Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting browser redirects on most links, Getting BSOD


  • This topic is locked This topic is locked
20 replies to this topic

#1 kdkiehn

kdkiehn

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 30 June 2012 - 08:57 PM

I get random browser redirects when clicking on links, no matter what the website is. Also, when I try to run GMER, a minute or two into the scan I get a BSOD, often referring to a Page Fault in Nonpaged Area from kxtdqpow.sys. Also, when Malwarebytes is running, it often blocks ip requests.
Thank you in advance!
-Kacey

DDS log follows:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Kacey at 18:09:20 on 2012-06-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.710 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Agrian\AgrianUpdateService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\RemoteX\RemoteX.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\RemoteX\RemoteXUser.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
mURLSearchHooks: H - No File
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\kacey\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\kacey\appdata\roaming\microsoft\windows\start menu\programs\startup\Picture Motion Browser Media Check Tool.lnk.disabled
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\Air Mouse.lnk.disabled
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\HotSync Manager.lnk.disabled
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
Trusted Zone: facebook.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab?rnd=1007206327
TCP: DhcpNameServer = 208.90.161.193 208.90.161.194
TCP: Interfaces\{B370A78F-07FC-4971-8D28-22FAF90A5C8B} : DhcpNameServer = 208.90.161.193 208.90.161.194
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kacey\appdata\roaming\mozilla\firefox\profiles\or61m46o.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://ib.startnow.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z057&partner_id=333&product_id=706&affiliate_id=&channel=DPGL18&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110716&user_guid=746822E95A634DEAB131FFE32CDEA1E7&machine_id=24d7d2b9bcbe4758b9f44a6f07ecd096&browser=FF&os=win&os_version=6.0-x86-SP2
FF - prefs.js: keyword.URL - hxxp://ib.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z057&partner_id=333&product_id=706&affiliate_id=&channel=DPGL18&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110716&user_guid=746822E95A634DEAB131FFE32CDEA1E7&machine_id=24d7d2b9bcbe4758b9f44a6f07ecd096&browser=FF&os=win&os_version=6.0-x86-SP2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R2 __RemoteX__;RemoteX Server;c:\program files\remotex\remotex.exe [2011-2-13 271360]
R2 AgrianUpdateService;Agrian Update Service;c:\agrian\AgrianUpdateService.exe [2008-9-22 23040]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-16 21504]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-12-14 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-17 654408]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-25 1153368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-4-26 111616]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-17 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9bbe19cd062e0;Google Update Service (gupdate1c9bbe19cd062e0);c:\program files\google\update\GoogleUpdate.exe [2009-4-12 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-18 257224]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-9-6 13352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-12 133104]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [2008-5-20 40788]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-5-16 16896]
S3 YOICS Sharing Service;YOICS Sharing Service;c:\program files\yoics\YOICS_SharingService.exe [2009-6-18 16384]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-4-26 73728]
.
=============== Created Last 30 ================
.
2012-06-30 04:02:36 332 ----a-w- C:\Start_.cmd
2012-06-30 04:02:36 -------- d-----w- C:\ComboFix
2012-06-19 04:00:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 03:02:28 -------- d-----w- c:\program files\iPod
2012-06-19 03:02:25 -------- d-----w- c:\program files\iTunes
2012-06-18 23:12:08 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-18 23:11:01 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-18 23:10:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 23:10:50 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-18 04:08:30 -------- d-----w- c:\users\kacey\appdata\local\DDMSettings
2012-06-18 03:27:36 -------- d-----w- c:\programdata\DivX
2012-06-14 00:38:30 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 00:38:30 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 00:38:29 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 00:38:02 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 00:37:57 2045440 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-06-19 04:00:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-22 03:41:28 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-22 03:41:27 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-22 03:41:27 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-05-22 03:41:27 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-19 03:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 18:14:24.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 01 July 2012 - 12:47 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kdkiehn

kdkiehn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 01 July 2012 - 12:48 PM

Hi Gringo,

I visited a variety of websites and haven't seen a redirect attempt so far, seems to be better! I haven't tried running GMER again to see if I still get a BSOD.

Thanks,
-Kacey


The Requested log files follow:

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
SpywareBlaster 4.4
iSpy
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
HijackThis 2.0.2
CCleaner
Eusing Free Registry Cleaner
Java™ 6 Update 27
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.12.36 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 7.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````



ComboFix 12-06-28.03 - Kacey 2012-07-01 8:14.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.609 [GMT -7:00]
Running from: c:\users\Kacey\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kacey\AppData\Roaming\Adobe\shed
c:\users\Kacey\AppData\Roaming\Mozilla\Firefox\Profiles\or61m46o.default\searchplugins\bing-zugo.xml
c:\users\Kacey\g2mdlhlpx.exe
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\@
c:\windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L\00000004.@
c:\windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L\201d3dde
c:\windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L\55490ac4
c:\windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\00000004.@
c:\windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\00000008.@
c:\windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\000000cb.@
c:\windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\80000000.@
c:\windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\80000032.@
c:\windows\system32\CF22874.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\XSxS
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy6_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 15:33 . 2012-07-01 17:09 -------- d-----w- c:\users\Kacey\AppData\Local\temp
2012-07-01 15:33 . 2012-07-01 15:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-01 15:33 . 2012-07-01 15:33 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-07-01 15:33 . 2012-07-01 15:33 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-07-01 15:33 . 2012-07-01 15:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-01 15:33 . 2012-07-01 15:33 -------- d-----w- c:\users\Guest 1\AppData\Local\temp
2012-07-01 15:33 . 2012-07-01 15:33 -------- d-----w- c:\users\Fixthings\AppData\Local\temp
2012-07-01 15:33 . 2012-07-01 15:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-19 04:00 . 2012-06-19 04:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 03:02 . 2012-06-19 03:02 -------- d-----w- c:\program files\iPod
2012-06-19 03:02 . 2012-06-19 03:04 -------- d-----w- c:\program files\iTunes
2012-06-18 23:12 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-18 23:12 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-18 23:12 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-18 23:12 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-18 23:11 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-18 23:11 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-18 23:11 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-18 23:10 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-18 23:10 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 04:08 . 2012-06-18 04:08 -------- d-----w- c:\users\Kacey\AppData\Local\DDMSettings
2012-06-18 03:27 . 2012-06-18 03:53 -------- d-----w- c:\programdata\DivX
2012-06-14 00:38 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 00:38 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 00:38 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 00:38 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 00:37 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 04:00 . 2011-11-12 03:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-22 03:41 . 2011-12-14 21:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-22 03:41 . 2011-12-14 21:30 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-05-22 03:41 . 2011-12-14 21:30 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-22 03:41 . 2011-12-14 21:29 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 22:56 . 2010-04-18 00:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16 . 2012-05-10 05:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-10 05:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-11-18 06:14 . 2011-05-03 00:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2010-05-09 15:26 2515552 ----a-w- c:\program files\Freecorder\tbFre1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2010-05-09 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre1.dll" [2010-05-09 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-26 68856]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-13 304568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Kacey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Picture Motion Browser Media Check Tool.lnk.disabled [2008-10-24 2169]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk.disabled [2011-2-22 1904]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-26 50688]
HotSync Manager.lnk.disabled [2008-9-22 1643]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-04-26 08:22 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Kacey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picaboo.lnk]
path=c:\users\Kacey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picaboo.lnk
backup=c:\windows\pss\Picaboo.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2008-03-04 05:05 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-26 08:14 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-12-09 10:45 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" /background
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Helper"=c:\users\Kacey\AppData\Roaming\Helper\bin\liveu.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HotSync"="c:\program files\PalmSource\Desktop\HotSync.exe" -AllUsers
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"OEM02Mon.exe"=c:\windows\OEM02Mon.exe
"<NO NAME>"=
"Carbonite Backup"=c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" /run
"RemoteX"="c:\program files\RemoteX\RemoteXUser.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ bthserv
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 04:00]
.
2012-06-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-26 21:54]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 02:43]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 02:43]
.
2012-07-01 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-02-28 14:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: facebook.com
TCP: DhcpNameServer = 208.90.161.193 208.90.161.194
FF - ProfilePath - c:\users\Kacey\AppData\Roaming\Mozilla\Firefox\Profiles\or61m46o.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://ib.startnow.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z057&partner_id=333&product_id=706&affiliate_id=&channel=DPGL18&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110716&user_guid=746822E95A634DEAB131FFE32CDEA1E7&machine_id=24d7d2b9bcbe4758b9f44a6f07ecd096&browser=FF&os=win&os_version=6.0-x86-SP2
FF - prefs.js: keyword.URL - hxxp://ib.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z057&partner_id=333&product_id=706&affiliate_id=&channel=DPGL18&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110716&user_guid=746822E95A634DEAB131FFE32CDEA1E7&machine_id=24d7d2b9bcbe4758b9f44a6f07ecd096&browser=FF&os=win&os_version=6.0-x86-SP2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-6edb0ba5 - c:\windows\system32\gbftmvwj.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Ihudub - c:\users\Kacey\AppData\Local\ibetogol.dll
MSConfigStartUp-MSServer - c:\windows\system32\tuvWmJyx.dll
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-01 10:11
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{74F475FA-6C75-43BD-AAB9-ECDA6184F600}"=hex:51,66,7a,6c,4c,1d,38,12,94,76,e7,
70,47,22,d3,06,d5,af,af,9a,64,da,b2,14
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e0,e1,50,25,36,b9,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,1f,16,89,a8,0d,e2,49,9c,23,2f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,1f,16,89,a8,0d,e2,49,9c,23,2f,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,83,68,d9,4a,d6,6a,4e,a7,10,e8,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\d"˙*]
"Successes"=dword:e0000000
"Failures"=dword:e0000001
"{B370A78F-07FC-4971-8D28-22FAF90A5C8B}"=hex:00,1d,7e,35,6c,ea,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\agrian\AgrianUpdateService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\STacSV.exe
c:\program files\RemoteX\RemoteX.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\windows\system32\sdclt.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-07-01 10:27:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-01 17:26
.
Pre-Run: 63,593,738,240 bytes free
Post-Run: 63,826,632,704 bytes free
.
- - End Of File - - 5154C3AB783BED9D04646697E1ED6DF9

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 01 July 2012 - 01:21 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kdkiehn

kdkiehn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 01 July 2012 - 11:12 PM

Gringo,

After a reboot, I had a window from Malwarebytes (loads at startup) telling me that it had detected a malicious process attempting to start and blocked the execution attempt. I clicked Quarantine, as the window stayed on top and I had to do something to close it. The process was:

C:\USERS\KACEY\APPDATA\LOCAL\{7FAAAAFA-CF14-2F74-3593-878A94DC601B}\NTROJAN.AGENT.MRGGEN

I also encountered a redirect, opening in a new window, when I started Internet Explorer.

