Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Live Security Platinum


  • This topic is locked This topic is locked
51 replies to this topic

#1 kevodell

kevodell

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 08 August 2012 - 04:51 PM

Hi there

I’m new to this and not too tech savvy. Like pjb25 (and apologies for copying......)
I was infected with Live Security Platinum. When I first got the virus, I was getting pop ups that said I was infected with a virus and that I needed to buy software in order to get rid of it. Also, my programs wouldn't open. I tried using the Live Security Platinum Uninstall guide on bleepingcomputer.com (http://www.bleepingcomputer.com/virus-removal/remove-live-security-platinum).

I entered Safe Mode with Networking, downloaded FixExec and ran it, and went to my Control Panel to try to uninstall Live Security Platinum. When I got to where I needed to be in order to uninstall the program and clicked on the program's name to uninstall it, nothing happened. I tried to uninstall it several times, but never got any default prompts, so I stopped trying to use the Uninstall guide.

I didn’t want to do anymore but drop into this forum.

On registering, the advice is to enable the firewall but there was a problem and to try again later. I don’t know if this was because I’m in Safe Mode with Networking.

All help gratefully received.

Kevin





.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Kevin at 22:38:34 on 2012-08-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3032.2064 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\helppane.exe
\\.\globalroot\systemroot\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120423221006.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll"
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Inspector] C:\Users\Kevin\AppData\Roaming\Protector-jyho.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRunOnce: [0C1CFB13004F2525004C56A3F875F002] C:\ProgramData\0C1CFB13004F2525004C56A3F875F002\0C1CFB13004F2525004C56A3F875F002.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B9DD3C21-6ACA-464C-8718-248B0BE55697} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B9DD3C21-6ACA-464C-8718-248B0BE55697}\244584F6D65684572623D2839334D4 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B9DD3C21-6ACA-464C-8718-248B0BE55697}\35B4955323033373 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B9DD3C21-6ACA-464C-8718-248B0BE55697}\458656022427964796378602C4962627162797 : DhcpNameServer = 192.168.4.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
IFEO: ackwin32.exe - svchost.exe
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120423221006.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll"
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IFEO-X64: a.exe - svchost.exe
IFEO-X64: aAvgApi.exe - svchost.exe
IFEO-X64: AAWTray.exe - svchost.exe
IFEO-X64: About.exe - svchost.exe
IFEO-X64: ackwin32.exe - svchost.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\rbixt1g0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-4-23 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
S1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-7-8 55096]
S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-7-8 297048]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE [2012-2-20 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2011-3-2 224256]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-23 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-23 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-23 249936]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-23 249936]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-4-23 199272]
S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-7-8 976728]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-31 1692480]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Users\Kevin\IAG Remote Access Agent\portalchristianaidorguk\portal1\uagqecsvc.exe [2010-6-14 149896]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE [2012-2-20 240408]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 CryptOSD;Phoenix CryptOSD Device Driver;C:\Windows\system32\DRIVERS\CryptOSD.sys --> C:\Windows\system32\DRIVERS\CryptOSD.sys [?]
S3 DMService;Whale Component Manager;C:\Windows\DOWNLO~1\DMService.exe [2010-1-18 423576]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-08 20:32:06 -------- d-----w- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-08-05 19:00:42 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-08-05 18:58:00 -------- d-----w- C:\ProgramData\0C1CFB13004F2525004C56A3F875F002
2012-08-05 18:57:54 -------- d-----w- C:\Users\Kevin\AppData\Local\{D9550BDA-DF2E-11E1-8270-B8AC6F996F26}
2012-08-05 18:57:52 434176 ----a-w- C:\Users\Kevin\AppData\Roaming\dpbdav.dll
2012-08-05 18:56:49 167424 --sha-w- C:\Users\Kevin\AppData\Roaming\qeshcp.dll
2012-08-01 18:59:05 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-08-01 18:58:20 129176 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-07-11 22:05:12 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 20:08:29 2004480 ----a-w- C:\Windows\System32\msxml6.dll
.
==================== Find3M ====================
.
2012-08-05 18:54:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-05 18:54:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-01 18:58:08 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-08-01 18:58:08 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-07-08 06:19:18 101464 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 22:39:30.01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:29 PM

Posted 13 August 2012 - 04:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464425 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 kevodell

kevodell
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 14 August 2012 - 03:22 PM

As before, I became infected by the live security platinum virus which disabled all my browser options on firefox. It kept asking for money to stop the particular virus it was saying the machine now had. Fortunately, I thought of opening my explorer, which worked, and found that this platinum was indeed a virus.
I found the instructions on bleepingcomputer to remove the virus and continued through until I got to the bit where I was to deinstall the file using the control panel. However, I was not able to make the file disappear from the list and then decided to contact the forum.
On receiving an email notifying me that I had a response, I switched on my laptop and found that the platinum file had disappeared from the list of programmes and the virus pop-ups were no longer there.
Following on the instructions, I downloaded the Malwarebytes file and set it to run. However, no dialogue boxes opened as suggested by the instructions – it looked as if nothing happened and this ‘nothing happened’ happened twice.
*****The original windows cd/dvd is available

I’m not really confident that things are ok but that may say more about me.

Thanks

Kevin



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Kevin at 21:18:31 on 2012-08-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3032.1516 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Users\Kevin\IAG Remote Access Agent\portalchristianaidorguk\portal1\uagqecsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Kevin\AppData\Roaming\Protector-jyho.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
\\.\globalroot\systemroot\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120423221006.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll"
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Inspector] C:\Users\Kevin\AppData\Roaming\Protector-jyho.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B9DD3C21-6ACA-464C-8718-248B0BE55697} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B9DD3C21-6ACA-464C-8718-248B0BE55697}\244584F6D65684572623D2839334D4 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B9DD3C21-6ACA-464C-8718-248B0BE55697}\35B4955323033373 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B9DD3C21-6ACA-464C-8718-248B0BE55697}\458656022427964796378602C4962627162797 : DhcpNameServer = 192.168.4.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
IFEO: ackwin32.exe - svchost.exe
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120423221006.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll"
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IFEO-X64: a.exe - svchost.exe
IFEO-X64: aAvgApi.exe - svchost.exe
IFEO-X64: AAWTray.exe - svchost.exe
IFEO-X64: About.exe - svchost.exe
IFEO-X64: ackwin32.exe - svchost.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\rbixt1g0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-7-8 55096]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-7-8 297048]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2011-3-2 224256]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-23 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-23 249936]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-4-23 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-7-8 976728]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-31 1692480]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Users\Kevin\IAG Remote Access Agent\portalchristianaidorguk\portal1\uagqecsvc.exe [2010-6-14 149896]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE [2012-2-20 240408]
R3 CryptOSD;Phoenix CryptOSD Device Driver;C:\Windows\system32\DRIVERS\CryptOSD.sys --> C:\Windows\system32\DRIVERS\CryptOSD.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE [2012-2-20 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-23 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-23 249936]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-4-23 199272]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 DMService;Whale Component Manager;C:\Windows\DOWNLO~1\DMService.exe [2010-1-18 423576]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-14 19:44:00 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-14 19:44:00 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-14 19:44:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-08 20:32:06 -------- d-----w- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-08-05 19:00:42 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-08-05 18:58:00 -------- d-----w- C:\ProgramData\0C1CFB13004F2525004C56A3F875F002
2012-08-05 18:57:54 -------- d-----w- C:\Users\Kevin\AppData\Local\{D9550BDA-DF2E-11E1-8270-B8AC6F996F26}
2012-08-05 18:57:52 434176 ----a-w- C:\Users\Kevin\AppData\Roaming\dpbdav.dll
2012-08-05 18:56:49 167424 --sha-w- C:\Users\Kevin\AppData\Roaming\qeshcp.dll
2012-08-01 18:59:05 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-08-01 18:58:20 129176 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
.
==================== Find3M ====================
.
2012-08-14 19:54:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 19:54:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-01 18:58:08 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-08-01 18:58:08 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-07-08 06:19:18 101464 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 21:19:28.79 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 PM

Posted 15 August 2012 - 10:21 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kevodell

kevodell
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 17 August 2012 - 02:35 PM

Hi Gringo

Thanks for this..............

Although the computer is running I am noticing that periodically when I click a link (on google?) I get instead an advert – I know I clicked the correct link.

Also, when I start up, I notice a page which flashes up and is gone in an instant.

Doing the instructions – no problem with the Security Check – log below.

