Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Zeroaccess Trojans


  • This topic is locked This topic is locked
14 replies to this topic

#1 Al2010

Al2010

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 06 August 2012 - 09:07 AM

Hello,

It looks like my laptop(Windows 7) may have been infected with the ZeroAccess trojan. It started last week with some kind of fake adobe flash update software appearing on the desktop while surfing the web, saying that the laptop needed to update adobe flash. Immediately after I updating the software McAfee notified me of an infection alert and ever since then my McAfee Firewall has been acting weird. McAfee home says that my firewall is on, but when I click on my firewall it shows it off and I cannot toggle it on. Every time I toggle it on, it toggles itself back off automatically. After running a full system scan, McAfee found two Zeroaccess Trojans that it could not remove or quarantine.


Desktop.Ini

Location
C:/windows/assembly/GAC_64/Desktop. Ini
C:/windows/assembly/GAC_32/Desktop. Ini

I need help removing them because McAfee says I need to manually remove them, but I do not know where to start. Thank you for your time and I hope to hear from you soon.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Homam at 6:44:05 on 2012-08-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5625 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Homam\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
C:\Users\Homam\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Homam\Downloads\Defogger (1).exe
C:\Windows\system32\conhost.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mWinlogon: Userinit=userinit.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120730032247.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [Google Update] "C:\Users\Homam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" -stealth
uRun: [Facebook Update] "C:\Users\Homam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [googletalk] C:\Users\Homam\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [<NO NAME>]
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Athan] C:\Users\Homam\Documents\Athan\Athan.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\Users\Homam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
Trusted Zone: samsungsetup.com\www
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
TCP: Interfaces\{9A952B09-3EBC-4186-B4FB-4DCBAC2BDEB1} : DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
TCP: Interfaces\{EEA1AEB7-7F0C-47A7-A1CD-A7E22D6AC5CD} : DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
TCP: Interfaces\{EEA1AEB7-7F0C-47A7-A1CD-A7E22D6AC5CD}\14344594F4E4455434 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{EEA1AEB7-7F0C-47A7-A1CD-A7E22D6AC5CD}\1477164672370223 : DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
TCP: Interfaces\{EEA1AEB7-7F0C-47A7-A1CD-A7E22D6AC5CD}\2456C6B696E6E233242334 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EEA1AEB7-7F0C-47A7-A1CD-A7E22D6AC5CD}\943434 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EEA1AEB7-7F0C-47A7-A1CD-A7E22D6AC5CD}\9434340213 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EEA1AEB7-7F0C-47A7-A1CD-A7E22D6AC5CD}\94343402E45677 : DhcpNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120730032247.dll
BHO-X64: scriptproxy - No File
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
BHO-X64: Norton Safe Web Lite BHO - No File
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [(Default)]
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Athan] C:\Users\Homam\Documents\Athan\Athan.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Homam\AppData\Roaming\Mozilla\Firefox\Profiles\0ggcdhyh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Homam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Homam\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Homam\AppData\Roaming\Mozilla\Firefox\Profiles\0ggcdhyh.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Homam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Homam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;C:\Windows\system32\drivers\McPvDrv.sys --> C:\Windows\system32\drivers\McPvDrv.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys --> C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-9 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-8-1 67584]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-7 249672]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-8 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-9 2413056]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-7-30 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-7-30 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-7-30 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-7-30 199304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-7-30 210616]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2012-7-28 138760]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [2011-7-28 386344]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-8 2656280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 0028701344233937mcinstcleanup;McAfee Application Installer Cleanup (0028701344233937);C:\Windows\TEMP\002870~1.EXE -cleanup -nolog --> C:\Windows\TEMP\002870~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-14 136176]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-7-30 249936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 250056]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-14 136176]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SaiH0464;SaiH0464;C:\Windows\system32\DRIVERS\SaiH0464.sys --> C:\Windows\system32\DRIVERS\SaiH0464.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-01 23:04:22 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2012-07-30 13:28:44 -------- d-----w- C:\Users\Homam\AppData\Roaming\McAfee
2012-07-30 13:20:01 -------- d-----w- C:\ProgramData\McAfee Anti-Theft
2012-07-30 10:23:29 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2012-07-30 10:23:24 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2012-07-30 10:23:23 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2012-07-30 10:23:16 71800 ----a-w- C:\Windows\System32\drivers\McPvDrv.sys
2012-07-30 10:15:35 177144 ----a-w- C:\Windows\System32\mfevtps.exe
2012-07-30 07:11:28 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-07-28 23:41:04 -------- d-----w- C:\Users\Homam\AppData\Local\McAfee Anti-Theft
2012-07-28 23:32:19 167048 ----a-r- C:\Windows\System32\drivers\NSTx64\0200000.010\ccSetx64.sys
2012-07-28 23:32:18 -------- d-----w- C:\Windows\System32\drivers\NSTx64\0200000.010
2012-07-28 23:32:18 -------- d-----w- C:\Windows\System32\drivers\NSTx64
2012-07-28 23:32:18 -------- d-----w- C:\Program Files (x86)\Norton Safe Web Lite
2012-07-28 22:39:00 -------- d-----w- C:\Users\Homam\AppData\Local\Logitech® Webcam Software
2012-07-28 22:34:14 53248 ----a-r- C:\Users\Homam\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-28 22:33:47 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2012-07-24 12:54:25 -------- d-----w- C:\ProgramData\Cached Installations
2012-07-24 12:24:10 -------- d-----w- C:\Users\Homam\AppData\Roaming\OfficeRecovery
2012-07-23 10:00:55 -------- d-----w- C:\Users\Homam\AppData\Local\{769BB418-C6FF-476C-BA55-27AAAF637BB9}
2012-07-23 10:00:45 -------- d-----w- C:\Users\Homam\AppData\Local\{7672936E-E033-4CFE-8CA5-D733017C9A07}
2012-07-23 09:46:05 -------- d-----w- C:\Windows\en
2012-07-23 09:44:39 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-23 09:42:38 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7f30257e1cd68b703\DSETUP.dll
2012-07-23 09:42:38 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7f30257e1cd68b703\DXSETUP.exe
2012-07-23 09:42:38 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7f30257e1cd68b703\dsetup32.dll
2012-07-23 09:42:38 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7f4d71eb1cd68b704\MeshBetaRemover.exe
2012-07-23 09:42:36 -------- d-----w- C:\Users\Homam\AppData\Local\{89AD4F3C-A10E-4EAE-90F9-FBC51E122F2B}
2012-07-23 09:42:09 -------- d-----w- C:\Users\Homam\AppData\Local\{41661173-1FFE-4425-8C63-1830CB68E448}
2012-07-23 09:41:59 -------- d-----w- C:\Users\Homam\AppData\Local\{D56B83E3-ACD4-45D0-9D78-22CB823C4955}
2012-07-23 09:12:49 -------- d-----w- C:\Users\Homam\AppData\Local\{D673BC38-A0E4-4E58-8A11-5ECE46CD95C1}
2012-07-23 09:11:14 -------- d-----w- C:\Users\Homam\AppData\Local\{5098224B-AE47-430E-B253-368C0036FC97}
2012-07-12 10:05:30 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 12:09:11 2004480 ----a-w- C:\Windows\System32\msxml6.dll
.
==================== Find3M ====================
.
2012-08-03 05:07:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 05:07:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-22 14:38:16 335784 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-06-22 14:36:12 752672 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-06-22 14:34:00 169320 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 6:45:35.54 ===============








.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/14/2011 10:05:31 PM
System Uptime: 8/5/2012 11:16:57 PM (7 hours ago)
.
Motherboard: Hewlett-Packard | | 1657
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz | CPU1 | 780/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 375.186 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.922 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP150: 7/30/2012 12:10:58 AM - Windows Update
RP151: 8/3/2012 1:46:49 PM - Windows Backup
RP152: 8/5/2012 1:19:42 AM - HPSF Restore Point
RP153: 8/5/2012 9:29:03 PM - Windows Backup
RP154: 8/5/2012 9:39:49 PM - HPSF Restore Point
RP155: 8/5/2012 11:25:12 PM - Windows Backup
RP156: 8/6/2012 1:45:35 AM - Windows Backup
RP157: 8/6/2012 1:48:26 AM - Windows Backup
RP158: 8/6/2012 2:15:50 AM - Windows Backup
RP159: 8/6/2012 3:07:21 AM - Windows Backup
.
==== Installed Programs ======================
.
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe After Effects CS5.5
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Master Collection
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Professional CS5.5
Adobe Reader 9.5.1 MUI
Adobe Shockwave Player 11.5
Adobe Story
Adobe Widget Browser
Agatha Christie - Peril at End House
Annihilator
Apple Application Support
Apple Software Update
Athan Basic 4.1
Bejeweled 2 Deluxe
Bing Bar
Bing Rewards Client Installer
BitTorrent
BitTorrentBar Toolbar
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
CameraHelperMsi
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CFX Path Tools-64 for
CFX Sphere Utilities-64 for After Effects
Chuzzle Deluxe
Citrix Presentation Server Client
Cobian Backup 11 Gravity
CodeLite
Conduit Engine
CyberLink DVD Suite
CyberLink PowerDirector
CyberLink YouCam
CycoreFX HD-64 1.7.1 for After Effects
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dev-C++ 5 beta 9 release (4.9.9.2)
Diner Dash 2 Restaurant Rescue
DivX Setup
Dora's World Adventure
Energy Star Digital Logo
erLT
Escape Rosecliff Island
ESU for Microsoft Windows 7
Facebook Video Calling 1.2.0.159
Farm Frenzy
FATE
Final Drive Nitro
GameRanger
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GPGNet
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
IDT Audio
ImTOO Audio Maker
Intel PROSet Wireless
Intel® Control Center
Intel® Display Audio Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® Wireless Display
Java Auto Updater
Java™ 6 Update 29
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LogicWorks 5
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
McAfee Online Backup
McAfee Total Protection
McAfee Virtual Technician
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Web Developer 2010 Express - ENU
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Norton Safe Web Lite
PDF Settings CS5
Penguins!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
Project64 1.6
PSpice Student 9.1
PX Profile Update
PxMergeModule
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
Recovery Manager
Renesas Electronics USB 3.0 Host Controller Driver
RoxioNow Player
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)
Security Update for Microsoft Visual Web Developer 2010 Express - ENU (KB2251489)
Simple Adblock
Skype™ 4.2
SmartSound Quicktracks 5
Supreme Commander
System Requirements Lab CYRI
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195
Virtual Families
Virtual Villagers 4 - The Tree of Life
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.0.1
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
8/6/2012 6:24:16 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/6/2012 6:24:16 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/5/2012 9:55:07 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
8/5/2012 11:20:20 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
8/5/2012 11:17:52 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/5/2012 11:17:51 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/5/2012 11:17:49 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/5/2012 11:06:15 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.
8/5/2012 10:56:45 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
8/5/2012 10:52:21 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.
8/5/2012 10:38:30 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.
8/5/2012 10:21:37 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
7/30/2012 6:32:31 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Security with the following error: Access is denied.
7/30/2012 3:33:45 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
7/30/2012 3:33:45 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The service has returned a service-specific error code.
.
==== End Of File ===========================

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 AM

Posted 08 August 2012 - 08:17 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Al2010

Al2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 08 August 2012 - 12:44 PM

Hello Gringo,

First of all, thank you for replying so quickly. Basically everything you asked me to do went smoothly with the security check. As for the Combofix, it kept saying that I still had McAfee anti-virus and McAfee security but I had already turned off real-time scanning and my firewall was already off cause I could not turn it on. So i continued and used Combofix despite the warning because I do not even have McAfee anti-virus and McAfee security and I had turned everything off. Combofix worked smoothly and after the reboot I received the "Illegal operation attempted on a registery key that has been marked for deletion." error and restarted my laptop and everything was back to normal. Now my McAfee Firewall works!! previously i would not be able to turn it on, because every time i toggled the "turn on" button it would immediately toggle back offline. Honestly the computer itself before running the programs was working fine. It ran normally and no one would have noticed that their was a Trojan on it, unless told so (except for the firewall glitch). Now after running the programs, the laptop still works fine, but even better because the Firewall is back on. One thing that still seems a little off before and after running the programs is my internet explorer browser, it is about twice as slow from last week before the Trojan attack. My other internet browsers are fine, but I downloaded the Trojan while using the internet explorer browser, maybe that is why? I was wondering am I safe or is there more to do? Thanks for the help and I hope to hear from you soon!



Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 29
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (4.0.1)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
McAfee Online Backup MOBKbackup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````






ComboFix 12-08-07.05 - Homam 08/08/2012 9:01.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5945 [GMT -7:00]
Running from: c:\users\Homam\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Roaming
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 16:11 . 2012-08-08 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-01 23:04 . 2012-08-01 23:04 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2012-07-30 13:28 . 2012-07-30 13:28 -------- d-----w- c:\users\Homam\AppData\Roaming\McAfee
2012-07-30 13:20 . 2012-07-30 13:20 -------- d-----w- c:\programdata\McAfee Anti-Theft
2012-07-30 10:22 . 2012-08-06 06:18 -------- d-----w- c:\program files (x86)\McAfee
2012-07-30 10:15 . 2012-06-22 14:38 177144 ----a-w- c:\windows\system32\mfevtps.exe
2012-07-30 07:11 . 2012-07-30 07:11 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-07-28 23:41 . 2012-07-28 23:41 -------- d-----w- c:\users\Homam\AppData\Local\McAfee Anti-Theft
2012-07-28 23:32 . 2012-07-28 23:32 -------- d-----w- c:\windows\system32\drivers\NSTx64
2012-07-28 23:32 . 2012-07-28 23:32 -------- d-----w- c:\program files (x86)\Norton Safe Web Lite
2012-07-28 23:27 . 2012-08-08 15:55 -------- d-----w- c:\programdata\McAfee
2012-07-28 22:39 . 2012-07-28 22:39 -------- d-----w- c:\users\Homam\AppData\Local\Logitech® Webcam Software
2012-07-28 22:34 . 2012-07-28 22:34 -------- d-----w- c:\programdata\LogiShrd
2012-07-28 22:34 . 2012-07-28 22:34 -------- d-----w- c:\users\Homam\AppData\Roaming\Leadertech
2012-07-28 22:34 . 2012-07-28 22:34 53248 ----a-r- c:\users\Homam\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-28 22:33 . 2012-07-28 22:33 -------- d-----w- c:\programdata\Logitech
2012-07-28 22:33 . 2012-07-28 22:33 -------- d-----w- c:\program files (x86)\Common Files\LWS
2012-07-28 22:33 . 2012-07-28 22:34 -------- d-----w- c:\program files (x86)\Logitech
2012-07-28 22:18 . 2012-07-28 22:34 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2012-07-28 22:18 . 2012-07-28 22:34 -------- d-----w- c:\program files\Common Files\logishrd
2012-07-24 12:54 . 2012-07-24 12:54 -------- d-----w- c:\programdata\Cached Installations
2012-07-24 12:24 . 2012-07-24 12:24 -------- d-----w- c:\users\Homam\AppData\Roaming\OfficeRecovery
2012-07-23 09:46 . 2012-07-23 09:46 -------- d-----w- c:\windows\en
2012-07-23 09:44 . 2012-07-23 09:44 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-23 09:42 . 2012-07-23 09:42 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7f30257e1cd68b703\DSETUP.dll
2012-07-23 09:42 . 2012-07-23 09:42 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7f30257e1cd68b703\DXSETUP.exe
2012-07-23 09:42 . 2012-07-23 09:42 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7f30257e1cd68b703\dsetup32.dll
2012-07-23 09:42 . 2012-07-23 09:42 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7f4d71eb1cd68b704\MeshBetaRemover.exe
2012-07-12 10:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 12:09 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 05:07 . 2012-04-10 17:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 05:07 . 2011-05-19 19:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 10:02 . 2011-04-27 05:47 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-22 14:38 . 2012-06-22 14:38 335784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-06-22 14:36 . 2012-06-22 14:36 752672 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-06-22 14:34 . 2012-06-22 14:34 169320 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-06-15 18:52 . 2012-06-15 18:53 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-06-15 18:52 . 2012-06-15 18:53 98304 ----a-w- c:\windows\system32\iglhcp64.dll
2012-06-15 18:52 . 2012-06-15 18:53 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-06-15 18:52 . 2012-06-15 18:53 416024 ----a-w- c:\windows\system32\igfxpers.exe
2012-06-15 18:52 . 2012-06-15 18:53 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2012-06-15 18:52 . 2012-06-15 18:53 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-06-15 18:52 . 2012-06-15 18:53 376832 ----a-w- c:\windows\system32\iglhsip64.dll
2012-06-15 18:52 . 2012-06-15 18:53 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-06-15 18:52 . 2012-06-15 18:53 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2012-06-15 18:52 . 2012-06-15 18:53 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-06-15 18:52 . 2012-06-15 18:53 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-06-15 18:52 . 2012-06-15 18:53 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-06-15 18:52 . 2012-06-15 18:53 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-06-15 18:52 . 2012-06-15 18:53 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-06-15 18:52 . 2012-06-15 18:53 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-06-15 18:52 . 2012-06-15 18:53 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-06-15 18:52 . 2012-06-15 18:53 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2012-06-15 18:52 . 2012-06-15 18:53 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-06-15 18:52 . 2012-06-15 18:53 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-06-15 18:52 . 2012-06-15 18:53 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-06-15 18:52 . 2012-06-15 18:53 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-06-15 18:52 . 2012-06-15 18:53 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-06-15 18:52 . 2012-06-15 18:53 239896 ----a-w- c:\windows\system32\igfxext.exe
2012-06-15 18:52 . 2012-06-15 18:53 167704 ----a-w- c:\windows\system32\igfxtray.exe
2012-06-15 18:52 . 2011-04-08 22:37 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-06-15 18:52 . 2011-04-08 22:37 9014784 ----a-w- c:\windows\system32\igfxress.dll
2012-06-15 18:52 . 2011-04-08 22:37 375808 ----a-w- c:\windows\system32\igfxpph.dll
2012-06-15 18:52 . 2012-06-15 18:53 8311808 ----a-w- c:\windows\system32\igdumd64.dll
2012-06-15 18:52 . 2012-06-15 18:53 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-06-15 18:52 . 2012-06-15 18:53 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-06-15 18:52 . 2012-06-15 18:53 390144 ----a-w- c:\windows\system32\igfxdev.dll
2012-06-15 18:52 . 2012-06-15 18:53 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-06-15 18:52 . 2012-06-15 18:53 216000 ----a-w- c:\windows\system32\igfcg600m.bin
2012-06-15 18:52 . 2012-06-15 18:53 162816 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-06-15 18:52 . 2012-06-15 18:53 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-06-15 18:52 . 2012-06-15 18:53 140288 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-06-15 18:52 . 2012-06-15 18:53 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-06-15 18:52 . 2012-06-15 18:53 75776 ----a-w- c:\windows\system32\igdde64.dll
2012-06-15 18:52 . 2012-06-15 18:53 12289472 ----a-w- c:\windows\system32\drivers\igdpmd64.sys
2012-06-15 18:52 . 2012-06-15 18:53 12289472 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-06-15 18:52 . 2011-04-08 22:37 6322688 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-06-15 18:52 . 2012-06-15 18:53 56832 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-06-15 18:52 . 2012-06-15 18:53 14598144 ----a-w- c:\windows\system32\igd10umd64.dll
2012-06-15 18:52 . 2012-06-15 18:53 12339712 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-06-15 18:52 . 2012-06-15 18:53 18640384 ----a-w- c:\windows\system32\ig4icd64.dll
2012-06-15 18:52 . 2012-06-15 18:53 392472 ----a-w- c:\windows\system32\hkcmd.exe
2012-06-15 18:52 . 2012-06-15 18:53 13903872 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-06-15 18:52 . 2012-06-15 18:53 4378392 ----a-w- c:\windows\system32\GfxUI.exe
2012-06-15 18:52 . 2011-04-08 22:37 110080 ----a-w- c:\windows\system32\hccutils.dll
2012-06-15 18:52 . 2012-06-15 18:53 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-06-15 18:52 . 2012-06-15 18:53 179992 ----a-w- c:\windows\system32\difx64.exe
2012-06-15 18:52 . 2012-06-15 18:53 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2012-06-15 18:52 . 2012-06-15 18:53 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-15 18:52 . 2012-06-15 18:53 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-06-15 18:52 . 2012-06-15 18:53 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-06-15 18:52 . 2011-04-13 10:11 4056064 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-15 18:52 . 2011-04-13 09:32 4256768 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-15 18:52 . 2011-04-08 22:37 58880 ----a-w- c:\windows\system32\coinst.dll
2012-06-15 18:52 . 2011-04-08 22:37 5399040 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-15 18:52 . 2011-04-08 22:37 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-15 18:52 . 2011-04-08 22:37 3871744 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-15 18:52 . 2012-06-15 18:53 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2012-06-15 18:52 . 2012-06-15 18:53 18388480 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-15 18:52 . 2012-06-15 18:53 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-15 18:52 . 2012-06-15 18:53 9981952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-15 18:52 . 2012-06-15 18:53 9644544 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-15 18:52 . 2012-06-15 18:53 8247296 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-15 18:52 . 2012-06-15 18:53 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-15 18:52 . 2012-06-15 18:53 53760 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-15 18:52 . 2012-06-15 18:53 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-15 18:52 . 2012-06-15 18:53 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-15 18:52 . 2012-06-15 18:53 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-15 18:52 . 2012-06-15 18:53 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-15 18:52 . 2012-06-15 18:53 485376 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-15 18:52 . 2012-06-15 18:53 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-15 18:52 . 2012-06-15 18:53 4198912 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-15 18:52 . 2012-06-15 18:53 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-15 18:52 . 2012-06-15 18:53 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-14 39408]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" [2011-03-03 12008296]
"Facebook Update"="c:\users\Homam\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"googletalk"="c:\users\Homam\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-12-09 113288]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Athan"="c:\users\Homam\Documents\Athan\Athan.exe" [2011-03-19 1204224]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-01-11 296056]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-31 336384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
.
c:\users\Homam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0028701344233937mcinstcleanup;McAfee Application Installer Cleanup (0028701344233937);c:\windows\TEMP\002870~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 136176]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 SaiH0464;SaiH0464;c:\windows\system32\DRIVERS\SaiH0464.sys [2008-03-31 178432]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-16 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 71800]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [2011-08-08 167048]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-12-09 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-15 204288]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-07-31 67584]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-09 2413056]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2011-08-10 138760]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\Cyberlink\Shared files\RichVideo64.exe [2010-08-20 386344]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-15 9981952]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-15 310272]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-11 31088]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2012-06-15 12289472]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-04 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-12-09 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-12-09 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-12-09 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-07-22 428136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 05:07]
.
2012-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-566136250-2701977445-2924683589-1001Core.job
- c:\users\Homam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 04:05]
.
2012-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-566136250-2701977445-2924683589-1001UA.job
- c:\users\Homam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 04:05]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 23:47]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 23:47]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-566136250-2701977445-2924683589-1001Core.job
- c:\users\Homam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-14 22:41]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-566136250-2701977445-2924683589-1001UA.job
- c:\users\Homam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-14 22:41]
.
2012-08-03 c:\windows\Tasks\HPCeeScheduleForHOMAM-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-08-06 c:\windows\Tasks\HPCeeScheduleForHomam.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-08-08 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="TRAY" [X]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-09 1128448]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
FF - ProfilePath - c:\users\Homam\AppData\Roaming\Mozilla\Firefox\Profiles\0ggcdhyh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-SynTPEnh - H.EXE
HKLM-Run-HPWirelessAssistant - .EXE
HKLM-Run-AdobeAAMUpdater-1.0 - FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE
HKLM-Run-IntelliPoint - T.EXE
HKLM-Run-IgfxTray - DOWS\SYSTEM32\IGFXTRAY.EXE
HKLM-Run-HotKeysCmds - DOWS\SYSTEM32\HKCMD.EXE
HKLM-Run-Persistence - DOWS\SYSTEM32\IGFXPERS.EXE
AddRemove-Athan - c:\windows\iun6002.exe
AddRemove-CodeLite_is1 - c:\users\Homam\Documents\CSE\CodeLite\unins000.exe
AddRemove-Dev-C++ - c:\users\Homam\Documents\CSE\software\Dev-Cpp\uninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"
"ImagePath"="\"c:\program files\Cyberlink\Shared files\RichVideo64.exe\"\00Z
[\]^_†\00\00†\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~†\00\00†\00\00\00\00†\00\00\00\00\00\00\00\00‘’“"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-08 09:21:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 16:21
.
Pre-Run: 401,295,351,808 bytes free
Post-Run: 405,354,188,800 bytes free
.
- - End Of File - - 54FC28A1E511CC1187CCCBF8C89E5736