-Kacey

My logs follow:

20:42:01.0861 3316 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
20:42:02.0438 3316 ============================================================
20:42:02.0438 3316 Current date / time: 2012/07/01 20:42:02.0438
20:42:02.0438 3316 SystemInfo:
20:42:02.0438 3316
20:42:02.0454 3316 OS Version: 6.0.6002 ServicePack: 2.0
20:42:02.0454 3316 Product type: Workstation
20:42:02.0454 3316 ComputerName: KACEY85
20:42:02.0454 3316 UserName: Kacey
20:42:02.0454 3316 Windows directory: C:\Windows
20:42:02.0454 3316 System windows directory: C:\Windows
20:42:02.0454 3316 Processor architecture: Intel x86
20:42:02.0454 3316 Number of processors: 2
20:42:02.0454 3316 Page size: 0x1000
20:42:02.0454 3316 Boot type: Normal boot
20:42:02.0454 3316 ============================================================
20:42:03.0046 3316 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:42:03.0046 3316 ============================================================
20:42:03.0046 3316 \Device\Harddisk0\DR0:
20:42:03.0046 3316 MBR partitions:
20:42:03.0046 3316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1388000
20:42:03.0046 3316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C000, BlocksNum 0x1B929168
20:42:03.0078 3316 ============================================================
20:42:03.0202 3316 C: <-> \Device\Harddisk0\DR0\Partition1
20:42:03.0234 3316 D: <-> \Device\Harddisk0\DR0\Partition0
20:42:03.0234 3316 ============================================================
20:42:03.0234 3316 Initialize success
20:42:03.0234 3316 ============================================================
20:42:17.0072 5692 ============================================================
20:42:17.0072 5692 Scan started
20:42:17.0072 5692 Mode: Manual;
20:42:17.0072 5692 ============================================================
20:42:19.0709 5692 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:42:19.0725 5692 ACPI - ok
20:42:19.0834 5692 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:42:19.0850 5692 AdobeFlashPlayerUpdateSvc - ok
20:42:19.0990 5692 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:42:20.0006 5692 adp94xx - ok
20:42:20.0068 5692 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:42:20.0084 5692 adpahci - ok
20:42:20.0115 5692 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:42:20.0115 5692 adpu160m - ok
20:42:20.0146 5692 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:42:20.0162 5692 adpu320 - ok
20:42:20.0193 5692 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:42:20.0193 5692 AeLookupSvc - ok
20:42:20.0240 5692 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\system32\aestsrv.exe
20:42:20.0240 5692 AESTFilters - ok
20:42:20.0286 5692 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
20:42:20.0286 5692 Afc - ok
20:42:20.0333 5692 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:42:20.0349 5692 AFD - ok
20:42:20.0364 5692 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
20:42:20.0364 5692 agp440 - ok
20:42:20.0411 5692 AgrianUpdateService (29d77b81dbec3791ee2ea17e568e0b15) C:\Agrian\AgrianUpdateService.exe
20:42:20.0411 5692 AgrianUpdateService - ok
20:42:20.0458 5692 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:42:20.0458 5692 aic78xx - ok
20:42:20.0505 5692 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:42:20.0505 5692 ALG - ok
20:42:20.0520 5692 aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
20:42:20.0520 5692 aliide - ok
20:42:20.0567 5692 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
20:42:20.0567 5692 amdagp - ok
20:42:20.0583 5692 amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
20:42:20.0598 5692 amdide - ok
20:42:20.0614 5692 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:42:20.0614 5692 AmdK7 - ok
20:42:20.0630 5692 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
20:42:20.0630 5692 AmdK8 - ok
20:42:20.0676 5692 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:42:20.0676 5692 ApfiltrService - ok
20:42:20.0692 5692 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:42:20.0692 5692 Appinfo - ok
20:42:20.0864 5692 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:42:20.0864 5692 Apple Mobile Device - ok
20:42:20.0895 5692 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:42:20.0910 5692 arc - ok
20:42:20.0957 5692 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:42:20.0957 5692 arcsas - ok
20:42:20.0988 5692 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:42:20.0988 5692 AsyncMac - ok
20:42:21.0020 5692 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:42:21.0020 5692 atapi - ok
20:42:21.0098 5692 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:42:21.0098 5692 AudioEndpointBuilder - ok
20:42:21.0098 5692 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:42:21.0098 5692 Audiosrv - ok
20:42:21.0176 5692 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:42:21.0191 5692 BCM43XX - ok
20:42:21.0222 5692 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:42:21.0222 5692 Beep - ok
20:42:21.0332 5692 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
20:42:21.0332 5692 BITS - ok
20:42:21.0347 5692 blbdrive - ok
20:42:21.0456 5692 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:42:21.0472 5692 Bonjour Service - ok
20:42:21.0550 5692 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:42:21.0550 5692 bowser - ok
20:42:21.0581 5692 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:42:21.0581 5692 BrFiltLo - ok
20:42:21.0597 5692 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:42:21.0597 5692 BrFiltUp - ok
20:42:21.0644 5692 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:42:21.0644 5692 Browser - ok
20:42:21.0675 5692 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:42:21.0675 5692 Brserid - ok
20:42:21.0737 5692 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:42:21.0737 5692 BrSerWdm - ok
20:42:21.0768 5692 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:42:21.0768 5692 BrUsbMdm - ok
20:42:21.0768 5692 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:42:21.0784 5692 BrUsbSer - ok
20:42:21.0800 5692 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
20:42:21.0815 5692 BTHMODEM - ok
20:42:21.0846 5692 catchme - ok
20:42:21.0878 5692 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:42:21.0878 5692 cdfs - ok
20:42:21.0924 5692 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:42:21.0924 5692 cdrom - ok
20:42:21.0987 5692 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:42:21.0987 5692 CertPropSvc - ok
20:42:22.0034 5692 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:42:22.0034 5692 circlass - ok
20:42:22.0112 5692 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:42:22.0112 5692 CLFS - ok
20:42:22.0252 5692 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:42:22.0252 5692 clr_optimization_v2.0.50727_32 - ok
20:42:22.0377 5692 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:42:22.0377 5692 clr_optimization_v4.0.30319_32 - ok
20:42:22.0439 5692 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:42:22.0439 5692 CmBatt - ok
20:42:22.0470 5692 cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
20:42:22.0470 5692 cmdide - ok
20:42:22.0470 5692 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:42:22.0470 5692 Compbatt - ok
20:42:22.0486 5692 COMSysApp - ok
20:42:22.0502 5692 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:42:22.0502 5692 crcdisk - ok
20:42:22.0517 5692 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:42:22.0517 5692 Crusoe - ok
20:42:22.0595 5692 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
20:42:22.0611 5692 CryptSvc - ok
20:42:22.0689 5692 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
20:42:22.0689 5692 ctxusbm - ok
20:42:22.0782 5692 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:42:22.0814 5692 DcomLaunch - ok
20:42:22.0845 5692 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:42:22.0845 5692 DfsC - ok
20:42:23.0048 5692 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:42:23.0126 5692 DFSR - ok
20:42:23.0282 5692 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:42:23.0282 5692 Dhcp - ok
20:42:23.0391 5692 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:42:23.0391 5692 disk - ok
20:42:23.0453 5692 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:42:23.0469 5692 Dnscache - ok
20:42:23.0547 5692 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:42:23.0547 5692 dot3svc - ok
20:42:23.0609 5692 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
20:42:23.0609 5692 Dot4 - ok
20:42:23.0672 5692 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:42:23.0672 5692 Dot4Print - ok
20:42:23.0703 5692 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
20:42:23.0703 5692 dot4usb - ok
20:42:23.0734 5692 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:42:23.0734 5692 DPS - ok
20:42:23.0796 5692 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:42:23.0796 5692 drmkaud - ok
20:42:23.0906 5692 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:42:23.0937 5692 DXGKrnl - ok
20:42:23.0968 5692 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
20:42:23.0984 5692 e1express - ok
20:42:24.0015 5692 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:42:24.0015 5692 E1G60 - ok
20:42:24.0062 5692 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:42:24.0062 5692 EapHost - ok
20:42:24.0124 5692 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:42:24.0140 5692 Ecache - ok
20:42:24.0202 5692 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:42:24.0202 5692 ehRecvr - ok
20:42:24.0218 5692 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:42:24.0233 5692 ehSched - ok
20:42:24.0233 5692 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:42:24.0233 5692 ehstart - ok
20:42:24.0280 5692 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:42:24.0296 5692 elxstor - ok
20:42:24.0389 5692 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:42:24.0405 5692 EMDMgmt - ok
20:42:24.0498 5692 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:42:24.0498 5692 EventSystem - ok
20:42:24.0576 5692 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:42:24.0576 5692 exfat - ok
20:42:24.0670 5692 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:42:24.0686 5692 fastfat - ok
20:42:24.0717 5692 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
20:42:24.0717 5692 fdc - ok
20:42:24.0748 5692 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:42:24.0748 5692 fdPHost - ok
20:42:24.0779 5692 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:42:24.0779 5692 FDResPub - ok
20:42:24.0826 5692 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:42:24.0826 5692 FileInfo - ok
20:42:24.0873 5692 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:42:24.0873 5692 Filetrace - ok
20:42:24.0982 5692 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:42:25.0013 5692 FLEXnet Licensing Service - ok
20:42:25.0029 5692 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:42:25.0044 5692 flpydisk - ok
20:42:25.0107 5692 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:42:25.0107 5692 FltMgr - ok
20:42:25.0232 5692 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:42:25.0263 5692 FontCache - ok
20:42:25.0419 5692 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:42:25.0434 5692 FontCache3.0.0.0 - ok
20:42:25.0544 5692 FreeAgentGoNext Service (9513b437b7adb1e6065b7f0d83d11ecf) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
20:42:25.0559 5692 FreeAgentGoNext Service - ok
20:42:25.0622 5692 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:42:25.0622 5692 Fs_Rec - ok
20:42:25.0668 5692 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:42:25.0668 5692 gagp30kx - ok
20:42:25.0684 5692 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:42:25.0700 5692 GEARAspiWDM - ok
20:42:25.0731 5692 ggflt (ae8f90f4de5746e5cb1b095701165863) C:\Windows\system32\DRIVERS\ggflt.sys
20:42:25.0731 5692 ggflt - ok
20:42:25.0746 5692 ggsemc (4973d7c1c1d81d11e5e8fa974c2ae8cb) C:\Windows\system32\DRIVERS\ggsemc.sys
20:42:25.0762 5692 ggsemc - ok
20:42:25.0809 5692 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
20:42:25.0824 5692 giveio - ok
20:42:25.0856 5692 GoogleDesktopManager-010708-104812 (ff0e0e6e5768b82bead44bfbcb9bdfe6) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