For the Combofix, it took me a while to switch off the McAfee and then the Combofix went to work but stopped immediately:
“Attempting to create a new System Restore Point. The system cannot find the file NIRKMD”
Error box:
“X Windows cannot find ‘NIRKMD’. Make sure you typed the name correctly, and then try again”

At a loss, so restarted computer and reset McAfee.

Then tried again and disabled McAfee and tried to run combofix and it worked – log below.

Over to you...............

Kevin



Results of screen317's Security Check version 0.99.44
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Mozilla Thunderbird (3.1.11) Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````



ComboFix 12-08-17.03 - Kevin 17/08/2012 20:14:25.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3032.1711 [GMT 1:00]
Running from: c:\users\Kevin\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
c:\users\Kevin\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\@
c:\users\Kevin\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\n
c:\users\Kevin\AppData\Roaming\dpbdav.dll
c:\users\Kevin\AppData\Roaming\result.db
c:\users\Kevin\g2mdlhlpx.exe
c:\windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\@
c:\windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\n
c:\windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U\00000001.@
c:\windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U\80000000.@
c:\windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U\800000cb.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy5_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 19:25 . 2012-08-17 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-17 18:32 . 2012-05-25 16:09 29312 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
2012-08-14 19:44 . 2012-08-14 19:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-14 19:44 . 2012-08-14 19:44 -------- d-----w- c:\programdata\Malwarebytes
2012-08-14 19:44 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-08 20:32 . 2012-08-08 20:32 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-08-05 19:00 . 2012-08-05 19:00 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-05 18:58 . 2012-08-14 19:35 -------- d-----w- c:\programdata\0C1CFB13004F2525004C56A3F875F002
2012-08-05 18:57 . 2012-08-05 18:57 -------- d-----w- c:\users\Kevin\AppData\Local\{D9550BDA-DF2E-11E1-8270-B8AC6F996F26}
2012-08-01 18:59 . 2012-08-01 18:59 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-08-01 18:58 . 2012-08-01 18:58 129176 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 20:54 . 2012-03-31 16:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 20:54 . 2011-07-27 16:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-01 18:58 . 2012-03-13 18:36 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-01 18:58 . 2012-03-13 18:36 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-29 19:52 . 2011-08-28 16:46 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-07-11 20:04 . 2009-11-28 07:41 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-11 22:05 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 20:08 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 20:08 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 20:08 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 20:08 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 20:08 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 20:08 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 20:08 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 18:25 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 18:25 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 18:25 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 18:25 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 18:25 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 18:25 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 18:25 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-22 18:25 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-22 18:25 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 22:02 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 22:02 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 22:02 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 22:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 22:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 22:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 22:02 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 22:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 22:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 22:02 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 22:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 22:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 22:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 22:02 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 22:02 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 22:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 22:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 22:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 22:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 20:08 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 20:08 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 20:08 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 20:08 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 20:08 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 20:08 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 20:08 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 20:08 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 20:08 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-25 16:13 . 2012-02-11 21:13 162224 ----a-w- c:\windows\system32\mfevtps.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-08-01 296096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-09 559616]
.
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe [2012-02-20 240408]
R3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [2010-01-18 423576]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-07-29 101688]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-15 397720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-07-29 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-07-29 297240]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe [2012-02-20 193816]
S2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2011-03-02 224256]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 162224]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-07-29 976728]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\users\Kevin\IAG Remote Access Agent\portalchristianaidorguk\portal1\uagqecsvc.exe [2010-06-14 149896]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-06-25 431488]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 20:54]
.
2012-07-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-07-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-17 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\rbixt1g0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Toolbar-Locked - (no file)
HKLM-Run-qeshcp - (no file)
HKLM-Run-dpbdav - (no file)
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{088731A3-EE4A-44A0-9F02-C4181FD3C640}\delldock.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1932621273-3218902890-455858099-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1932621273-3218902890-455858099-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-1932621273-3218902890-455858099-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2012-08-17 20:34:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-17 19:34
.
Pre-Run: 181,848,915,968 bytes free
Post-Run: 185,746,866,176 bytes free
.
- - End Of File - - 666524D41A13F67A74D0E45FF3EA9D9C

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 PM

Posted 17 August 2012 - 05:43 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kevodell

kevodell
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 18 August 2012 - 12:05 PM

Hi Gringo
Regarding the aswMBR.exe, this went slowly . At around the 17.54 mark, where the red bit come up, a McAfee popup announced that it had detected and removed a Trojan.

I noticed after the last update that an icon on my desktop, ‘Windows Processor Accelerator’, appears as if it has lost its lid/cover image. I don’t know what it does or the consequence of this.

A popup from google happened again.

