Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect/Probable Rootkit


  • This topic is locked This topic is locked
20 replies to this topic

#1 FormerAgentOfDeath

FormerAgentOfDeath

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 07 August 2012 - 10:55 AM

I am using a Dell OptiPlex 390 (Core i5-2400 CPU) with 8GB RAM. I am running Windows 7 Professional (64-bit) with the latest patches applied. A couple of weeks ago I started getting lots of popups while browsing (using IE 9.0.8112.16421). Also having problems accessing some secure websites (I get the following error message: “The site's security certificate is signed using a weak signature algorithm”). Occasionally, I’ll get the message – “mcconsole.exe – Ordinal Not Found The ordinal 1112 could not be located in the dynamic link library WSOCK32.dll”. Also getting random browser redirections. I posted the following this morning-
http://www.bleepingcomputer.com/forums/topic464210.html
The advisor that assisted me recommended creating a new topic here.
I have followed the log preparation instructions and attached logs as instructed.
NOTE: In GMER, the only checkboxes I can activate/deactivate are: Services, Registry, Files, C:\, and ADS. All other boxes are disabled. I am logged in as a local administrator.
Please advise.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by rburns at 11:06:09 on 2012-08-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8165.5977 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Windows\SysWOW64\LxrSII1s.exe
C:\Users\cmarks\AppData\Roaming\Mikogo 4\M4-Service.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Users\rburns.PFG\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\rdpclip.exe
C:\Users\cmarks\AppData\Roaming\Mikogo 4\M4-Capture.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120718090500.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\rburns.PFG\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe -update activex
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
Trusted Zone: fidelitywealthcentral.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://pershingtraining.webex.com/client/T27L10NSP11EP14/training/ieatgpc1.cab
TCP: Interfaces\{DD0AA667-2C08-411F-9030-E20E94916B0D} : NameServer = 172.16.1.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120718090500.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-3-2 43912]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 LxrSII1d;Secure II Driver;\??\C:\Windows\System32\Drivers\LxrSII1d.sys --> C:\Windows\System32\Drivers\LxrSII1d.sys [?]
R2 M4-Service;M4-Service;C:\Users\cmarks\AppData\Roaming\Mikogo 4\M4-Service.exe [2012-1-16 1007472]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-7-18 190256]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2011-1-12 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-20 2656280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-07 14:00:40 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-18 13:17:02 16200 ----a-w- C:\Windows\stinger.sys
2012-07-18 13:16:45 -------- d-----w- C:\Program Files (x86)\stinger
2012-07-18 13:04:57 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-07-18 13:04:57 97960 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-07-18 13:04:57 153952 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-07-18 13:04:56 217696 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-07-18 13:04:54 607152 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-07-18 13:04:53 281544 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-07-18 13:04:53 156248 ----a-w- C:\Windows\System32\mfevtps.exe
2012-07-18 13:04:07 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-07-18 12:54:39 -------- d-----w- C:\Windows\System32\appmgmt
2012-07-17 14:58:16 103272 ----a-w- C:\Users\rburns.PFG\GoToAssistDownloadHelper.exe
2012-07-16 17:39:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-13 13:24:06 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-12 07:03:25 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 18:27:54 -------- d-----w- C:\QUARANTINE
.
==================== Find3M ====================
.
2012-07-18 13:04:39 99056 ----a-w- C:\Windows\System32\MfeOtlkAddin.dll
2012-07-18 13:04:32 74848 ----a-w- C:\Windows\SysWow64\MfeOtlkAddin.dll
2012-07-18 13:04:32 22816 ----a-w- C:\Windows\SysWow64\MFEOtlk.dll
2012-07-16 17:39:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-21 20:10:36 60304 ----a-w- C:\Users\rburns.PFG\g2mdlhlpx.exe
.
============= FINISH: 11:06:29.30 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 PM

Posted 08 August 2012 - 11:33 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 09 August 2012 - 07:33 PM

Thanks Gringo.

I followed your instructions and ran Security Check. The log is below. I also downloaded Combofix, disabled my antivirus (McAfee) and ran it. Combofix told me there was a newer version available so I downloaded and ran it. A small window opened for maybe a minute or so, then disappeared. No errors were displayed and no log appeared. I have used Combofix before (another incident) and this is not the behavior I remember so I'm not sure if I did something wrong or something else interrupted the program. I did not attempt to run Combofix a second time because I know that can be problematic. I have not taken any further action. I will wait for your instructions.

Thanks


Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee VirusScan Enterprise
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 30
Java version out of Date!
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise mfeann.exe
McAfee VirusScan Enterprise SHSTAT.EXE
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 PM

Posted 10 August 2012 - 12:06 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 12 August 2012 - 08:05 AM

I ran TDSSKiller. Here is the report.