20:42:25.0856 5692 GoogleDesktopManager-010708-104812 - ok
20:42:25.0918 5692 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
20:42:25.0918 5692 GoToAssist - ok
20:42:26.0027 5692 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:42:26.0043 5692 gpsvc - ok
20:42:26.0136 5692 gupdate1c9bbe19cd062e0 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:42:26.0136 5692 gupdate1c9bbe19cd062e0 - ok
20:42:26.0136 5692 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:42:26.0152 5692 gupdatem - ok
20:42:26.0183 5692 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:42:26.0183 5692 gusvc - ok
20:42:26.0277 5692 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:42:26.0308 5692 HDAudBus - ok
20:42:26.0339 5692 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:42:26.0339 5692 HidBth - ok
20:42:26.0355 5692 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:42:26.0355 5692 HidIr - ok
20:42:26.0433 5692 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
20:42:26.0433 5692 hidserv - ok
20:42:26.0620 5692 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:42:26.0620 5692 HidUsb - ok
20:42:26.0667 5692 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:42:26.0667 5692 hkmsvc - ok
20:42:26.0698 5692 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:42:26.0698 5692 HpCISSs - ok
20:42:26.0854 5692 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:42:26.0854 5692 hpqcxs08 - ok
20:42:26.0885 5692 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:42:26.0885 5692 hpqddsvc - ok
20:42:26.0963 5692 HPSLPSVC (6f9cb6539a1b2508bd1c53d29334431a) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
20:42:26.0994 5692 HPSLPSVC - ok
20:42:27.0104 5692 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:42:27.0135 5692 HSF_DPV - ok
20:42:27.0150 5692 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:42:27.0166 5692 HSXHWAZL - ok
20:42:27.0244 5692 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:42:27.0260 5692 HTTP - ok
20:42:27.0275 5692 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:42:27.0291 5692 i2omp - ok
20:42:27.0338 5692 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:42:27.0338 5692 i8042prt - ok
20:42:27.0431 5692 IAANTMON (ae38a12f79a4980ddb88f36514f8a1da) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
20:42:27.0447 5692 IAANTMON - ok
20:42:27.0494 5692 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
20:42:27.0494 5692 iaStor - ok
20:42:27.0540 5692 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:42:27.0540 5692 iaStorV - ok
20:42:27.0681 5692 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:42:27.0681 5692 IDriverT - ok
20:42:27.0868 5692 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:42:27.0899 5692 idsvc - ok
20:42:28.0102 5692 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:42:28.0164 5692 igfx - ok
20:42:28.0305 5692 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:42:28.0305 5692 iirsp - ok
20:42:28.0398 5692 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:42:28.0414 5692 IKEEXT - ok
20:42:28.0430 5692 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
20:42:28.0430 5692 IntcHdmiAddService - ok
20:42:28.0461 5692 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys
20:42:28.0461 5692 intelide - ok
20:42:28.0523 5692 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:42:28.0523 5692 intelppm - ok
20:42:28.0570 5692 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:42:28.0570 5692 IPBusEnum - ok
20:42:28.0617 5692 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:42:28.0617 5692 IpFilterDriver - ok
20:42:28.0617 5692 IpInIp - ok
20:42:28.0632 5692 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:42:28.0648 5692 IPMIDRV - ok
20:42:28.0710 5692 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:42:28.0710 5692 IPNAT - ok
20:42:28.0898 5692 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
20:42:28.0929 5692 iPod Service - ok
20:42:28.0960 5692 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:42:28.0960 5692 IRENUM - ok
20:42:29.0022 5692 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
20:42:29.0022 5692 isapnp - ok
20:42:29.0116 5692 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:42:29.0116 5692 iScsiPrt - ok
20:42:29.0132 5692 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:42:29.0147 5692 iteatapi - ok
20:42:29.0147 5692 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:42:29.0163 5692 iteraid - ok
20:42:29.0225 5692 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:42:29.0225 5692 kbdclass - ok
20:42:29.0241 5692 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
20:42:29.0241 5692 kbdhid - ok
20:42:29.0303 5692 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:42:29.0303 5692 KeyIso - ok
20:42:29.0350 5692 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:42:29.0366 5692 KSecDD - ok
20:42:29.0444 5692 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:42:29.0444 5692 KtmRm - ok
20:42:29.0506 5692 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
20:42:29.0506 5692 LanmanServer - ok
20:42:29.0584 5692 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:42:29.0584 5692 LanmanWorkstation - ok
20:42:29.0631 5692 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:42:29.0631 5692 lltdio - ok
20:42:29.0678 5692 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:42:29.0678 5692 lltdsvc - ok
20:42:29.0709 5692 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:42:29.0709 5692 lmhosts - ok
20:42:29.0880 5692 LMIGuardianSvc (c2bc96051da4330c1fcf2fe13f60a748) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
20:42:29.0896 5692 LMIGuardianSvc - ok
20:42:29.0943 5692 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
20:42:29.0958 5692 LMIInfo - ok
20:42:29.0974 5692 LMIMaint (8960ac10842199c9dc2ec0956f5a4a8d) C:\Program Files\LogMeIn\x86\RaMaint.exe
20:42:29.0974 5692 LMIMaint - ok
20:42:30.0005 5692 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
20:42:30.0005 5692 lmimirr - ok
20:42:30.0005 5692 LMIRfsClientNP - ok
20:42:30.0068 5692 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
20:42:30.0068 5692 LMIRfsDriver - ok
20:42:30.0161 5692 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
20:42:30.0177 5692 LogMeIn - ok
20:42:30.0224 5692 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:42:30.0224 5692 LSI_FC - ok
20:42:30.0270 5692 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:42:30.0270 5692 LSI_SAS - ok
20:42:30.0302 5692 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:42:30.0302 5692 LSI_SCSI - ok
20:42:30.0348 5692 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:42:30.0348 5692 luafv - ok
20:42:30.0380 5692 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
20:42:30.0380 5692 MBAMProtector - ok
20:42:30.0551 5692 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:42:30.0567 5692 MBAMService - ok
20:42:30.0598 5692 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:42:30.0614 5692 Mcx2Svc - ok
20:42:30.0645 5692 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:42:30.0645 5692 mdmxsdk - ok
20:42:30.0676 5692 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:42:30.0676 5692 megasas - ok
20:42:30.0770 5692 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:42:30.0785 5692 Microsoft Office Groove Audit Service - ok
20:42:30.0816 5692 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:42:30.0832 5692 MMCSS - ok
20:42:30.0863 5692 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:42:30.0863 5692 Modem - ok
20:42:30.0926 5692 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:42:30.0941 5692 monitor - ok
20:42:30.0972 5692 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:42:30.0972 5692 mouclass - ok
20:42:31.0113 5692 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:42:31.0113 5692 mouhid - ok
20:42:31.0144 5692 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:42:31.0144 5692 MountMgr - ok
20:42:31.0191 5692 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:42:31.0191 5692 mpio - ok
20:42:31.0206 5692 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:42:31.0206 5692 mpsdrv - ok
20:42:31.0238 5692 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:42:31.0238 5692 Mraid35x - ok
20:42:31.0316 5692 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:42:31.0316 5692 MRxDAV - ok
20:42:31.0347 5692 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:42:31.0347 5692 mrxsmb - ok
20:42:31.0425 5692 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:42:31.0440 5692 mrxsmb10 - ok
20:42:31.0440 5692 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:42:31.0440 5692 mrxsmb20 - ok
20:42:31.0472 5692 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
20:42:31.0472 5692 msahci - ok
20:42:31.0487 5692 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:42:31.0487 5692 msdsm - ok
20:42:31.0534 5692 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:42:31.0534 5692 MSDTC - ok
20:42:31.0596 5692 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:42:31.0596 5692 Msfs - ok
20:42:31.0659 5692 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:42:31.0659 5692 msisadrv - ok
20:42:31.0706 5692 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:42:31.0706 5692 MSiSCSI - ok
20:42:31.0721 5692 msiserver - ok
20:42:31.0784 5692 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:42:31.0784 5692 MSKSSRV - ok
20:42:31.0815 5692 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:42:31.0815 5692 MSPCLOCK - ok
20:42:31.0830 5692 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:42:31.0830 5692 MSPQM - ok
20:42:31.0908 5692 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:42:31.0924 5692 MsRPC - ok
20:42:31.0986 5692 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:42:31.0986 5692 mssmbios - ok
20:42:32.0033 5692 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:42:32.0033 5692 MSTEE - ok
20:42:32.0064 5692 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:42:32.0064 5692 Mup - ok
20:42:32.0127 5692 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:42:32.0127 5692 napagent - ok
20:42:32.0220 5692 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:42:32.0220 5692 NativeWifiP - ok
20:42:32.0298 5692 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:42:32.0314 5692 NDIS - ok
20:42:32.0345 5692 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:42:32.0345 5692 NdisTapi - ok
20:42:32.0376 5692 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:42:32.0376 5692 Ndisuio - ok
20:42:32.0439 5692 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:42:32.0439 5692 NdisWan - ok
20:42:32.0501 5692 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:42:32.0501 5692 NDProxy - ok
20:42:32.0579 5692 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
20:42:32.0579 5692 Net Driver HPZ12 - ok
20:42:32.0610 5692 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:42:32.0626 5692 NetBIOS - ok
20:42:32.0720 5692 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:42:32.0720 5692 netbt - ok
20:42:32.0798 5692 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:42:32.0798 5692 Netlogon - ok
20:42:32.0844 5692 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:42:32.0876 5692 Netman - ok
20:42:32.0938 5692 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:42:32.0938 5692 netprofm - ok
20:42:33.0078 5692 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:42:33.0110 5692 NetTcpPortSharing - ok
20:42:33.0141 5692 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:42:33.0141 5692 nfrd960 - ok
20:42:33.0188 5692 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:42:33.0188 5692 NlaSvc - ok
20:42:33.0281 5692 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:42:33.0281 5692 Npfs - ok
20:42:33.0359 5692 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:42:33.0359 5692 nsi - ok
20:42:33.0422 5692 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:42:33.0437 5692 nsiproxy - ok
20:42:33.0578 5692 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:42:33.0656 5692 Ntfs - ok
20:42:33.0718 5692 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:42:33.0718 5692 ntrigdigi - ok
20:42:33.0765 5692 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:42:33.0765 5692 Null - ok
20:42:33.0843 5692 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:42:33.0843 5692 nvraid - ok
