54:01.0460 5020 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:54:01.0460 5020 mrxsmb20 - ok
17:54:01.0476 5020 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
17:54:01.0569 5020 msahci - ok
17:54:01.0585 5020 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
17:54:01.0678 5020 msdsm - ok
17:54:01.0694 5020 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
17:54:01.0710 5020 MSDTC - ok
17:54:01.0725 5020 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:54:01.0725 5020 Msfs - ok
17:54:01.0741 5020 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:54:01.0741 5020 mshidkmdf - ok
17:54:01.0788 5020 MSIDriver_IO_2 (ee315b9902a326c8d43f7b39c6372a9e) C:\Program Files\msi\OSD hot keys\MSI_MAINSYS.sys
17:54:01.0912 5020 MSIDriver_IO_2 - ok
17:54:01.0912 5020 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:54:01.0912 5020 msisadrv - ok
17:54:01.0959 5020 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
17:54:01.0959 5020 MSiSCSI - ok
17:54:01.0959 5020 msiserver - ok
17:54:02.0053 5020 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
17:54:02.0053 5020 MSK80Service - ok
17:54:02.0084 5020 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:54:02.0084 5020 MSKSSRV - ok
17:54:02.0115 5020 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:54:02.0115 5020 MSPCLOCK - ok
17:54:02.0131 5020 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:54:02.0131 5020 MSPQM - ok
17:54:02.0146 5020 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:54:02.0162 5020 MsRPC - ok
17:54:02.0178 5020 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:54:02.0178 5020 mssmbios - ok
17:54:02.0193 5020 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:54:02.0193 5020 MSTEE - ok
17:54:02.0209 5020 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:54:02.0209 5020 MTConfig - ok
17:54:02.0240 5020 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:54:02.0240 5020 Mup - ok
17:54:02.0318 5020 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
17:54:02.0380 5020 napagent - ok
17:54:02.0396 5020 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:54:02.0412 5020 NativeWifiP - ok
17:54:02.0443 5020 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:54:02.0568 5020 NDIS - ok
17:54:02.0583 5020 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:54:02.0583 5020 NdisCap - ok
17:54:02.0614 5020 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:54:02.0614 5020 NdisTapi - ok
17:54:02.0661 5020 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:54:02.0708 5020 Ndisuio - ok
17:54:02.0739 5020 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:54:02.0739 5020 NdisWan - ok
17:54:02.0770 5020 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:54:02.0786 5020 NDProxy - ok
17:54:02.0802 5020 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:54:02.0802 5020 NetBIOS - ok
17:54:02.0817 5020 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:54:02.0911 5020 NetBT - ok
17:54:02.0926 5020 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:54:02.0926 5020 Netlogon - ok
17:54:02.0989 5020 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
17:54:02.0989 5020 Netman - ok
17:54:03.0036 5020 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
17:54:03.0036 5020 netprofm - ok
17:54:03.0160 5020 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:54:03.0207 5020 NetTcpPortSharing - ok
17:54:03.0238 5020 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:54:03.0254 5020 nfrd960 - ok
17:54:03.0285 5020 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
17:54:03.0332 5020 NlaSvc - ok
17:54:03.0348 5020 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys
17:54:03.0394 5020 nmwcd - ok
17:54:03.0426 5020 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys
17:54:03.0472 5020 nmwcdc - ok
17:54:03.0504 5020 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:54:03.0504 5020 Npfs - ok
17:54:03.0504 5020 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
17:54:03.0504 5020 nsi - ok
17:54:03.0519 5020 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:54:03.0519 5020 nsiproxy - ok
17:54:03.0597 5020 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
17:54:03.0613 5020 Ntfs - ok
17:54:03.0628 5020 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:54:03.0628 5020 Null - ok
17:54:03.0660 5020 nvamacpi (dd1d4dba6223a8f512ac4301d4270a7a) C:\Windows\system32\DRIVERS\NVAMACPI.sys
17:54:03.0706 5020 nvamacpi - ok
17:54:04.0018 5020 nvlddmkm (8dfdcffabd7ab73cab9c738c3b7dccf4) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:54:04.0299 5020 nvlddmkm - ok
17:54:04.0424 5020 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
17:54:04.0486 5020 nvraid - ok
17:54:04.0518 5020 nvsmu (f13618f0cb1e95232f4c2401592a59e9) C:\Windows\system32\DRIVERS\nvsmu.sys
17:54:04.0611 5020 nvsmu - ok
17:54:04.0627 5020 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
17:54:04.0627 5020 nvstor - ok
17:54:04.0658 5020 nvstor32 (032ef66dd96692ad3a9d36160f467f67) C:\Windows\system32\DRIVERS\nvstor32.sys
17:54:04.0658 5020 nvstor32 - ok
17:54:04.0720 5020 nvsvc (11b65eba46cbe29643ec6d0ef6a5fffb) C:\Windows\system32\nvvsvc.exe
17:54:04.0798 5020 nvsvc - ok
17:54:04.0830 5020 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:54:04.0830 5020 nv_agp - ok
17:54:04.0892 5020 NxpCap (6abc0333409e7ab86ba610bcf5bddf7b) C:\Windows\system32\DRIVERS\NxpCap.sys
17:54:05.0032 5020 NxpCap - ok