09:00:24.0229 11464 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:00:24.0577 11464 ============================================================
09:00:24.0577 11464 Current date / time: 2012/08/12 09:00:24.0577
09:00:24.0577 11464 SystemInfo:
09:00:24.0577 11464
09:00:24.0577 11464 OS Version: 6.1.7601 ServicePack: 1.0
09:00:24.0577 11464 Product type: Workstation
09:00:24.0577 11464 ComputerName: RBURNS
09:00:24.0578 11464 UserName: rburns
09:00:24.0578 11464 Windows directory: C:\Windows
09:00:24.0578 11464 System windows directory: C:\Windows
09:00:24.0578 11464 Running under WOW64
09:00:24.0578 11464 Processor architecture: Intel x64
09:00:24.0578 11464 Number of processors: 4
09:00:24.0578 11464 Page size: 0x1000
09:00:24.0578 11464 Boot type: Normal boot
09:00:24.0578 11464 ============================================================
09:00:25.0376 11464 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:00:25.0381 11464 ============================================================
09:00:25.0381 11464 \Device\Harddisk0\DR0:
09:00:25.0381 11464 MBR partitions:
09:00:25.0381 11464 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1B47000
09:00:25.0381 11464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B5B000, BlocksNum 0x3882A800
09:00:25.0381 11464 ============================================================
09:00:25.0415 11464 C: <-> \Device\Harddisk0\DR0\Partition1
09:00:25.0415 11464 ============================================================
09:00:25.0415 11464 Initialize success
09:00:25.0415 11464 ============================================================
09:00:31.0413 4676 ============================================================
09:00:31.0413 4676 Scan started
09:00:31.0413 4676 Mode: Manual;
09:00:31.0413 4676 ============================================================
09:00:32.0464 4676 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:00:32.0472 4676 1394ohci - ok
09:00:32.0508 4676 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:00:32.0512 4676 ACPI - ok
09:00:32.0533 4676 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:00:32.0534 4676 AcpiPmi - ok
09:00:32.0569 4676 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
09:00:32.0573 4676 adp94xx - ok
09:00:32.0601 4676 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
09:00:32.0604 4676 adpahci - ok
09:00:32.0632 4676 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
09:00:32.0642 4676 adpu320 - ok
09:00:32.0667 4676 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:00:32.0669 4676 AeLookupSvc - ok
09:00:32.0731 4676 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:00:32.0737 4676 AFD - ok
09:00:32.0753 4676 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:00:32.0754 4676 agp440 - ok
09:00:32.0775 4676 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:00:32.0776 4676 ALG - ok
09:00:32.0803 4676 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:00:32.0804 4676 aliide - ok
09:00:32.0841 4676 AMD External Events Utility (b9c8770f3061582da3f9ab39071dee37) C:\Windows\system32\atiesrxx.exe
09:00:32.0842 4676 AMD External Events Utility - ok
09:00:32.0850 4676 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:00:32.0851 4676 amdide - ok
09:00:32.0869 4676 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
09:00:32.0870 4676 AmdK8 - ok
09:00:33.0134 4676 amdkmdag (31d7999c389c7f1effd4b861b64ecaa9) C:\Windows\system32\DRIVERS\atikmdag.sys
09:00:33.0258 4676 amdkmdag - ok
09:00:33.0345 4676 amdkmdap (48e49cb63cb14e1a6ee80a14381213b0) C:\Windows\system32\DRIVERS\atikmpag.sys
09:00:33.0352 4676 amdkmdap - ok
09:00:33.0373 4676 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
09:00:33.0374 4676 AmdPPM - ok
09:00:33.0402 4676 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:00:33.0403 4676 amdsata - ok
09:00:33.0422 4676 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
09:00:33.0424 4676 amdsbs - ok
09:00:33.0435 4676 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:00:33.0436 4676 amdxata - ok
09:00:33.0473 4676 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:00:33.0474 4676 AppID - ok
09:00:33.0496 4676 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:00:33.0498 4676 AppIDSvc - ok
09:00:33.0507 4676 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:00:33.0509 4676 Appinfo - ok
09:00:33.0560 4676 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
09:00:33.0569 4676 AppMgmt - ok
09:00:33.0602 4676 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
09:00:33.0604 4676 arc - ok
09:00:33.0619 4676 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
09:00:33.0621 4676 arcsas - ok
09:00:33.0704 4676 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:00:33.0705 4676 aspnet_state - ok
09:00:33.0720 4676 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:00:33.0721 4676 AsyncMac - ok
09:00:33.0738 4676 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:00:33.0739 4676 atapi - ok
09:00:33.0811 4676 atashost (b2e6f39cf05a4e86400b913553939c65) C:\Windows\SysWOW64\atashost.exe
09:00:33.0812 4676 atashost - ok
09:00:33.0864 4676 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:00:33.0872 4676 AudioEndpointBuilder - ok
09:00:33.0876 4676 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:00:33.0879 4676 AudioSrv - ok
09:00:33.0941 4676 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:00:33.0943 4676 AxInstSV - ok
09:00:34.0126 4676 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
09:00:34.0137 4676 b06bdrv - ok
09:00:34.0165 4676 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:00:34.0172 4676 b57nd60a - ok
09:00:34.0258 4676 BBSvc (87f3bcf82a63e900af896cd930bf7e05) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
09:00:34.0261 4676 BBSvc - ok
09:00:34.0287 4676 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
09:00:34.0295 4676 BBUpdate - ok
09:00:34.0326 4676 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:00:34.0328 4676 BDESVC - ok
09:00:34.0348 4676 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:00:34.0349 4676 Beep - ok
09:00:34.0406 4676 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
09:00:34.0414 4676 BFE - ok
09:00:34.0431 4676 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:00:34.0433 4676 blbdrive - ok
09:00:34.0467 4676 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:00:34.0468 4676 bowser - ok
09:00:34.0477 4676 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
09:00:34.0478 4676 BrFiltLo - ok
09:00:34.0494 4676 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
09:00:34.0495 4676 BrFiltUp - ok
09:00:34.0515 4676 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:00:34.0517 4676 BridgeMP - ok
09:00:34.0536 4676 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:00:34.0538 4676 Browser - ok
09:00:34.0565 4676 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:00:34.0568 4676 Brserid - ok
09:00:34.0585 4676 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:00:34.0586 4676 BrSerWdm - ok
09:00:34.0595 4676 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:00:34.0595 4676 BrUsbMdm - ok
09:00:34.0604 4676 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:00:34.0605 4676 BrUsbSer - ok
09:00:34.0619 4676 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
09:00:34.0620 4676 BTHMODEM - ok
09:00:34.0650 4676 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:00:34.0652 4676 bthserv - ok
09:00:34.0672 4676 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:00:34.0674 4676 cdfs - ok
09:00:34.0704 4676 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:00:34.0705 4676 cdrom - ok
09:00:34.0732 4676 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:00:34.0734 4676 CertPropSvc - ok
09:00:34.0752 4676 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
09:00:34.0753 4676 circlass - ok
09:00:34.0783 4676 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:00:34.0787 4676 CLFS - ok
09:00:34.0851 4676 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:00:34.0852 4676 clr_optimization_v2.0.50727_32 - ok
09:00:34.0896 4676 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:00:34.0897 4676 clr_optimization_v2.0.50727_64 - ok
09:00:34.0945 4676 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:00:34.0946 4676 clr_optimization_v4.0.30319_32 - ok
09:00:34.0969 4676 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:00:34.0972 4676 clr_optimization_v4.0.30319_64 - ok
09:00:34.0993 4676 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
09:00:34.0994 4676 CmBatt - ok
09:00:35.0007 4676 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:00:35.0009 4676 cmdide - ok
09:00:35.0060 4676 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
09:00:35.0070 4676 CNG - ok
09:00:35.0159 4676 CnxtHdAudService (5c855932e4df00b1b6f5f6f57e82b6c5) C:\Windows\system32\drivers\CHDRT64.sys
09:00:35.0190 4676 CnxtHdAudService - ok
09:00:35.0292 4676 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
09:00:35.0292 4676 Compbatt - ok
09:00:35.0329 4676 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:00:35.0330 4676 CompositeBus - ok
09:00:35.0348 4676 COMSysApp - ok
09:00:35.0367 4676 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
09:00:35.0368 4676 crcdisk - ok
09:00:35.0404 4676 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
09:00:35.0407 4676 CryptSvc - ok
09:00:35.0446 4676 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
09:00:35.0452 4676 CSC - ok
09:00:35.0497 4676 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
09:00:35.0503 4676 CscService - ok
09:00:35.0549 4676 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:00:35.0554 4676 DcomLaunch - ok
09:00:35.0600 4676 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:00:35.0606 4676 defragsvc - ok
09:00:35.0656 4676 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:00:35.0658 4676 DfsC - ok
09:00:35.0691 4676 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:00:35.0697 4676 Dhcp - ok
09:00:35.0714 4676 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:00:35.0715 4676 discache - ok
09:00:35.0742 4676 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
09:00:35.0743 4676 Disk - ok
09:00:35.0775 4676 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
09:00:35.0776 4676 dmvsc - ok
09:00:35.0801 4676 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:00:35.0803 4676 Dnscache - ok
09:00:35.0821 4676 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:00:35.0830 4676 dot3svc - ok
09:00:35.0848 4676 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:00:35.0849 4676 DPS - ok
09:00:35.0870 4676 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:00:35.0871 4676 drmkaud - ok
09:00:35.0924 4676 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:00:35.0939 4676 DXGKrnl - ok
09:00:35.0956 4676 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:00:35.0958 4676 EapHost - ok
09:00:36.0079 4676 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
09:00:36.0120 4676 ebdrv - ok
09:00:36.0213 4676 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:00:36.0215 4676 EFS - ok
09:00:36.0278 4676 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:00:36.0283 4676 ehRecvr - ok
09:00:36.0298 4676 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:00:36.0299 4676 ehSched - ok
09:00:36.0360 4676 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
09:00:36.0369 4676 elxstor - ok
09:00:36.0380 4676 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:00:36.0381 4676 ErrDev - ok