20:42:33.0874 5692 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:42:33.0874 5692 nvstor - ok
20:42:33.0921 5692 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
20:42:33.0921 5692 nv_agp - ok
20:42:33.0936 5692 NwlnkFlt - ok
20:42:33.0936 5692 NwlnkFwd - ok
20:42:34.0124 5692 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:42:34.0139 5692 odserv - ok
20:42:34.0186 5692 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
20:42:34.0186 5692 OEM02Dev - ok
20:42:34.0186 5692 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
20:42:34.0202 5692 OEM02Vfx - ok
20:42:34.0295 5692 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:42:34.0311 5692 ohci1394 - ok
20:42:34.0373 5692 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:42:34.0389 5692 ose - ok
20:42:34.0498 5692 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:42:34.0529 5692 p2pimsvc - ok
20:42:34.0529 5692 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:42:34.0545 5692 p2psvc - ok
20:42:34.0592 5692 PAC7302 (81a0921e2a3fdcf840e43af64bf96ea2) C:\Windows\system32\DRIVERS\PAC7302.SYS
20:42:34.0607 5692 PAC7302 - ok
20:42:34.0670 5692 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\Windows\system32\drivers\PalmUSBD.sys
20:42:34.0670 5692 PalmUSBD - ok
20:42:34.0716 5692 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:42:34.0716 5692 Parport - ok
20:42:34.0794 5692 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
20:42:34.0794 5692 partmgr - ok
20:42:34.0810 5692 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:42:34.0810 5692 Parvdm - ok
20:42:34.0841 5692 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:42:34.0841 5692 PcaSvc - ok
20:42:34.0919 5692 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:42:34.0919 5692 pci - ok
20:42:34.0982 5692 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:42:34.0982 5692 pciide - ok
20:42:35.0013 5692 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:42:35.0013 5692 pcmcia - ok
20:42:35.0106 5692 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:42:35.0138 5692 PEAUTH - ok
20:42:35.0262 5692 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:42:35.0278 5692 pla - ok
20:42:35.0434 5692 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:42:35.0434 5692 PlugPlay - ok
20:42:35.0512 5692 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
20:42:35.0512 5692 Pml Driver HPZ12 - ok
20:42:35.0637 5692 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:42:35.0637 5692 PNRPAutoReg - ok
20:42:35.0652 5692 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:42:35.0652 5692 PNRPsvc - ok
20:42:35.0699 5692 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:42:35.0715 5692 PolicyAgent - ok
20:42:35.0777 5692 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:42:35.0777 5692 PptpMiniport - ok
20:42:35.0808 5692 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:42:35.0808 5692 Processor - ok
20:42:35.0886 5692 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:42:35.0902 5692 ProfSvc - ok
20:42:35.0964 5692 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:42:35.0964 5692 ProtectedStorage - ok
20:42:36.0074 5692 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:42:36.0074 5692 PSched - ok
20:42:36.0120 5692 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
20:42:36.0120 5692 PxHelp20 - ok
20:42:36.0245 5692 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:42:36.0323 5692 ql2300 - ok
20:42:36.0339 5692 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:42:36.0339 5692 ql40xx - ok
20:42:36.0432 5692 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:42:36.0448 5692 QWAVE - ok
20:42:36.0495 5692 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:42:36.0510 5692 QWAVEdrv - ok
20:42:36.0698 5692 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
20:42:36.0760 5692 R300 - ok
20:42:36.0885 5692 RapiMgr (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll
20:42:36.0900 5692 RapiMgr - ok
20:42:37.0025 5692 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:42:37.0025 5692 RasAcd - ok
20:42:37.0088 5692 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:42:37.0088 5692 RasAuto - ok
20:42:37.0150 5692 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:42:37.0150 5692 Rasl2tp - ok
20:42:37.0244 5692 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:42:37.0259 5692 RasMan - ok
20:42:37.0368 5692 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:42:37.0368 5692 RasPppoe - ok
20:42:37.0462 5692 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:42:37.0462 5692 RasSstp - ok
20:42:37.0540 5692 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:42:37.0556 5692 rdbss - ok
20:42:37.0602 5692 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:42:37.0602 5692 RDPCDD - ok
20:42:37.0696 5692 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
20:42:37.0712 5692 rdpdr - ok
20:42:37.0727 5692 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:42:37.0727 5692 RDPENCDD - ok
20:42:37.0805 5692 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
20:42:37.0805 5692 RDPWD - ok
20:42:37.0868 5692 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:42:37.0883 5692 RemoteAccess - ok
20:42:37.0977 5692 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:42:37.0992 5692 RemoteRegistry - ok
20:42:38.0008 5692 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
20:42:38.0024 5692 rimmptsk - ok
20:42:38.0039 5692 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:42:38.0039 5692 rimsptsk - ok
20:42:38.0117 5692 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
20:42:38.0117 5692 RimUsb - ok
20:42:38.0195 5692 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
20:42:38.0195 5692 RimVSerPort - ok
20:42:38.0211 5692 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
20:42:38.0211 5692 rismxdp - ok
20:42:38.0289 5692 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
20:42:38.0289 5692 ROOTMODEM - ok
20:42:38.0476 5692 Roxio UPnP Renderer 9 (afd61a7c48a3e15c86a6fadf0b69a2e4) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
20:42:38.0476 5692 Roxio UPnP Renderer 9 - ok
20:42:38.0538 5692 Roxio Upnp Server 9 (efbb36e2bb02169d26e9980778fc20d3) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
20:42:38.0554 5692 Roxio Upnp Server 9 - ok
20:42:38.0788 5692 RoxLiveShare9 (6bd6d7efec6eced723f186e3bfcc74e9) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
20:42:38.0835 5692 RoxLiveShare9 - ok
20:42:39.0053 5692 RoxMediaDB9 (7f2c88bcc5ef2a896e4827f33ccca843) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
20:42:39.0116 5692 RoxMediaDB9 - ok
20:42:39.0194 5692 RoxWatch9 (26c4a8ad3e75679b66fc0a6d3bb6be2a) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
20:42:39.0194 5692 RoxWatch9 - ok
20:42:39.0365 5692 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:42:39.0365 5692 RpcLocator - ok
20:42:39.0490 5692 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
20:42:39.0490 5692 RpcSs - ok
20:42:39.0552 5692 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:42:39.0568 5692 rspndr - ok
20:42:39.0646 5692 s616bus (ef4b5a8d53f15cb269469dd4e4bb0109) C:\Windows\system32\DRIVERS\s616bus.sys
20:42:39.0646 5692 s616bus - ok
20:42:39.0708 5692 s616mdfl (96187731eefcf83e844bc1ce6617aaeb) C:\Windows\system32\DRIVERS\s616mdfl.sys
20:42:39.0708 5692 s616mdfl - ok
20:42:39.0740 5692 s616mdm (d2dd87368bfecfa099e50dc120f3f513) C:\Windows\system32\DRIVERS\s616mdm.sys
20:42:39.0740 5692 s616mdm - ok
20:42:39.0818 5692 s616mgmt (5f0be24e4d4fa134b0b2fef35d3a9d90) C:\Windows\system32\DRIVERS\s616mgmt.sys
20:42:39.0833 5692 s616mgmt - ok
20:42:39.0927 5692 s616nd5 (b9b507fcc67e204ef38e05ffd4176345) C:\Windows\system32\DRIVERS\s616nd5.sys
20:42:39.0927 5692 s616nd5 - ok
20:42:39.0989 5692 s616obex (f123a1f2a04a0e8dba80b64f0072475a) C:\Windows\system32\DRIVERS\s616obex.sys
20:42:39.0989 5692 s616obex - ok
20:42:40.0020 5692 s616unic (e7e55048ebd5c17bfa791b4a6ec3d54b) C:\Windows\system32\DRIVERS\s616unic.sys
20:42:40.0020 5692 s616unic - ok
20:42:40.0098 5692 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:42:40.0098 5692 SamSs - ok
20:42:40.0161 5692 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:42:40.0161 5692 sbp2port - ok
20:42:40.0364 5692 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
20:42:40.0395 5692 SBSDWSCService - ok
20:42:40.0488 5692 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:42:40.0488 5692 SCardSvr - ok
20:42:40.0582 5692 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:42:40.0613 5692 Schedule - ok
20:42:40.0660 5692 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:42:40.0660 5692 SCPolicySvc - ok
20:42:40.0738 5692 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:42:40.0738 5692 sdbus - ok
20:42:40.0800 5692 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:42:40.0800 5692 SDRSVC - ok
20:42:40.0863 5692 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:42:40.0863 5692 secdrv - ok
20:42:40.0894 5692 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:42:40.0894 5692 seclogon - ok
20:42:40.0910 5692 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:42:40.0910 5692 SENS - ok
20:42:40.0956 5692 Ser2pl (6cd8dc61304bf5ca16fe48dc3039cc05) C:\Windows\system32\DRIVERS\ser2pl.sys
20:42:40.0956 5692 Ser2pl - ok
20:42:40.0972 5692 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
20:42:40.0972 5692 Serenum - ok
20:42:41.0034 5692 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:42:41.0034 5692 Serial - ok
20:42:41.0112 5692 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:42:41.0112 5692 sermouse - ok
20:42:41.0175 5692 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:42:41.0175 5692 SessionEnv - ok
20:42:41.0222 5692 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
20:42:41.0222 5692 sffdisk - ok
20:42:41.0253 5692 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
20:42:41.0253 5692 sffp_mmc - ok
20:42:41.0315 5692 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:42:41.0315 5692 sffp_sd - ok
20:42:41.0331 5692 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:42:41.0331 5692 sfloppy - ok
20:42:41.0409 5692 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:42:41.0424 5692 ShellHWDetection - ok
20:42:41.0471 5692 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
20:42:41.0471 5692 sisagp - ok
20:42:41.0518 5692 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:42:41.0518 5692 SiSRaid2 - ok
20:42:41.0549 5692 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:42:41.0549 5692 SiSRaid4 - ok
20:42:41.0908 5692 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:42:42.0048 5692 slsvc - ok
20:42:42.0267 5692 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:42:42.0267 5692 SLUINotify - ok
20:42:42.0360 5692 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:42:42.0360 5692 Smb - ok
20:42:42.0407 5692 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:42:42.0407 5692 SNMPTRAP - ok
20:42:42.0454 5692 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\Windows\system32\speedfan.sys
20:42:42.0454 5692 speedfan - ok
20:42:42.0485 5692 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:42:42.0485 5692 spldr - ok
20:42:42.0548 5692 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:42:42.0563 5692 Spooler - ok
20:42:42.0641 5692 sprtsvc_dellsupportcenter - ok
20:42:42.0719 5692 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:42:42.0750 5692 srv - ok
20:42:42.0797 5692 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:42:42.0797 5692 srv2 - ok
20:42:42.0844 5692 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:42:42.0844 5692 srvnet - ok
20:42:42.0906 5692 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:42:42.0906 5692 SSDPSRV - ok
20:42:42.0984 5692 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:42:42.0984 5692 SstpSvc - ok
20:42:43.0156 5692 STacSV (7e6dd4b34acd36af6c711d2bde91b040) C:\Windows\system32\STacSV.exe
20:42:43.0156 5692 STacSV - ok
20:42:43.0203 5692 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
20:42:43.0218 5692 STHDA - ok
20:42:43.0328 5692 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:42:43.0359 5692 stisvc - ok
20:42:43.0437 5692 stllssvr (7489520e98a119b5a9a00857f4f87d16) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
20:42:43.0452 5692 stllssvr - ok