17:54:05.0079 5020 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:54:05.0079 5020 ohci1394 - ok
17:54:05.0173 5020 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:54:05.0251 5020 ose - ok
17:54:05.0469 5020 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:54:05.0578 5020 osppsvc - ok
17:54:05.0641 5020 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:54:05.0656 5020 p2pimsvc - ok
17:54:05.0672 5020 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
17:54:05.0688 5020 p2psvc - ok
17:54:05.0703 5020 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:54:05.0719 5020 Parport - ok
17:54:05.0750 5020 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
17:54:05.0750 5020 partmgr - ok
17:54:05.0766 5020 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:54:05.0766 5020 Parvdm - ok
17:54:05.0797 5020 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
17:54:05.0797 5020 PcaSvc - ok
17:54:05.0844 5020 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
17:54:05.0890 5020 pccsmcfd - ok
17:54:05.0922 5020 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
17:54:05.0922 5020 pci - ok
17:54:05.0937 5020 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:54:05.0937 5020 pciide - ok
17:54:05.0968 5020 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:54:05.0984 5020 pcmcia - ok
17:54:06.0015 5020 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:54:06.0015 5020 pcw - ok
17:54:06.0046 5020 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:54:06.0062 5020 PEAUTH - ok
17:54:06.0140 5020 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
17:54:06.0202 5020 pla - ok
17:54:06.0312 5020 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
17:54:06.0374 5020 PlugPlay - ok
17:54:06.0390 5020 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
17:54:06.0390 5020 PNRPAutoReg - ok
17:54:06.0405 5020 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:54:06.0421 5020 PNRPsvc - ok
17:54:06.0436 5020 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
17:54:06.0483 5020 PolicyAgent - ok
17:54:06.0499 5020 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
17:54:06.0530 5020 Power - ok
17:54:06.0561 5020 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:54:06.0577 5020 PptpMiniport - ok
17:54:06.0592 5020 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:54:06.0592 5020 Processor - ok
17:54:06.0639 5020 Profos - ok
17:54:06.0686 5020 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
17:54:06.0733 5020 ProfSvc - ok
17:54:06.0764 5020 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:54:06.0764 5020 ProtectedStorage - ok
17:54:06.0795 5020 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:54:06.0795 5020 Psched - ok
17:54:06.0858 5020 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:54:06.0904 5020 ql2300 - ok
17:54:06.0967 5020 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:54:06.0967 5020 ql40xx - ok
17:54:06.0998 5020 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
17:54:07.0014 5020 QWAVE - ok
17:54:07.0029 5020 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:54:07.0029 5020 QWAVEdrv - ok
17:54:07.0045 5020 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:54:07.0060 5020 RasAcd - ok
17:54:07.0076 5020 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:54:07.0092 5020 RasAgileVpn - ok
17:54:07.0107 5020 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
17:54:07.0107 5020 RasAuto - ok
17:54:07.0123 5020 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:54:07.0138 5020 Rasl2tp - ok
17:54:07.0185 5020 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
17:54:07.0232 5020 RasMan - ok
17:54:07.0248 5020 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:54:07.0248 5020 RasPppoe - ok
17:54:07.0279 5020 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:54:07.0279 5020 RasSstp - ok
17:54:07.0294 5020 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:54:07.0388 5020 rdbss - ok
17:54:07.0419 5020 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:54:07.0419 5020 rdpbus - ok
17:54:07.0450 5020 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:54:07.0497 5020 RDPCDD - ok
17:54:07.0513 5020 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:54:07.0528 5020 RDPENCDD - ok
17:54:07.0528 5020 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:54:07.0544 5020 RDPREFMP - ok
17:54:07.0575 5020 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
17:54:07.0669 5020 RDPWD - ok
17:54:07.0684 5020 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:54:07.0684 5020 rdyboost - ok
17:54:07.0716 5020 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
17:54:07.0716 5020 RemoteAccess - ok
17:54:07.0731 5020 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
17:54:07.0747 5020 RemoteRegistry - ok
17:54:07.0840 5020 RichVideo (7ccaebcab6fc1ed0206c07e083e79207) C:\Program Files\CyberLink\Shared files\RichVideo.exe
17:54:07.0934 5020 RichVideo - ok
17:54:07.0934 5020 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
17:54:07.0950 5020 RpcEptMapper - ok
17:54:07.0950 5020 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
17:54:07.0965 5020 RpcLocator - ok
17:54:08.0012 5020 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:54:08.0012 5020 RpcSs - ok
17:54:08.0028 5020 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:54:08.0028 5020 rspndr - ok
17:54:08.0074 5020 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