09:00:36.0421 4676 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:00:36.0433 4676 EventSystem - ok
09:00:36.0472 4676 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:00:36.0481 4676 exfat - ok
09:00:36.0506 4676 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:00:36.0509 4676 fastfat - ok
09:00:36.0559 4676 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:00:36.0572 4676 Fax - ok
09:00:36.0601 4676 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
09:00:36.0602 4676 fdc - ok
09:00:36.0612 4676 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:00:36.0613 4676 fdPHost - ok
09:00:36.0627 4676 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:00:36.0629 4676 FDResPub - ok
09:00:36.0641 4676 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:00:36.0642 4676 FileInfo - ok
09:00:36.0650 4676 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:00:36.0650 4676 Filetrace - ok
09:00:36.0662 4676 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
09:00:36.0663 4676 flpydisk - ok
09:00:36.0699 4676 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:00:36.0703 4676 FltMgr - ok
09:00:36.0773 4676 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:00:36.0787 4676 FontCache - ok
09:00:36.0854 4676 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:00:36.0855 4676 FontCache3.0.0.0 - ok
09:00:36.0888 4676 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:00:36.0888 4676 FsDepends - ok
09:00:36.0916 4676 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
09:00:36.0917 4676 Fs_Rec - ok
09:00:36.0939 4676 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:00:36.0941 4676 fvevol - ok
09:00:36.0962 4676 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
09:00:36.0964 4676 gagp30kx - ok
09:00:37.0012 4676 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:00:37.0032 4676 gpsvc - ok
09:00:37.0043 4676 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:00:37.0044 4676 hcw85cir - ok
09:00:37.0066 4676 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:00:37.0069 4676 HDAudBus - ok
09:00:37.0083 4676 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
09:00:37.0084 4676 HidBatt - ok
09:00:37.0102 4676 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
09:00:37.0104 4676 HidBth - ok
09:00:37.0125 4676 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
09:00:37.0126 4676 HidIr - ok
09:00:37.0141 4676 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
09:00:37.0143 4676 hidserv - ok
09:00:37.0156 4676 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:00:37.0157 4676 HidUsb - ok
09:00:37.0171 4676 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:00:37.0172 4676 hkmsvc - ok
09:00:37.0202 4676 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:00:37.0210 4676 HomeGroupListener - ok
09:00:37.0241 4676 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:00:37.0250 4676 HomeGroupProvider - ok
09:00:37.0277 4676 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:00:37.0278 4676 HpSAMD - ok
09:00:37.0326 4676 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:00:37.0332 4676 HTTP - ok
09:00:37.0339 4676 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:00:37.0340 4676 hwpolicy - ok
09:00:37.0410 4676 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:00:37.0412 4676 i8042prt - ok
09:00:37.0451 4676 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:00:37.0464 4676 iaStorV - ok
09:00:37.0572 4676 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:00:37.0614 4676 idsvc - ok
09:00:37.0648 4676 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
09:00:37.0650 4676 iirsp - ok
09:00:37.0714 4676 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:00:37.0765 4676 IKEEXT - ok
09:00:37.0788 4676 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:00:37.0789 4676 intelide - ok
09:00:37.0811 4676 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:00:37.0812 4676 intelppm - ok
09:00:37.0825 4676 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:00:37.0826 4676 IPBusEnum - ok
09:00:37.0843 4676 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:00:37.0844 4676 IpFilterDriver - ok
09:00:37.0888 4676 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:00:37.0893 4676 iphlpsvc - ok
09:00:37.0908 4676 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:00:37.0909 4676 IPMIDRV - ok
09:00:37.0940 4676 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:00:37.0942 4676 IPNAT - ok
09:00:37.0963 4676 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:00:37.0964 4676 IRENUM - ok
09:00:37.0980 4676 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:00:37.0981 4676 isapnp - ok
09:00:38.0009 4676 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:00:38.0016 4676 iScsiPrt - ok
09:00:38.0079 4676 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
09:00:38.0081 4676 jhi_service - ok
09:00:38.0092 4676 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:00:38.0093 4676 kbdclass - ok
09:00:38.0120 4676 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
09:00:38.0121 4676 kbdhid - ok
09:00:38.0138 4676 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:00:38.0139 4676 KeyIso - ok
09:00:38.0166 4676 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
09:00:38.0168 4676 KSecDD - ok
09:00:38.0187 4676 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
09:00:38.0189 4676 KSecPkg - ok
09:00:38.0203 4676 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:00:38.0204 4676 ksthunk - ok
09:00:38.0235 4676 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:00:38.0248 4676 KtmRm - ok
09:00:38.0279 4676 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
09:00:38.0287 4676 LanmanServer - ok
09:00:38.0306 4676 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:00:38.0310 4676 LanmanWorkstation - ok
09:00:38.0344 4676 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:00:38.0345 4676 lltdio - ok
09:00:38.0384 4676 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:00:38.0390 4676 lltdsvc - ok
09:00:38.0404 4676 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:00:38.0405 4676 lmhosts - ok
09:00:38.0488 4676 LMS (5f5899711df18a02162b6d518c17b0d7) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:00:38.0491 4676 LMS - ok
09:00:38.0529 4676 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
09:00:38.0530 4676 LSI_FC - ok
09:00:38.0544 4676 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
09:00:38.0546 4676 LSI_SAS - ok
09:00:38.0564 4676 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
09:00:38.0565 4676 LSI_SAS2 - ok
09:00:38.0573 4676 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
09:00:38.0575 4676 LSI_SCSI - ok
09:00:38.0592 4676 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:00:38.0594 4676 luafv - ok
09:00:38.0625 4676 LxrSII1d (9db17b1dd76cf0fd0bb3da5f1da078c2) C:\Windows\System32\Drivers\LxrSII1d.sys
09:00:38.0627 4676 LxrSII1d - ok
09:00:38.0645 4676 LxrSII1s - ok
09:00:38.0779 4676 M4-Service (f1d72877fa97d617be70aefb3a30cd91) C:\Users\cmarks\AppData\Roaming\Mikogo 4\M4-Service.exe
09:00:38.0786 4676 M4-Service - ok
09:00:38.0858 4676 McAfeeFramework (062d80f13d762f7bc2f38430d60f5048) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
09:00:38.0859 4676 McAfeeFramework - ok
09:00:38.0948 4676 McShield (00315dc847778d65728197b63803b523) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
09:00:38.0950 4676 McShield - ok
09:00:39.0015 4676 McTaskManager (b15bb3aef59158b4e1dda5328c842713) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
09:00:39.0018 4676 McTaskManager - ok
09:00:39.0158 4676 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:00:39.0177 4676 Mcx2Svc - ok
09:00:39.0322 4676 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
09:00:39.0323 4676 megasas - ok
09:00:39.0359 4676 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
09:00:39.0366 4676 MegaSR - ok
09:00:39.0396 4676 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
09:00:39.0398 4676 MEIx64 - ok
09:00:39.0433 4676 mfeapfk (0d121a46e0148a3bc941fa3bb0269329) C:\Windows\system32\drivers\mfeapfk.sys
09:00:39.0434 4676 mfeapfk - ok
09:00:39.0469 4676 mfeavfk (93f251905c028809ffb49f95a63fcbc9) C:\Windows\system32\drivers\mfeavfk.sys
09:00:39.0471 4676 mfeavfk - ok
09:00:39.0487 4676 mfeavfk01 - ok
09:00:39.0524 4676 mfehidk (a282a937127ea7b15eb85559e59ae576) C:\Windows\system32\drivers\mfehidk.sys
09:00:39.0529 4676 mfehidk - ok
09:00:39.0548 4676 mferkdet (04d7e0e2a48730a1c535837f105e6352) C:\Windows\system32\drivers\mferkdet.sys
09:00:39.0549 4676 mferkdet - ok
09:00:39.0585 4676 mfevtp (45f1580c7c9f49a68b72ef2ccefef3a3) C:\Windows\system32\mfevtps.exe
09:00:39.0588 4676 mfevtp - ok
09:00:39.0613 4676 mfewfpk (325dd1031cfd71bd4d8afdb1faaf3bea) C:\Windows\system32\drivers\mfewfpk.sys
09:00:39.0616 4676 mfewfpk - ok
09:00:39.0638 4676 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:00:39.0639 4676 MMCSS - ok
09:00:39.0667 4676 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:00:39.0668 4676 Modem - ok
09:00:39.0690 4676 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:00:39.0691 4676 monitor - ok
09:00:39.0722 4676 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:00:39.0723 4676 mouclass - ok
09:00:39.0747 4676 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:00:39.0748 4676 mouhid - ok
09:00:39.0780 4676 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:00:39.0781 4676 mountmgr - ok
09:00:39.0803 4676 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:00:39.0806 4676 mpio - ok
09:00:39.0819 4676 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:00:39.0820 4676 mpsdrv - ok
09:00:39.0836 4676 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:00:39.0838 4676 MRxDAV - ok
09:00:39.0857 4676 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:00:39.0858 4676 mrxsmb - ok
09:00:39.0876 4676 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:00:39.0879 4676 mrxsmb10 - ok
09:00:39.0895 4676 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:00:39.0896 4676 mrxsmb20 - ok
09:00:39.0916 4676 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:00:39.0917 4676 msahci - ok
09:00:39.0933 4676 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:00:39.0934 4676 msdsm - ok
09:00:39.0957 4676 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:00:39.0960 4676 MSDTC - ok
09:00:39.0980 4676 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:00:39.0981 4676 Msfs - ok
09:00:40.0002 4676 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:00:40.0003 4676 mshidkmdf - ok
09:00:40.0023 4676 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:00:40.0024 4676 msisadrv - ok
09:00:40.0052 4676 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:00:40.0054 4676 MSiSCSI - ok
09:00:40.0057 4676 msiserver - ok
09:00:40.0081 4676 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:00:40.0082 4676 MSKSSRV - ok
09:00:40.0092 4676 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:00:40.0093 4676 MSPCLOCK - ok
09:00:40.0097 4676 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:00:40.0098 4676 MSPQM - ok
09:00:40.0128 4676 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:00:40.0133 4676 MsRPC - ok
09:00:40.0149 4676 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
09:00:40.0150 4676 mssmbios - ok
09:00:40.0163 4676 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:00:40.0163 4676 MSTEE - ok
09:00:40.0174 4676 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
09:00:40.0175 4676 MTConfig - ok