20:42:43.0515 5692 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:42:43.0515 5692 swenum - ok
20:42:43.0608 5692 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:42:43.0624 5692 swprv - ok
20:42:43.0655 5692 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:42:43.0655 5692 Symc8xx - ok
20:42:43.0686 5692 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:42:43.0686 5692 Sym_hi - ok
20:42:43.0702 5692 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:42:43.0702 5692 Sym_u3 - ok
20:42:43.0796 5692 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:42:43.0811 5692 SysMain - ok
20:42:43.0842 5692 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:42:43.0842 5692 TabletInputService - ok
20:42:43.0952 5692 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:42:43.0952 5692 TapiSrv - ok
20:42:43.0983 5692 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:42:43.0998 5692 TBS - ok
20:42:44.0123 5692 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
20:42:44.0170 5692 Tcpip - ok
20:42:44.0186 5692 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
20:42:44.0201 5692 Tcpip6 - ok
20:42:44.0264 5692 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:42:44.0264 5692 tcpipreg - ok
20:42:44.0310 5692 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:42:44.0310 5692 TDPIPE - ok
20:42:44.0310 5692 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:42:44.0326 5692 TDTCP - ok
20:42:44.0388 5692 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:42:44.0388 5692 tdx - ok
20:42:44.0420 5692 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:42:44.0420 5692 TermDD - ok
20:42:44.0529 5692 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:42:44.0529 5692 TermService - ok
20:42:44.0607 5692 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:42:44.0607 5692 Themes - ok
20:42:44.0685 5692 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:42:44.0685 5692 THREADORDER - ok
20:42:44.0700 5692 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:42:44.0700 5692 TrkWks - ok
20:42:44.0810 5692 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:42:44.0810 5692 TrustedInstaller - ok
20:42:44.0825 5692 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:42:44.0825 5692 tssecsrv - ok
20:42:44.0856 5692 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:42:44.0856 5692 tunmp - ok
20:42:44.0903 5692 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:42:44.0903 5692 tunnel - ok
20:42:44.0934 5692 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:42:44.0934 5692 uagp35 - ok
20:42:45.0012 5692 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:42:45.0012 5692 udfs - ok
20:42:45.0059 5692 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:42:45.0059 5692 UI0Detect - ok
20:42:45.0075 5692 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
20:42:45.0090 5692 uliagpkx - ok
20:42:45.0122 5692 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:42:45.0137 5692 uliahci - ok
20:42:45.0153 5692 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:42:45.0153 5692 UlSata - ok
20:42:45.0200 5692 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:42:45.0215 5692 ulsata2 - ok
20:42:45.0293 5692 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:42:45.0293 5692 umbus - ok
20:42:45.0324 5692 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
20:42:45.0324 5692 UMPass - ok
20:42:45.0356 5692 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:42:45.0371 5692 upnphost - ok
20:42:45.0434 5692 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
20:42:45.0434 5692 USBAAPL - ok
20:42:45.0496 5692 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:42:45.0496 5692 usbaudio - ok
20:42:45.0574 5692 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:42:45.0590 5692 usbccgp - ok
20:42:45.0621 5692 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:42:45.0621 5692 usbcir - ok
20:42:45.0668 5692 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:42:45.0668 5692 usbehci - ok
20:42:45.0699 5692 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:42:45.0699 5692 usbhub - ok
20:42:45.0730 5692 Usblink (5512152fb6ece76648787b617e60bce9) C:\Windows\system32\Drivers\ulink.sys
20:42:45.0730 5692 Usblink - ok
20:42:45.0746 5692 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:42:45.0761 5692 usbohci - ok
20:42:45.0808 5692 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:42:45.0808 5692 usbprint - ok
20:42:45.0824 5692 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:42:45.0824 5692 usbscan - ok
20:42:45.0839 5692 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:42:45.0839 5692 USBSTOR - ok
20:42:45.0902 5692 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:42:45.0902 5692 usbuhci - ok
20:42:45.0964 5692 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
20:42:45.0980 5692 usb_rndisx - ok
20:42:46.0058 5692 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:42:46.0058 5692 UxSms - ok
20:42:46.0182 5692 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:42:46.0182 5692 vds - ok
20:42:46.0214 5692 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:42:46.0229 5692 vga - ok
20:42:46.0260 5692 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:42:46.0260 5692 VgaSave - ok
20:42:46.0276 5692 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
20:42:46.0276 5692 viaagp - ok
20:42:46.0292 5692 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:42:46.0292 5692 ViaC7 - ok
20:42:46.0323 5692 viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
20:42:46.0323 5692 viaide - ok
20:42:46.0385 5692 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:42:46.0385 5692 volmgr - ok
20:42:46.0572 5692 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:42:46.0588 5692 volmgrx - ok
20:42:46.0650 5692 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:42:46.0666 5692 volsnap - ok
20:42:46.0713 5692 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:42:46.0713 5692 vsmraid - ok
20:42:46.0838 5692 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:42:46.0884 5692 VSS - ok
20:42:46.0962 5692 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:42:46.0978 5692 W32Time - ok
20:42:47.0025 5692 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:42:47.0025 5692 WacomPen - ok
20:42:47.0181 5692 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:42:47.0181 5692 Wanarp - ok
20:42:47.0196 5692 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:42:47.0196 5692 Wanarpv6 - ok
20:42:47.0306 5692 WcesComm (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll
20:42:47.0321 5692 WcesComm - ok
20:42:47.0384 5692 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:42:47.0399 5692 wcncsvc - ok
20:42:47.0415 5692 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:42:47.0430 5692 WcsPlugInService - ok
20:42:47.0446 5692 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:42:47.0446 5692 Wd - ok
20:42:47.0508 5692 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:42:47.0540 5692 Wdf01000 - ok
20:42:47.0571 5692 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:42:47.0571 5692 WdiServiceHost - ok
20:42:47.0571 5692 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:42:47.0586 5692 WdiSystemHost - ok
20:42:47.0664 5692 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:42:47.0664 5692 WebClient - ok
20:42:47.0727 5692 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:42:47.0742 5692 Wecsvc - ok
20:42:47.0774 5692 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:42:47.0774 5692 wercplsupport - ok
20:42:47.0836 5692 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:42:47.0852 5692 WerSvc - ok
20:42:47.0914 5692 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:42:47.0945 5692 winachsf - ok
20:42:47.0945 5692 WinHttpAutoProxySvc - ok
20:42:48.0086 5692 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:42:48.0086 5692 Winmgmt - ok
20:42:48.0257 5692 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:42:48.0304 5692 WinRM - ok
20:42:48.0444 5692 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:42:48.0476 5692 Wlansvc - ok
20:42:48.0476 5692 wltrysvc - ok
20:42:48.0569 5692 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:42:48.0569 5692 WmiAcpi - ok
20:42:48.0678 5692 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:42:48.0678 5692 wmiApSrv - ok
20:42:48.0834 5692 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:42:48.0928 5692 WMPNetworkSvc - ok
20:42:48.0959 5692 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:42:48.0959 5692 WPCSvc - ok
20:42:49.0022 5692 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:42:49.0037 5692 WPDBusEnum - ok
20:42:49.0146 5692 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:42:49.0146 5692 WpdUsb - ok
20:42:49.0380 5692 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:42:49.0427 5692 WPFFontCache_v0400 - ok
20:42:49.0490 5692 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:42:49.0490 5692 ws2ifsl - ok
20:42:49.0552 5692 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
20:42:49.0552 5692 WSDPrintDevice - ok
20:42:49.0552 5692 WSearch - ok
20:42:49.0739 5692 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
20:42:49.0786 5692 wuauserv - ok
20:42:49.0926 5692 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:42:49.0926 5692 WUDFRd - ok
20:42:50.0004 5692 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:42:50.0004 5692 wudfsvc - ok
20:42:50.0051 5692 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
20:42:50.0067 5692 XAudio - ok
20:42:50.0145 5692 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
20:42:50.0176 5692 XAudioService - ok
20:42:50.0270 5692 YOICS Sharing Service (b6eecf3654a0aa9d7151a760e4a5f9a8) C:\Program Files\Yoics\YOICS_SharingService.exe
20:42:50.0270 5692 YOICS Sharing Service - ok
20:42:50.0348 5692 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
20:42:50.0348 5692 yukonwlh - ok
20:42:50.0426 5692 __RemoteX__ - ok
20:42:50.0519 5692 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
20:42:50.0816 5692 \Device\Harddisk0\DR0 - ok
20:42:50.0831 5692 Boot (0x1200) (1c87bb41b794aa77b498067de1159056) \Device\Harddisk0\DR0\Partition0
20:42:50.0831 5692 \Device\Harddisk0\DR0\Partition0 - ok
20:42:50.0847 5692 Boot (0x1200) (f805fa144e726ceaa4cf9a250587b283) \Device\Harddisk0\DR0\Partition1
20:42:50.0847 5692 \Device\Harddisk0\DR0\Partition1 - ok
20:42:50.0847 5692 ============================================================
20:42:50.0847 5692 Scan finished
20:42:50.0847 5692 ============================================================
20:42:50.0862 4320 Detected object count: 0
20:42:50.0862 4320 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-01 20:50:17
-----------------------------
20:50:17.594 OS Version: Windows 6.0.6002 Service Pack 2
20:50:17.594 Number of processors: 2 586 0xF0D
20:50:17.594 ComputerName: KACEY85 UserName: Kacey
20:50:20.465 Initialize success
21:08:36.022 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:08:36.022 Disk 0 Vendor: FUJITSU_ 0085 Size: 238475MB BusType: 3
21:08:36.053 Disk 0 MBR read successfully
21:08:36.053 Disk 0 MBR scan
21:08:36.053 Disk 0 Windows VISTA default MBR code
21:08:36.053 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:08:36.069 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
21:08:36.085 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 225874 MB offset 20561920
21:08:36.085 Disk 0 Partition - 00 0F Extended LBA 2559 MB offset 483153920
21:08:36.131 Disk 0 Partition 4 00 DD MSDOS5.0 2558 MB offset 483155968
21:08:36.147 Disk 0 scanning sectors +488394752
21:08:36.209 Disk 0 scanning C:\Windows\system32\drivers
21:08:52.267 Service scanning
21:09:29.888 Modules scanning
21:09:43.085 Disk 0 trace - called modules:
21:09:43.116 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
21:09:43.116 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86167218]
21:09:43.132 3 CLASSPNP.SYS[88aad8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85608030]
21:09:43.132 Scan finished successfully
21:10:12.257 Disk 0 MBR has been saved successfully to "C:\Users\Kacey\Desktop\MBR.dat"
21:10:12.257 The log file has been saved successfully to "C:\Users\Kacey\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 01 July 2012 - 11:19 PM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kdkiehn