Over to you

Kevin


17:17:35.0351 6356 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
17:17:36.0568 6356 ============================================================
17:17:36.0568 6356 Current date / time: 2012/08/18 17:17:36.0568
17:17:36.0568 6356 SystemInfo:
17:17:36.0568 6356
17:17:36.0568 6356 OS Version: 6.1.7601 ServicePack: 1.0
17:17:36.0568 6356 Product type: Workstation
17:17:36.0568 6356 ComputerName: KODELL
17:17:36.0568 6356 UserName: Kevin
17:17:36.0568 6356 Windows directory: C:\Windows
17:17:36.0568 6356 System windows directory: C:\Windows
17:17:36.0568 6356 Running under WOW64
17:17:36.0568 6356 Processor architecture: Intel x64
17:17:36.0568 6356 Number of processors: 2
17:17:36.0568 6356 Page size: 0x1000
17:17:36.0568 6356 Boot type: Normal boot
17:17:36.0568 6356 ============================================================
17:17:38.0986 6356 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:17:39.0002 6356 ============================================================
17:17:39.0002 6356 \Device\Harddisk0\DR0:
17:17:39.0002 6356 MBR partitions:
17:17:39.0002 6356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
17:17:39.0002 6356 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
17:17:39.0002 6356 ============================================================
17:17:39.0470 6356 C: <-> \Device\Harddisk0\DR0\Partition2
17:17:39.0470 6356 ============================================================
17:17:39.0470 6356 Initialize success
17:17:39.0470 6356 ============================================================
17:17:45.0382 1744 ============================================================
17:17:45.0382 1744 Scan started
17:17:45.0382 1744 Mode: Manual;
17:17:45.0382 1744 ============================================================
17:17:46.0303 1744 ================ Scan services =============================
17:17:46.0646 1744 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:17:46.0693 1744 1394ohci - ok
17:17:46.0755 1744 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:17:46.0755 1744 ACPI - ok
17:17:46.0802 1744 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:17:46.0864 1744 AcpiPmi - ok
17:17:47.0488 1744 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:17:47.0551 1744 AdobeARMservice - ok
17:17:47.0753 1744 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:17:47.0753 1744 AdobeFlashPlayerUpdateSvc - ok
17:17:47.0831 1744 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:17:47.0847 1744 adp94xx - ok
17:17:47.0878 1744 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:17:47.0894 1744 adpahci - ok
17:17:47.0956 1744 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:17:47.0956 1744 adpu320 - ok
17:17:48.0003 1744 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:17:48.0003 1744 AeLookupSvc - ok
17:17:48.0065 1744 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:17:48.0065 1744 AFD - ok
17:17:48.0112 1744 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:17:48.0128 1744 agp440 - ok
17:17:48.0175 1744 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
17:17:48.0175 1744 ALG - ok
17:17:48.0221 1744 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:17:48.0237 1744 aliide - ok
17:17:48.0253 1744 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
17:17:48.0253 1744 amdide - ok
17:17:48.0284 1744 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:17:48.0299 1744 AmdK8 - ok
17:17:48.0331 1744 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:17:48.0331 1744 AmdPPM - ok
17:17:48.0377 1744 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:17:48.0440 1744 amdsata - ok
17:17:48.0471 1744 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:17:48.0487 1744 amdsbs - ok
17:17:48.0518 1744 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:17:48.0565 1744 amdxata - ok
17:17:48.0674 1744 [ 1412e9a88fe1f7e35ce6058a2ef03664 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
17:17:48.0721 1744 ApfiltrService - ok
17:17:48.0767 1744 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
17:17:48.0830 1744 AppID - ok
17:17:48.0861 1744 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:17:48.0861 1744 AppIDSvc - ok
17:17:48.0908 1744 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:17:48.0955 1744 Appinfo - ok
17:17:49.0017 1744 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
17:17:49.0017 1744 arc - ok
17:17:49.0033 1744 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:17:49.0048 1744 arcsas - ok
17:17:49.0064 1744 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:17:49.0079 1744 AsyncMac - ok
17:17:49.0111 1744 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
17:17:49.0126 1744 atapi - ok
17:17:49.0189 1744 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:17:49.0251 1744 AudioEndpointBuilder - ok
17:17:49.0267 1744 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:17:49.0267 1744 AudioSrv - ok
17:17:49.0345 1744 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:17:49.0391 1744 AxInstSV - ok
17:17:49.0438 1744 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:17:49.0454 1744 b06bdrv - ok
17:17:49.0485 1744 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:17:49.0501 1744 b57nd60a - ok
17:17:49.0672 1744 [ 37bfed63841e56f465e1a0cd32f1bcc9 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe
17:17:49.0735 1744 BBSvc - ok
17:17:49.0828 1744 [ b47230df549e171449b5d25cfcee9f57 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe
17:17:49.0844 1744 BBUpdate - ok
17:17:49.0875 1744 [ e001dd475a7c27ebe5a0db45c11bad71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
17:17:49.0937 1744 BCM42RLY - ok
17:17:50.0031 1744 [ f4cd5f52850bf2c978de178f256ba372 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
17:17:50.0047 1744 BCM43XX - ok
17:17:50.0140 1744 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:17:50.0140 1744 BDESVC - ok
17:17:50.0187 1744 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:17:50.0203 1744 Beep - ok
17:17:50.0249 1744 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
17:17:50.0312 1744 BFE - ok
17:17:50.0359 1744 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:17:50.0374 1744 blbdrive - ok
17:17:50.0405 1744 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:17:50.0468 1744 bowser - ok
17:17:50.0515 1744 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:17:50.0530 1744 BrFiltLo - ok
17:17:50.0546 1744 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:17:50.0561 1744 BrFiltUp - ok
17:17:50.0577 1744 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:17:50.0593 1744 BridgeMP - ok
17:17:50.0639 1744 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
17:17:50.0686 1744 Browser - ok
17:17:50.0717 1744 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:17:50.0733 1744 Brserid - ok
17:17:50.0749 1744 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:17:50.0764 1744 BrSerWdm - ok
17:17:50.0811 1744 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:17:50.0811 1744 BrUsbMdm - ok
17:17:50.0811 1744 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:17:50.0827 1744 BrUsbSer - ok
17:17:50.0842 1744 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:17:50.0858 1744 BTHMODEM - ok
17:17:50.0905 1744 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
17:17:50.0905 1744 bthserv - ok
17:17:50.0951 1744 catchme - ok
17:17:50.0983 1744 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:17:50.0998 1744 cdfs - ok
17:17:51.0029 1744 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:17:51.0092 1744 cdrom - ok
17:17:51.0154 1744 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
17:17:51.0201 1744 CertPropSvc - ok
17:17:51.0263 1744 [ 274ce03459896006f7a5069266e0469e ] cfwids C:\Windows\system32\drivers\cfwids.sys
17:17:51.0326 1744 cfwids - ok
17:17:51.0357 1744 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:17:51.0357 1744 circlass - ok
17:17:51.0404 1744 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
17:17:51.0404 1744 CLFS - ok
17:17:51.0560 1744 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:17:51.0560 1744 clr_optimization_v2.0.50727_32 - ok
17:17:51.0685 1744 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:17:51.0685 1744 clr_optimization_v2.0.50727_64 - ok
17:17:51.0763 1744 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:17:51.0887 1744 clr_optimization_v4.0.30319_32 - ok
17:17:51.0934 1744 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:17:51.0997 1744 clr_optimization_v4.0.30319_64 - ok
17:17:52.0043 1744 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:17:52.0043 1744 CmBatt - ok
17:17:52.0075 1744 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:17:52.0075 1744 cmdide - ok
17:17:52.0106 1744 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
17:17:52.0153 1744 CNG - ok
17:17:52.0199 1744 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:17:52.0199 1744 Compbatt - ok
17:17:52.0246 1744 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:17:52.0309 1744 CompositeBus - ok
17:17:52.0324 1744 COMSysApp - ok
17:17:52.0340 1744 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:17:52.0340 1744 crcdisk - ok
17:17:52.0402 1744 [ 0d7f96af026d7c1afde2a83980a65018 ] CryptOSD C:\Windows\system32\DRIVERS\CryptOSD.sys
17:17:52.0465 1744 CryptOSD - ok
17:17:52.0511 1744 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:17:52.0558 1744 CryptSvc - ok
17:17:52.0621 1744 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:17:52.0667 1744 DcomLaunch - ok
17:17:52.0714 1744 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
17:17:52.0730 1744 defragsvc - ok
17:17:52.0761 1744 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:17:52.0823 1744 DfsC - ok
17:17:52.0870 1744 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
17:17:52.0917 1744 Dhcp - ok
17:17:52.0995 1744 [ 4f26bb00747d41e7c0fe8ebb2900f862 ] DirMngr C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
17:17:53.0057 1744 DirMngr - ok
17:17:53.0151 1744 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
17:17:53.0151 1744 discache - ok
17:17:53.0198 1744 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:17:53.0213 1744 Disk - ok
17:17:53.0260 1744 [ f61a9ea41524a7b30f8abbde35249d1a ] DMService C:\Windows\DOWNLO~1\DMService.exe
17:17:53.0447 1744 DMService - ok
17:17:53.0494 1744 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:17:53.0525 1744 Dnscache - ok
17:17:53.0666 1744 DockLoginService - ok
17:17:53.0713 1744 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:17:53.0744 1744 dot3svc - ok
17:17:53.0791 1744 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
17:17:53.0791 1744 DPS - ok
17:17:53.0837 1744 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:17:53.0837 1744 drmkaud - ok
17:17:53.0900 1744 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:17:53.0978 1744 DXGKrnl - ok
17:17:54.0025 1744 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:17:54.0040 1744 EapHost - ok
17:17:54.0165 1744 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:17:54.0305 1744 ebdrv - ok
17:17:54.0337 1744 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
17:17:54.0399 1744 EFS - ok
17:17:54.0664 1744 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:17:54.0742 1744 ehRecvr - ok
17:17:54.0758 1744 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
17:17:54.0773 1744 ehSched - ok
17:17:54.0805 1744 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:17:54.0836 1744 elxstor - ok
17:17:54.0851 1744 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:17:54.0867 1744 ErrDev - ok
17:17:54.0914 1744 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
17:17:54.0914 1744 EventSystem - ok
17:17:54.0945 1744 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
17:17:54.0961 1744 exfat - ok
17:17:54.0976 1744 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:17:54.0992 1744 fastfat - ok
17:17:55.0054 1744 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
17:17:55.0132 1744 Fax - ok
17:17:55.0195 1744 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:17:55.0195 1744 fdc - ok
17:17:55.0241 1744 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:17:55.0241 1744 fdPHost - ok
17:17:55.0257 1744 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:17:55.0273 1744 FDResPub - ok
17:17:55.0273 1744 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:17:55.0273 1744 FileInfo - ok
17:17:55.0304 1744 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:17:55.0304 1744 Filetrace - ok
17:17:55.0319 1744 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:17:55.0335 1744 flpydisk - ok
17:17:55.0366 1744 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:17:55.0413 1744 FltMgr - ok
17:17:55.0475 1744 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
17:17:55.0553 1744 FontCache - ok
17:17:55.0647 1744 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:17:55.0647 1744 FontCache3.0.0.0 - ok
17:17:55.0678 1744 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:17:55.0694 1744 FsDepends - ok
17:17:55.0725 1744 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:17:55.0787 1744 Fs_Rec - ok
17:17:55.0819 1744 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:17:55.0834 1744 fvevol - ok
17:17:55.0850 1744 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:17:55.0865 1744 gagp30kx - ok
17:17:55.0897 1744 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
17:17:55.0928 1744 gpsvc - ok
17:17:55.0943 1744 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:17:55.0943 1744 hcw85cir - ok
17:17:55.0990 1744 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:17:55.0990 1744 HDAudBus - ok
17:17:56.0006 1744 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:17:56.0006 1744 HidBatt - ok
17:17:56.0021 1744 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:17:56.0037 1744 HidBth - ok
17:17:56.0037 1744 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:17:56.0053 1744 HidIr - ok
17:17:56.0084 1744 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
17:17:56.0084 1744 hidserv - ok
17:17:56.0115 1744 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:17:56.0162 1744 HidUsb - ok
17:17:56.0209 1744 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:17:56.0240 1744 hkmsvc - ok
17:17:56.0302 1744 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:17:56.0349 1744 HomeGroupListener - ok
17:17:56.0396 1744 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:17:56.0443 1744 HomeGroupProvider - ok
17:17:56.0489 1744 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:17:56.0552 1744 HpSAMD - ok
17:17:56.0630 1744 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:17:56.0630 1744 HTTP - ok
17:17:56.0661 1744 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:17:56.0661 1744 hwpolicy - ok
17:17:56.0692 1744 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:17:56.0708 1744 i8042prt - ok
17:17:56.0755 1744 [ 7548066df68a8a1a56b043359f915f37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:17:56.0895 1744 IAANTMON - ok
17:17:56.0957 1744 [ 1d004cb1da6323b1f55caef7f94b61d9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:17:56.0973 1744 iaStor - ok
17:17:57.0035 1744 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:17:57.0113 1744 iaStorV - ok
17:17:57.0160 1744 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:17:57.0285 1744 idsvc - ok
17:17:57.0472 1744 [ babd5f9b2bcc82ce556a0baf1ae208a7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:17:57.0769 1744 igfx - ok
17:17:57.0800 1744 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:17:57.0815 1744 iirsp - ok
17:17:57.0862 1744 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
17:17:57.0925 1744 IKEEXT - ok
17:17:57.0956 1744 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
17:17:57.0956 1744 intelide - ok
17:17:57.0987 1744 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:17:57.0987 1744 intelppm - ok
17:17:58.0049 1744 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:17:58.0065 1744 IPBusEnum - ok
17:17:58.0096 1744 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:17:58.0159 1744 IpFilterDriver - ok