09:00:40.0193 4676 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:00:40.0195 4676 Mup - ok
09:00:40.0239 4676 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:00:40.0250 4676 napagent - ok
09:00:40.0293 4676 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:00:40.0299 4676 NativeWifiP - ok
09:00:40.0369 4676 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
09:00:40.0380 4676 NDIS - ok
09:00:40.0392 4676 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:00:40.0393 4676 NdisCap - ok
09:00:40.0412 4676 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:00:40.0413 4676 NdisTapi - ok
09:00:40.0434 4676 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:00:40.0435 4676 Ndisuio - ok
09:00:40.0459 4676 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:00:40.0462 4676 NdisWan - ok
09:00:40.0472 4676 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:00:40.0474 4676 NDProxy - ok
09:00:40.0485 4676 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:00:40.0487 4676 NetBIOS - ok
09:00:40.0511 4676 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:00:40.0513 4676 NetBT - ok
09:00:40.0538 4676 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:00:40.0539 4676 Netlogon - ok
09:00:40.0588 4676 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:00:40.0602 4676 Netman - ok
09:00:40.0686 4676 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:00:40.0688 4676 NetMsmqActivator - ok
09:00:40.0692 4676 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:00:40.0694 4676 NetPipeActivator - ok
09:00:40.0723 4676 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:00:40.0734 4676 netprofm - ok
09:00:40.0739 4676 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:00:40.0740 4676 NetTcpActivator - ok
09:00:40.0743 4676 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:00:40.0745 4676 NetTcpPortSharing - ok
09:00:40.0791 4676 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
09:00:40.0792 4676 netvsc - ok
09:00:40.0815 4676 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
09:00:40.0816 4676 nfrd960 - ok
09:00:40.0851 4676 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:00:40.0857 4676 NlaSvc - ok
09:00:40.0870 4676 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:00:40.0870 4676 Npfs - ok
09:00:40.0877 4676 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:00:40.0878 4676 nsi - ok
09:00:40.0887 4676 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:00:40.0887 4676 nsiproxy - ok
09:00:40.0982 4676 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:00:41.0013 4676 Ntfs - ok
09:00:41.0095 4676 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:00:41.0095 4676 Null - ok
09:00:41.0127 4676 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:00:41.0129 4676 nvraid - ok
09:00:41.0151 4676 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:00:41.0153 4676 nvstor - ok
09:00:41.0183 4676 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:00:41.0186 4676 nv_agp - ok
09:00:41.0205 4676 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:00:41.0206 4676 ohci1394 - ok
09:00:41.0280 4676 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:00:41.0283 4676 ose - ok
09:00:41.0486 4676 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:00:41.0575 4676 osppsvc - ok
09:00:41.0685 4676 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:00:41.0688 4676 p2pimsvc - ok
09:00:41.0735 4676 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:00:41.0748 4676 p2psvc - ok
09:00:41.0788 4676 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
09:00:41.0790 4676 Parport - ok
09:00:41.0817 4676 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
09:00:41.0818 4676 partmgr - ok
09:00:41.0837 4676 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:00:41.0839 4676 PcaSvc - ok
09:00:41.0870 4676 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:00:41.0871 4676 pci - ok
09:00:41.0887 4676 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:00:41.0888 4676 pciide - ok
09:00:41.0906 4676 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
09:00:41.0907 4676 pcmcia - ok
09:00:41.0922 4676 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:00:41.0923 4676 pcw - ok
09:00:41.0963 4676 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:00:41.0979 4676 PEAUTH - ok
09:00:42.0059 4676 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
09:00:42.0076 4676 PeerDistSvc - ok
09:00:42.0134 4676 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:00:42.0136 4676 PerfHost - ok
09:00:42.0261 4676 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:00:42.0283 4676 pla - ok
09:00:42.0348 4676 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:00:42.0361 4676 PlugPlay - ok
09:00:42.0370 4676 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:00:42.0372 4676 PNRPAutoReg - ok
09:00:42.0401 4676 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:00:42.0404 4676 PNRPsvc - ok
09:00:42.0442 4676 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:00:42.0453 4676 PolicyAgent - ok
09:00:42.0490 4676 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
09:00:42.0493 4676 Power - ok
09:00:42.0556 4676 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:00:42.0558 4676 PptpMiniport - ok
09:00:42.0576 4676 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
09:00:42.0578 4676 Processor - ok
09:00:42.0622 4676 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
09:00:42.0632 4676 ProfSvc - ok
09:00:42.0654 4676 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:00:42.0655 4676 ProtectedStorage - ok
09:00:42.0672 4676 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:00:42.0674 4676 Psched - ok
09:00:42.0713 4676 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
09:00:42.0714 4676 PxHlpa64 - ok
09:00:42.0805 4676 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
09:00:42.0826 4676 ql2300 - ok
09:00:42.0910 4676 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
09:00:42.0911 4676 ql40xx - ok
09:00:42.0941 4676 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:00:42.0945 4676 QWAVE - ok
09:00:42.0960 4676 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:00:42.0961 4676 QWAVEdrv - ok
09:00:42.0974 4676 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:00:42.0975 4676 RasAcd - ok
09:00:43.0004 4676 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:00:43.0005 4676 RasAgileVpn - ok
09:00:43.0017 4676 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:00:43.0020 4676 RasAuto - ok
09:00:43.0039 4676 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:00:43.0041 4676 Rasl2tp - ok
09:00:43.0080 4676 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:00:43.0094 4676 RasMan - ok
09:00:43.0112 4676 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:00:43.0114 4676 RasPppoe - ok
09:00:43.0143 4676 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:00:43.0145 4676 RasSstp - ok
09:00:43.0167 4676 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:00:43.0171 4676 rdbss - ok
09:00:43.0183 4676 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:00:43.0184 4676 rdpbus - ok
09:00:43.0196 4676 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:00:43.0197 4676 RDPCDD - ok
09:00:43.0235 4676 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
09:00:43.0237 4676 RDPDR - ok
09:00:43.0249 4676 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:00:43.0249 4676 RDPENCDD - ok
09:00:43.0265 4676 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:00:43.0266 4676 RDPREFMP - ok
09:00:43.0302 4676 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
09:00:43.0310 4676 RDPWD - ok
09:00:43.0348 4676 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:00:43.0351 4676 rdyboost - ok
09:00:43.0376 4676 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:00:43.0378 4676 RemoteAccess - ok
09:00:43.0408 4676 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:00:43.0412 4676 RemoteRegistry - ok
09:00:43.0546 4676 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
09:00:43.0592 4676 RoxMediaDB12OEM - ok
09:00:43.0626 4676 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
09:00:43.0628 4676 RoxWatch12 - ok
09:00:43.0719 4676 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:00:43.0721 4676 RpcEptMapper - ok
09:00:43.0747 4676 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:00:43.0748 4676 RpcLocator - ok
09:00:43.0783 4676 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:00:43.0788 4676 RpcSs - ok
09:00:43.0836 4676 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:00:43.0837 4676 rspndr - ok
09:00:43.0890 4676 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:00:43.0896 4676 RTL8167 - ok
09:00:43.0919 4676 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
09:00:43.0920 4676 s3cap - ok
09:00:43.0937 4676 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:00:43.0938 4676 SamSs - ok
09:00:43.0956 4676 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:00:43.0957 4676 sbp2port - ok
09:00:43.0981 4676 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:00:43.0990 4676 SCardSvr - ok
09:00:44.0015 4676 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:00:44.0016 4676 scfilter - ok
09:00:44.0069 4676 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:00:44.0091 4676 Schedule - ok
09:00:44.0115 4676 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:00:44.0116 4676 SCPolicySvc - ok
09:00:44.0137 4676 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:00:44.0141 4676 SDRSVC - ok
09:00:44.0177 4676 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:00:44.0179 4676 secdrv - ok
09:00:44.0186 4676 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:00:44.0188 4676 seclogon - ok
09:00:44.0212 4676 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
09:00:44.0213 4676 SENS - ok
09:00:44.0221 4676 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:00:44.0223 4676 SensrSvc - ok
09:00:44.0260 4676 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:00:44.0261 4676 Serenum - ok
09:00:44.0274 4676 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:00:44.0276 4676 Serial - ok
09:00:44.0341 4676 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
09:00:44.0341 4676 sermouse - ok
09:00:44.0373 4676 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:00:44.0376 4676 SessionEnv - ok
09:00:44.0387 4676 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:00:44.0389 4676 sffdisk - ok
09:00:44.0397 4676 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:00:44.0398 4676 sffp_mmc - ok
09:00:44.0408 4676 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:00:44.0409 4676 sffp_sd - ok
09:00:44.0422 4676 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
09:00:44.0423 4676 sfloppy - ok
09:00:44.0459 4676 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:00:44.0472 4676 ShellHWDetection - ok
09:00:44.0489 4676 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
09:00:44.0491 4676 SiSRaid2 - ok
09:00:44.0504 4676 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
09:00:44.0505 4676 SiSRaid4 - ok
09:00:44.0534 4676 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:00:44.0535 4676 Smb - ok
09:00:44.0563 4676 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:00:44.0565 4676 SNMPTRAP - ok
09:00:44.0576 4676 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:00:44.0576 4676 spldr - ok
09:00:44.0613 4676 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:00:44.0629 4676 Spooler - ok