kdkiehn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 01 July 2012 - 11:50 PM

Gringo,

Still getting redirects to a new window upon opening IE. Farbar log follows:


Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 01-07-2012
Ran by SYSTEM at 01-07-2012 21:39:40
Running from E:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet005

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [159744 2007-09-06] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2008-03-05] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [166424 2008-03-05] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [133656 2008-03-05] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [1548288 2007-03-21] (Dell Inc.)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [16384 2008-03-11] ( )
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2008-06-01] (Hewlett-Packard)
HKLM\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-11-12] (IDT, Inc.)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Fixthings\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-04-26] (Google Inc.)
HKU\Fixthings\...\Policies\system: [LogonHoursAction] 2
HKU\Fixthings\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Guest 1\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-04-26] (Google Inc.)
HKU\Guest 1\...\Policies\system: [LogonHoursAction] 2
HKU\Guest 1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Kacey\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Kacey\...\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKU\Kacey\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Kacey\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-04-26] (Google Inc.)
HKU\Kacey\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Kacey\...\Policies\system: [LogonHoursAction] 2
HKU\Kacey\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [173056 2009-04-10] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.90.161.193 208.90.161.194
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Air Mouse.lnk.disabled
ShortcutTarget: Air Mouse.lnk.disabled -> C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk.disabled
ShortcutTarget: HotSync Manager.lnk.disabled -> C:\Program Files\Palm\Hotsync.exe (No File)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Kacey\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kacey\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk.disabled
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk.disabled -> C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)

================================ Services (Whitelisted) ==================

4 AESTFilters; C:\Windows\system32\aestsrv.exe [73728 2007-11-12] (Andrea Electronics Corporation)
2 AgrianUpdateService; "C:\Agrian\AgrianUpdateService.exe" [23040 2008-10-06] ()
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
2 FreeAgentGoNext Service; "C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe" [189736 2009-09-25] (Seagate Technology LLC)
4 GoogleDesktopManager-010708-104812; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [29744 2008-04-26] (Google)
3 GoToAssist; "C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service [16680 2008-04-26] (Citrix Online, a division of Citrix Systems, Inc.)
2 gupdate1c9bbe19cd062e0; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-04-12] (Google Inc.)
2 LMIGuardianSvc; "C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe" [374152 2012-05-21] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files\LogMeIn\x86\RaMaint.exe" [136584 2012-05-21] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files\LogMeIn\x86\LogMeIn.exe" [390528 2011-09-16] (LogMeIn, Inc.)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [201968 2008-08-13] (SupportSoft, Inc.)
2 STacSV; C:\Windows\system32\STacSV.exe [102400 2007-11-12] (IDT, Inc.)
3 YOICS Sharing Service; C:\Program Files\Yoics\YOICS_SharingService.exe [16384 2009-06-18] ()
2 __RemoteX__; C:\Program Files\RemoteX\RemoteX.exe /service [271360 2011-02-13] (http://www.PEEPLEware.com)

========================== Drivers (Whitelisted) =============

3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
1 ctxusbm; C:\Windows\System32\DRIVERS\ctxusbm.sys [65584 2010-07-14] (Citrix Systems, Inc.)
3 ggflt; C:\Windows\System32\DRIVERS\ggflt.sys [13352 2008-09-06] (Sony Ericsson Mobile Communications)
3 ggsemc; C:\Windows\System32\DRIVERS\ggsemc.sys [21672 2008-09-06] (Sony Ericsson Mobile Communications)
0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [111616 2008-03-05] (Intel® Corporation)
4 iteraid; C:\Windows\system32\drivers\iteraid.sys [35944 2006-11-02] (Integrated Technology Express, Inc.)
2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2011-09-16] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [10144 2011-09-16] (LogMeIn, Inc.)
2 LMIRfsDriver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [47640 2011-09-16] (LogMeIn, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [235648 2008-03-03] (Creative Technology Ltd.)
3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [7424 2008-03-03] (EyePower Games Pte. Ltd.)
3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457984 2007-09-10] (PixArt Imaging Inc.)
3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
3 s616bus; C:\Windows\System32\DRIVERS\s616bus.sys [83208 2007-04-03] (MCCI Corporation)
3 s616mdfl; C:\Windows\System32\DRIVERS\s616mdfl.sys [15112 2007-04-03] (MCCI Corporation)
3 s616mdm; C:\Windows\System32\DRIVERS\s616mdm.sys [108680 2007-04-03] (MCCI Corporation)
3 s616mgmt; C:\Windows\System32\DRIVERS\s616mgmt.sys [100360 2007-04-03] (MCCI Corporation)
3 s616nd5; C:\Windows\System32\DRIVERS\s616nd5.sys [23176 2007-04-03] (MCCI Corporation)
3 s616obex; C:\Windows\System32\DRIVERS\s616obex.sys [98568 2007-04-03] (MCCI Corporation)
3 s616unic; C:\Windows\System32\DRIVERS\s616unic.sys [99080 2007-04-03] (MCCI Corporation)
0 speedfan; C:\Windows\System32\speedfan.sys [21696 2010-12-18] (Almico Software)
3 Usblink; C:\Windows\System32\Drivers\ulink.sys [40788 2003-08-08] ()
3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [15872 2009-04-10] (Microsoft Corporation)
3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [16896 2008-01-18] (Microsoft Corporation)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
4 LMIRfsClientNP; [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-01 21:39 - 2012-07-01 21:39 - 00000000 ____D C:\FRST
2012-07-01 20:10 - 2012-07-01 20:10 - 00001810 ____A C:\Users\Kacey\Desktop\aswMBR.txt
2012-07-01 20:10 - 2012-07-01 20:10 - 00000512 ____A C:\Users\Kacey\Desktop\MBR.dat
2012-07-01 09:27 - 2012-07-01 09:27 - 00022074 ____A C:\ComboFix.txt
2012-07-01 07:05 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-01 07:05 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-01 07:05 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-01 07:05 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-01 07:05 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-01 07:05 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-01 07:05 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-01 07:05 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-01 06:36 - 2012-07-01 06:36 - 00001365 ____A C:\Users\Kacey\Desktop\checkup.txt
2012-07-01 06:28 - 2012-07-01 06:28 - 00881475 ____A C:\Users\Kacey\Desktop\SecurityCheck.exe
2012-06-30 17:36 - 2012-06-30 17:36 - 00139232 ____A C:\Windows\Minidump\Mini063012-06.dmp
2012-06-30 17:19 - 2012-06-30 17:19 - 00139232 ____A C:\Windows\Minidump\Mini063012-05.dmp
2012-06-30 17:16 - 2012-06-30 17:16 - 00025430 ____A C:\Users\Kacey\Desktop\Attach.txt
2012-06-30 17:16 - 2012-06-30 17:16 - 00020787 ____A C:\Users\Kacey\Desktop\DDS.txt
2012-06-30 17:08 - 2012-06-30 17:08 - 00000472 ____A C:\Users\Kacey\Desktop\defogger_disable.log
2012-06-30 17:08 - 2012-06-30 17:08 - 00000000 ____A C:\Users\Kacey\defogger_reenable
2012-06-30 16:11 - 2012-06-30 16:11 - 00139232 ____A C:\Windows\Minidump\Mini063012-04.dmp
2012-06-30 08:55 - 2012-06-30 08:55 - 00135160 ____A C:\Windows\Minidump\Mini063012-03.dmp
2012-06-30 08:48 - 2012-06-30 08:48 - 00139232 ____A C:\Windows\Minidump\Mini063012-02.dmp
2012-06-30 08:34 - 2012-06-30 17:36 - 225106206 ____A C:\Windows\MEMORY.DMP
2012-06-30 08:34 - 2012-06-30 08:35 - 00139232 ____A C:\Windows\Minidump\Mini063012-01.dmp
2012-06-30 08:28 - 2012-06-30 08:28 - 00050477 ____A C:\Users\Kacey\Desktop\Defogger.exe
2012-06-30 08:28 - 2012-06-30 08:27 - 00607260 ____R (Swearware) C:\Users\Kacey\Desktop\dds.scr
2012-06-30 07:27 - 2012-06-30 07:27 - 00000000 ____A C:\junctions.txt
2012-06-30 07:12 - 2012-06-30 07:11 - 00294216 ____A C:\Users\Kacey\Desktop\gmer.zip
2012-06-30 07:12 - 2011-07-16 21:21 - 00302592 ____A C:\Users\Kacey\Desktop\gmer.exe
2012-06-29 20:15 - 2012-06-29 20:17 - 04731392 ____A (AVAST Software) C:\Users\Kacey\Desktop\aswMBR.exe
2012-06-29 20:14 - 2012-06-29 20:15 - 02134616 ____A (Kaspersky Lab ZAO) C:\Users\Kacey\Desktop\tdsskiller.exe
2012-06-28 19:43 - 2012-07-01 09:27 - 00000000 ____D C:\Qoobox
2012-06-28 19:40 - 2012-06-28 19:40 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-28 19:33 - 2012-06-28 19:38 - 04566027 ____R (Swearware) C:\Users\Kacey\Desktop\ComboFix.exe
2012-06-18 20:00 - 2012-07-01 19:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-18 20:00 - 2012-06-18 20:00 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-18 19:04 - 2012-06-18 19:04 - 00001666 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-18 19:02 - 2012-06-18 19:04 - 00000000 ____D C:\Program Files\iTunes
2012-06-18 19:02 - 2012-06-18 19:02 - 00000000 ____D C:\Program Files\iPod
2012-06-18 18:28 - 2012-06-18 18:28 - 00001728 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-18 15:12 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-18 15:12 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-18 15:12 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-18 15:12 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-18 15:11 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-18 15:11 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-18 15:11 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-18 15:10 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-18 15:10 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-17 20:08 - 2012-06-17 20:08 - 00000000 ____D C:\Users\Kacey\AppData\Local\DDMSettings
2012-06-17 19:27 - 2012-06-17 19:53 - 00000000 ____D C:\Users\All Users\DivX
2012-06-14 02:03 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 02:03 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 02:03 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 02:03 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 02:03 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 02:03 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 02:03 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 02:03 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 02:03 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 02:03 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 02:03 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 02:03 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 02:03 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 02:03 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 16:38 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 16:38 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 16:38 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 16:38 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 16:37 - 2012-05-15 11:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