17:17:58.0221 1744 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:17:58.0237 1744 iphlpsvc - ok
17:17:58.0283 1744 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:17:58.0346 1744 IPMIDRV - ok
17:17:58.0393 1744 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:17:58.0393 1744 IPNAT - ok
17:17:58.0439 1744 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:17:58.0439 1744 IRENUM - ok
17:17:58.0455 1744 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:17:58.0455 1744 isapnp - ok
17:17:58.0486 1744 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:17:58.0549 1744 iScsiPrt - ok
17:17:58.0580 1744 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:17:58.0580 1744 kbdclass - ok
17:17:58.0642 1744 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:17:58.0705 1744 kbdhid - ok
17:17:58.0720 1744 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
17:17:58.0720 1744 KeyIso - ok
17:17:58.0751 1744 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:17:58.0798 1744 KSecDD - ok
17:17:58.0829 1744 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:17:58.0892 1744 KSecPkg - ok
17:17:58.0923 1744 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:17:58.0923 1744 ksthunk - ok
17:17:58.0985 1744 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
17:17:59.0001 1744 KtmRm - ok
17:17:59.0032 1744 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:17:59.0079 1744 LanmanServer - ok
17:17:59.0126 1744 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:17:59.0173 1744 LanmanWorkstation - ok
17:17:59.0219 1744 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:17:59.0219 1744 lltdio - ok
17:17:59.0266 1744 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:17:59.0266 1744 lltdsvc - ok
17:17:59.0297 1744 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:17:59.0297 1744 lmhosts - ok
17:17:59.0344 1744 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:17:59.0344 1744 LSI_FC - ok
17:17:59.0375 1744 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:17:59.0375 1744 LSI_SAS - ok
17:17:59.0422 1744 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:17:59.0422 1744 LSI_SAS2 - ok
17:17:59.0453 1744 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:17:59.0453 1744 LSI_SCSI - ok
17:17:59.0485 1744 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
17:17:59.0500 1744 luafv - ok
17:17:59.0625 1744 [ acb01bf1a905356ab7f978c7fe852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:17:59.0625 1744 McAfee SiteAdvisor Service - ok
17:17:59.0734 1744 [ f453d1e6d881e8f8717e20ccd4199e85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
17:17:59.0812 1744 McComponentHostService - ok
17:17:59.0843 1744 [ acb01bf1a905356ab7f978c7fe852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:17:59.0859 1744 McMPFSvc - ok
17:17:59.0875 1744 [ acb01bf1a905356ab7f978c7fe852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:17:59.0875 1744 mcmscsvc - ok
17:17:59.0890 1744 [ acb01bf1a905356ab7f978c7fe852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:17:59.0890 1744 McNaiAnn - ok
17:17:59.0906 1744 [ acb01bf1a905356ab7f978c7fe852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:17:59.0921 1744 McNASvc - ok
17:18:00.0124 1744 [ b3914a7c97a81acb1e9befe07e4c387f ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
17:18:00.0155 1744 McODS - ok
17:18:00.0218 1744 [ acb01bf1a905356ab7f978c7fe852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:18:00.0218 1744 McProxy - ok
17:18:00.0311 1744 [ 597c77235621e7ddd32a68574fde6464 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:18:00.0327 1744 McShield - ok
17:18:00.0343 1744 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:18:00.0389 1744 Mcx2Svc - ok
17:18:00.0421 1744 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:18:00.0421 1744 megasas - ok
17:18:00.0467 1744 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:18:00.0467 1744 MegaSR - ok
17:18:00.0545 1744 [ 01884cb7655c8908b43ff5e364fe6fd2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
17:18:00.0545 1744 mfeapfk - ok
17:18:00.0623 1744 [ dab9a9cdfb04e4d68924492aa043019d ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
17:18:00.0686 1744 mfeavfk - ok
17:18:00.0701 1744 mfeavfk01 - ok
17:18:00.0733 1744 [ 134bb16f93a07c2c89b0b9c399382bdb ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:18:00.0733 1744 mfefire - ok
17:18:00.0795 1744 [ ce9a3680675c0907ade16404ca967b49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
17:18:00.0857 1744 mfefirek - ok
17:18:00.0920 1744 [ 60cf67458dd29cd17e77f2327b1a9a54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
17:18:00.0998 1744 mfehidk - ok
17:18:01.0013 1744 [ a8129cfb919347f8533c934b365e9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
17:18:01.0076 1744 mfenlfk - ok
17:18:01.0107 1744 [ 5041fa2bd2b3a2693b015771bfbf6dca ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
17:18:01.0107 1744 mferkdet - ok
17:18:01.0185 1744 [ 4d0ecd05abb518ea323f651f4ab8458f ] mfevtp C:\Windows\system32\mfevtps.exe
17:18:01.0247 1744 mfevtp - ok
17:18:01.0294 1744 [ 919c56db14a0e1e2ab6da5d2821dc26e ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
17:18:01.0357 1744 mfewfpk - ok
17:18:01.0419 1744 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
17:18:01.0419 1744 MMCSS - ok
17:18:01.0466 1744 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:18:01.0466 1744 Modem - ok
17:18:01.0513 1744 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:18:01.0513 1744 monitor - ok
17:18:01.0575 1744 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
17:18:01.0575 1744 mouclass - ok
17:18:01.0637 1744 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:18:01.0653 1744 mouhid - ok
17:18:01.0684 1744 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:18:01.0684 1744 mountmgr - ok
17:18:01.0747 1744 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:18:01.0825 1744 MozillaMaintenance - ok
17:18:01.0840 1744 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:18:01.0903 1744 mpio - ok
17:18:01.0918 1744 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:18:01.0918 1744 mpsdrv - ok
17:18:02.0012 1744 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:18:02.0074 1744 MpsSvc - ok
17:18:02.0152 1744 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:18:02.0215 1744 MRxDAV - ok
17:18:02.0277 1744 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:18:02.0324 1744 mrxsmb - ok
17:18:02.0371 1744 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:18:02.0433 1744 mrxsmb10 - ok
17:18:02.0464 1744 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:18:02.0511 1744 mrxsmb20 - ok
17:18:02.0558 1744 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:18:02.0620 1744 msahci - ok
17:18:02.0651 1744 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:18:02.0714 1744 msdsm - ok
17:18:02.0761 1744 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
17:18:02.0761 1744 MSDTC - ok
17:18:02.0807 1744 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:18:02.0807 1744 Msfs - ok
17:18:02.0839 1744 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:18:02.0839 1744 mshidkmdf - ok
17:18:02.0870 1744 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:18:02.0885 1744 msisadrv - ok
17:18:02.0917 1744 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:18:02.0932 1744 MSiSCSI - ok
17:18:02.0932 1744 msiserver - ok
17:18:02.0979 1744 [ acb01bf1a905356ab7f978c7fe852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:18:02.0979 1744 MSK80Service - ok
17:18:03.0010 1744 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:18:03.0026 1744 MSKSSRV - ok
17:18:03.0041 1744 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:18:03.0041 1744 MSPCLOCK - ok
17:18:03.0057 1744 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:18:03.0073 1744 MSPQM - ok
17:18:03.0104 1744 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:18:03.0151 1744 MsRPC - ok
17:18:03.0182 1744 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:18:03.0182 1744 mssmbios - ok
17:18:03.0197 1744 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:18:03.0197 1744 MSTEE - ok
17:18:03.0213 1744 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:18:03.0213 1744 MTConfig - ok
17:18:03.0244 1744 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:18:03.0244 1744 Mup - ok
17:18:03.0291 1744 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
17:18:03.0307 1744 napagent - ok
17:18:03.0338 1744 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:18:03.0353 1744 NativeWifiP - ok
17:18:03.0400 1744 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
17:18:03.0431 1744 NDIS - ok
17:18:03.0447 1744 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:18:03.0447 1744 NdisCap - ok
17:18:03.0478 1744 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:18:03.0494 1744 NdisTapi - ok
17:18:03.0525 1744 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:18:03.0587 1744 Ndisuio - ok
17:18:03.0650 1744 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:18:03.0697 1744 NdisWan - ok
17:18:03.0728 1744 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:18:03.0790 1744 NDProxy - ok
17:18:03.0806 1744 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:18:03.0806 1744 NetBIOS - ok
17:18:03.0837 1744 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:18:03.0837 1744 NetBT - ok
17:18:03.0884 1744 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
17:18:03.0884 1744 Netlogon - ok
17:18:03.0931 1744 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
17:18:03.0931 1744 Netman - ok
17:18:03.0962 1744 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
17:18:03.0977 1744 netprofm - ok
17:18:04.0009 1744 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:18:04.0009 1744 NetTcpPortSharing - ok
17:18:04.0040 1744 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:18:04.0040 1744 nfrd960 - ok
17:18:04.0087 1744 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:18:04.0133 1744 NlaSvc - ok
17:18:04.0149 1744 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:18:04.0149 1744 Npfs - ok
17:18:04.0180 1744 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:18:04.0180 1744 nsi - ok
17:18:04.0211 1744 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:18:04.0211 1744 nsiproxy - ok
17:18:04.0289 1744 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:18:04.0430 1744 Ntfs - ok
17:18:04.0445 1744 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
17:18:04.0445 1744 Null - ok
17:18:04.0492 1744 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:18:04.0539 1744 nvraid - ok
17:18:04.0601 1744 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:18:04.0664 1744 nvstor - ok
17:18:04.0679 1744 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:18:04.0695 1744 nv_agp - ok
17:18:04.0976 1744 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:18:05.0101 1744 odserv - ok
17:18:05.0459 1744 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:18:05.0459 1744 ohci1394 - ok
17:18:05.0537 1744 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:18:05.0600 1744 ose - ok
17:18:05.0647 1744 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:18:05.0662 1744 p2pimsvc - ok
17:18:05.0693 1744 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:18:05.0709 1744 p2psvc - ok
17:18:05.0756 1744 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:18:05.0756 1744 Parport - ok
17:18:05.0803 1744 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:18:05.0849 1744 partmgr - ok
17:18:05.0881 1744 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:18:05.0896 1744 PcaSvc - ok
17:18:05.0990 1744 [ 7317a0b550f7ac0223b7070897670476 ] PCDSRVC{1E208CE0-FB7451FF-06020101}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
17:18:06.0037 1744 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
17:18:06.0068 1744 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
17:18:06.0130 1744 pci - ok
17:18:06.0161 1744 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
17:18:06.0177 1744 pciide - ok
17:18:06.0224 1744 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:18:06.0224 1744 pcmcia - ok
17:18:06.0255 1744 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:18:06.0271 1744 pcw - ok
17:18:06.0302 1744 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:18:06.0333 1744 PEAUTH - ok
17:18:06.0489 1744 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:18:06.0489 1744 PerfHost - ok
17:18:06.0567 1744 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
17:18:06.0739 1744 pla - ok
17:18:06.0770 1744 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:18:06.0863 1744 PlugPlay - ok
17:18:06.0879 1744 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:18:06.0879 1744 PNRPAutoReg - ok
17:18:06.0926 1744 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:18:06.0941 1744 PNRPsvc - ok
17:18:06.0988 1744 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:18:07.0051 1744 PolicyAgent - ok
17:18:07.0082 1744 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
17:18:07.0082 1744 Power - ok
17:18:07.0129 1744 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:18:07.0191 1744 PptpMiniport - ok
17:18:07.0285 1744 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:18:07.0300 1744 Processor - ok
17:18:07.0347 1744 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:18:07.0363 1744 ProfSvc - ok
17:18:07.0378 1744 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:18:07.0378 1744 ProtectedStorage - ok
17:18:07.0425 1744 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:18:07.0425 1744 Psched - ok
17:18:07.0456 1744 [ 4712cc14e720ecccc0aa16949d18aaf1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:18:07.0519 1744 PxHlpa64 - ok
17:18:07.0565 1744 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:18:07.0675 1744 ql2300 - ok
17:18:07.0706 1744 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:18:07.0721 1744 ql40xx - ok
17:18:07.0784 1744 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
17:18:07.0799 1744 QWAVE - ok
17:18:07.0831 1744 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:18:07.0831 1744 QWAVEdrv - ok
17:18:07.0987 1744 [ 00935d8da2dcd34017544cfeba97d1e7 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys
17:18:08.0033 1744 RapportCerberus_42020 - ok
17:18:08.0111 1744 [ e00b1dac20b52781a6f697235a1ce9d4 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
17:18:08.0158 1744 RapportEI64 - ok
17:18:08.0221 1744 [ a0d6937897654813c27cb149fc4337e4 ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
17:18:08.0252 1744 RapportKE64 - ok
17:18:08.0470 1744 [ 61b37c0b3fd7da7414c20d917469bfff ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
17:18:08.0548 1744 RapportMgmtService - ok
17:18:08.0673 1744 [ 9b5d119785654bf8219dcbd0c1925ff7 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
17:18:08.0720 1744 RapportPG64 - ok
17:18:08.0751 1744 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:18:08.0751 1744 RasAcd - ok
17:18:08.0798 1744 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:18:08.0798 1744 RasAgileVpn - ok
17:18:08.0845 1744 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
17:18:08.0845 1744 RasAuto - ok
17:18:08.0876 1744 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:18:08.0938 1744 Rasl2tp - ok
17:18:08.0969 1744 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
17:18:09.0016 1744 RasMan - ok
17:18:09.0047 1744 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:18:09.0047 1744 RasPppoe - ok
17:18:09.0079 1744 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:18:09.0079 1744 RasSstp - ok
17:18:09.0110 1744 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:18:09.0172 1744 rdbss - ok
17:18:09.0188 1744 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:18:09.0203 1744 rdpbus - ok
17:18:09.0219 1744 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:18:09.0219 1744 RDPCDD - ok
17:18:09.0235 1744 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:18:09.0235 1744 RDPENCDD - ok
17:18:09.0266 1744 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:18:09.0266 1744 RDPREFMP - ok