09:00:44.0755 4676 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:00:44.0801 4676 sppsvc - ok
09:00:44.0866 4676 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:00:44.0867 4676 sppuinotify - ok
09:00:44.0916 4676 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:00:44.0922 4676 srv - ok
09:00:44.0951 4676 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:00:44.0955 4676 srv2 - ok
09:00:44.0978 4676 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:00:44.0980 4676 srvnet - ok
09:00:45.0020 4676 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:00:45.0029 4676 SSDPSRV - ok
09:00:45.0040 4676 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:00:45.0043 4676 SstpSvc - ok
09:00:45.0062 4676 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
09:00:45.0064 4676 stexstor - ok
09:00:45.0104 4676 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:00:45.0120 4676 stisvc - ok
09:00:45.0200 4676 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
09:00:45.0202 4676 stllssvr - ok
09:00:45.0226 4676 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
09:00:45.0228 4676 StorSvc - ok
09:00:45.0262 4676 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
09:00:45.0263 4676 storvsc - ok
09:00:45.0280 4676 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
09:00:45.0280 4676 swenum - ok
09:00:45.0334 4676 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:00:45.0343 4676 swprv - ok
09:00:45.0358 4676 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
09:00:45.0358 4676 SynthVid - ok
09:00:45.0433 4676 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:00:45.0462 4676 SysMain - ok
09:00:45.0556 4676 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:00:45.0559 4676 TabletInputService - ok
09:00:45.0581 4676 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:00:45.0588 4676 TapiSrv - ok
09:00:45.0607 4676 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:00:45.0609 4676 TBS - ok
09:00:45.0715 4676 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
09:00:45.0744 4676 Tcpip - ok
09:00:45.0858 4676 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
09:00:45.0866 4676 TCPIP6 - ok
09:00:45.0926 4676 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:00:45.0927 4676 tcpipreg - ok
09:00:45.0940 4676 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:00:45.0941 4676 TDPIPE - ok
09:00:45.0964 4676 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
09:00:45.0965 4676 TDTCP - ok
09:00:45.0986 4676 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:00:45.0988 4676 tdx - ok
09:00:46.0015 4676 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
09:00:46.0017 4676 TermDD - ok
09:00:46.0063 4676 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:00:46.0077 4676 TermService - ok
09:00:46.0088 4676 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:00:46.0089 4676 Themes - ok
09:00:46.0112 4676 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:00:46.0114 4676 THREADORDER - ok
09:00:46.0146 4676 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:00:46.0149 4676 TrkWks - ok
09:00:46.0202 4676 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:00:46.0204 4676 TrustedInstaller - ok
09:00:46.0234 4676 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:00:46.0235 4676 tssecsrv - ok
09:00:46.0268 4676 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:00:46.0270 4676 TsUsbFlt - ok
09:00:46.0285 4676 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
09:00:46.0286 4676 TsUsbGD - ok
09:00:46.0320 4676 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:00:46.0322 4676 tunnel - ok
09:00:46.0335 4676 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
09:00:46.0337 4676 uagp35 - ok
09:00:46.0368 4676 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:00:46.0372 4676 udfs - ok
09:00:46.0409 4676 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:00:46.0411 4676 UI0Detect - ok
09:00:46.0431 4676 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:00:46.0433 4676 uliagpkx - ok
09:00:46.0455 4676 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
09:00:46.0456 4676 umbus - ok
09:00:46.0481 4676 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
09:00:46.0483 4676 UmPass - ok
09:00:46.0520 4676 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
09:00:46.0529 4676 UmRdpService - ok
09:00:46.0690 4676 UNS (f7a1f83f28b125aa3737bc06eabb0cd5) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:00:46.0735 4676 UNS - ok
09:00:46.0822 4676 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:00:46.0828 4676 upnphost - ok
09:00:46.0872 4676 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\drivers\usbccgp.sys
09:00:46.0873 4676 usbccgp - ok
09:00:46.0899 4676 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:00:46.0899 4676 usbcir - ok
09:00:46.0911 4676 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:00:46.0912 4676 usbehci - ok
09:00:46.0954 4676 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
09:00:46.0968 4676 usbhub - ok
09:00:46.0996 4676 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:00:46.0997 4676 usbohci - ok
09:00:47.0011 4676 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
09:00:47.0012 4676 usbprint - ok
09:00:47.0032 4676 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:00:47.0034 4676 USBSTOR - ok
09:00:47.0057 4676 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:00:47.0058 4676 usbuhci - ok
09:00:47.0081 4676 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:00:47.0083 4676 UxSms - ok
09:00:47.0104 4676 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:00:47.0105 4676 VaultSvc - ok
09:00:47.0129 4676 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:00:47.0130 4676 vdrvroot - ok
09:00:47.0167 4676 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:00:47.0184 4676 vds - ok
09:00:47.0198 4676 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:00:47.0199 4676 vga - ok
09:00:47.0218 4676 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:00:47.0219 4676 VgaSave - ok
09:00:47.0241 4676 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:00:47.0243 4676 vhdmp - ok
09:00:47.0259 4676 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:00:47.0260 4676 viaide - ok
09:00:47.0277 4676 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
09:00:47.0278 4676 VMBusHID - ok
09:00:47.0297 4676 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:00:47.0299 4676 volmgr - ok
09:00:47.0327 4676 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:00:47.0332 4676 volmgrx - ok
09:00:47.0358 4676 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:00:47.0362 4676 volsnap - ok
09:00:47.0399 4676 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
09:00:47.0402 4676 vsmraid - ok
09:00:47.0489 4676 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:00:47.0520 4676 VSS - ok
09:00:47.0623 4676 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
09:00:47.0625 4676 vwifibus - ok
09:00:47.0675 4676 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:00:47.0689 4676 W32Time - ok
09:00:47.0702 4676 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
09:00:47.0704 4676 WacomPen - ok
09:00:47.0737 4676 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:00:47.0739 4676 WANARP - ok
09:00:47.0743 4676 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:00:47.0744 4676 Wanarpv6 - ok
09:00:47.0818 4676 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:00:47.0837 4676 WatAdminSvc - ok
09:00:47.0901 4676 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:00:47.0926 4676 wbengine - ok
09:00:48.0015 4676 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:00:48.0024 4676 WbioSrvc - ok
09:00:48.0051 4676 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:00:48.0064 4676 wcncsvc - ok
09:00:48.0076 4676 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:00:48.0079 4676 WcsPlugInService - ok
09:00:48.0111 4676 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
09:00:48.0112 4676 Wd - ok
09:00:48.0153 4676 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:00:48.0158 4676 Wdf01000 - ok
09:00:48.0175 4676 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:00:48.0178 4676 WdiServiceHost - ok
09:00:48.0180 4676 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:00:48.0181 4676 WdiSystemHost - ok
09:00:48.0201 4676 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:00:48.0204 4676 WebClient - ok
09:00:48.0224 4676 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:00:48.0231 4676 Wecsvc - ok
09:00:48.0246 4676 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:00:48.0249 4676 wercplsupport - ok
09:00:48.0274 4676 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:00:48.0277 4676 WerSvc - ok
09:00:48.0332 4676 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:00:48.0333 4676 WfpLwf - ok
09:00:48.0349 4676 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:00:48.0350 4676 WIMMount - ok
09:00:48.0385 4676 WinDefend - ok
09:00:48.0395 4676 WinHttpAutoProxySvc - ok
09:00:48.0461 4676 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:00:48.0469 4676 Winmgmt - ok
09:00:48.0563 4676 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:00:48.0591 4676 WinRM - ok
09:00:48.0708 4676 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:00:48.0709 4676 WinUsb - ok
09:00:48.0776 4676 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:00:48.0792 4676 Wlansvc - ok
09:00:48.0851 4676 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:00:48.0851 4676 wlcrasvc - ok
09:00:48.0974 4676 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:00:49.0006 4676 wlidsvc - ok
09:00:49.0092 4676 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:00:49.0093 4676 WmiAcpi - ok
09:00:49.0162 4676 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:00:49.0164 4676 wmiApSrv - ok
09:00:49.0191 4676 WMPNetworkSvc - ok
09:00:49.0214 4676 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:00:49.0216 4676 WPCSvc - ok
09:00:49.0234 4676 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:00:49.0237 4676 WPDBusEnum - ok
09:00:49.0252 4676 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:00:49.0253 4676 ws2ifsl - ok
09:00:49.0285 4676 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
09:00:49.0288 4676 wscsvc - ok
09:00:49.0293 4676 WSearch - ok
09:00:49.0587 4676 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
09:00:49.0626 4676 wuauserv - ok
09:00:49.0731 4676 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:00:49.0733 4676 WudfPf - ok
09:00:49.0769 4676 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:00:49.0772 4676 WUDFRd - ok
09:00:49.0797 4676 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:00:49.0799 4676 wudfsvc - ok
09:00:49.0814 4676 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:00:49.0823 4676 WwanSvc - ok
09:00:49.0849 4676 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:00:50.0015 4676 \Device\Harddisk0\DR0 - ok
09:00:50.0018 4676 Boot (0x1200) (a6e20c18d3107d616252dedfae8e08d8) \Device\Harddisk0\DR0\Partition0
09:00:50.0019 4676 \Device\Harddisk0\DR0\Partition0 - ok
09:00:50.0036 4676 Boot (0x1200) (fc98bb9b8978082cfec966be138a5b05) \Device\Harddisk0\DR0\Partition1
09:00:50.0037 4676 \Device\Harddisk0\DR0\Partition1 - ok
09:00:50.0038 4676 ============================================================
09:00:50.0038 4676 Scan finished
09:00:50.0038 4676 ============================================================
09:00:50.0046 8672 Detected object count: 0
09:00:50.0046 8672 Actual detected object count: 0