============ 3 Months Modified Files ========================

2012-07-01 20:34 - 2008-04-25 23:54 - 01121057 ____A C:\Windows\WindowsUpdate.log
2012-07-01 20:34 - 2006-11-02 05:01 - 00032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-01 20:34 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-01 20:34 - 2006-11-02 04:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-01 20:34 - 2006-11-02 04:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-01 20:32 - 2006-11-02 02:33 - 00707392 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-01 20:10 - 2012-07-01 20:10 - 00001810 ____A C:\Users\Kacey\Desktop\aswMBR.txt
2012-07-01 20:10 - 2012-07-01 20:10 - 00000512 ____A C:\Users\Kacey\Desktop\MBR.dat
2012-07-01 20:10 - 2009-06-29 18:03 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-01 19:48 - 2012-06-18 20:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-01 12:37 - 2009-04-16 05:06 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
2012-07-01 10:43 - 2009-06-29 18:03 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-01 10:43 - 2009-02-28 14:42 - 00000464 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job
2012-07-01 09:27 - 2012-07-01 09:27 - 00022074 ____A C:\ComboFix.txt
2012-07-01 09:09 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini
2012-07-01 07:36 - 2010-11-12 06:27 - 00041274 ____A C:\Windows\PFRO.log
2012-07-01 06:36 - 2012-07-01 06:36 - 00001365 ____A C:\Users\Kacey\Desktop\checkup.txt
2012-07-01 06:28 - 2012-07-01 06:28 - 00881475 ____A C:\Users\Kacey\Desktop\SecurityCheck.exe
2012-06-30 17:36 - 2012-06-30 17:36 - 00139232 ____A C:\Windows\Minidump\Mini063012-06.dmp
2012-06-30 17:36 - 2012-06-30 08:34 - 225106206 ____A C:\Windows\MEMORY.DMP
2012-06-30 17:19 - 2012-06-30 17:19 - 00139232 ____A C:\Windows\Minidump\Mini063012-05.dmp
2012-06-30 17:16 - 2012-06-30 17:16 - 00025430 ____A C:\Users\Kacey\Desktop\Attach.txt
2012-06-30 17:16 - 2012-06-30 17:16 - 00020787 ____A C:\Users\Kacey\Desktop\DDS.txt
2012-06-30 17:08 - 2012-06-30 17:08 - 00000472 ____A C:\Users\Kacey\Desktop\defogger_disable.log
2012-06-30 17:08 - 2012-06-30 17:08 - 00000000 ____A C:\Users\Kacey\defogger_reenable
2012-06-30 16:11 - 2012-06-30 16:11 - 00139232 ____A C:\Windows\Minidump\Mini063012-04.dmp
2012-06-30 08:55 - 2012-06-30 08:55 - 00135160 ____A C:\Windows\Minidump\Mini063012-03.dmp
2012-06-30 08:48 - 2012-06-30 08:48 - 00139232 ____A C:\Windows\Minidump\Mini063012-02.dmp
2012-06-30 08:35 - 2012-06-30 08:34 - 00139232 ____A C:\Windows\Minidump\Mini063012-01.dmp
2012-06-30 08:28 - 2012-06-30 08:28 - 00050477 ____A C:\Users\Kacey\Desktop\Defogger.exe
2012-06-30 08:27 - 2012-06-30 08:28 - 00607260 ____R (Swearware) C:\Users\Kacey\Desktop\dds.scr
2012-06-30 07:27 - 2012-06-30 07:27 - 00000000 ____A C:\junctions.txt
2012-06-30 07:11 - 2012-06-30 07:12 - 00294216 ____A C:\Users\Kacey\Desktop\gmer.zip
2012-06-29 20:17 - 2012-06-29 20:15 - 04731392 ____A (AVAST Software) C:\Users\Kacey\Desktop\aswMBR.exe
2012-06-29 20:15 - 2012-06-29 20:14 - 02134616 ____A (Kaspersky Lab ZAO) C:\Users\Kacey\Desktop\tdsskiller.exe
2012-06-28 19:40 - 2012-06-28 19:40 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-28 19:38 - 2012-06-28 19:33 - 04566027 ____R (Swearware) C:\Users\Kacey\Desktop\ComboFix.exe
2012-06-18 20:00 - 2012-06-18 20:00 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-18 20:00 - 2011-11-11 19:52 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-18 19:04 - 2012-06-18 19:04 - 00001666 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-18 18:28 - 2012-06-18 18:28 - 00001728 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-14 02:41 - 2006-11-02 04:47 - 01802000 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 02:09 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-02 14:19 - 2012-06-18 15:12 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 15:12 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 15:12 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 15:11 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 15:11 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-18 15:10 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-06-18 15:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-18 15:11 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-18 15:10 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-27 15:54 - 2012-05-27 15:48 - 14108096 ____A (Citrix Systems, Inc.) C:\Users\Kacey\Downloads\CitrixOnlinePluginWeb(1).exe
2012-05-27 15:46 - 2012-05-27 15:46 - 00001733 ____A C:\Users\Kacey\Downloads\launch (1).ica.5rgi5r7.partial
2012-05-21 19:41 - 2011-12-14 13:30 - 00083360 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-05-21 19:41 - 2011-12-14 13:30 - 00030592 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-05-21 19:41 - 2011-12-14 13:29 - 00087424 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-05-17 15:11 - 2012-06-14 02:03 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-14 02:03 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-14 02:03 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-14 02:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-14 02:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 02:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-14 02:03 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-14 02:03 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 02:03 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-14 02:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 02:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-14 02:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 02:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 02:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-15 11:51 - 2012-06-13 16:37 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-01 17:28 - 2010-10-26 19:18 - 00005586 ____A C:\Windows\setupact.log
2012-05-01 06:03 - 2012-06-13 16:38 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-23 08:00 - 2012-06-13 16:38 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 08:00 - 2012-06-13 16:38 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 08:00 - 2012-06-13 16:38 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-18 19:56 - 2012-04-18 19:56 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2012-04-18 19:56 - 2012-04-18 19:56 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts
2012-04-12 18:12 - 2012-04-12 18:12 - 00004096 ___AH C:\Users\Kacey\AppData\Local\keyfile3.drm
2012-04-04 14:56 - 2010-04-17 16:04 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 00:16 - 2012-05-09 21:41 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-04-03 00:16 - 2012-05-09 21:41 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe


ZeroAccess:
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\@
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\n
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L\00000004.@
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L\201d3dde
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\00000004.@
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\00000008.@
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\000000cb.@
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\80000000.@
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\80000032.@