17:18:09.0297 1744 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:18:09.0359 1744 RDPWD - ok
17:18:09.0406 1744 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:18:09.0469 1744 rdyboost - ok
17:18:09.0515 1744 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:18:09.0515 1744 RemoteAccess - ok
17:18:09.0562 1744 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:18:09.0562 1744 RemoteRegistry - ok
17:18:09.0625 1744 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:18:09.0640 1744 RpcEptMapper - ok
17:18:09.0656 1744 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
17:18:09.0671 1744 RpcLocator - ok
17:18:09.0703 1744 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
17:18:09.0718 1744 RpcSs - ok
17:18:09.0765 1744 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:18:09.0765 1744 rspndr - ok
17:18:09.0812 1744 [ 4a25dc970c58104602ed274dacafd784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
17:18:09.0812 1744 RSUSBSTOR - ok
17:18:09.0843 1744 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
17:18:09.0843 1744 SamSs - ok
17:18:09.0874 1744 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:18:09.0937 1744 sbp2port - ok
17:18:09.0968 1744 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:18:09.0983 1744 SCardSvr - ok
17:18:10.0030 1744 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:18:10.0093 1744 scfilter - ok
17:18:10.0233 1744 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
17:18:10.0327 1744 Schedule - ok
17:18:10.0358 1744 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
17:18:10.0358 1744 SCPolicySvc - ok
17:18:10.0436 1744 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:18:10.0483 1744 SDRSVC - ok
17:18:10.0514 1744 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:18:10.0514 1744 secdrv - ok
17:18:10.0561 1744 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
17:18:10.0607 1744 seclogon - ok
17:18:10.0654 1744 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
17:18:10.0654 1744 SENS - ok
17:18:10.0685 1744 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:18:10.0685 1744 SensrSvc - ok
17:18:10.0701 1744 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:18:10.0701 1744 Serenum - ok
17:18:10.0732 1744 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:18:10.0732 1744 Serial - ok
17:18:10.0763 1744 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:18:10.0779 1744 sermouse - ok
17:18:10.0826 1744 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:18:10.0888 1744 SessionEnv - ok
17:18:10.0904 1744 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:18:10.0919 1744 sffdisk - ok
17:18:10.0935 1744 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:18:10.0935 1744 sffp_mmc - ok
17:18:10.0951 1744 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:18:11.0013 1744 sffp_sd - ok
17:18:11.0029 1744 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:18:11.0029 1744 sfloppy - ok
17:18:11.0138 1744 [ 74ec60e20516aaa573be74f31175270f ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
17:18:11.0231 1744 SftService - ok
17:18:11.0325 1744 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:18:11.0341 1744 SharedAccess - ok
17:18:11.0387 1744 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:18:11.0450 1744 ShellHWDetection - ok
17:18:11.0465 1744 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:18:11.0465 1744 SiSRaid2 - ok
17:18:11.0512 1744 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:18:11.0528 1744 SiSRaid4 - ok
17:18:11.0621 1744 [ c70aebd3608ed9fcea2a1bae83567ffc ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:18:19.0702 1744 SkypeUpdate - ok
17:18:19.0749 1744 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:18:19.0765 1744 Smb - ok
17:18:19.0812 1744 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:18:19.0827 1744 SNMPTRAP - ok
17:18:19.0858 1744 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:18:19.0858 1744 spldr - ok
17:18:19.0921 1744 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
17:18:19.0983 1744 Spooler - ok
17:18:20.0124 1744 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
17:18:20.0155 1744 sppsvc - ok
17:18:20.0217 1744 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:18:20.0233 1744 sppuinotify - ok
17:18:20.0295 1744 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
17:18:20.0358 1744 srv - ok
17:18:20.0404 1744 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:18:20.0467 1744 srv2 - ok
17:18:20.0482 1744 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:18:20.0545 1744 srvnet - ok
17:18:20.0623 1744 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:18:20.0638 1744 SSDPSRV - ok
17:18:20.0654 1744 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:18:20.0670 1744 SstpSvc - ok
17:18:20.0935 1744 [ 444109453a2b87e6c16bcda5953e81a9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
17:18:20.0997 1744 STacSV - ok
17:18:21.0013 1744 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:18:21.0028 1744 stexstor - ok
17:18:21.0060 1744 [ 02e784fa49032f84964db90a3ed81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
17:18:21.0138 1744 STHDA - ok
17:18:21.0169 1744 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
17:18:21.0247 1744 stisvc - ok
17:18:21.0278 1744 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:18:21.0278 1744 swenum - ok
17:18:21.0340 1744 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
17:18:21.0356 1744 swprv - ok
17:18:21.0434 1744 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
17:18:21.0496 1744 SysMain - ok
17:18:21.0715 1744 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:18:21.0762 1744 TabletInputService - ok
17:18:21.0808 1744 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:18:21.0855 1744 TapiSrv - ok
17:18:21.0886 1744 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
17:18:21.0902 1744 TBS - ok
17:18:21.0996 1744 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:18:22.0183 1744 Tcpip - ok
17:18:22.0245 1744 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:18:22.0261 1744 TCPIP6 - ok
17:18:22.0292 1744 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:18:22.0354 1744 tcpipreg - ok
17:18:22.0401 1744 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:18:22.0417 1744 TDPIPE - ok
17:18:22.0464 1744 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:18:22.0526 1744 TDTCP - ok
17:18:22.0666 1744 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:18:22.0713 1744 tdx - ok
17:18:22.0744 1744 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:18:22.0791 1744 TermDD - ok
17:18:22.0854 1744 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
17:18:22.0932 1744 TermService - ok
17:18:22.0963 1744 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
17:18:22.0963 1744 Themes - ok
17:18:23.0166 1744 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
17:18:23.0166 1744 THREADORDER - ok
17:18:23.0322 1744 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
17:18:23.0337 1744 TrkWks - ok
17:18:23.0509 1744 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:18:23.0571 1744 TrustedInstaller - ok
17:18:23.0649 1744 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:18:23.0712 1744 tssecsrv - ok
17:18:23.0836 1744 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:18:23.0899 1744 TsUsbFlt - ok
17:18:24.0055 1744 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:18:24.0102 1744 tunnel - ok
17:18:24.0195 1744 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:18:24.0195 1744 uagp35 - ok
17:18:24.0382 1744 [ 0e3ad73a7fe4d27cc1b151c3065d69f9 ] uagqecsvc C:\Users\Kevin\IAG Remote Access Agent\portalchristianaidorguk\portal1\uagqecsvc.exe
17:18:24.0460 1744 uagqecsvc - ok
17:18:24.0507 1744 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:18:24.0570 1744 udfs - ok
17:18:24.0648 1744 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:18:24.0663 1744 UI0Detect - ok
17:18:24.0710 1744 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:18:24.0710 1744 uliagpkx - ok
17:18:24.0757 1744 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:18:24.0819 1744 umbus - ok
17:18:24.0882 1744 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:18:24.0882 1744 UmPass - ok
17:18:24.0897 1744 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
17:18:24.0913 1744 upnphost - ok
17:18:24.0944 1744 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
17:18:25.0006 1744 usbccgp - ok
17:18:25.0053 1744 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:18:25.0069 1744 usbcir - ok
17:18:25.0084 1744 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:18:25.0147 1744 usbehci - ok
17:18:25.0209 1744 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:18:25.0272 1744 usbhub - ok
17:18:25.0350 1744 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:18:25.0396 1744 usbohci - ok
17:18:25.0428 1744 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:18:25.0428 1744 usbprint - ok
17:18:25.0459 1744 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:18:25.0506 1744 USBSTOR - ok
17:18:25.0521 1744 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:18:25.0584 1744 usbuhci - ok
17:18:25.0630 1744 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
17:18:25.0646 1744 UxSms - ok
17:18:25.0662 1744 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
17:18:25.0662 1744 VaultSvc - ok
17:18:25.0693 1744 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:18:25.0693 1744 vdrvroot - ok
17:18:25.0740 1744 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
17:18:25.0818 1744 vds - ok
17:18:25.0864 1744 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:18:25.0864 1744 vga - ok
17:18:25.0880 1744 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
17:18:25.0896 1744 VgaSave - ok
17:18:25.0927 1744 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:18:25.0989 1744 vhdmp - ok
17:18:26.0020 1744 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:18:26.0020 1744 viaide - ok
17:18:26.0036 1744 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:18:26.0098 1744 volmgr - ok
17:18:26.0145 1744 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:18:26.0145 1744 volmgrx - ok
17:18:26.0176 1744 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:18:26.0254 1744 volsnap - ok
17:18:26.0332 1744 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:18:26.0348 1744 vsmraid - ok
17:18:26.0410 1744 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
17:18:26.0473 1744 VSS - ok
17:18:26.0504 1744 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:18:26.0520 1744 vwifibus - ok
17:18:26.0535 1744 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:18:26.0551 1744 vwififlt - ok
17:18:26.0660 1744 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
17:18:26.0676 1744 W32Time - ok
17:18:26.0722 1744 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:18:26.0738 1744 WacomPen - ok
17:18:26.0769 1744 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:18:26.0832 1744 WANARP - ok
17:18:26.0847 1744 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:18:26.0847 1744 Wanarpv6 - ok
17:18:26.0941 1744 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:18:27.0050 1744 WatAdminSvc - ok
17:18:27.0128 1744 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
17:18:27.0237 1744 wbengine - ok
17:18:27.0284 1744 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:18:27.0300 1744 WbioSrvc - ok
17:18:27.0331 1744 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:18:27.0331 1744 wcncsvc - ok
17:18:27.0362 1744 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:18:27.0362 1744 WcsPlugInService - ok
17:18:27.0393 1744 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:18:27.0409 1744 Wd - ok
17:18:27.0440 1744 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:18:27.0471 1744 Wdf01000 - ok
17:18:27.0487 1744 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:18:27.0487 1744 WdiServiceHost - ok
17:18:27.0502 1744 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:18:27.0502 1744 WdiSystemHost - ok
17:18:27.0534 1744 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:18:27.0580 1744 WebClient - ok
17:18:27.0596 1744 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:18:27.0612 1744 Wecsvc - ok
17:18:27.0627 1744 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:18:27.0643 1744 wercplsupport - ok
17:18:27.0643 1744 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:18:27.0658 1744 WerSvc - ok
17:18:27.0690 1744 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:18:27.0690 1744 WfpLwf - ok
17:18:27.0721 1744 [ b14ef15bd757fa488f9c970eee9c0d35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
17:18:27.0783 1744 WimFltr - ok
17:18:27.0814 1744 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:18:27.0814 1744 WIMMount - ok
17:18:27.0846 1744 WinDefend - ok
17:18:27.0861 1744 WinHttpAutoProxySvc - ok
17:18:27.0924 1744 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:18:27.0924 1744 Winmgmt - ok
17:18:28.0002 1744 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
17:18:28.0111 1744 WinRM - ok
17:18:28.0204 1744 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
17:18:28.0236 1744 Wlansvc - ok
17:18:28.0470 1744 [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:18:28.0532 1744 wlidsvc - ok
17:18:28.0610 1744 [ 13b0a570e1ae451c92da550085d72cf3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
17:18:28.0672 1744 wltrysvc - ok
17:18:28.0719 1744 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:18:28.0719 1744 WmiAcpi - ok
17:18:28.0766 1744 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:18:28.0766 1744 wmiApSrv - ok
17:18:28.0782 1744 WMPNetworkSvc - ok
17:18:28.0828 1744 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:18:28.0828 1744 WPCSvc - ok
17:18:28.0860 1744 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:18:28.0906 1744 WPDBusEnum - ok
17:18:28.0953 1744 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:18:28.0953 1744 ws2ifsl - ok
17:18:28.0984 1744 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
17:18:28.0984 1744 wscsvc - ok
17:18:28.0984 1744 WSearch - ok
17:18:29.0062 1744 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:18:29.0140 1744 wuauserv - ok
17:18:29.0172 1744 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:18:29.0234 1744 WudfPf - ok
17:18:29.0250 1744 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:18:29.0312 1744 WUDFRd - ok
17:18:29.0343 1744 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:18:29.0390 1744 wudfsvc - ok
17:18:29.0437 1744 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
17:18:29.0452 1744 WwanSvc - ok
17:18:29.0484 1744 [ 79d9ce9614c955dd31aa2556b4014662 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
17:18:29.0499 1744 yukonw7 - ok
17:18:29.0499 1744 ================ Scan global ===============================
17:18:29.0546 1744 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
17:18:29.0624 1744 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
17:18:29.0671 1744 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
17:18:29.0718 1744 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
17:18:29.0749 1744 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
17:18:29.0749 1744 [Global] - ok
17:18:29.0749 1744 ================ Scan MBR ==================================
17:18:29.0764 1744 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
17:18:30.0014 1744 \Device\Harddisk0\DR0 - ok
17:18:30.0014 1744 ================ Scan VBR ==================================
17:18:30.0014 1744 Boot (0x1200) (a5a47f88a08d4a60ab8861a5e6c4609c) \Device\Harddisk0\DR0\Partition1
17:18:30.0014 1744 \Device\Harddisk0\DR0\Partition1 - ok
17:18:30.0030 1744 Boot (0x1200) (79b02ecf1d22474ee115a7b454f2bc68) \Device\Harddisk0\DR0\Partition2
17:18:30.0045 1744 \Device\Harddisk0\DR0\Partition2 - ok
17:18:30.0045 1744 ============================================================
17:18:30.0045 1744 Scan finished
17:18:30.0045 1744 ============================================================
17:18:30.0045 4956 Detected object count: 0
17:18:30.0045 4956 Actual detected object count: 0