I ran aswMBR as instructed. Here is the log.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-12 09:04:17
-----------------------------
09:04:17.050 OS Version: Windows x64 6.1.7601 Service Pack 1
09:04:17.051 Number of processors: 4 586 0x2A07
09:04:17.052 ComputerName: RBURNS UserName: rburns
09:04:17.794 Initialize success
09:05:12.959 AVAST engine defs: 12081200
09:07:02.697 The log file has been saved successfully to "C:\Users\rburns.PFG\Desktop\Ron's Stuff\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 PM

Posted 12 August 2012 - 12:22 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 13 August 2012 - 12:44 PM

Here are the logs you requested -

Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 13-08-2012 13:38:22
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-02-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey [161088 2011-01-12] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [215360 2011-01-12] (McAfee, Inc.)
HKU\cmarks\...\Run: [Mikogo] "C:\Users\cmarks\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp [5310328 2012-01-16] ()
HKU\rburns\...\Run: [Google Update] "C:\Users\rburns\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-28] (Google Inc.)
HKU\rburns.PFG\...\Run: [Google Update] "C:\Users\rburns.PFG\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-26] (Google Inc.)
HKLM\...\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Tcpip\..\Interfaces\{DD0AA667-2C08-411F-9030-E20E94916B0D}: [NameServer]172.16.1.2

==================== Services (Whitelisted) ======

2 atashost; "C:\Windows\SysWOW64\atashost.exe" [43912 2012-03-02] (WebEx Communications, Inc.)
2 LxrSII1s; C:\Windows\SysWow64\LxrSII1s.exe [65536 2009-12-30] (Lexar Media, Inc.)
2 M4-Service; C:\Users\cmarks\AppData\Roaming\Mikogo 4\M4-Service.exe [1007472 2012-01-16] ()
2 McAfeeFramework; "C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [120128 2011-01-12] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [190256 2012-07-18] (McAfee, Inc.)
2 McTaskManager; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe" [209760 2011-01-12] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [156248 2012-07-18] (McAfee, Inc.)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2010-11-08] (MicroVision Development, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-03] (Intel Corporation)

========================== Drivers (Whitelisted) =============

2 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63064 2009-12-30] (Lexar Media, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [153952 2012-07-18] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [217696 2012-07-18] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [607152 2012-07-18] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [97960 2012-07-18] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [281544 2012-07-18] (McAfee, Inc.)
3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-13 13:38 - 2012-08-13 13:38 - 00000000 ____D C:\FRST
2012-08-09 16:22 - 2012-08-09 16:23 - 00000000 ___SD C:\32788R22FWJFW
2012-08-09 16:22 - 2012-08-09 16:23 - 00000000 ____D C:\Windows\erdnt
2012-08-09 16:22 - 2012-08-09 16:23 - 00000000 ____D C:\Qoobox
2012-08-09 16:19 - 2012-08-09 16:37 - 00001998 ___AH C:\Users\rburns.PFG\Documents\Default.rdp
2012-08-07 12:57 - 2012-08-07 12:57 - 00060161 ____A C:\Users\rburns.PFG\Documents\export.csv
2012-08-07 12:57 - 2012-08-07 12:57 - 00060161 ____A C:\Users\rburns.PFG\Documents\354654.csv
2012-08-07 06:57 - 2012-08-07 06:57 - 00000000 ____A C:\Users\rburns.PFG\defogger_reenable
2012-08-07 06:01 - 2012-08-13 04:02 - 00000000 ____D C:\Users\rburns.PFG\Desktop\Ron's Stuff
2012-08-07 06:00 - 2012-08-07 06:00 - 00000000 ____D C:\Program Files (x86)\ESET
2012-07-31 13:20 - 2012-07-31 13:20 - 00031744 ____A C:\Users\rburns.PFG\Documents\Copy of pfg pws1.xlsx
2012-07-18 05:20 - 2012-07-18 05:20 - 00000044 ___RH C:\Users\rburns.PFG\Desktop\stinger.opt
2012-07-18 05:17 - 2012-07-18 05:17 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys
2012-07-18 05:16 - 2012-07-18 05:20 - 00000000 ____D C:\Program Files (x86)\stinger
2012-07-18 05:04 - 2012-07-18 05:04 - 00607152 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys
2012-07-18 05:04 - 2012-07-18 05:04 - 00281544 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
2012-07-18 05:04 - 2012-07-18 05:04 - 00217696 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2012-07-18 05:04 - 2012-07-18 05:04 - 00156248 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-07-18 05:04 - 2012-07-18 05:04 - 00153952 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeapfk.sys
2012-07-18 05:04 - 2012-07-18 05:04 - 00097960 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2012-07-18 05:04 - 2012-07-18 05:04 - 00009984 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2012-07-18 04:54 - 2012-07-18 04:54 - 00000000 ____D C:\Windows\System32\appmgmt
2012-07-18 04:46 - 2012-07-18 04:46 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-17 06:58 - 2012-07-17 06:58 - 00103272 ____A C:\Users\rburns.PFG\GoToAssistDownloadHelper.exe
2012-07-16 09:39 - 2012-07-16 09:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-14 06:05 - 2012-07-14 06:05 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3329322679-3563755524-2417107736-1148Core1cd61c9c9e251a6.job