17:54:08.0184 5020 RTL8167 - ok
17:54:08.0246 5020 rtl8192se (8327c64e9a4d052339c16499d08f7d6c) C:\Windows\system32\DRIVERS\rtl8192se.sys
17:54:08.0371 5020 rtl8192se - ok
17:54:08.0402 5020 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:54:08.0418 5020 SamSs - ok
17:54:08.0449 5020 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
17:54:08.0542 5020 sbp2port - ok
17:54:08.0574 5020 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
17:54:08.0574 5020 SCardSvr - ok
17:54:08.0605 5020 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:54:08.0667 5020 scfilter - ok
17:54:08.0698 5020 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
17:54:08.0745 5020 Schedule - ok
17:54:08.0776 5020 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:54:08.0808 5020 SCPolicySvc - ok
17:54:08.0823 5020 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
17:54:08.0870 5020 SDRSVC - ok
17:54:08.0964 5020 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:54:09.0026 5020 SeaPort - ok
17:54:09.0057 5020 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:54:09.0057 5020 secdrv - ok
17:54:09.0073 5020 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
17:54:09.0073 5020 seclogon - ok
17:54:09.0104 5020 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
17:54:09.0120 5020 SENS - ok
17:54:09.0120 5020 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
17:54:09.0120 5020 SensrSvc - ok
17:54:09.0151 5020 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:54:09.0151 5020 Serenum - ok
17:54:09.0182 5020 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:54:09.0182 5020 Serial - ok
17:54:09.0213 5020 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:54:09.0213 5020 sermouse - ok
17:54:09.0338 5020 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
17:54:09.0416 5020 ServiceLayer - ok
17:54:09.0463 5020 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
17:54:09.0478 5020 SessionEnv - ok
17:54:09.0478 5020 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
17:54:09.0494 5020 sffdisk - ok
17:54:09.0510 5020 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:54:09.0510 5020 sffp_mmc - ok
17:54:09.0525 5020 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
17:54:09.0572 5020 sffp_sd - ok
17:54:09.0588 5020 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:54:09.0588 5020 sfloppy - ok
17:54:09.0634 5020 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
17:54:09.0650 5020 SharedAccess - ok
17:54:09.0681 5020 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
17:54:09.0728 5020 ShellHWDetection - ok
17:54:09.0744 5020 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:54:09.0744 5020 sisagp - ok
17:54:09.0790 5020 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:54:09.0790 5020 SiSRaid2 - ok
17:54:09.0822 5020 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:54:09.0822 5020 SiSRaid4 - ok
17:54:09.0837 5020 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:54:09.0853 5020 Smb - ok
17:54:09.0884 5020 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
17:54:09.0884 5020 SNMPTRAP - ok
17:54:09.0900 5020 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:54:09.0900 5020 spldr - ok
17:54:09.0915 5020 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
17:54:09.0978 5020 Spooler - ok
17:54:10.0087 5020 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
17:54:10.0165 5020 sppsvc - ok
17:54:10.0352 5020 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
17:54:10.0414 5020 sppuinotify - ok
17:54:10.0555 5020 sprtsvc_O2DA (9be42e99bbd5461f1f94fe39fee2e6f5) C:\Program Files\O2 Assistant\bin\sprtsvc.exe
17:54:10.0648 5020 sprtsvc_O2DA - ok
17:54:10.0695 5020 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:54:10.0695 5020 srv - ok
17:54:10.0726 5020 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:54:10.0726 5020 srv2 - ok
17:54:10.0742 5020 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:54:10.0851 5020 srvnet - ok
17:54:10.0867 5020 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
17:54:10.0867 5020 SSDPSRV - ok
17:54:10.0898 5020 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
17:54:10.0898 5020 SstpSvc - ok
17:54:10.0945 5020 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:54:10.0945 5020 stexstor - ok
17:54:10.0992 5020 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
17:54:11.0038 5020 StiSvc - ok
17:54:11.0085 5020 SupportSoft RemoteAssist (518eeb2043b66e733489a715852bf839) C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
17:54:11.0194 5020 SupportSoft RemoteAssist - ok
17:54:11.0226 5020 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:54:11.0226 5020 swenum - ok
17:54:11.0241 5020 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
17:54:11.0257 5020 swprv - ok
17:54:11.0319 5020 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
17:54:11.0382 5020 SysMain - ok
17:54:11.0397 5020 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
17:54:11.0444 5020 TabletInputService - ok
17:54:11.0491 5020 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
17:54:11.0491 5020 TapiSrv - ok
17:54:11.0506 5020 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
17:54:11.0522 5020 TBS - ok
17:54:11.0600 5020 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
17:54:11.0616 5020 Tcpip - ok
17:54:11.0631 5020 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