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-18 17:21:30
-----------------------------
17:21:30.163 OS Version: Windows x64 6.1.7601 Service Pack 1
17:21:30.163 Number of processors: 2 586 0x170A
17:21:30.165 ComputerName: KODELL UserName: Kevin
17:21:31.114 Initialize success
17:22:44.535 AVAST engine defs: 12081800
17:22:52.133 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:22:52.136 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
17:22:52.154 Disk 0 MBR read successfully
17:22:52.157 Disk 0 MBR scan
17:22:52.286 Disk 0 Windows VISTA default MBR code
17:22:52.290 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
17:22:52.348 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
17:22:52.411 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
17:22:52.487 Disk 0 scanning C:\Windows\system32\drivers
17:23:25.364 Service scanning
17:23:50.904 Modules scanning
17:23:50.914 Disk 0 trace - called modules:
17:23:50.967 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:23:51.302 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003340740]
17:23:51.309 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e3e050]
17:23:52.641 AVAST engine scan C:\Windows
17:24:00.765 AVAST engine scan C:\Windows\system32
17:28:47.288 AVAST engine scan C:\Windows\system32\drivers
17:29:01.007 AVAST engine scan C:\Users\Kevin
17:54:14.113 File: C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1a5f6be6-3730c53c **INFECTED** Win32:Rootkit-gen [Rtk]
17:58:42.489 AVAST engine scan C:\ProgramData
18:07:34.719 Scan finished successfully
18:07:57.936 Disk 0 MBR has been saved successfully to "C:\Users\Kevin\Desktop\MBR.dat"
18:07:57.978 The log file has been saved successfully to "C:\Users\Kevin\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 PM