============ 3 Months Modified Files ========================

2012-08-13 09:19 - 2011-12-19 22:43 - 01218663 ____A C:\Windows\WindowsUpdate.log
2012-08-13 09:19 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-13 09:19 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-13 09:01 - 2012-01-17 09:30 - 00000112 ____A C:\Windows\System32\config\netlogon.ftl
2012-08-13 05:26 - 2009-07-13 21:13 - 00793544 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-13 05:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-13 05:20 - 2009-07-13 20:51 - 00038066 ____A C:\Windows\setupact.log
2012-08-09 16:37 - 2012-08-09 16:19 - 00001998 ___AH C:\Users\rburns.PFG\Documents\Default.rdp
2012-08-07 12:59 - 2012-03-26 04:15 - 00002442 ____A C:\Users\rburns.PFG\Desktop\Redtail.lnk
2012-08-07 12:57 - 2012-08-07 12:57 - 00060161 ____A C:\Users\rburns.PFG\Documents\export.csv
2012-08-07 12:57 - 2012-08-07 12:57 - 00060161 ____A C:\Users\rburns.PFG\Documents\354654.csv
2012-08-07 07:41 - 2012-01-17 10:03 - 00001986 ____A C:\Windows\System32\ricdb.ini
2012-08-07 06:57 - 2012-08-07 06:57 - 00000000 ____A C:\Users\rburns.PFG\defogger_reenable
2012-07-31 13:20 - 2012-07-31 13:20 - 00031744 ____A C:\Users\rburns.PFG\Documents\Copy of pfg pws1.xlsx
2012-07-18 05:20 - 2012-07-18 05:20 - 00000044 ___RH C:\Users\rburns.PFG\Desktop\stinger.opt
2012-07-18 05:17 - 2012-07-18 05:17 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys
2012-07-18 05:04 - 2012-07-18 05:04 - 00607152 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys
2012-07-18 05:04 - 2012-07-18 05:04 - 00281544 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
2012-07-18 05:04 - 2012-07-18 05:04 - 00217696 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2012-07-18 05:04 - 2012-07-18 05:04 - 00156248 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-07-18 05:04 - 2012-07-18 05:04 - 00153952 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeapfk.sys
2012-07-18 05:04 - 2012-07-18 05:04 - 00097960 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2012-07-18 05:04 - 2012-07-18 05:04 - 00009984 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2012-07-18 05:04 - 2012-01-17 09:49 - 00099056 ____A (McAfee, Inc.) C:\Windows\System32\MfeOtlkAddin.dll
2012-07-18 05:04 - 2012-01-17 09:49 - 00074848 ____A (McAfee, Inc.) C:\Windows\SysWOW64\MfeOtlkAddin.dll
2012-07-18 05:04 - 2012-01-17 09:49 - 00022816 ____A (McAfee, Inc.) C:\Windows\SysWOW64\MFEOtlk.dll
2012-07-18 04:46 - 2012-07-18 04:46 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-17 06:58 - 2012-07-17 06:58 - 00103272 ____A C:\Users\rburns.PFG\GoToAssistDownloadHelper.exe
2012-07-16 09:39 - 2012-07-16 09:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-16 09:39 - 2011-12-19 22:45 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-14 06:05 - 2012-07-14 06:05 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3329322679-3563755524-2417107736-1148Core1cd61c9c9e251a6.job
2012-07-11 23:20 - 2009-07-13 20:45 - 00467960 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 23:01 - 2012-01-17 10:30 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 05:11 - 2012-07-11 05:11 - 00007169 ____A C:\Users\rburns.PFG\Downloads\1162332012711694.xls
2012-07-03 09:46 - 2012-01-17 09:55 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 05:02 - 2012-07-02 04:52 - 00030720 ____A C:\Users\rburns.PFG\Downloads\11623320127255053.xls
2012-06-27 07:56 - 2012-06-27 07:56 - 00000937 ____A C:\Users\rburns.PFG\Desktop\join.me.lnk
2012-06-25 04:11 - 2012-06-25 04:10 - 00002143 ____A C:\Users\rburns.PFG\Desktop\Hillary_Trades to Place.xlsx.lnk
2012-06-22 10:12 - 2012-06-22 10:12 - 00076289 ____A C:\Users\rburns.PFG\Downloads\1162332012622111029.xls
2012-06-19 07:35 - 2012-01-17 09:31 - 00003972 _RASH C:\Users\All Users\ntuser.pol
2012-06-15 05:04 - 2012-06-15 05:03 - 00025552 ____A C:\Users\rburns.PFG\Downloads\report_R16tvbh1kh16_22.xls
2012-06-13 12:48 - 2012-06-13 12:48 - 00015873 ____A C:\Users\rburns.PFG\Downloads\1162332012613134611.xls
2012-06-13 11:20 - 2012-06-13 11:20 - 00022529 ____A C:\Users\rburns.PFG\Downloads\1162332012613121859.xls
2012-06-13 11:15 - 2012-06-13 11:15 - 00048129 ____A C:\Users\rburns.PFG\Downloads\1162332012613121334.xls
2012-06-11 19:08 - 2012-07-11 23:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-11 03:30 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 03:30 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 08:34 - 2012-06-07 08:33 - 00002143 ____A C:\Users\rburns.PFG\Desktop\Rebecca_Trades to Place.xlsx.lnk
2012-06-05 22:06 - 2012-07-11 03:30 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 03:30 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 03:30 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 03:30 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 03:30 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 03:30 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 07:02 - 2012-06-04 07:02 - 00085505 ____A C:\Users\rburns.PFG\Downloads\1162332012648111.xls
2012-06-02 14:19 - 2012-06-20 17:48 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 17:48 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 17:48 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 17:48 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 17:48 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-20 17:48 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-20 17:48 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-20 17:48 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-20 17:48 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 23:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 23:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 23:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 23:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 23:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 23:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 23:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 23:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 23:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 23:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 23:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 23:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 23:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 23:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 23:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 23:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 23:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 23:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 23:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 23:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 23:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 23:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 23:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 23:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-11 03:30 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 03:30 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 03:30 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 03:30 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 03:30 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 03:30 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 03:30 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 03:30 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 03:30 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 09:36 - 2012-06-01 09:36 - 00058881 ____A C:\Users\rburns.PFG\Downloads\116233201261103515.xls
2012-06-01 04:54 - 2012-06-01 04:49 - 00038400 ____A C:\Users\rburns.PFG\Downloads\11623320126154824.xls
2012-05-31 09:05 - 2012-05-31 09:05 - 00082433 ____A C:\Users\rburns.PFG\Downloads\116233201253110455.xls
2012-05-31 08:07 - 2012-05-31 08:07 - 00014849 ____A C:\Users\rburns.PFG\Downloads\11623320125319644.xls
2012-05-31 08:03 - 2012-05-31 08:03 - 00072705 ____A C:\Users\rburns.PFG\Downloads\11623320125319225.xls
2012-05-31 08:02 - 2012-05-31 08:02 - 00072193 ____A C:\Users\rburns.PFG\Downloads\11623320125319140.xls
2012-05-31 08:01 - 2012-05-31 08:01 - 00060417 ____A C:\Users\rburns.PFG\Downloads\11623320125319052.xls
2012-05-31 08:00 - 2012-05-31 08:00 - 00017409 ____A C:\Users\rburns.PFG\Downloads\116233201253185946.xls
2012-05-31 07:49 - 2012-05-31 07:49 - 00017409 ____A C:\Users\rburns.PFG\Downloads\116233201253184827.xls
2012-05-31 07:47 - 2012-05-31 07:47 - 00017409 ____A C:\Users\rburns.PFG\Downloads\116233201253184653.xls
2012-05-31 07:44 - 2012-05-31 07:44 - 00017409 ____A C:\Users\rburns.PFG\Downloads\116233201253184349.xls
2012-05-31 07:36 - 2012-05-31 07:36 - 00017409 ____A C:\Users\rburns.PFG\Downloads\116233201253183555.xls
2012-05-31 07:34 - 2012-05-31 07:34 - 00019969 ____A C:\Users\rburns.PFG\Downloads\11623320125318338.xls
2012-05-31 07:33 - 2012-05-31 07:33 - 00060417 ____A C:\Users\rburns.PFG\Downloads\11623320125318322.xls
2012-05-21 12:10 - 2012-05-21 12:10 - 00060304 ____A C:\Users\rburns.PFG\g2mdlhlpx.exe
2012-05-16 10:52 - 2012-05-16 10:52 - 00067585 ____A C:\Users\rburns.PFG\Downloads\1162332012516115151.xls


ZeroAccess:
C:\Windows\Installer\{8194055a-269c-6339-914d-d4ea037bc035}
C:\Windows\Installer\{8194055a-269c-6339-914d-d4ea037bc035}\L
C:\Windows\Installer\{8194055a-269c-6339-914d-d4ea037bc035}\U

ZeroAccess:
C:\Users\rburns.PFG\AppData\Local\{8194055a-269c-6339-914d-d4ea037bc035}
C:\Users\rburns.PFG\AppData\Local\{8194055a-269c-6339-914d-d4ea037bc035}\@
C:\Users\rburns.PFG\AppData\Local\{8194055a-269c-6339-914d-d4ea037bc035}\L
C:\Users\rburns.PFG\AppData\Local\{8194055a-269c-6339-914d-d4ea037bc035}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 8164.94 MB
Available physical RAM: 7195.84 MB
Total Pagefile: 8163.14 MB
Available Pagefile: 7197.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:452.08 GB) (Free:396.27 GB) NTFS
2 Drive e: (W7SP1_PROFESSIONAL) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF
3 Drive f: (USB MEMORY) (Removable) (Total:0.49 GB) (Free:0.22 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:13.64 GB) (Free:5.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 501 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 13 GB 40 MB
Partition 3 Primary 452 GB 13 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 13 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 452 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 501 MB 9 KB

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F USB MEMORY FAT Removable 501 MB Healthy

==================================================================================

Last Boot: 2012-08-06 20:09

======================= End Of Log ==========================



Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-13 13:39:36
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 PM

Posted 13 August 2012 - 01:03 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC\Desktop.ini 
C:\Windows\Installer\{8194055a-269c-6339-914d-d4ea037bc035}
C:\Users\rburns.PFG\AppData\Local\{8194055a-269c-6339-914d-d4ea037bc035}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 13 August 2012 - 01:04 PM

Incidentally, the first person that assisted me (prior to escalating my issue to this forum) had me run TDSSKiller, aswMBR and the ESET online scanner. Since then, I have not seen any symptoms. My browser is not redirecting as it was. However, he indicated more advanced tools were need for complete removal and recommended I post a new topic in this forum. I just wanted to update you on the behavior of the machine and give you some background.

Thanks

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 PM

Posted 13 August 2012 - 01:13 PM

run the fix that I last posted


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 13 August 2012 - 03:44 PM

Here is the log you requested -

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 2012-08-13 16:45:31 Run:1
Running from F:\

==============================================

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\assembly\GAC\Desktop.ini not found.
C:\Windows\Installer\{8194055a-269c-6339-914d-d4ea037bc035} moved successfully.
C:\Users\rburns.PFG\AppData\Local\{8194055a-269c-6339-914d-d4ea037bc035} moved successfully.