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 AM

Posted 08 August 2012 - 12:47 PM

Greetings Al2010

Lets see how explorer is after we are done, I still have some cleaning and checking to do so maybe it will speed back up

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Al2010

Al2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 09 August 2012 - 01:51 AM

Hello Gringo,

I completed the tests as you requested and everything ran smoothly. No trouble so far. I also ran McAfee quick Scan and it did not detect any irregularities, while before you helped me it used to detect two Trojans that needed to removed manually. So things are looking a lot better now, except for the internet explorer speed is still slow. The speed is not strikingly slower, but it is noticeably slower.




23:17:20.0285 10220 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:17:22.0286 10220 ============================================================
23:17:22.0286 10220 Current date / time: 2012/08/08 23:17:22.0286
23:17:22.0286 10220 SystemInfo:
23:17:22.0286 10220
23:17:22.0286 10220 OS Version: 6.1.7601 ServicePack: 1.0
23:17:22.0286 10220 Product type: Workstation
23:17:22.0286 10220 ComputerName: HOMAM-HP
23:17:22.0287 10220 UserName: Homam
23:17:22.0287 10220 Windows directory: C:\Windows
23:17:22.0287 10220 System windows directory: C:\Windows
23:17:22.0287 10220 Running under WOW64
23:17:22.0287 10220 Processor architecture: Intel x64
23:17:22.0287 10220 Number of processors: 8
23:17:22.0287 10220 Page size: 0x1000
23:17:22.0287 10220 Boot type: Normal boot
23:17:22.0287 10220 ============================================================
23:17:22.0765 10220 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:17:22.0769 10220 ============================================================
23:17:22.0769 10220 \Device\Harddisk0\DR0:
23:17:22.0769 10220 MBR partitions:
23:17:22.0769 10220 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:17:22.0769 10220 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x4890D000
23:17:22.0769 10220 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48971000, BlocksNum 0x1EB3000
23:17:22.0769 10220 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
23:17:22.0769 10220 ============================================================
23:17:22.0795 10220 C: <-> \Device\Harddisk0\DR0\Partition1
23:17:22.0839 10220 D: <-> \Device\Harddisk0\DR0\Partition2
23:17:22.0839 10220 ============================================================
23:17:22.0839 10220 Initialize success
23:17:22.0839 10220 ============================================================
23:17:26.0295 8880 ============================================================
23:17:26.0295 8880 Scan started
23:17:26.0295 8880 Mode: Manual;
23:17:26.0295 8880 ============================================================
23:17:26.0591 8880 0028701344233937mcinstcleanup - ok
23:17:26.0746 8880 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:17:26.0790 8880 1394ohci - ok
23:17:26.0831 8880 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
23:17:26.0892 8880 Accelerometer - ok
23:17:26.0948 8880 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:17:26.0950 8880 ACPI - ok
23:17:26.0982 8880 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:17:27.0043 8880 AcpiPmi - ok
23:17:27.0268 8880 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:17:27.0274 8880 AdobeFlashPlayerUpdateSvc - ok
23:17:27.0350 8880 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:17:27.0375 8880 adp94xx - ok
23:17:27.0425 8880 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:17:27.0446 8880 adpahci - ok
23:17:27.0480 8880 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:17:27.0495 8880 adpu320 - ok
23:17:27.0528 8880 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:17:27.0531 8880 AeLookupSvc - ok
23:17:27.0611 8880 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
23:17:27.0671 8880 AESTFilters - ok
23:17:27.0743 8880 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:17:27.0752 8880 AFD - ok
23:17:27.0801 8880 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:17:27.0811 8880 agp440 - ok
23:17:27.0848 8880 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:17:27.0859 8880 ALG - ok
23:17:27.0891 8880 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:17:27.0900 8880 aliide - ok
23:17:27.0964 8880 AMD External Events Utility (c53d784d7303c463d004c0d5782917b4) C:\Windows\system32\atiesrxx.exe
23:17:28.0021 8880 AMD External Events Utility - ok
23:17:28.0024 8880 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:17:28.0026 8880 amdide - ok
23:17:28.0048 8880 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:17:28.0052 8880 AmdK8 - ok
23:17:28.0501 8880 amdkmdag (06778049a44c316e8d016039b9d14667) C:\Windows\system32\DRIVERS\atikmdag.sys
23:17:28.0573 8880 amdkmdag - ok
23:17:28.0720 8880 amdkmdap (94b4028f0eea1f166d78186a254676b5) C:\Windows\system32\DRIVERS\atikmpag.sys
23:17:28.0768 8880 amdkmdap - ok
23:17:28.0799 8880 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:17:28.0802 8880 AmdPPM - ok
23:17:28.0856 8880 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:17:28.0915 8880 amdsata - ok
23:17:28.0955 8880 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:17:28.0963 8880 amdsbs - ok
23:17:28.0979 8880 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:17:28.0980 8880 amdxata - ok
23:17:29.0021 8880 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys
23:17:29.0082 8880 AMPPAL - ok
23:17:29.0086 8880 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys
23:17:29.0088 8880 AMPPALP - ok
23:17:29.0207 8880 AMPPALR3 (576134e43169810b560f0bb6fdee13f5) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
23:17:29.0267 8880 AMPPALR3 - ok
23:17:29.0388 8880 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:17:29.0446 8880 AppID - ok
23:17:29.0472 8880 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:17:29.0476 8880 AppIDSvc - ok
23:17:29.0525 8880 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:17:29.0528 8880 Appinfo - ok
23:17:29.0643 8880 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:17:29.0694 8880 Apple Mobile Device - ok
23:17:29.0754 8880 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:17:29.0762 8880 arc - ok
23:17:29.0796 8880 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:17:29.0808 8880 arcsas - ok
23:17:29.0929 8880 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:17:29.0993 8880 aspnet_state - ok
23:17:30.0016 8880 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:17:30.0020 8880 AsyncMac - ok
23:17:30.0067 8880 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:17:30.0069 8880 atapi - ok
23:17:30.0203 8880 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:17:30.0264 8880 AudioEndpointBuilder - ok
23:17:30.0268 8880 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:17:30.0272 8880 AudioSrv - ok
23:17:30.0329 8880 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:17:30.0382 8880 AxInstSV - ok
23:17:30.0429 8880 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:17:30.0444 8880 b06bdrv - ok
23:17:30.0482 8880 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:17:30.0494 8880 b57nd60a - ok
23:17:30.0587 8880 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
23:17:30.0651 8880 BBSvc - ok
23:17:30.0686 8880 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:17:30.0690 8880 BDESVC - ok
23:17:30.0709 8880 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:17:30.0719 8880 Beep - ok
23:17:30.0796 8880 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:17:30.0855 8880 BFE - ok
23:17:30.0880 8880 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:17:30.0883 8880 blbdrive - ok
23:17:31.0008 8880 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:17:31.0061 8880 Bonjour Service - ok
23:17:31.0094 8880 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:17:31.0096 8880 bowser - ok
23:17:31.0127 8880 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:17:31.0136 8880 BrFiltLo - ok
23:17:31.0162 8880 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:17:31.0171 8880 BrFiltUp - ok
23:17:31.0202 8880 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:17:31.0209 8880 BridgeMP - ok
23:17:31.0253 8880 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:17:31.0305 8880 Browser - ok
23:17:31.0332 8880 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:17:31.0339 8880 Brserid - ok
23:17:31.0360 8880 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:17:31.0364 8880 BrSerWdm - ok
23:17:31.0392 8880 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:17:31.0400 8880 BrUsbMdm - ok
23:17:31.0415 8880 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:17:31.0420 8880 BrUsbSer - ok
23:17:31.0444 8880 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:17:31.0447 8880 BTHMODEM - ok
23:17:31.0486 8880 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:17:31.0492 8880 bthserv - ok
23:17:31.0581 8880 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
23:17:31.0633 8880 BTHSSecurityMgr - ok
23:17:31.0648 8880 catchme - ok
23:17:31.0726 8880 cbVSCService11 (58bf7714a312698108a96d0de2bb6825) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
23:17:31.0792 8880 cbVSCService11 - ok
23:17:31.0841 8880 ccSet_NST (a8ad33c9dd88c810cac00acc7f4329fb) C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys
23:17:31.0905 8880 ccSet_NST - ok
23:17:31.0937 8880 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:17:31.0941 8880 cdfs - ok
23:17:32.0005 8880 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:17:32.0065 8880 cdrom - ok
23:17:32.0119 8880 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:17:32.0145 8880 CertPropSvc - ok
23:17:32.0218 8880 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
23:17:32.0273 8880 cfwids - ok
23:17:32.0328 8880 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:17:32.0334 8880 circlass - ok
23:17:32.0377 8880 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:17:32.0382 8880 CLFS - ok
23:17:32.0455 8880 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:17:32.0464 8880 clr_optimization_v2.0.50727_32 - ok
23:17:32.0504 8880 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:17:32.0515 8880 clr_optimization_v2.0.50727_64 - ok
23:17:32.0582 8880 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:17:32.0644 8880 clr_optimization_v4.0.30319_32 - ok
23:17:32.0689 8880 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:17:32.0757 8880 clr_optimization_v4.0.30319_64 - ok
23:17:32.0791 8880 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
23:17:32.0824 8880 clwvd - ok
23:17:32.0858 8880 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:17:32.0865 8880 CmBatt - ok
23:17:32.0903 8880 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:17:32.0911 8880 cmdide - ok
23:17:33.0004 8880 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
23:17:33.0012 8880 CNG - ok
23:17:33.0034 8880 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:17:33.0044 8880 Compbatt - ok
23:17:33.0098 8880 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:17:33.0162 8880 CompositeBus - ok
23:17:33.0179 8880 COMSysApp - ok
23:17:33.0204 8880 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:17:33.0207 8880 crcdisk - ok
23:17:33.0253 8880 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:17:33.0297 8880 CryptSvc - ok
23:17:33.0356 8880 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:17:33.0411 8880 DcomLaunch - ok
23:17:33.0447 8880 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:17:33.0454 8880 defragsvc - ok
23:17:33.0493 8880 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:17:33.0496 8880 DfsC - ok
23:17:33.0536 8880 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:17:33.0586 8880 Dhcp - ok
23:17:33.0628 8880 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:17:33.0630 8880 discache - ok
23:17:33.0668 8880 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:17:33.0671 8880 Disk - ok
23:17:33.0716 8880 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:17:33.0765 8880 Dnscache - ok
23:17:33.0811 8880 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:17:33.0857 8880 dot3svc - ok
23:17:33.0892 8880 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:17:33.0893 8880 DPS - ok
23:17:33.0918 8880 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:17:33.0923 8880 drmkaud - ok
23:17:33.0989 8880 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:17:34.0043 8880 DXGKrnl - ok
23:17:34.0081 8880 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:17:34.0084 8880 EapHost - ok
23:17:34.0243 8880 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:17:34.0277 8880 ebdrv - ok
23:17:34.0368 8880 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:17:34.0403 8880 EFS - ok
23:17:34.0482 8880 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:17:34.0523 8880 ehRecvr - ok
23:17:34.0553 8880 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:17:34.0557 8880 ehSched - ok
23:17:34.0639 8880 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:17:34.0647 8880 elxstor - ok
23:17:34.0684 8880 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:17:34.0687 8880 ErrDev - ok
23:17:34.0746 8880 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:17:34.0751 8880 EventSystem - ok
23:17:34.0896 8880 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:17:34.0947 8880 EvtEng - ok
23:17:35.0072 8880 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:17:35.0078 8880 exfat - ok
23:17:35.0098 8880 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:17:35.0099 8880 fastfat - ok