Posted 18 August 2012 - 12:38 PM

Greetings kevodell

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 kevodell

kevodell
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 18 August 2012 - 04:11 PM

Hi Gringo

At the beginning it asked to update to a new version of Combofix – I allowed this.

The system rebooted during the run.

Here is the log

Over to you

Kevin

ComboFix 12-08-18.03 - Kevin 18/08/2012 21:31:20.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3032.2116 [GMT 1:00]
Running from: c:\users\Kevin\Desktop\ComboFix.exe
Command switches used :: c:\users\Kevin\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
.
c:\windows\SysWow64\Drivers\atapi.sys . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))
.
.
2012-08-18 21:00 . 2012-08-18 21:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-18 18:11 . 2012-07-14 00:17 136672 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-08-17 18:32 . 2012-05-25 16:09 29312 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
2012-08-14 19:44 . 2012-08-14 19:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-14 19:44 . 2012-08-14 19:44 -------- d-----w- c:\programdata\Malwarebytes
2012-08-14 19:44 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-08 20:32 . 2012-08-08 20:32 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-08-05 19:00 . 2012-08-05 19:00 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-05 18:58 . 2012-08-14 19:35 -------- d-----w- c:\programdata\0C1CFB13004F2525004C56A3F875F002
2012-08-05 18:57 . 2012-08-05 18:57 -------- d-----w- c:\users\Kevin\AppData\Local\{D9550BDA-DF2E-11E1-8270-B8AC6F996F26}
2012-08-01 18:59 . 2012-08-01 18:59 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-08-01 18:58 . 2012-08-01 18:58 129176 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 20:54 . 2012-03-31 16:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 20:54 . 2011-07-27 16:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-01 18:58 . 2012-03-13 18:36 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-01 18:58 . 2012-03-13 18:36 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-29 19:52 . 2011-08-28 16:46 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-07-11 20:04 . 2009-11-28 07:41 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-11 22:05 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 20:08 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 20:08 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 20:08 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 20:08 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 20:08 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 20:08 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 20:08 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 18:25 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 18:25 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 18:25 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 18:25 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 18:25 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 18:25 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 18:25 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-22 18:25 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-22 18:25 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 22:02 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 22:02 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 22:02 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 22:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 22:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 22:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 22:02 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 22:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 22:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 22:02 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 22:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 22:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 22:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 22:02 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 22:02 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 22:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 22:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 22:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 22:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 20:08 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 20:08 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 20:08 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 20:08 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 20:08 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 20:08 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 20:08 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 20:08 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 20:08 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-25 16:13 . 2012-02-11 21:13 162224 ----a-w- c:\windows\system32\mfevtps.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-17_19.27.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-17 19:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-18 21:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-17 19:27 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-18 21:01 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-17 19:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-18 21:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-31 05:33 . 2012-08-18 19:25 77558 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-18 19:25 46246 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-07 21:42 . 2012-08-18 19:25 27146 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1932621273-3218902890-455858099-1000_UserData.bin
- 2012-08-17 19:27 . 2012-08-17 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-18 21:01 . 2012-08-18 21:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-18 21:01 . 2012-08-18 21:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-17 19:27 . 2012-08-17 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-05 16:58 . 2012-08-17 18:50 196608 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-05 16:58 . 2012-08-18 20:31 196608 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-07 22:01 . 2012-08-17 18:05 364088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-11-07 22:01 . 2012-08-18 19:23 364088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-08-17 19:26 275068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-18 21:00 275068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-11-05 16:58 . 2012-08-17 18:50 2572288 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-05 16:58 . 2012-08-18 20:31 2572288 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-17 18:50 3145728 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-18 20:31 3145728 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-28 22:59 . 2012-08-18 21:00 5805412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1932621273-3218902890-455858099-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-08-01 296096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-09 559616]
.
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe [2012-02-20 240408]
R3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [2010-01-18 423576]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-07-29 101688]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-15 397720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-07-29 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-07-29 297240]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe [2012-02-20 193816]
S2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2011-03-02 224256]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 162224]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-07-29 976728]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\users\Kevin\IAG Remote Access Agent\portalchristianaidorguk\portal1\uagqecsvc.exe [2010-06-14 149896]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-06-25 431488]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 20:54]
.
2012-07-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-07-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-18 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"qeshcp"="" [BU]
"dpbdav"="" [BU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\rbixt1g0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1932621273-3218902890-455858099-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1932621273-3218902890-455858099-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-1932621273-3218902890-455858099-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2012-08-18 22:08:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-18 21:08
ComboFix2.txt 2012-08-17 19:34
.
Pre-Run: 185,468,391,424 bytes free
Post-Run: 185,340,071,936 bytes free
.
- - End Of File - - 18F653F652A7689466E69FF7C8079447