17:54:11.0647 5020 TCPIP6 - ok
17:54:11.0678 5020 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:54:11.0678 5020 tcpipreg - ok
17:54:11.0694 5020 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:54:11.0787 5020 TDPIPE - ok
17:54:11.0818 5020 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
17:54:11.0818 5020 TDTCP - ok
17:54:11.0834 5020 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:54:11.0928 5020 tdx - ok
17:54:11.0928 5020 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
17:54:11.0928 5020 TermDD - ok
17:54:11.0974 5020 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
17:54:11.0990 5020 TermService - ok
17:54:12.0052 5020 tgsrvc_O2DA (c4e3bbcba4e10a34e31c26a0cf933e32) C:\Program Files\O2 Assistant\bin\tgsrvc.exe
17:54:12.0146 5020 tgsrvc_O2DA - ok
17:54:12.0162 5020 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
17:54:12.0162 5020 Themes - ok
17:54:12.0177 5020 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:54:12.0193 5020 THREADORDER - ok
17:54:12.0208 5020 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
17:54:12.0208 5020 TrkWks - ok
17:54:12.0240 5020 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
17:54:12.0240 5020 TrustedInstaller - ok
17:54:12.0271 5020 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:54:12.0364 5020 tssecsrv - ok
17:54:12.0396 5020 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:54:12.0442 5020 TsUsbFlt - ok
17:54:12.0458 5020 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:54:12.0520 5020 tunnel - ok
17:54:12.0536 5020 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:54:12.0552 5020 uagp35 - ok
17:54:12.0583 5020 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:54:12.0645 5020 udfs - ok
17:54:12.0661 5020 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
17:54:12.0676 5020 UI0Detect - ok
17:54:12.0692 5020 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:54:12.0692 5020 uliagpkx - ok
17:54:12.0723 5020 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
17:54:12.0770 5020 umbus - ok
17:54:12.0786 5020 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:54:12.0786 5020 UmPass - ok
17:54:12.0817 5020 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
17:54:12.0817 5020 upnphost - ok
17:54:12.0864 5020 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
17:54:12.0864 5020 upperdev - ok
17:54:12.0910 5020 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
17:54:13.0020 5020 USBAAPL - ok
17:54:13.0035 5020 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
17:54:13.0051 5020 usbaudio - ok
17:54:13.0082 5020 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
17:54:13.0129 5020 usbccgp - ok
17:54:13.0144 5020 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:54:13.0160 5020 usbcir - ok
17:54:13.0191 5020 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
17:54:13.0191 5020 usbehci - ok
17:54:13.0238 5020 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
17:54:13.0332 5020 usbhub - ok
17:54:13.0363 5020 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
17:54:13.0456 5020 usbohci - ok
17:54:13.0472 5020 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:54:13.0472 5020 usbprint - ok
17:54:13.0488 5020 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
17:54:13.0503 5020 usbscan - ok
17:54:13.0534 5020 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
17:54:13.0534 5020 usbser - ok
17:54:13.0581 5020 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
17:54:13.0628 5020 UsbserFilt - ok
17:54:13.0675 5020 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:54:13.0675 5020 USBSTOR - ok
17:54:13.0706 5020 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
17:54:13.0706 5020 usbuhci - ok
17:54:13.0737 5020 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
17:54:13.0753 5020 usbvideo - ok
17:54:13.0768 5020 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
17:54:13.0784 5020 UxSms - ok
17:54:13.0800 5020 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:54:13.0800 5020 VaultSvc - ok
17:54:13.0831 5020 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:54:13.0831 5020 vdrvroot - ok
17:54:13.0878 5020 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
17:54:13.0940 5020 vds - ok
17:54:13.0956 5020 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:54:13.0956 5020 vga - ok
17:54:13.0971 5020 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:54:13.0971 5020 VgaSave - ok
17:54:13.0987 5020 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
17:54:14.0049 5020 vhdmp - ok
17:54:14.0080 5020 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:54:14.0080 5020 viaagp - ok
17:54:14.0112 5020 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:54:14.0112 5020 ViaC7 - ok
17:54:14.0127 5020 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:54:14.0127 5020 viaide - ok
17:54:14.0143 5020 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
17:54:14.0143 5020 volmgr - ok
17:54:14.0158 5020 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:54:14.0174 5020 volmgrx - ok
17:54:14.0190 5020 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
17:54:14.0252 5020 volsnap - ok
17:54:14.0283 5020 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:54:14.0283 5020 vsmraid - ok
17:54:14.0330 5020 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
17:54:14.0408 5020 VSS - ok
17:54:14.0424 5020 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