23:17:35.0166 8880 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:17:35.0210 8880 Fax - ok
23:17:35.0229 8880 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:17:35.0232 8880 fdc - ok
23:17:35.0263 8880 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:17:35.0266 8880 fdPHost - ok
23:17:35.0277 8880 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:17:35.0279 8880 FDResPub - ok
23:17:49.0552 8880 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:17:49.0554 8880 FileInfo - ok
23:17:49.0572 8880 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:17:49.0579 8880 Filetrace - ok
23:17:49.0620 8880 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:17:49.0625 8880 flpydisk - ok
23:17:49.0694 8880 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:17:49.0697 8880 FltMgr - ok
23:17:49.0775 8880 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:17:49.0813 8880 FontCache - ok
23:17:49.0890 8880 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:17:49.0930 8880 FontCache3.0.0.0 - ok
23:17:50.0165 8880 FPLService (cdc54db949d1e2bbf86b0c7ab86b912e) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
23:17:50.0221 8880 FPLService - ok
23:17:50.0385 8880 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:17:50.0388 8880 FsDepends - ok
23:17:50.0429 8880 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:17:50.0465 8880 Fs_Rec - ok
23:17:50.0554 8880 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:17:50.0559 8880 fvevol - ok
23:17:50.0602 8880 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:17:50.0607 8880 gagp30kx - ok
23:17:50.0669 8880 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
23:17:50.0714 8880 GamesAppService - ok
23:17:50.0752 8880 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:17:50.0785 8880 GEARAspiWDM - ok
23:17:50.0940 8880 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:17:50.0970 8880 gpsvc - ok
23:17:51.0104 8880 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:17:51.0107 8880 gupdate - ok
23:17:51.0137 8880 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:17:51.0138 8880 gupdatem - ok
23:17:51.0168 8880 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:17:51.0208 8880 gusvc - ok
23:17:51.0252 8880 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:17:51.0253 8880 hcw85cir - ok
23:17:51.0342 8880 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:17:51.0348 8880 HdAudAddService - ok
23:17:51.0467 8880 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:17:51.0470 8880 HDAudBus - ok
23:17:51.0519 8880 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:17:51.0521 8880 HidBatt - ok
23:17:51.0567 8880 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:17:51.0571 8880 HidBth - ok
23:17:51.0630 8880 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:17:51.0632 8880 HidIr - ok
23:17:51.0673 8880 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:17:51.0676 8880 hidserv - ok
23:17:51.0736 8880 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:17:51.0737 8880 HidUsb - ok
23:17:51.0785 8880 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:17:51.0811 8880 hkmsvc - ok
23:17:51.0871 8880 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:17:51.0897 8880 HomeGroupListener - ok
23:17:52.0063 8880 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:17:52.0118 8880 HomeGroupProvider - ok
23:17:52.0377 8880 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
23:17:52.0415 8880 HP Support Assistant Service - ok
23:17:52.0540 8880 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
23:17:52.0606 8880 HP Wireless Assistant Service - ok
23:17:52.0682 8880 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
23:17:52.0738 8880 HPClientSvc - ok
23:17:52.0819 8880 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
23:17:52.0860 8880 HPDrvMntSvc.exe - ok
23:17:52.0926 8880 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
23:17:52.0927 8880 hpdskflt - ok
23:17:53.0044 8880 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
23:17:53.0049 8880 hpqwmiex - ok
23:17:53.0118 8880 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:17:53.0119 8880 HpSAMD - ok
23:17:53.0158 8880 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
23:17:53.0197 8880 hpsrv - ok
23:17:53.0250 8880 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
23:17:53.0295 8880 HPWMISVC - ok
23:17:53.0400 8880 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:17:53.0410 8880 HTTP - ok
23:17:53.0470 8880 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:17:53.0496 8880 hwpolicy - ok
23:17:53.0554 8880 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:17:53.0558 8880 i8042prt - ok
23:17:53.0605 8880 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys
23:17:53.0608 8880 iaStor - ok
23:17:53.0721 8880 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:17:53.0766 8880 IAStorDataMgrSvc - ok
23:17:53.0870 8880 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:17:53.0872 8880 iaStorV - ok
23:17:54.0108 8880 IconMan_R (d72bf0ae484f88399e8343e821c10d6a) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
23:17:54.0157 8880 IconMan_R - ok
23:17:54.0481 8880 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:17:54.0534 8880 idsvc - ok
23:17:55.0447 8880 igfx (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:17:55.0634 8880 igfx - ok
23:17:55.0751 8880 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:17:55.0751 8880 iirsp - ok
23:17:55.0868 8880 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:17:55.0900 8880 IKEEXT - ok
23:17:55.0948 8880 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:17:55.0949 8880 IntcDAud - ok
23:17:56.0037 8880 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:17:56.0037 8880 intelide - ok
23:17:56.0863 8880 intelkmd (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdpmd64.sys
23:17:56.0919 8880 intelkmd - ok
23:17:57.0082 8880 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:17:57.0082 8880 intelppm - ok
23:17:57.0125 8880 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:17:57.0131 8880 IPBusEnum - ok
23:17:57.0195 8880 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:17:57.0196 8880 IpFilterDriver - ok
23:17:57.0312 8880 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:17:57.0341 8880 iphlpsvc - ok
23:17:57.0384 8880 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:17:57.0386 8880 IPMIDRV - ok
23:17:57.0436 8880 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:17:57.0437 8880 IPNAT - ok
23:17:57.0635 8880 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
23:17:57.0703 8880 iPod Service - ok
23:17:57.0749 8880 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:17:57.0749 8880 IRENUM - ok
23:17:57.0848 8880 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:17:57.0850 8880 isapnp - ok
23:17:57.0921 8880 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:17:57.0926 8880 iScsiPrt - ok
23:17:57.0946 8880 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:17:57.0948 8880 kbdclass - ok
23:17:57.0978 8880 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:17:57.0979 8880 kbdhid - ok
23:17:58.0027 8880 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:17:58.0029 8880 KeyIso - ok
23:17:58.0079 8880 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
23:17:58.0081 8880 KSecDD - ok
23:17:58.0136 8880 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
23:17:58.0138 8880 KSecPkg - ok
23:17:58.0166 8880 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:17:58.0167 8880 ksthunk - ok
23:17:58.0256 8880 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:17:58.0276 8880 KtmRm - ok
23:17:58.0375 8880 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:17:58.0409 8880 LanmanServer - ok
23:17:58.0472 8880 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:17:58.0498 8880 LanmanWorkstation - ok
23:17:58.0541 8880 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:17:58.0542 8880 lltdio - ok
23:17:58.0618 8880 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:17:58.0639 8880 lltdsvc - ok
23:17:58.0653 8880 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:17:58.0657 8880 lmhosts - ok
23:17:58.0806 8880 LMS (c463a25f01c6237295917417c5e9e344) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:17:58.0898 8880 LMS - ok
23:17:58.0946 8880 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:17:58.0949 8880 LSI_FC - ok
23:17:58.0986 8880 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:17:58.0988 8880 LSI_SAS - ok
23:17:59.0048 8880 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:17:59.0049 8880 LSI_SAS2 - ok
23:17:59.0073 8880 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:17:59.0075 8880 LSI_SCSI - ok
23:17:59.0089 8880 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:17:59.0090 8880 luafv - ok
23:17:59.0171 8880 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
23:17:59.0174 8880 LVRS64 - ok
23:17:59.0745 8880 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
23:17:59.0848 8880 LVUVC64 - ok
23:18:00.0034 8880 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:18:00.0039 8880 McAfee SiteAdvisor Service - ok
23:18:00.0094 8880 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:18:00.0096 8880 McMPFSvc - ok
23:18:00.0101 8880 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:18:00.0104 8880 mcmscsvc - ok
23:18:00.0109 8880 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:18:00.0112 8880 McNaiAnn - ok
23:18:00.0128 8880 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:18:00.0130 8880 McNASvc - ok
23:18:00.0254 8880 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
23:18:00.0263 8880 McODS - ok
23:18:00.0277 8880 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:18:00.0281 8880 McProxy - ok
23:18:00.0508 8880 McPvDrv (a0c364079e7ae6c3127bee8e196f00e5) C:\Windows\system32\drivers\McPvDrv.sys
23:18:00.0510 8880 McPvDrv - ok
23:18:00.0589 8880 McShield (597c77235621e7ddd32a68574fde6464) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
23:18:00.0654 8880 McShield - ok
23:18:00.0718 8880 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:18:00.0767 8880 Mcx2Svc - ok
23:18:00.0798 8880 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:18:00.0799 8880 megasas - ok
23:18:00.0875 8880 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:18:00.0877 8880 MegaSR - ok
23:18:00.0920 8880 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
23:18:00.0920 8880 MEIx64 - ok
23:18:00.0975 8880 mfeapfk (b574522827d94126c03975fd53f0b26b) C:\Windows\system32\drivers\mfeapfk.sys
23:18:00.0978 8880 mfeapfk - ok
23:18:01.0049 8880 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
23:18:01.0053 8880 mfeavfk - ok
23:18:01.0088 8880 mfeavfk01 - ok
23:18:01.0121 8880 mfefire (134bb16f93a07c2c89b0b9c399382bdb) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
23:18:01.0171 8880 mfefire - ok
23:18:01.0279 8880 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
23:18:01.0287 8880 mfefirek - ok
23:18:01.0370 8880 mfehidk (7092a6c6158fc4f5aa39ebeb9d5af03d) C:\Windows\system32\drivers\mfehidk.sys
23:18:01.0374 8880 mfehidk - ok
23:18:01.0388 8880 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
23:18:01.0389 8880 mfenlfk - ok
23:18:01.0407 8880 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
23:18:01.0408 8880 mferkdet - ok
23:18:01.0478 8880 mfevtp (04d48692eff181da46dd8ea8be9ffb2b) C:\Windows\system32\mfevtps.exe
23:18:01.0525 8880 mfevtp - ok
23:18:01.0591 8880 mfewfpk (1631e2da6c4b47d97eca94842836592e) C:\Windows\system32\drivers\mfewfpk.sys
23:18:01.0597 8880 mfewfpk - ok
23:18:01.0636 8880 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:18:01.0638 8880 MMCSS - ok
23:18:01.0752 8880 MOBKbackup (8cc001c65c31633171991fa72a551d43) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
23:18:01.0802 8880 MOBKbackup - ok
23:18:01.0819 8880 MOBKFilter (3800c23d0d90c59aafcdefdc82b5c4af) C:\Windows\system32\DRIVERS\MOBK.sys
23:18:01.0820 8880 MOBKFilter - ok
23:18:01.0873 8880 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:18:01.0875 8880 Modem - ok
23:18:01.0905 8880 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:18:01.0906 8880 monitor - ok
23:18:01.0994 8880 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:18:01.0995 8880 mouclass - ok
23:18:02.0032 8880 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:18:02.0033 8880 mouhid - ok
23:18:02.0095 8880 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:18:02.0096 8880 mountmgr - ok
23:18:02.0197 8880 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:18:02.0199 8880 mpio - ok
23:18:02.0231 8880 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:18:02.0232 8880 mpsdrv - ok
23:18:02.0396 8880 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:18:02.0405 8880 MpsSvc - ok
23:18:02.0463 8880 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:18:02.0466 8880 MRxDAV - ok
23:18:02.0538 8880 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:18:02.0541 8880 mrxsmb - ok
23:18:02.0609 8880 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:18:02.0614 8880 mrxsmb10 - ok
23:18:02.0646 8880 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:18:02.0647 8880 mrxsmb20 - ok
23:18:02.0689 8880 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:18:02.0690 8880 msahci - ok
23:18:02.0746 8880 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:18:02.0747 8880 msdsm - ok
23:18:02.0791 8880 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:18:02.0798 8880 MSDTC - ok
23:18:02.0839 8880 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:18:02.0840 8880 Msfs - ok