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 PM

Posted 18 August 2012 - 04:49 PM

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 kevodell

kevodell
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 19 August 2012 - 03:06 AM

Hi Gringo
Is there a reason why McAfee (real time scanning and firewall) might be switched off? Is it normal that I have to switch on when I switch on my machine?

Anyway, below is the RogueKiller log.

Kevin


RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Kevin [Admin rights]
Mode: Scan -- Date: 08/19/2012 09:01:47

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\L --> FOUND
[ZeroAccess][FOLDER] U : c:\users\kevin\appdata\local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\kevin\appdata\local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVT-75ZCT2 +++++
--- User ---
[MBR] 2dbc9862d931294e7119278110e1b0c1
[BSP] f2554e82efed46df96eec1d04c45713e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 PM

Posted 19 August 2012 - 03:53 AM

--Run RogueKiller--

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator" to start
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 kevodell

kevodell
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 19 August 2012 - 04:19 AM

I'm guessing you want the latest version







RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Kevin [Admin rights]
Mode: Remove -- Date: 08/19/2012 10:11:22

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> REPLACED (1)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\windows\installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\L --> REMOVED
[ZeroAccess][FOLDER] U : c:\users\kevin\appdata\local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\users\kevin\appdata\local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\L --> REMOVED

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVT-75ZCT2 +++++
--- User ---
[MBR] 2dbc9862d931294e7119278110e1b0c1
[BSP] f2554e82efed46df96eec1d04c45713e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 PM

Posted 19 August 2012 - 04:35 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kevodell

kevodell
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 19 August 2012 - 09:35 AM

Hi Gringo

It went fine an d it rebooted during the process. When it had ended and produced the log I tried to open a browser to reply but an error message came up on both windows and firefox - something to do with a registry that was down for deletion and did I want to delete it. I rebooted and able to access both browsers. The new combofix log is here...

Kevin



ComboFix 12-08-18.03 - Kevin 19/08/2012 15:05:24.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3032.1894 [GMT 1:00]
Running from: c:\users\Kevin\Desktop\ComboFix.exe
Command switches used :: c:\users\Kevin\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
.
.
2012-08-19 14:16 . 2012-08-19 14:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-18 18:11 . 2012-07-14 00:17 136672 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-08-17 18:32 . 2012-05-25 16:09 29312 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
2012-08-14 19:44 . 2012-08-14 19:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-14 19:44 . 2012-08-14 19:44 -------- d-----w- c:\programdata\Malwarebytes
2012-08-14 19:44 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-08 20:32 . 2012-08-08 20:32 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-08-05 19:00 . 2012-08-05 19:00 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-05 18:58 . 2012-08-14 19:35 -------- d-----w- c:\programdata\0C1CFB13004F2525004C56A3F875F002
2012-08-05 18:57 . 2012-08-05 18:57 -------- d-----w- c:\users\Kevin\AppData\Local\{D9550BDA-DF2E-11E1-8270-B8AC6F996F26}
2012-08-01 18:59 . 2012-08-01 18:59 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-08-01 18:58 . 2012-08-01 18:58 129176 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 20:54 . 2012-03-31 16:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 20:54 . 2011-07-27 16:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-01 18:58 . 2012-03-13 18:36 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-01 18:58 . 2012-03-13 18:36 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-29 19:52 . 2011-08-28 16:46 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-07-11 20:04 . 2009-11-28 07:41 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-11 22:05 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 20:08 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 20:08 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 20:08 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 20:08 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 20:08 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 20:08 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 20:08 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 18:25 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 18:25 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 18:25 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 18:25 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 18:25 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 18:25 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 18:25 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-22 18:25 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-22 18:25 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 22:02 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 22:02 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 22:02 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 22:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 22:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 22:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 22:02 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 22:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 22:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 22:02 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 22:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 22:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 22:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 22:02 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 22:02 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 22:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 22:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 22:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 22:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 20:08 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 20:08 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 20:08 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 20:08 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 20:08 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 20:08 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 20:08 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 20:08 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 20:08 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-25 16:13 . 2012-02-11 21:13 162224 ----a-w- c:\windows\system32\mfevtps.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-17_19.27.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-17 19:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-19 14:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-17 19:27 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-19 14:17 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-17 19:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-19 14:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-31 05:33 . 2012-08-19 14:19 77906 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-19 14:19 46278 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-07 21:42 . 2012-08-19 14:19 27328 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1932621273-3218902890-455858099-1000_UserData.bin
+ 2010-06-27 10:15 . 2012-08-18 22:05 3678 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-08-17 19:27 . 2012-08-17 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-19 14:17 . 2012-08-19 14:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-19 14:17 . 2012-08-19 14:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-17 19:27 . 2012-08-17 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-05 16:58 . 2012-08-19 13:55 196608 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-05 16:58 . 2012-08-17 18:50 196608 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-07 22:01 . 2012-08-18 19:23 364088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-11-07 22:01 . 2012-08-17 18:05 364088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-08-17 19:26 275068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-19 14:16 275068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-11-05 16:58 . 2012-08-19 13:55 2572288 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-05 16:58 . 2012-08-17 18:50 2572288 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-19 13:55 3145728 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-17 18:50 3145728 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-17 23:29 . 2012-08-19 14:16 2877716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1932621273-3218902890-455858099-1000-8192.dat
- 2010-12-17 23:29 . 2012-04-07 18:45 2877716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1932621273-3218902890-455858099-1000-8192.dat
+ 2011-08-28 22:59 . 2012-08-19 09:21 5805412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1932621273-3218902890-455858099-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-08-01 296096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-09 559616]
.
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe [2012-02-20 240408]
R3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [2010-01-18 423576]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-07-29 101688]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-15 397720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-07-29 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-07-29 297240]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe [2012-02-20 193816]
S2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2011-03-02 224256]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 162224]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-07-29 976728]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\users\Kevin\IAG Remote Access Agent\portalchristianaidorguk\portal1\uagqecsvc.exe [2010-06-14 149896]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-06-25 431488]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 20:54]
.
2012-07-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-07-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-19 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"qeshcp"="" [BU]
"dpbdav"="" [BU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\rbixt1g0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1932621273-3218902890-455858099-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1932621273-3218902890-455858099-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-1932621273-3218902890-455858099-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2012-08-19 15:23:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-19 14:23
ComboFix2.txt 2012-08-18 21:08
ComboFix3.txt 2012-08-17 19:34
.
Pre-Run: 185,194,057,728 bytes free
Post-Run: 184,997,736,448 bytes free
.
- - End Of File - - 9EBE26AD65C711E646B9A43D4C75EFF0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users