17:54:14.0424 5020 vwifibus - ok
17:54:14.0439 5020 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
17:54:14.0455 5020 vwififlt - ok
17:54:14.0486 5020 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
17:54:14.0486 5020 vwifimp - ok
17:54:14.0502 5020 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
17:54:14.0517 5020 W32Time - ok
17:54:14.0533 5020 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:54:14.0548 5020 WacomPen - ok
17:54:14.0564 5020 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:54:14.0658 5020 WANARP - ok
17:54:14.0658 5020 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:54:14.0751 5020 Wanarpv6 - ok
17:54:14.0829 5020 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
17:54:14.0907 5020 WatAdminSvc - ok
17:54:14.0954 5020 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
17:54:15.0032 5020 wbengine - ok
17:54:15.0063 5020 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
17:54:15.0063 5020 WbioSrvc - ok
17:54:15.0110 5020 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
17:54:15.0157 5020 wcncsvc - ok
17:54:15.0172 5020 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
17:54:15.0172 5020 WcsPlugInService - ok
17:54:15.0219 5020 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:54:15.0235 5020 Wd - ok
17:54:15.0250 5020 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:54:15.0250 5020 Wdf01000 - ok
17:54:15.0266 5020 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:54:15.0266 5020 WdiServiceHost - ok
17:54:15.0282 5020 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:54:15.0282 5020 WdiSystemHost - ok
17:54:15.0297 5020 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
17:54:15.0313 5020 WebClient - ok
17:54:15.0328 5020 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
17:54:15.0328 5020 Wecsvc - ok
17:54:15.0328 5020 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
17:54:15.0344 5020 wercplsupport - ok
17:54:15.0360 5020 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
17:54:15.0360 5020 WerSvc - ok
17:54:15.0391 5020 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:54:15.0391 5020 WfpLwf - ok
17:54:15.0406 5020 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:54:15.0406 5020 WIMMount - ok
17:54:15.0484 5020 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
17:54:15.0500 5020 WinDefend - ok
17:54:15.0516 5020 WinHttpAutoProxySvc - ok
17:54:15.0547 5020 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
17:54:15.0562 5020 Winmgmt - ok
17:54:15.0609 5020 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
17:54:15.0672 5020 WinRM - ok
17:54:15.0718 5020 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
17:54:15.0765 5020 WinUsb - ok
17:54:15.0812 5020 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
17:54:15.0828 5020 Wlansvc - ok
17:54:15.0999 5020 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:54:16.0077 5020 wlidsvc - ok
17:54:16.0108 5020 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:54:16.0108 5020 WmiAcpi - ok
17:54:16.0140 5020 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
17:54:16.0140 5020 wmiApSrv - ok
17:54:16.0186 5020 WMI_Hook_Service (39f73934fd99df699044451e829c7211) C:\Program Files\msi\OSD hot keys\WMI_Hook_Service.exe
17:54:16.0249 5020 WMI_Hook_Service - ok
17:54:16.0311 5020 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:54:16.0389 5020 WMPNetworkSvc - ok
17:54:16.0436 5020 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
17:54:16.0436 5020 WPCSvc - ok
17:54:16.0483 5020 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
17:54:16.0530 5020 WPDBusEnum - ok
17:54:16.0561 5020 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:54:16.0561 5020 ws2ifsl - ok
17:54:16.0576 5020 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
17:54:16.0592 5020 wscsvc - ok
17:54:16.0592 5020 WSearch - ok
17:54:16.0686 5020 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
17:54:16.0764 5020 wuauserv - ok
17:54:16.0826 5020 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:54:16.0826 5020 WudfPf - ok
17:54:16.0873 5020 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:54:16.0873 5020 WUDFRd - ok
17:54:16.0904 5020 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
17:54:16.0951 5020 wudfsvc - ok
17:54:16.0966 5020 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
17:54:16.0982 5020 WwanSvc - ok
17:54:17.0029 5020 MBR (0x1B8) (c79b30cb8852157f6f908e4698cfe0d0) \Device\Harddisk0\DR0
17:54:20.0009 5020 \Device\Harddisk0\DR0 - ok
17:54:20.0025 5020 Boot (0x1200) (8670551272fda5cd8303b78868722352) \Device\Harddisk0\DR0\Partition0
17:54:20.0025 5020 \Device\Harddisk0\DR0\Partition0 - ok
17:54:20.0041 5020 Boot (0x1200) (407bee9db3ce4c1ea7db4bceff2411d8) \Device\Harddisk0\DR0\Partition1
17:54:20.0041 5020 \Device\Harddisk0\DR0\Partition1 - ok
17:54:20.0072 5020 Boot (0x1200) (08be82e3f6089924ce97c9215bb653b7) \Device\Harddisk0\DR0\Partition2
17:54:20.0072 5020 \Device\Harddisk0\DR0\Partition2 - ok
17:54:20.0087 5020 ============================================================
17:54:20.0087 5020 Scan finished
17:54:20.0087 5020 ============================================================
17:54:20.0087 4864 Detected object count: 1
17:54:20.0087 4864 Actual detected object count: 1
17:54:26.0218 4864 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
17:54:26.0218 4864 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