23:18:02.0844 8880 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:18:02.0845 8880 mshidkmdf - ok
23:18:02.0872 8880 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:18:02.0875 8880 msisadrv - ok
23:18:02.0928 8880 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:18:02.0934 8880 MSiSCSI - ok
23:18:02.0936 8880 msiserver - ok
23:18:03.0110 8880 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:18:03.0114 8880 MSK80Service - ok
23:18:03.0172 8880 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:18:03.0174 8880 MSKSSRV - ok
23:18:03.0208 8880 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:18:03.0209 8880 MSPCLOCK - ok
23:18:03.0228 8880 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:18:03.0229 8880 MSPQM - ok
23:18:03.0289 8880 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:18:03.0294 8880 MsRPC - ok
23:18:03.0345 8880 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:18:03.0346 8880 mssmbios - ok
23:18:03.0411 8880 MSSQL$SQLEXPRESS - ok
23:18:03.0486 8880 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
23:18:03.0541 8880 MSSQLServerADHelper100 - ok
23:18:03.0597 8880 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:18:03.0599 8880 MSTEE - ok
23:18:03.0612 8880 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:18:03.0613 8880 MTConfig - ok
23:18:03.0635 8880 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:18:03.0636 8880 Mup - ok
23:18:03.0821 8880 MyWiFiDHCPDNS (8f57db74bf5407a4cda6c8b005dc8dd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
23:18:03.0871 8880 MyWiFiDHCPDNS - ok
23:18:03.0951 8880 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:18:03.0984 8880 napagent - ok
23:18:04.0051 8880 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:18:04.0053 8880 NativeWifiP - ok
23:18:04.0120 8880 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:18:04.0125 8880 NDIS - ok
23:18:04.0172 8880 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:18:04.0173 8880 NdisCap - ok
23:18:04.0210 8880 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:18:04.0211 8880 NdisTapi - ok
23:18:04.0253 8880 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:18:04.0253 8880 Ndisuio - ok
23:18:04.0303 8880 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:18:04.0305 8880 NdisWan - ok
23:18:04.0342 8880 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:18:04.0343 8880 NDProxy - ok
23:18:04.0382 8880 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:18:04.0382 8880 NetBIOS - ok
23:18:04.0440 8880 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:18:04.0475 8880 NetBT - ok
23:18:04.0527 8880 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:18:04.0528 8880 Netlogon - ok
23:18:04.0605 8880 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:18:04.0614 8880 Netman - ok
23:18:04.0775 8880 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:18:04.0814 8880 NetMsmqActivator - ok
23:18:04.0817 8880 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:18:04.0818 8880 NetPipeActivator - ok
23:18:04.0869 8880 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:18:04.0872 8880 netprofm - ok
23:18:04.0883 8880 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:18:04.0884 8880 NetTcpActivator - ok
23:18:04.0887 8880 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:18:04.0888 8880 NetTcpPortSharing - ok
23:18:05.0462 8880 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
23:18:05.0487 8880 netw5v64 - ok
23:18:06.0035 8880 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
23:18:06.0075 8880 NETwNs64 - ok
23:18:06.0217 8880 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:18:06.0218 8880 nfrd960 - ok
23:18:06.0297 8880 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:18:06.0324 8880 NlaSvc - ok
23:18:06.0356 8880 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:18:06.0357 8880 Npfs - ok
23:18:06.0373 8880 npggsvc - ok
23:18:06.0390 8880 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:18:06.0393 8880 nsi - ok
23:18:06.0410 8880 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:18:06.0410 8880 nsiproxy - ok
23:18:06.0502 8880 NSL (e127420b7feb65c7f279eaac183bbc0e) C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
23:18:06.0550 8880 NSL - ok
23:18:06.0673 8880 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:18:06.0702 8880 Ntfs - ok
23:18:06.0812 8880 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:18:06.0812 8880 Null - ok
23:18:06.0872 8880 nusb3hub (9a33100ac62a0463c49e47ee8e77083a) C:\Windows\system32\DRIVERS\nusb3hub.sys
23:18:06.0873 8880 nusb3hub - ok
23:18:06.0904 8880 nusb3xhc (87c321f7bee646b7ec6eedd6eb725741) C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:18:06.0905 8880 nusb3xhc - ok
23:18:06.0980 8880 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:18:06.0981 8880 nvraid - ok
23:18:06.0999 8880 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:18:07.0001 8880 nvstor - ok
23:18:07.0058 8880 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:18:07.0059 8880 nv_agp - ok
23:18:07.0086 8880 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:18:07.0087 8880 ohci1394 - ok
23:18:07.0164 8880 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:18:07.0206 8880 ose - ok
23:18:07.0637 8880 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:18:07.0852 8880 osppsvc - ok
23:18:08.0010 8880 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:18:08.0022 8880 p2pimsvc - ok
23:18:08.0092 8880 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:18:08.0101 8880 p2psvc - ok
23:18:08.0171 8880 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:18:08.0172 8880 Parport - ok
23:18:08.0214 8880 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:18:08.0215 8880 partmgr - ok
23:18:08.0244 8880 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:18:08.0253 8880 PcaSvc - ok
23:18:08.0349 8880 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:18:08.0351 8880 pci - ok
23:18:08.0388 8880 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:18:08.0389 8880 pciide - ok
23:18:08.0429 8880 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:18:08.0431 8880 pcmcia - ok
23:18:08.0462 8880 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:18:08.0463 8880 pcw - ok
23:18:08.0556 8880 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:18:08.0562 8880 PEAUTH - ok
23:18:08.0707 8880 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:18:08.0713 8880 PerfHost - ok
23:18:08.0942 8880 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:18:08.0978 8880 pla - ok
23:18:09.0042 8880 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:18:09.0086 8880 PlugPlay - ok
23:18:09.0127 8880 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:18:09.0136 8880 PNRPAutoReg - ok
23:18:09.0179 8880 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:18:09.0190 8880 PNRPsvc - ok
23:18:09.0289 8880 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
23:18:09.0290 8880 Point64 - ok
23:18:09.0369 8880 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:18:09.0414 8880 PolicyAgent - ok
23:18:09.0452 8880 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:18:09.0457 8880 Power - ok
23:18:09.0534 8880 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:18:09.0537 8880 PptpMiniport - ok
23:18:09.0571 8880 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:18:09.0573 8880 Processor - ok
23:18:09.0637 8880 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
23:18:09.0679 8880 ProfSvc - ok
23:18:09.0721 8880 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:18:09.0722 8880 ProtectedStorage - ok
23:18:09.0792 8880 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:18:09.0793 8880 Psched - ok
23:18:09.0873 8880 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:18:09.0876 8880 PxHlpa64 - ok
23:18:10.0047 8880 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:18:10.0070 8880 ql2300 - ok
23:18:10.0215 8880 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:18:10.0218 8880 ql40xx - ok
23:18:10.0276 8880 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:18:10.0291 8880 QWAVE - ok
23:18:10.0313 8880 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:18:10.0315 8880 QWAVEdrv - ok
23:18:10.0350 8880 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:18:10.0351 8880 RasAcd - ok
23:18:10.0418 8880 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:18:10.0420 8880 RasAgileVpn - ok
23:18:10.0444 8880 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:18:10.0457 8880 RasAuto - ok
23:18:10.0513 8880 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:18:10.0515 8880 Rasl2tp - ok
23:18:10.0601 8880 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:18:10.0642 8880 RasMan - ok
23:18:10.0701 8880 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:18:10.0702 8880 RasPppoe - ok
23:18:10.0720 8880 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:18:10.0722 8880 RasSstp - ok
23:18:10.0785 8880 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:18:10.0790 8880 rdbss - ok
23:18:10.0814 8880 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:18:10.0815 8880 rdpbus - ok
23:18:10.0828 8880 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:18:10.0829 8880 RDPCDD - ok
23:18:10.0858 8880 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:18:10.0860 8880 RDPENCDD - ok
23:18:10.0876 8880 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:18:10.0877 8880 RDPREFMP - ok
23:18:10.0945 8880 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:18:10.0948 8880 RDPWD - ok
23:18:11.0030 8880 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:18:11.0032 8880 rdyboost - ok
23:18:11.0231 8880 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:18:11.0288 8880 RegSrvc - ok
23:18:11.0350 8880 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:18:11.0354 8880 RemoteAccess - ok
23:18:11.0392 8880 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:18:11.0396 8880 RemoteRegistry - ok
23:18:11.0494 8880 RichVideo64 (0b169fe016039571ecc6db70073f8979) C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
23:18:11.0551 8880 RichVideo64 - ok
23:18:11.0647 8880 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
23:18:11.0694 8880 RoxioNow Service - ok
23:18:11.0744 8880 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:18:11.0756 8880 RpcEptMapper - ok
23:18:11.0788 8880 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:18:11.0799 8880 RpcLocator - ok
23:18:11.0864 8880 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:18:11.0914 8880 RpcSs - ok
23:18:12.0026 8880 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
23:18:12.0031 8880 RsFx0103 - ok
23:18:12.0126 8880 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys
23:18:12.0131 8880 RSPCIESTOR - ok
23:18:12.0232 8880 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:18:12.0234 8880 rspndr - ok
23:18:12.0335 8880 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:18:12.0342 8880 RTL8167 - ok
23:18:12.0408 8880 SaiH0464 (7dae6531c57099681008e6af853e0f6b) C:\Windows\system32\DRIVERS\SaiH0464.sys
23:18:12.0412 8880 SaiH0464 - ok
23:18:12.0463 8880 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:18:12.0466 8880 SamSs - ok
23:18:12.0515 8880 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:18:12.0518 8880 sbp2port - ok
23:18:12.0569 8880 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:18:12.0583 8880 SCardSvr - ok
23:18:12.0699 8880 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:18:12.0701 8880 scfilter - ok
23:18:12.0830 8880 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:18:12.0875 8880 Schedule - ok
23:18:12.0938 8880 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:18:12.0940 8880 SCPolicySvc - ok
23:18:12.0997 8880 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
23:18:12.0999 8880 sdbus - ok
23:18:13.0058 8880 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:18:13.0099 8880 SDRSVC - ok
23:18:13.0222 8880 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
23:18:13.0275 8880 SeaPort - ok
23:18:13.0309 8880 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:18:13.0310 8880 secdrv - ok
23:18:13.0362 8880 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:18:13.0416 8880 seclogon - ok
23:18:13.0487 8880 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:18:13.0499 8880 SENS - ok
23:18:13.0536 8880 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:18:13.0540 8880 SensrSvc - ok
23:18:13.0579 8880 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:18:13.0582 8880 Serenum - ok
23:18:13.0654 8880 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:18:13.0657 8880 Serial - ok
23:18:13.0713 8880 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:18:13.0714 8880 sermouse - ok
23:18:13.0768 8880 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:18:13.0801 8880 SessionEnv - ok
23:18:13.0831 8880 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:18:13.0831 8880 sffdisk - ok
23:18:13.0858 8880 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:18:13.0862 8880 sffp_mmc - ok
23:18:13.0879 8880 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:18:13.0880 8880 sffp_sd - ok
23:18:13.0901 8880 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:18:13.0901 8880 sfloppy - ok
23:18:13.0997 8880 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:18:14.0006 8880 SharedAccess - ok
23:18:14.0099 8880 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:18:14.0127 8880 ShellHWDetection - ok
23:18:14.0196 8880 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:18:14.0196 8880 SiSRaid2 - ok