==== End of Fixlog ====

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 PM

Posted 13 August 2012 - 04:16 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 14 August 2012 - 08:05 AM

Here is the Combofix log -


ComboFix 12-08-13.01 - rburns 08/14/2012 8:39.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8165.6428 [GMT -4:00]
Running from: c:\users\rburns.PFG\Desktop\ComboFix.exe
Command switches used :: c:\users\rburns.PFG\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\rburns.PFG\AppData\Local\Microsoft\Windows\Temporary Internet Files\{16E4B14F-5585-47D3-9A87-10D1B8975AB8}.xps
c:\users\rburns.PFG\AppData\Local\Microsoft\Windows\Temporary Internet Files\{55BE21F7-0A58-49A6-A3F1-97FA0F4E3E6C}.xps
c:\users\rburns.PFG\AppData\Local\Microsoft\Windows\Temporary Internet Files\{723C304C-87C2-4A3C-AE61-072D66BEBD28}.xps
c:\users\rburns.PFG\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8B19EEFB-2B5A-40E5-BCFC-D962F28B3340}.xps
c:\users\rburns.PFG\AppData\Local\Microsoft\Windows\Temporary Internet Files\{92927606-2671-471E-863D-71D272A1C2BB}.xps
c:\users\rburns.PFG\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9A3DD07C-4CBD-4336-A8A0-08911CB36506}.xps
c:\users\rburns.PFG\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A1F81004-AFEA-4548-AB53-9C925B939EF3}.xps
c:\users\rburns.PFG\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B5AFE79E-29BD-480A-BAD3-8959E397803F}.xps
c:\users\rburns.PFG\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F3FF3F80-BA0A-4E6D-BFE4-4E31F79599FB}.xps
c:\users\rburns.PFG\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F9ED8FF5-81C3-4522-9691-F4BE27D7932C}.xps
c:\users\rburns.PFG\AppData\Local\Temp\{360AF32A-F1CC-4ED6-A3B3-273FF3FC09E7}\fpb.tmp
c:\users\rburns.PFG\g2mdlhlpx.exe
c:\users\rburns.PFG\GoToAssistDownloadHelper.exe
c:\users\rburns\g2mdlhlpx.exe
c:\windows\Installer\{8194055a-269c-6339-914d-d4ea037bc035}\@
c:\windows\Installer\{8194055a-269c-6339-914d-d4ea037bc035}\L\00000004.@
c:\windows\Installer\{8194055a-269c-6339-914d-d4ea037bc035}\L\1afb2d56
c:\windows\Installer\{8194055a-269c-6339-914d-d4ea037bc035}\L\201d3dde
c:\windows\Installer\{8194055a-269c-6339-914d-d4ea037bc035}\U\00000004.@
c:\windows\Installer\{8194055a-269c-6339-914d-d4ea037bc035}\U\80000064.@
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-14 12:43 . 2012-08-14 12:43 -------- d-----w- c:\users\rburns\AppData\Local\temp
2012-08-14 12:43 . 2012-08-14 12:43 -------- d-----w- c:\users\PFG\AppData\Local\temp
2012-08-14 12:43 . 2012-08-14 12:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 12:43 . 2012-08-14 12:43 -------- d-----w- c:\users\cmarks\AppData\Local\temp
2012-08-14 12:43 . 2012-08-14 12:43 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-08-14 12:43 . 2012-08-14 12:43 -------- d-----w- c:\users\Administrator.rburns\AppData\Local\temp
2012-08-14 12:43 . 2012-08-14 12:43 -------- d-----w- c:\users\administrator.PFG\AppData\Local\temp
2012-08-13 21:38 . 2012-08-13 21:38 -------- d-----w- C:\FRST
2012-08-07 14:00 . 2012-08-07 14:00 -------- d-----w- c:\program files (x86)\ESET
2012-07-18 13:17 . 2012-07-18 13:17 16200 ----a-w- c:\windows\stinger.sys
2012-07-18 13:16 . 2012-07-18 13:20 -------- d-----w- c:\program files (x86)\stinger
2012-07-18 13:04 . 2012-07-18 13:04 97960 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-07-18 13:04 . 2012-07-18 13:04 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-07-18 13:04 . 2012-07-18 13:04 153952 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-07-18 13:04 . 2012-07-18 13:04 217696 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-07-18 13:04 . 2012-07-18 13:04 607152 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-07-18 13:04 . 2012-07-18 13:04 281544 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-07-18 13:04 . 2012-07-18 13:04 156248 ----a-w- c:\windows\system32\mfevtps.exe
2012-07-18 13:04 . 2012-07-18 13:04 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-07-18 12:54 . 2012-07-18 12:54 -------- d-----w- c:\windows\system32\appmgmt
2012-07-16 17:39 . 2012-07-16 17:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 13:04 . 2012-01-17 17:49 99056 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2012-07-18 13:04 . 2012-01-17 17:49 74848 ----a-w- c:\windows\SysWow64\MfeOtlkAddin.dll
2012-07-18 13:04 . 2012-01-17 17:49 22816 ----a-w- c:\windows\SysWow64\MFEOtlk.dll
2012-07-16 17:39 . 2011-12-20 06:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 07:01 . 2012-01-17 18:30 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2012-01-17 17:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 03:08 . 2012-07-12 07:03 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 11:30 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 11:30 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:30 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:30 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:30 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:30 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:30 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 01:48 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 01:48 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 01:48 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 01:48 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 01:48 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 01:48 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 01:48 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 01:48 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 01:48 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-12 07:00 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 07:00 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 07:00 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 07:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 07:00 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 07:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 07:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 07:00 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 07:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 07:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 07:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 07:00 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 07:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 07:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 07:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 11:30 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:30 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 11:30 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 11:30 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:30 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:30 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:30 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:30 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:30 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-19 336384]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-18 97960]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-18 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-18 281544]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-19 203776]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-03-02 43912]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 LxrSII1d;Secure II Driver;c:\windows\System32\Drivers\LxrSII1d.sys [2009-12-30 63064]
S2 M4-Service;M4-Service;c:\users\cmarks\AppData\Roaming\Mikogo 4\M4-Service.exe [2012-01-16 1007472]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-18 156248]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-19 9259520]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-19 300544]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1301076227-4089627379-405408229-1348Core1cd0670aedad09b.job
- c:\users\rburns\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-28 14:29]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3329322679-3563755524-2417107736-1148Core1cd61c9c9e251a6.job
- c:\users\rburns.PFG\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 12:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: fidelitywealthcentral.com
TCP: Interfaces\{DD0AA667-2C08-411F-9030-E20E94916B0D}: NameServer = 172.16.1.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-PersonalLogger - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\LxrSII1s.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
c:\users\cmarks\AppData\Roaming\Mikogo 4\M4-Capture.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-08-14 08:52:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-14 12:52
.
Pre-Run: 424,795,693,056 bytes free
Post-Run: 425,389,686,784 bytes free
.
- - End Of File - - 4E2400D4D44B7485943B74C846135C3E


Please note...
When Combofix began executing the script, McAfee VirusScan On Access Scanner popped up with several detections (I inadvertently forgot to disable McAfee before running the script - my bad). As soon as the window popped up, I disabled McAfee, but several files were detected and removed. Here is an excerpt from the VirusScan log:

=====Excerpt from McAfee VirusScan On-Access Scan Log=====

8/14/2012 8:36:29 AM Deleted PFG\rburns C:\Users\rburns.PFG\Desktop\ComboFix.exe C:\32788R22FWJFW\firefox.exe Tool-NirCmd (Potentially Unwanted Program)
8/14/2012 8:36:30 AM Deleted PFG\rburns C:\Users\rburns.PFG\Desktop\ComboFix.exe C:\32788R22FWJFW\iexplore.exe Tool-NirCmd (Potentially Unwanted Program)
8/14/2012 8:36:30 AM Deleted PFG\rburns C:\Users\rburns.PFG\Desktop\ComboFix.exe C:\32788R22FWJFW\n.pif Tool-NirCmd (Potentially Unwanted Program)

8/14/2012 8:43:35 AM Statistics:
8/14/2012 8:43:35 AM Files scanned: 9313
8/14/2012 8:43:35 AM Files detected: 3
8/14/2012 8:43:35 AM Files cleaned: 0
8/14/2012 8:43:35 AM Files deleted: 3

As a result, several error messages popped up during the time ComboFix was running (actually the same message several times). The message stated "cannot find NIRcmd" (I'm paraphrasing because I did not write the message down verbatim). ... I'm assuming this is a result of VirusScan removing the files. Not sure it's significant, but I wanted to give you all the detail.

As far as behavior goes...the symptoms I reported initially (popups, problems accessing secure sites, browser redirection, etc.) are gone. I have navigated successfully to the 2-3 sites I know were giving me problems previously without incident and I have not seen any unusual behavior.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 PM

Posted 14 August 2012 - 01:04 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Bing Bar
Java™ 6 Update 30
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 15 August 2012 - 07:49 AM

I followed the instructions in your last message. No problems were encountered. The behavior of the PC is improved. No browser redirections, no popups, no unusual behavior. Here are the logs you requested -

========================================
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.15.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
rburns :: RBURNS [administrator]

8/15/2012 8:43:07 AM
mbam-log-2012-08-15 (08-43-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 316448
Time elapsed: 1 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


================================================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:45:32 AM, on 8/15/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\rburns.PFG\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120718090500.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.fidelitywealthcentral.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pershingtraining.webex.com/client/T27L10NSP11EP14/training/ieatgpc1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pfg.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD0AA667-2C08-411F-9030-E20E94916B0D}: NameServer = 172.16.1.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pfg.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pfg.local
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\SysWOW64\atashost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Lexar Media, Inc. - C:\Windows\system32\LxrSII1s.exe
O23 - Service: M4-Service - Unknown owner - C:\Users\cmarks\AppData\Roaming\Mikogo 4\M4-Service.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12020 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users