aswMBR Report:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 17:57:46
-----------------------------
17:57:46.049 OS Version: Windows 6.1.7601 Service Pack 1
17:57:46.049 Number of processors: 2 586 0x170A
17:57:46.049 ComputerName: NICOLA-PC UserName: nicola
17:57:48.826 Initialize success
17:59:43.273 AVAST engine defs: 12062300
17:59:50.808 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
17:59:50.808 Disk 0 Vendor: ST310005 CC32 Size: 953869MB BusType: 3
17:59:50.824 Disk 0 MBR read successfully
17:59:50.824 Disk 0 MBR scan
17:59:50.839 Disk 0 unknown MBR code
17:59:50.839 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:59:50.855 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 932262 MB offset 206848
17:59:50.886 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20480 MB offset 1909479424
17:59:50.917 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1951422464
17:59:50.933 Disk 0 scanning sectors +1953521664
17:59:50.980 Disk 0 scanning C:\Windows\system32\drivers
18:00:07.375 Service scanning
18:00:34.925 Modules scanning
18:00:40.104 Disk 0 trace - called modules:
18:00:40.135 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys
18:00:40.135 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e85030]
18:00:40.135 3 CLASSPNP.SYS[8cc7859e] -> nt!IofCallDriver -> [0x868f8a80]
18:00:40.151 5 ACPI.sys[8c4b93d4] -> nt!IofCallDriver -> \Device\00000066[0x86d8daf8]
18:00:42.772 AVAST engine scan C:\Windows
18:00:51.835 AVAST engine scan C:\Windows\system32
18:05:49.680 AVAST engine scan C:\Windows\system32\drivers
18:06:11.161 AVAST engine scan C:\Users\nicola
18:10:21.817 File: C:\Users\nicola\AppData\Local\{0290EFBE-1705-83D8-FA9F-33C1DA5A6F96}\syshost.exe **INFECTED** Win32:Malware-gen
18:20:58.885 AVAST engine scan C:\ProgramData
18:30:55.826 Scan finished successfully
19:39:18.238 Disk 0 MBR has been saved successfully to "C:\Users\nicola\Desktop\MBR.dat"
19:39:18.254 The log file has been saved successfully to "C:\Users\nicola\Desktop\aswMBR.txt"