ZeroAccess:
C:\Users\Kacey\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}
C:\Users\Kacey\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\@
C:\Users\Kacey\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L
C:\Users\Kacey\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\n
C:\Users\Kacey\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 2037.43 MB
Available physical RAM: 1727.83 MB
Total Pagefile: 1969.32 MB
Available Pagefile: 1829.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:220.58 GB) (Free:56.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (CDROM) (Total:4.38 GB) (Free:0 GB) UDF
3 Drive e: () (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
4 Drive x: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:5.45 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 1024 KB
Disk 1 Online 495 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 10 GB 40 MB
Partition 3 Primary 221 GB 10 GB
Partition 0 Extended 2559 MB 230 GB
Partition 4 Logical 2558 MB 230 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 X RECOVERY NTFS Partition 10 GB Healthy Boot

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 221 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : DD
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 495 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

==========================================================

Last Boot: 2012-07-01 10:10

======================= End Of Log ==========================

-Kacey

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 01 July 2012 - 11:53 PM

Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 kdkiehn

kdkiehn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 02 July 2012 - 12:16 AM

Gringo,

Here's the search log from FRST:

Farbar Recovery Scan Tool Version: 01-07-2012
Ran by SYSTEM at 2012-07-01 22:00:18
Running from D:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-09-23 18:05] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-05-16 04:48] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe
[2009-09-23 18:05] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

C:\Windows\ERDNT\cache\services.exe
[2010-11-08 06:59] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

=== End Of Search ===

-Kacey

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 02 July 2012 - 12:39 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\ERDNT\cache\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}
C:\Users\Kacey\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 kdkiehn

kdkiehn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 02 July 2012 - 12:52 AM

Gringo,

fixlog.txt follows:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 01-07-2012
Ran by SYSTEM at 2012-07-01 22:45:47 Run:1
Running from D:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\ERDNT\cache\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b} moved successfully.
C:\Users\Kacey\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b} moved successfully.

==== End of Fixlog ====

-Kacey

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 02 July 2012 - 12:58 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\Freecorder

FireFox::
FF - ProfilePath - c:\users\Kacey\AppData\Roaming\Mozilla\Firefox\Profiles\or61m46o.default\
FF - prefs.js: browser.startup.homepage - hxxp://ib.startnow.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z057&partner_id=333&product_id=706&affiliate_id=&channel=DPGL18&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110716&user_guid=746822E95A634DEAB131FFE32CDEA1E7&machine_id=24d7d2b9bcbe4758b9f44a6f07ecd096&browser=FF&os=win&os_version=6.0-x86-SP2
FF - prefs.js: keyword.URL - hxxp://ib.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z057&partner_id=333&product_id=706&affiliate_id=&channel=DPGL18&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110716&user_guid=746822E95A634DEAB131FFE32CDEA1E7&machine_id=24d7d2b9bcbe4758b9f44a6f07ecd096&browser=FF&os=win&os_version=6.0-x86-SP2&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 kdkiehn

kdkiehn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 02 July 2012 - 07:57 AM

Gringo,

So far, things seem to be running ok - although I thought that before. I'll continue through a few reboots today and see if anything comes up. Here is the log file from the last Combofix run:

ComboFix 12-06-28.03 - Kacey 2012-07-02 5:17.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.893 [GMT -7:00]
Running from: c:\users\Kacey\Desktop\ComboFix.exe
Command switches used :: c:\users\Kacey\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC\Desktop.ini
.
---- Previous Run -------
.
c:\program files\Freecorder\Applian_Audio_Plugin.dll
c:\program files\Freecorder\audgopher.dll
c:\program files\Freecorder\audhook.dll
c:\program files\Freecorder\FCAudio.exe
c:\program files\Freecorder\FCConv.exe
c:\program files\Freecorder\FCSettings.exe
c:\program files\Freecorder\FCVideos.exe
c:\program files\Freecorder\ffmpeg.exe
c:\program files\Freecorder\FLVPlayer.exe
c:\program files\Freecorder\FLVSrvc.exe
c:\program files\Freecorder\Freecorder.xpi
c:\program files\Freecorder\freecorder_ie.exe
c:\program files\Freecorder\FreecorderToolbarHelper.exe
c:\program files\Freecorder\INSTALL.LOG
c:\program files\Freecorder\lame_enc.dll
c:\program files\Freecorder\sdl.dll
c:\program files\Freecorder\tbFre1.dll
c:\program files\Freecorder\toolbar.cfg
c:\program files\Freecorder\Uninstall\IRIMG1.JPG
c:\program files\Freecorder\Uninstall\IRIMG2.JPG
c:\program files\Freecorder\Uninstall\uninstall.dat
c:\program files\Freecorder\Uninstall\uninstall.xml
c:\program files\Freecorder\UNWISE.EXE
c:\program files\Freecorder\VistaAudioLib.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-02 12:33 . 2012-07-02 12:33 -------- d-----w- c:\users\Kacey\AppData\Local\temp
2012-07-02 12:33 . 2012-07-02 12:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-02 12:33 . 2012-07-02 12:33 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-07-02 12:33 . 2012-07-02 12:33 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-07-02 12:33 . 2012-07-02 12:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-02 12:33 . 2012-07-02 12:33 -------- d-----w- c:\users\Guest 1\AppData\Local\temp
2012-07-02 12:33 . 2012-07-02 12:33 -------- d-----w- c:\users\Fixthings\AppData\Local\temp
2012-07-02 12:33 . 2012-07-02 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-02 05:39 . 2012-07-02 05:39 -------- d-----w- C:\FRST
2012-06-19 04:00 . 2012-06-19 04:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 03:02 . 2012-06-19 03:02 -------- d-----w- c:\program files\iPod
2012-06-19 03:02 . 2012-06-19 03:04 -------- d-----w- c:\program files\iTunes
2012-06-18 23:12 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-18 23:12 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-18 23:12 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-18 23:12 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-18 23:11 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-18 23:11 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-18 23:11 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-18 23:10 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-18 23:10 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 04:08 . 2012-06-18 04:08 -------- d-----w- c:\users\Kacey\AppData\Local\DDMSettings
2012-06-18 03:27 . 2012-06-18 03:53 -------- d-----w- c:\programdata\DivX
2012-06-14 00:38 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 00:38 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 00:38 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 00:38 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 00:37 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 04:00 . 2011-11-12 03:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-22 03:41 . 2011-12-14 21:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-22 03:41 . 2011-12-14 21:30 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-05-22 03:41 . 2011-12-14 21:30 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-22 03:41 . 2011-12-14 21:29 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 22:56 . 2010-04-18 00:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-18 06:14 . 2011-05-03 00:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-26 68856]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-13 304568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Kacey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Picture Motion Browser Media Check Tool.lnk.disabled [2008-10-24 2169]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk.disabled [2011-2-22 1904]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-26 50688]
HotSync Manager.lnk.disabled [2008-9-22 1643]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-04-26 08:22 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Kacey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picaboo.lnk]
path=c:\users\Kacey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picaboo.lnk
backup=c:\windows\pss\Picaboo.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2008-03-04 05:05 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-26 08:14 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-12-09 10:45 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" /background
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Helper"=c:\users\Kacey\AppData\Roaming\Helper\bin\liveu.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HotSync"="c:\program files\PalmSource\Desktop\HotSync.exe" -AllUsers
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"OEM02Mon.exe"=c:\windows\OEM02Mon.exe
"<NO NAME>"=
"Carbonite Backup"=c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" /run
"RemoteX"="c:\program files\RemoteX\RemoteXUser.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ bthserv
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 04:00]
.
2012-07-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-26 21:54]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 02:43]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-13 02:43]
.
2012-07-02 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-02-28 14:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: facebook.com
TCP: DhcpNameServer = 208.90.161.193 208.90.161.194
FF - ProfilePath - c:\users\Kacey\AppData\Roaming\Mozilla\Firefox\Profiles\or61m46o.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\Freecorder\tbFre1.dll
Toolbar-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\Freecorder\tbFre1.dll
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - c:\program files\Freecorder\tbFre1.dll
AddRemove-Freecorder Toolbar - c:\progra~1\FREECO~2\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-02 05:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{74F475FA-6C75-43BD-AAB9-ECDA6184F600}"=hex:51,66,7a,6c,4c,1d,38,12,94,76,e7,
70,47,22,d3,06,d5,af,af,9a,64,da,b2,14
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e0,e1,50,25,36,b9,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,1f,16,89,a8,0d,e2,49,9c,23,2f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,1f,16,89,a8,0d,e2,49,9c,23,2f,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,83,68,d9,4a,d6,6a,4e,a7,10,e8,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\d"˙*]
"Successes"=dword:e0000000
"Failures"=dword:e0000001
"{B370A78F-07FC-4971-8D28-22FAF90A5C8B}"=hex:00,1d,7e,35,6c,ea,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-07-02 05:42:17
ComboFix-quarantined-files.txt 2012-07-02 12:42
ComboFix2.txt 2012-07-01 17:27
.
Pre-Run: 60,828,188,672 bytes free
Post-Run: 60,763,656,192 bytes free
.
- - End Of File - - CA38DAA966CBA70972A28E2826AADFF7


-Kacey

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 02 July 2012 - 01:40 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.0
Browser Address Error Redirector
Freecorder Toolbar
FrostWire 5.3.7
Java™ 6 Update 27
uTorrentBar Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kdkiehn

kdkiehn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 02 July 2012 - 09:36 PM

Gringo,

So far, things seem to running good. I went through all the steps. Here are the logs:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.03.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Kacey :: KACEY85 [administrator]

Protection: Enabled

2012-07-02 19:21
mbam-log-2012-07-02 (19-21-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 314516
Time elapsed: 11 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35, on 2012-07-02
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\RemoteX\RemoteXUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk.disabled
O4 - Global Startup: Air Mouse.lnk.disabled
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HotSync Manager.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.facebook.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab?rnd=1007206327
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agrian Update Service (AgrianUpdateService) - Unknown owner - C:\Agrian\AgrianUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9bbe19cd062e0) (gupdate1c9bbe19cd062e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: YOICS Sharing Service - Unknown owner - C:\Program Files\Yoics\YOICS_SharingService.exe
O23 - Service: RemoteX Server (__RemoteX__) - http://www.PEEPLEware.com - C:\Program Files\RemoteX\RemoteX.exe

--
End of file - 15108 bytes


-Kacey




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users