23:18:14.0236 8880 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:18:14.0237 8880 SiSRaid4 - ok
23:18:14.0301 8880 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:18:14.0302 8880 Smb - ok
23:18:14.0340 8880 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:18:14.0345 8880 SNMPTRAP - ok
23:18:14.0369 8880 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:18:14.0370 8880 spldr - ok
23:18:14.0457 8880 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:18:14.0516 8880 Spooler - ok
23:18:14.0826 8880 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:18:14.0884 8880 sppsvc - ok
23:18:15.0033 8880 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:18:15.0042 8880 sppuinotify - ok
23:18:15.0239 8880 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
23:18:15.0298 8880 SQLAgent$SQLEXPRESS - ok
23:18:15.0410 8880 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
23:18:15.0461 8880 SQLBrowser - ok
23:18:15.0549 8880 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
23:18:15.0584 8880 SQLWriter - ok
23:18:15.0685 8880 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:18:15.0688 8880 srv - ok
23:18:15.0735 8880 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:18:15.0739 8880 srv2 - ok
23:18:15.0803 8880 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:18:15.0806 8880 SrvHsfHDA - ok
23:18:15.0940 8880 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:18:15.0947 8880 SrvHsfV92 - ok
23:18:16.0181 8880 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:18:16.0192 8880 SrvHsfWinac - ok
23:18:16.0267 8880 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:18:16.0269 8880 srvnet - ok
23:18:16.0331 8880 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:18:16.0335 8880 SSDPSRV - ok
23:18:16.0356 8880 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:18:16.0359 8880 SstpSvc - ok
23:18:16.0518 8880 STacSV (20e27aa5bcc01c2149830c05fe22f675) C:\Program Files\IDT\WDM\STacSV64.exe
23:18:16.0568 8880 STacSV - ok
23:18:16.0589 8880 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:18:16.0589 8880 stexstor - ok
23:18:16.0647 8880 STHDA (beb37ce4e7456f5efa52d783d1e06d8c) C:\Windows\system32\DRIVERS\stwrt64.sys
23:18:16.0650 8880 STHDA - ok
23:18:16.0779 8880 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:18:16.0812 8880 stisvc - ok
23:18:16.0864 8880 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:18:16.0864 8880 swenum - ok
23:18:17.0139 8880 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:18:17.0206 8880 SwitchBoard - ok
23:18:17.0267 8880 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:18:17.0279 8880 swprv - ok
23:18:17.0452 8880 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
23:18:17.0459 8880 SynTP - ok
23:18:17.0750 8880 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:18:17.0792 8880 SysMain - ok
23:18:17.0917 8880 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:18:17.0957 8880 TabletInputService - ok
23:18:17.0991 8880 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:18:18.0017 8880 TapiSrv - ok
23:18:18.0049 8880 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:18:18.0052 8880 TBS - ok
23:18:18.0352 8880 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:18:18.0382 8880 Tcpip - ok
23:18:18.0731 8880 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:18:18.0746 8880 TCPIP6 - ok
23:18:18.0890 8880 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:18:18.0936 8880 tcpipreg - ok
23:18:18.0981 8880 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:18:18.0986 8880 TDPIPE - ok
23:18:19.0039 8880 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:18:19.0073 8880 TDTCP - ok
23:18:19.0116 8880 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:18:19.0170 8880 tdx - ok
23:18:19.0217 8880 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:18:19.0258 8880 TermDD - ok
23:18:19.0339 8880 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:18:19.0373 8880 TermService - ok
23:18:19.0410 8880 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:18:19.0414 8880 Themes - ok
23:18:19.0444 8880 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:18:19.0445 8880 THREADORDER - ok
23:18:19.0476 8880 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:18:19.0481 8880 TrkWks - ok
23:18:19.0571 8880 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:18:19.0617 8880 TrustedInstaller - ok
23:18:19.0667 8880 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:18:19.0716 8880 tssecsrv - ok
23:18:19.0794 8880 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:18:19.0847 8880 TsUsbFlt - ok
23:18:19.0932 8880 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:18:19.0990 8880 tunnel - ok
23:18:20.0026 8880 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:18:20.0030 8880 uagp35 - ok
23:18:20.0094 8880 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:18:20.0141 8880 udfs - ok
23:18:20.0164 8880 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:18:20.0169 8880 UI0Detect - ok
23:18:20.0231 8880 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:18:20.0239 8880 uliagpkx - ok
23:18:20.0320 8880 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:18:20.0371 8880 umbus - ok
23:18:20.0404 8880 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:18:20.0406 8880 UmPass - ok
23:18:20.0608 8880 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
23:18:20.0682 8880 UMVPFSrv - ok
23:18:20.0870 8880 UNS (3a1ecef8d49fc1a786a6ccd5a86a8878) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:18:20.0962 8880 UNS - ok
23:18:21.0070 8880 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:18:21.0076 8880 upnphost - ok
23:18:21.0164 8880 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
23:18:21.0198 8880 USBAAPL64 - ok
23:18:21.0272 8880 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:18:21.0320 8880 usbaudio - ok
23:18:21.0386 8880 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:18:21.0418 8880 usbccgp - ok
23:18:21.0481 8880 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:18:21.0485 8880 usbcir - ok
23:18:21.0504 8880 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:18:21.0537 8880 usbehci - ok
23:18:21.0583 8880 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:18:21.0617 8880 usbhub - ok
23:18:21.0678 8880 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:18:21.0712 8880 usbohci - ok
23:18:21.0743 8880 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:18:21.0746 8880 usbprint - ok
23:18:21.0767 8880 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:18:21.0802 8880 USBSTOR - ok
23:18:21.0833 8880 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:18:21.0866 8880 usbuhci - ok
23:18:21.0956 8880 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:18:21.0990 8880 usbvideo - ok
23:18:22.0021 8880 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:18:22.0039 8880 UxSms - ok
23:18:22.0080 8880 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:18:22.0081 8880 VaultSvc - ok
23:18:22.0113 8880 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:18:22.0113 8880 vdrvroot - ok
23:18:22.0181 8880 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:18:22.0231 8880 vds - ok
23:18:22.0273 8880 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:18:22.0281 8880 vga - ok
23:18:22.0299 8880 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:18:22.0306 8880 VgaSave - ok
23:18:22.0362 8880 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:18:22.0413 8880 vhdmp - ok
23:18:22.0465 8880 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:18:22.0475 8880 viaide - ok
23:18:22.0533 8880 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:18:22.0535 8880 volmgr - ok
23:18:22.0613 8880 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:18:22.0617 8880 volmgrx - ok
23:18:22.0672 8880 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:18:22.0676 8880 volsnap - ok
23:18:22.0739 8880 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:18:22.0748 8880 vsmraid - ok
23:18:22.0904 8880 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:18:22.0957 8880 VSS - ok
23:18:23.0072 8880 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:18:23.0076 8880 vwifibus - ok
23:18:23.0116 8880 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:18:23.0123 8880 vwififlt - ok
23:18:23.0134 8880 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:18:23.0140 8880 vwifimp - ok
23:18:23.0185 8880 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:18:23.0200 8880 W32Time - ok
23:18:23.0245 8880 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:18:23.0249 8880 WacomPen - ok
23:18:23.0325 8880 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:18:23.0384 8880 WANARP - ok
23:18:23.0387 8880 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:18:23.0388 8880 Wanarpv6 - ok
23:18:23.0537 8880 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:18:23.0599 8880 WatAdminSvc - ok
23:18:23.0740 8880 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:18:23.0807 8880 wbengine - ok
23:18:23.0951 8880 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:18:23.0958 8880 WbioSrvc - ok
23:18:24.0022 8880 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:18:24.0075 8880 wcncsvc - ok
23:18:24.0087 8880 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:18:24.0089 8880 WcsPlugInService - ok
23:18:24.0156 8880 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:18:24.0160 8880 Wd - ok
23:18:24.0261 8880 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:18:24.0265 8880 Wdf01000 - ok
23:18:24.0311 8880 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:18:24.0312 8880 WdiServiceHost - ok
23:18:24.0315 8880 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:18:24.0317 8880 WdiSystemHost - ok
23:18:24.0350 8880 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys
23:18:24.0384 8880 wdkmd - ok
23:18:24.0449 8880 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:18:24.0492 8880 WebClient - ok
23:18:24.0515 8880 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:18:24.0522 8880 Wecsvc - ok
23:18:24.0564 8880 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:18:24.0566 8880 wercplsupport - ok
23:18:24.0599 8880 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:18:24.0603 8880 WerSvc - ok
23:18:24.0641 8880 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:18:24.0643 8880 WfpLwf - ok
23:18:24.0664 8880 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:18:24.0666 8880 WIMMount - ok
23:18:24.0707 8880 WinDefend - ok
23:18:24.0712 8880 WinHttpAutoProxySvc - ok
23:18:24.0785 8880 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:18:24.0789 8880 Winmgmt - ok
23:18:25.0004 8880 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:18:25.0046 8880 WinRM - ok
23:18:25.0300 8880 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
23:18:25.0346 8880 WinUsb - ok
23:18:25.0455 8880 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:18:25.0478 8880 Wlansvc - ok
23:18:25.0599 8880 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:18:25.0676 8880 wlcrasvc - ok
23:18:26.0022 8880 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:18:26.0068 8880 wlidsvc - ok
23:18:26.0249 8880 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:18:26.0257 8880 WmiAcpi - ok
23:18:26.0353 8880 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:18:26.0364 8880 wmiApSrv - ok
23:18:26.0425 8880 WMPNetworkSvc - ok
23:18:26.0484 8880 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:18:26.0493 8880 WPCSvc - ok
23:18:26.0552 8880 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:18:26.0602 8880 WPDBusEnum - ok
23:18:26.0649 8880 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:18:26.0649 8880 ws2ifsl - ok
23:18:26.0682 8880 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:18:26.0686 8880 wscsvc - ok
23:18:26.0688 8880 WSearch - ok
23:18:26.0895 8880 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:18:26.0907 8880 wuauserv - ok
23:18:27.0078 8880 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:18:27.0136 8880 WudfPf - ok
23:18:27.0165 8880 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:18:27.0199 8880 WUDFRd - ok
23:18:27.0247 8880 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:18:27.0294 8880 wudfsvc - ok
23:18:27.0337 8880 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:18:27.0344 8880 WwanSvc - ok
23:18:27.0411 8880 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
23:18:27.0456 8880 xusb21 - ok
23:18:27.0523 8880 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
23:18:27.0531 8880 yukonw7 - ok
23:18:27.0560 8880 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:18:27.0760 8880 \Device\Harddisk0\DR0 - ok
23:18:27.0763 8880 Boot (0x1200) (a88f8152a74ecfd682c8c1d29f1dafbc) \Device\Harddisk0\DR0\Partition0
23:18:27.0765 8880 \Device\Harddisk0\DR0\Partition0 - ok
23:18:27.0773 8880 Boot (0x1200) (fccd7c859cfe47d10ce2cffc89507d1b) \Device\Harddisk0\DR0\Partition1
23:18:27.0775 8880 \Device\Harddisk0\DR0\Partition1 - ok
23:18:27.0807 8880 Boot (0x1200) (17e53ce76d73e323545ab78795427623) \Device\Harddisk0\DR0\Partition2
23:18:27.0810 8880 \Device\Harddisk0\DR0\Partition2 - ok
23:18:27.0850 8880 Boot (0x1200) (0785dbe94b89a98b21091115af39b469) \Device\Harddisk0\DR0\Partition3
23:18:27.0851 8880 \Device\Harddisk0\DR0\Partition3 - ok
23:18:27.0852 8880 ============================================================
23:18:27.0852 8880 Scan finished
23:18:27.0852 8880 ============================================================
23:18:27.0864 7652 Detected object count: 0
23:18:27.0864 7652 Actual detected object count: 0