#8 shock_er

shock_er
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 25 June 2012 - 04:21 AM

Hi Gringo,

Was just wondering if my PC looked ok to you now? It certainly seems to be running fine and back to normal anyway.

Thanks,

Nicola

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:52 PM

Posted 25 June 2012 - 07:57 AM

Greetings

It looks very good at this time so far - but this is not a nice virus and I want to be sure all of it has been removed before I send you on your way

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 shock_er

shock_er
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 25 June 2012 - 08:17 AM

Hi there,

That is great news - thank you so much for all your help, I will be contributing to show my appreciation as soon as I can! It would be great to know that the virus is definitely all removed as I work from home part of the week and use my home PC to remote access my PC at work to do so. I know the system guys at work won't let me do this if they think my home PC is infected which would be a problem as I don't have a laptop or any other kind of computer in the house.

I'm at my work at the moment but will run those scripts for you as soon as I get back home.

Thanks again,

Nicola

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:52 PM

Posted 25 June 2012 - 12:00 PM

No problem and I will be around later to help you


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 shock_er

shock_er
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 25 June 2012 - 12:39 PM

Hi Gringo,

Here is the report, computer still running fine. Only thing of note was when I was turning the McAfee AV software before running ComboFix, it said in it's last scan report from a few hours ago that it had removed 5 trojans. Thank you.

ComboFix 12-06-25.03 - nicola 25/06/2012 18:17:38.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3327.1839 [GMT 1:00]
Running from: c:\users\nicola\Desktop\ComboFix.exe
Command switches used :: c:\users\nicola\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\lmhosts
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-25 17:27 . 2012-06-25 17:27 -------- d-----w- c:\users\gary\AppData\Local\temp
2012-06-25 17:27 . 2012-06-25 17:27 -------- d-----w- c:\users\fern\AppData\Local\temp
2012-06-25 17:27 . 2012-06-25 17:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-24 12:10 . 2012-05-25 16:09 29312 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2012-06-24 12:10 . 2012-02-22 12:29 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-06-24 12:09 . 2012-02-22 12:29 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-06-24 12:09 . 2012-02-22 12:29 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-06-24 12:09 . 2012-02-22 12:29 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-06-24 12:09 . 2012-02-22 12:29 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-06-24 12:09 . 2012-02-22 12:29 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-06-24 12:09 . 2012-02-22 12:29 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-06-24 12:09 . 2012-02-22 12:29 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-06-24 12:09 . 2012-06-24 12:10 -------- d-----w- c:\program files\Common Files\Mcafee
2012-06-24 12:09 . 2012-06-25 17:08 -------- d-----w- c:\program files\McAfee
2012-06-24 12:00 . 2012-05-25 16:13 151912 ----a-w- c:\windows\system32\mfevtps.exe
2012-06-24 12:00 . 2012-06-24 19:00 -------- d-----w- c:\programdata\McAfee
2012-06-23 09:13 . 2012-06-23 09:13 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-22 22:45 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 22:45 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 22:45 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 22:45 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 22:44 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 22:44 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 22:44 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 22:44 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 22:44 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 22:01 . 2012-06-21 22:01 -------- d-----w- c:\users\nicola\AppData\Local\{0290EFBE-1705-83D8-FA9F-33C1DA5A6F96}
2012-06-14 07:37 . 2012-06-14 07:37 -------- d-----w- c:\program files\iPod
2012-06-14 07:37 . 2012-06-14 07:39 -------- d-----w- c:\program files\iTunes
2012-06-13 06:19 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 06:19 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 06:19 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 06:19 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 06:19 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 06:19 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 06:19 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 06:18 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 06:18 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 06:18 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 15:21 . 2012-03-31 15:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 15:21 . 2011-05-20 07:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 13:37 . 2009-11-28 11:32 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-23 13:36 . 2010-05-19 11:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-23 13:36 . 2009-11-28 11:32 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-03-31 04:39 . 2012-05-09 21:23 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 21:23 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-09 21:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-04-26 10:22 . 2012-02-03 18:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 13:01 . 2010-11-14 09:51 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
2011-05-09 09:49 176936 ----a-w- c:\program files\WiseConvert\prxtbWise.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-27 39408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"Akamai NetSession Interface"="c:\users\nicola\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"syshost32"="c:\users\nicola\AppData\Local\{0290EFBE-1705-83D8-FA9F-33C1DA5A6F96}\syshost.exe" [2012-06-21 374272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 13797920]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-07-23 162912]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-10 7612960]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"O2DA"="c:\program files\O2 Assistant\bin\sprtcmd.exe" [2010-04-23 206120]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
.
c:\users\fern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
.
c:\users\gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-1-2 44176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0110481340644140mcinstcleanup;McAfee Application Installer Cleanup (0110481340644140);c:\windows\TEMP\011048~1.EXE [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 87656]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MSIDriver_IO_2;MSIDriver_IO_2;c:\program files\msi\OSD hot keys\MSI_MAINSYS.sys [2009-08-25 26936]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1011232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1343400]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 169608]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [2009-06-04 24608]
S1 AEP_TDI_DRV;AEP NSP Port Forwarder TDI Driver;c:\windows\system32\DRIVERS\aeptdipfwd.sys [2010-04-14 36659]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 64912]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 161664]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 151912]
S2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files\O2 Assistant\bin\sprtsvc.exe [2010-04-23 206120]
S2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files\O2 Assistant\bin\tgsrvc.exe [2010-04-23 185640]
S2 WMI_Hook_Service;WMI_Hook_Service;c:\program files\msi\OSD hot keys\WMI_Hook_Service.exe [2009-09-04 101176]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 57600]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 340920]
S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [2009-07-30 1488096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 15:21]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 13:25]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 13:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4
Trusted Zone: craneware.com\portal
Trusted Zone: craneware.com\tportal
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\nicola\AppData\Roaming\Mozilla\Firefox\Profiles\onanrowa.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XRxdm004YYgb&ptb=A207F361-BF6B-4422-A083-7B01EDDF2814&psa=&ind=2011010209&ptnrS=XRxdm004YYgb&si=&st=kwd&n=77dd94a1&searchfor=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4328)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\rundll32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2012-06-25 18:34:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-25 17:34
ComboFix2.txt 2012-06-23 14:42
.
Pre-Run: 794,854,735,872 bytes free
Post-Run: 794,641,518,592 bytes free
.
- - End Of File - - 2A917C8DE5270AAEE7650D213D6C430E

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:52 PM

Posted 25 June 2012 - 04:19 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Download Manager
Java™ 6 Update 29
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 shock_er

shock_er
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 25 June 2012 - 06:14 PM

Hi Gringo,

Here's the mbam log then the hijackthis one. PC still running fine - had a bit of trouble downloading and insralling the Java update - took 2 attempts for it to install. I'd already uninstalled the µTorrent and McAfee Security Scan Plus so it was only the Download Manager and Java™ 6 Update 29 that I removed with Revo Uninstaller. Thanks again!


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.25.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
nicola :: NICOLA-PC [administrator]

25/06/2012 23:33:18
mbam-log-2012-06-25 (23-33-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257104
Time elapsed: 10 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:09:30, on 26/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\O2 Assistant\bin\sprtcmd.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Users\nicola\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Users\nicola\AppData\Local\{0290EFBE-1705-83D8-FA9F-33C1DA5A6F96}\syshost.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Users\nicola\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\nicola\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120624131001.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: WiseConvert - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [O2DA] "C:\Program Files\O2 Assistant\bin\sprtcmd.exe" /P O2DA
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\nicola\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [syshost32] C:\Users\nicola\AppData\Local\{0290EFBE-1705-83D8-FA9F-33C1DA5A6F96}\syshost.exe
O4 - Global Startup: PHOTOfunSTUDIO.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: McAfee Application Installer Cleanup (0110481340644140) (0110481340644140mcinstcleanup) - Unknown owner - C:\Windows\TEMP\011048~1.EXE (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (O2DA) (sprtsvc_O2DA) - SupportSoft, Inc. - C:\Program Files\O2 Assistant\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (O2DA) (tgsrvc_O2DA) - SupportSoft, Inc. - C:\Program Files\O2 Assistant\bin\tgsrvc.exe
O23 - Service: WMI_Hook_Service - MICRO-STAR INT'L,.LTD. - C:\Program Files\msi\OSD hot keys\WMI_Hook_Service.exe

--
End of file - 13953 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:52 PM

Posted 25 June 2012 - 08:50 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
      O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
      O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
      O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
      O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
      O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [O2DA] "C:\Program Files\O2 Assistant\bin\sprtcmd.exe" /P O2DA
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\nicola\AppData\Local\Akamai\netsession_win.exe"
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
      O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
      O4 - HKCU\..\Run: [syshost32] C:\Users\nicola\AppData\Local\{0290EFBE-1705-83D8-FA9F-33C1DA5A6F96}\syshost.exe
      O4 - Global Startup: PHOTOfunSTUDIO.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users