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-08 23:20:53
-----------------------------
23:20:53.445 OS Version: Windows x64 6.1.7601 Service Pack 1
23:20:53.445 Number of processors: 8 586 0x2A07
23:20:53.446 ComputerName: HOMAM-HP UserName: Homam
23:20:54.757 Initialize success
23:22:48.425 AVAST engine defs: 12080801
23:22:56.511 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:22:56.516 Disk 0 Vendor: TOSHIBA_ MH00 Size: 610480MB BusType: 3
23:22:56.550 Disk 0 MBR read successfully
23:22:56.556 Disk 0 MBR scan
23:22:56.568 Disk 0 Windows 7 default MBR code
23:22:56.582 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:22:56.604 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 594458 MB offset 409600
23:22:56.638 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15718 MB offset 1217859584
23:22:56.665 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
23:22:56.723 Disk 0 scanning C:\Windows\system32\drivers
23:23:10.202 Service scanning
23:23:45.736 Modules scanning
23:23:45.754 Disk 0 trace - called modules:
23:23:45.794 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
23:23:45.805 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008415060]
23:23:45.815 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> [0xfffffa8008293b10]
23:23:45.822 5 hpdskflt.sys[fffff88001fa5189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800814b050]
23:23:47.250 AVAST engine scan C:\Windows
23:23:53.858 AVAST engine scan C:\Windows\system32
23:28:45.900 AVAST engine scan C:\Windows\system32\drivers
23:29:03.643 AVAST engine scan C:\Users\Homam
23:35:10.635 Disk 0 MBR has been saved successfully to "C:\Users\Homam\Desktop\MBR.dat"
23:35:10.646 The log file has been saved successfully to "C:\Users\Homam\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 AM

Posted 09 August 2012 - 08:18 AM

Greetings Al2010

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.


first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on safety
  • click on delete browsing history
  • make sure all boxes are checked
  • click on Tools,
  • click Internet Options.
  • On the Advanced tab, click Reset
  • put a check mark next to Delete Personal Settings
  • click Reset to confirm
  • when complete click the close button
  • restart IE


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\BitTorrentBar
c:\program files (x86)\ConduitEngine

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Al2010

Al2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 09 August 2012 - 01:34 PM

Hello Gringo,

After resetting Internet Explorer, it seems to now be running normally again. Also I ran the Combofix just like you asked me and the test ran smoothly. No trouble so far, and my laptop seems to be back to normal! All the issues that I came with are now resolved thank you very much! I await further instructions, is there more you wish for me to do?





ComboFix 12-08-07.05 - Homam 08/09/2012 10:55:57.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5773 [GMT -7:00]
Running from: c:\users\Homam\Downloads\ComboFix.exe
Command switches used :: c:\users\Homam\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BitTorrentBar
c:\program files (x86)\BitTorrentBar\BitTorrentBarToolbarHelper.exe
c:\program files (x86)\BitTorrentBar\GottenAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar\INSTALL.LOG
c:\program files (x86)\BitTorrentBar\OtherAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar\SharedAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar\tbBitT.dll
c:\program files (x86)\BitTorrentBar\toolbar.cfg
c:\program files (x86)\BitTorrentBar\ToolbarContextMenu.xml
c:\program files (x86)\BitTorrentBar\UNWISE.EXE
c:\program files (x86)\ConduitEngine
c:\program files (x86)\ConduitEngine\appContextMenu.xml
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\program files (x86)\ConduitEngine\engineContextMenu.xml
c:\program files (x86)\ConduitEngine\EngineSettings.json
c:\program files (x86)\ConduitEngine\INSTALL.LOG
c:\program files (x86)\ConduitEngine\toolbar.cfg
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 18:11 . 2012-08-09 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-01 23:04 . 2012-08-01 23:04 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2012-07-30 13:28 . 2012-07-30 13:28 -------- d-----w- c:\users\Homam\AppData\Roaming\McAfee
2012-07-30 13:20 . 2012-07-30 13:20 -------- d-----w- c:\programdata\McAfee Anti-Theft
2012-07-30 10:22 . 2012-08-06 06:18 -------- d-----w- c:\program files (x86)\McAfee
2012-07-30 10:15 . 2012-06-22 14:38 177144 ----a-w- c:\windows\system32\mfevtps.exe
2012-07-30 07:11 . 2012-07-30 07:11 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-07-28 23:41 . 2012-07-28 23:41 -------- d-----w- c:\users\Homam\AppData\Local\McAfee Anti-Theft
2012-07-28 23:32 . 2012-07-28 23:32 -------- d-----w- c:\windows\system32\drivers\NSTx64
2012-07-28 23:32 . 2012-07-28 23:32 -------- d-----w- c:\program files (x86)\Norton Safe Web Lite
2012-07-28 23:27 . 2012-08-08 15:55 -------- d-----w- c:\programdata\McAfee
2012-07-28 22:39 . 2012-07-28 22:39 -------- d-----w- c:\users\Homam\AppData\Local\Logitech® Webcam Software
2012-07-28 22:34 . 2012-07-28 22:34 -------- d-----w- c:\programdata\LogiShrd
2012-07-28 22:34 . 2012-07-28 22:34 -------- d-----w- c:\users\Homam\AppData\Roaming\Leadertech
2012-07-28 22:34 . 2012-07-28 22:34 53248 ----a-r- c:\users\Homam\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-28 22:33 . 2012-07-28 22:33 -------- d-----w- c:\programdata\Logitech
2012-07-28 22:33 . 2012-07-28 22:33 -------- d-----w- c:\program files (x86)\Common Files\LWS
2012-07-28 22:33 . 2012-07-28 22:34 -------- d-----w- c:\program files (x86)\Logitech
2012-07-28 22:18 . 2012-07-28 22:34 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2012-07-28 22:18 . 2012-07-28 22:34 -------- d-----w- c:\program files\Common Files\logishrd
2012-07-24 12:54 . 2012-07-24 12:54 -------- d-----w- c:\programdata\Cached Installations
2012-07-24 12:24 . 2012-07-24 12:24 -------- d-----w- c:\users\Homam\AppData\Roaming\OfficeRecovery
2012-07-23 09:46 . 2012-07-23 09:46 -------- d-----w- c:\windows\en
2012-07-23 09:44 . 2012-07-23 09:44 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-23 09:42 . 2012-07-23 09:42 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7f30257e1cd68b703\DSETUP.dll
2012-07-23 09:42 . 2012-07-23 09:42 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7f30257e1cd68b703\DXSETUP.exe
2012-07-23 09:42 . 2012-07-23 09:42 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7f30257e1cd68b703\dsetup32.dll
2012-07-23 09:42 . 2012-07-23 09:42 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7f4d71eb1cd68b704\MeshBetaRemover.exe
2012-07-12 10:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 12:09 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 05:07 . 2012-04-10 17:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 05:07 . 2011-05-19 19:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 10:02 . 2011-04-27 05:47 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-22 14:38 . 2012-06-22 14:38 335784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-06-22 14:36 . 2012-06-22 14:36 752672 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-06-22 14:34 . 2012-06-22 14:34 169320 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-06-15 18:52 . 2012-06-15 18:53 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-06-15 18:52 . 2012-06-15 18:53 98304 ----a-w- c:\windows\system32\iglhcp64.dll
2012-06-15 18:52 . 2012-06-15 18:53 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-06-15 18:52 . 2012-06-15 18:53 416024 ----a-w- c:\windows\system32\igfxpers.exe
2012-06-15 18:52 . 2012-06-15 18:53 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2012-06-15 18:52 . 2012-06-15 18:53 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-06-15 18:52 . 2012-06-15 18:53 376832 ----a-w- c:\windows\system32\iglhsip64.dll
2012-06-15 18:52 . 2012-06-15 18:53 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-06-15 18:52 . 2012-06-15 18:53 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2012-06-15 18:52 . 2012-06-15 18:53 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-06-15 18:52 . 2012-06-15 18:53 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-06-15 18:52 . 2012-06-15 18:53 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-06-15 18:52 . 2012-06-15 18:53 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-06-15 18:52 . 2012-06-15 18:53 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-06-15 18:52 . 2012-06-15 18:53 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-06-15 18:52 . 2012-06-15 18:53 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-06-15 18:52 . 2012-06-15 18:53 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-06-15 18:52 . 2012-06-15 18:53 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2012-06-15 18:52 . 2012-06-15 18:53 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-06-15 18:52 . 2012-06-15 18:53 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-06-15 18:52 . 2012-06-15 18:53 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-06-15 18:52 . 2012-06-15 18:53 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-06-15 18:52 . 2012-06-15 18:53 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-06-15 18:52 . 2012-06-15 18:53 239896 ----a-w- c:\windows\system32\igfxext.exe
2012-06-15 18:52 . 2012-06-15 18:53 167704 ----a-w- c:\windows\system32\igfxtray.exe
2012-06-15 18:52 . 2011-04-08 22:37 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-06-15 18:52 . 2011-04-08 22:37 9014784 ----a-w- c:\windows\system32\igfxress.dll
2012-06-15 18:52 . 2011-04-08 22:37 375808 ----a-w- c:\windows\system32\igfxpph.dll
2012-06-15 18:52 . 2012-06-15 18:53 8311808 ----a-w- c:\windows\system32\igdumd64.dll
2012-06-15 18:52 . 2012-06-15 18:53 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-06-15 18:52 . 2012-06-15 18:53 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-06-15 18:52 . 2012-06-15 18:53 390144 ----a-w- c:\windows\system32\igfxdev.dll
2012-06-15 18:52 . 2012-06-15 18:53 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-06-15 18:52 . 2012-06-15 18:53 216000 ----a-w- c:\windows\system32\igfcg600m.bin
2012-06-15 18:52 . 2012-06-15 18:53 162816 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-06-15 18:52 . 2012-06-15 18:53 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-06-15 18:52 . 2012-06-15 18:53 140288 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-06-15 18:52 . 2012-06-15 18:53 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-06-15 18:52 . 2012-06-15 18:53 75776 ----a-w- c:\windows\system32\igdde64.dll
2012-06-15 18:52 . 2012-06-15 18:53 12289472 ----a-w- c:\windows\system32\drivers\igdpmd64.sys
2012-06-15 18:52 . 2012-06-15 18:53 12289472 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-06-15 18:52 . 2011-04-08 22:37 6322688 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-06-15 18:52 . 2012-06-15 18:53 56832 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-06-15 18:52 . 2012-06-15 18:53 14598144 ----a-w- c:\windows\system32\igd10umd64.dll
2012-06-15 18:52 . 2012-06-15 18:53 12339712 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-06-15 18:52 . 2012-06-15 18:53 18640384 ----a-w- c:\windows\system32\ig4icd64.dll
2012-06-15 18:52 . 2012-06-15 18:53 392472 ----a-w- c:\windows\system32\hkcmd.exe
2012-06-15 18:52 . 2012-06-15 18:53 13903872 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-06-15 18:52 . 2012-06-15 18:53 4378392 ----a-w- c:\windows\system32\GfxUI.exe
2012-06-15 18:52 . 2011-04-08 22:37 110080 ----a-w- c:\windows\system32\hccutils.dll
2012-06-15 18:52 . 2012-06-15 18:53 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-06-15 18:52 . 2012-06-15 18:53 179992 ----a-w- c:\windows\system32\difx64.exe
2012-06-15 18:52 . 2012-06-15 18:53 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2012-06-15 18:52 . 2012-06-15 18:53 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-15 18:52 . 2012-06-15 18:53 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-06-15 18:52 . 2012-06-15 18:53 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-06-15 18:52 . 2011-04-13 10:11 4056064 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-15 18:52 . 2011-04-13 09:32 4256768 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-15 18:52 . 2011-04-08 22:37 58880 ----a-w- c:\windows\system32\coinst.dll
2012-06-15 18:52 . 2011-04-08 22:37 5399040 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-15 18:52 . 2011-04-08 22:37 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-15 18:52 . 2011-04-08 22:37 3871744 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-15 18:52 . 2012-06-15 18:53 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2012-06-15 18:52 . 2012-06-15 18:53 18388480 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-15 18:52 . 2012-06-15 18:53 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-15 18:52 . 2012-06-15 18:53 9981952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-15 18:52 . 2012-06-15 18:53 9644544 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-15 18:52 . 2012-06-15 18:53 8247296 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-15 18:52 . 2012-06-15 18:53 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-15 18:52 . 2012-06-15 18:53 53760 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-15 18:52 . 2012-06-15 18:53 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-15 18:52 . 2012-06-15 18:53 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-15 18:52 . 2012-06-15 18:53 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-15 18:52 . 2012-06-15 18:53 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-15 18:52 . 2012-06-15 18:53 485376 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-15 18:52 . 2012-06-15 18:53 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-15 18:52 . 2012-06-15 18:53 4198912 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-15 18:52 . 2012-06-15 18:53 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-15 18:52 . 2012-06-15 18:53 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-08_16.14.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-11 03:39 . 2012-08-08 16:31 65054 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-09 17:51 38360 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-15 00:22 . 2012-08-09 17:51 19134 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-566136250-2701977445-2924683589-1001_UserData.bin
+ 2011-04-15 05:02 . 2012-08-09 17:50 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-15 05:02 . 2012-08-08 15:49 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-15 05:02 . 2012-08-08 15:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-15 05:02 . 2012-08-09 17:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-09 17:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-08 15:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-08 16:14 . 2012-08-08 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-09 18:12 . 2012-08-09 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-09 18:12 . 2012-08-09 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-08 16:14 . 2012-08-08 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-14 21:56 . 2012-08-09 16:58 325230 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-08-08 16:13 478668 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-09 18:11 478668 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-08 23:05 . 2012-08-08 16:13 6701488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-08 23:05 . 2012-08-09 18:11 6701488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-15 00:19 . 2012-08-09 18:11 15848490 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-566136250-2701977445-2924683589-1001-8192.dat
+ 2011-07-17 10:15 . 2012-08-09 17:49 53478669 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-566136250-2701977445-2924683589-1001-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" [2011-03-03 12008296]
"Facebook Update"="c:\users\Homam\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"googletalk"="c:\users\Homam\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-12-09 113288]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Athan"="c:\users\Homam\Documents\Athan\Athan.exe" [2011-03-19 1204224]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-01-11 296056]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-31 336384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
.
c:\users\Homam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0028701344233937mcinstcleanup;McAfee Application Installer Cleanup (0028701344233937);c:\windows\TEMP\002870~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 136176]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 SaiH0464;SaiH0464;c:\windows\system32\DRIVERS\SaiH0464.sys [2008-03-31 178432]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-16 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 71800]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [2011-08-08 167048]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-12-09 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-15 204288]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-07-31 67584]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-09 2413056]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2011-08-10 138760]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\Cyberlink\Shared files\RichVideo64.exe [2010-08-20 386344]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-15 9981952]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-15 310272]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-11 31088]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2012-06-15 12289472]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-04 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-12-09 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-12-09 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-12-09 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-07-22 428136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 05:07]
.
2012-08-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-566136250-2701977445-2924683589-1001Core.job
- c:\users\Homam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 04:05]
.
2012-08-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-566136250-2701977445-2924683589-1001UA.job
- c:\users\Homam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 04:05]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 23:47]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-14 23:47]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-566136250-2701977445-2924683589-1001Core.job
- c:\users\Homam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-14 22:41]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-566136250-2701977445-2924683589-1001UA.job
- c:\users\Homam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-14 22:41]
.
2012-08-03 c:\windows\Tasks\HPCeeScheduleForHOMAM-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-08-06 c:\windows\Tasks\HPCeeScheduleForHomam.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-08-09 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="TRAY" [X]
"SynTPEnh"="H.EXE" [BU]
"HPWirelessAssistant"=".EXE" [BU]
"AdobeAAMUpdater-1.0"="FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-09 1128448]
"IntelliPoint"="T.EXE" [BU]
"IgfxTray"="DOWS\SYSTEM32\IGFXTRAY.EXE" [BU]
"HotKeysCmds"="DOWS\SYSTEM32\HKCMD.EXE" [BU]
"Persistence"="DOWS\SYSTEM32\IGFXPERS.EXE" [BU]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
FF - ProfilePath - c:\users\Homam\AppData\Roaming\Mozilla\Firefox\Profiles\0ggcdhyh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files (x86)\BitTorrentBar\tbBitT.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\ConduitEngine.dll
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-BitTorrentBar Toolbar - c:\progra~2\BITTOR~2\UNWISE.EXE
AddRemove-conduitEngine - c:\progra~2\CONDUI~1\ConduitEngineUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"
"ImagePath"="\"c:\program files\Cyberlink\Shared files\RichVideo64.exe\"\00Z
[\]^_†\00\00†\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~†\00\00†\00\00\00\00†\00\00\00\00\00\00\00\00‘’“"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-08-09 11:20:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-09 18:20
ComboFix2.txt 2012-08-08 16:21
.
Pre-Run: 405,750,116,352 bytes free
Post-Run: 405,501,329,408 bytes free
.
- - End Of File - - 7696DA5782FDEAFAA6203131AB2F4178

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 AM

Posted 09 August 2012 - 02:14 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.1 MUI
Bing Bar
Bing Rewards Client Installer
BitTorrent
BitTorrentBar Toolbar
Conduit Engine
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Al2010

Al2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 09 August 2012 - 03:25 PM

Hello Gringo,

I completed all the steps you as of me from the previous post and everything went smoothly. One issue that i noticed about my computer is the the McAfee firewall goes off by itself every now and then. For example over the past 3 hours it has turned off by itself 4 times and I just keep turning it back on. Also another thing to note is that when I installed the newer version of adobe reader it downloaded with it a free version of McAfee security scan plus. Finally, last but not least when I ran the malwarebytes’ program after the quick scan the log automatically opened in a notepad without showing me the results. So I was not able to complete this step, "Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected." Other then that my computer is still working fine, and my internet browsers are all working fine as well. Thank you for your help and I hope to hear from you soon.




Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.09.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Homam :: HOMAM-HP [administrator]

Protection: Enabled

8/9/2012 1:07:58 PM
mbam-log-2012-08-09 (13-07-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200188
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)









Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:18:20 PM, on 8/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Users\Homam\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
C:\Users\Homam\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Homam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\McUicnt.exe
C:\Users\Homam\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (file missing)
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Athan] C:\Users\Homam\Documents\Athan\Athan.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" -stealth
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Homam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [googletalk] C:\Users\Homam\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: McAfee Application Installer Cleanup (0028701344233937) (0028701344233937mcinstcleanup) - Unknown owner - C:\Windows\TEMP\002870~1.EXE (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Cobian Backup 11 Volume Shadow Copy Requester (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19687 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 AM

Posted 09 August 2012 - 04:00 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" -stealth
      O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Homam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      O4 - HKCU\..\Run: [googletalk] C:\Users\Homam\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
      O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe
      O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
      O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Al2010

Al2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 10 August 2012 - 06:06 AM

Hello Gringo,

I followed all your steps very carefully and everything went smoothly. The computer itself is still in good shape and running my internet browsers feels so much quicker, even using google chrome. I think this is because of all the cleaning we've been doing. The online scan complete after about 2 hours and found 5 infections and they are shown below. Thank you very much and I hope to hear from you soon.



C:\Users\Homam\Downloads\GraboidVideoSetup-3.11 (1).exe Win32/Graboid application
C:\Users\Homam\Downloads\GraboidVideoSetup-3.11 (2).exe Win32/Graboid application
C:\Users\Homam\Downloads\GraboidVideoSetup-3.11 (3).exe Win32/Graboid application
C:\Users\Homam\Downloads\GraboidVideoSetup-3.11.exe Win32/Graboid application
C:\Users\Homam\Downloads\ringtonejunkiez.exe a variant of Win32/InstallCore.K application

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 AM

Posted 10 August 2012 - 07:14 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q ":\Users\Homam\Downloads\GraboidVideoSetup-3.11 (1).exe"
    del /f /s /q "C:\Users\Homam\Downloads\GraboidVideoSetup-3.11 (2).exe"
    del /f /s /q "C:\Users\Homam\Downloads\GraboidVideoSetup-3.11 (3).exe"
    del /f /s /q "C:\Users\Homam\Downloads\GraboidVideoSetup-3.11.exe "
    del /f /s /q "C:\Users\Homam\Downloads\ringtonejunkiez.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Al2010

Al2010
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 10 August 2012 - 10:30 AM

Hello Gringo,

I completed the steps needed in your last post! I do not know how to thank you enough for your help and immediate replies. Thank you for all that you have done for me and may god bless you!!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 AM

Posted 10 August 2012 - 01:02 PM

thank you and you are more than welcome



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:41 AM

Posted 14 August 2012 - 12:12 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users