Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Netbook infected


  • This topic is locked This topic is locked
21 replies to this topic

#1 kkoz83

kkoz83

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 27 August 2012 - 02:08 PM

Hi everyone, how are you?

I have a netbook that needs virus/malware removal. Numerous ads open up during Internet Explorer 9 use.
Malwarebytes & McAfee came clean in Windows safe mode and Spybot removed 2 entries.

I greatly appreciate it :)

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 28 August 2012 - 08:31 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 29 August 2012 - 11:10 AM

Results of screen317's Security Check version 0.99.49
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 33
Java version out of Date!
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by terry at 12:01:59 on 2012-08-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.1131 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\QUALCOMM\QDLService\QDLService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120705120513.dll
BHO: LastPass Vault: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPToolbar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Facebook Update] "c:\users\terry\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UpdatePRCShortCut] "c:\program files\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\terry\appdata\roaming\micros~1\windows\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
StartupFolder: c:\users\terry\appdata\roaming\micros~1\windows\startm~1\programs\startup\touchp~1.lnk - c:\program files\touchpadpal\TouchpadPal.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: LastPass - file://c:\users\terry\appdata\locallow\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\terry\appdata\locallow\lastpass\context.html?cmd=fillforms
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 216.144.187.101 204.186.80.251 216.144.187.199
TCP: Interfaces\{4C337F2F-DC15-4956-8BF6-6EAB54D43B32} : DhcpNameServer = 216.144.187.101 204.186.80.251 216.144.187.199
TCP: Interfaces\{4C337F2F-DC15-4956-8BF6-6EAB54D43B32}\6416272756C6C60264279647A702745756374702143636563737 : DhcpNameServer = 167.206.112.3 167.206.112.4
TCP: Interfaces\{4C337F2F-DC15-4956-8BF6-6EAB54D43B32}\84F6D656 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{5853CB78-9986-4414-BB71-074253110603} : DhcpNameServer = 216.144.187.101 204.186.80.251 216.144.187.199
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 464304]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-5-24 169608]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-23 218688]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-5-24 64912]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [2009-8-28 81920]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-5-20 47640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-24 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-24 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-24 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-5-24 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-5-24 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-5-24 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-5-24 151880]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2009-7-30 345336]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-5-24 57600]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-14 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-5-24 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-5-24 340920]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-6-26 66080]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2010-9-17 13408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-8-28 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-28 29472]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-5-22 20328]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-8-28 136176]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-5-24 87656]
S3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterhp.sys [2009-7-30 5248]
S3 qcusbnethp;HP USB-NDIS miniport;c:\windows\system32\drivers\qcusbnethp.sys [2009-7-30 115200]
S3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserhp.sys [2009-7-30 104448]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-28 171008]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
.
=============== Created Last 30 ================
.
2012-08-15 18:31:38 393216 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 18:24:28 768512 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 18:24:17 41472 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 18:24:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 18:24:04 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 18:23:50 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 18:23:48 316928 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 18:23:41 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-08-10 17:57:08 -------- d-----w- c:\programdata\Oberon Media
.
==================== Find3M ====================
.
2012-08-29 15:59:24 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-08-28 13:50:07 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 13:50:06 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 01:07:20 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-12 01:07:19 52128 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-07-12 01:07:17 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-12 01:07:17 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-24 14:44:34 6221896 ----a-w- c:\program files\common files\lpuninstall.exe
2012-06-07 00:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:09:46 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:51:16 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51:16 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50:00 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:48:35 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 12:05:13.48 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/19/2009 8:25:54 AM
System Uptime: 8/29/2012 11:48:43 AM (1 hours ago)
.
Motherboard: Quanta | | 3651
Processor: Intel® Atom™ CPU N270 @ 1.60GHz | CPU | 1600/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 103.918 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.82 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP110: 5/21/2012 2:19:09 PM - Scheduled Checkpoint
RP111: 6/4/2012 10:44:07 AM - Windows Update
RP112: 6/13/2012 10:15:36 AM - Windows Update
RP113: 6/18/2012 11:10:47 AM - Installed Java™ 6 Update 33
RP114: 6/21/2012 10:37:20 AM - Windows Update
RP115: 7/2/2012 2:35:53 PM - Scheduled Checkpoint
RP116: 7/10/2012 3:20:08 PM - Windows Update
RP117: 7/10/2012 3:52:50 PM - Windows Update
RP118: 7/17/2012 6:12:10 PM - Scheduled Checkpoint
RP119: 7/27/2012 1:55:31 PM - Scheduled Checkpoint
RP120: 8/15/2012 2:24:59 PM - Windows Update
RP121: 8/15/2012 2:59:30 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Adobe Shockwave Player
ALPS Touch Pad Driver
ArcSoft WebCam Companion 3
Broadcom 802.11 Wireless LAN Adapter
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
DAEMON Tools Lite
Device Doctor v1.0
Facebook Video Calling 1.2.0.159
Glary Utilities 2.34.0.1190
Google Update Helper
HP Customer Experience Enhancements
HP Games
HP Integrated Module with Bluetooth wireless technology
HP QuickSync
HP Setup
HP Support Assistant
HP Update
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Java Auto Updater
Java™ 6 Update 33
LastPass (uninstall only)
LogMeIn
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee AntiVirus Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
NirSoft BlueScreenView
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
PC Wizard 2010.1.96
Power2Go
PowerRecover
Qualcomm Gobi Driver Package for HP
Qualcomm Gobi Images for HP
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Spybot - Search & Destroy
Stickies 7.1a
TouchpadPal 1.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.2
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
8/29/2012 11:50:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
8/29/2012 11:49:13 AM, Error: Microsoft-Windows-TaskScheduler [413] - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 29 August 2012 - 02:40 PM

Hello kkoz83

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 29 August 2012 - 05:37 PM

ComboFix 12-08-29.03 - terry 08/29/2012 17:46:18.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.977 [GMT -4:00]
Running from: c:\users\terry\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\arunres.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\autorun.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\cmisetup.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\compatprovider.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\cryptosetup.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\diager.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\diagnostic.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\dism.exe
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\dismcore.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\dismcoreps.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\dismhost.exe
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\dismprov.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\drvmgrtn.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\du.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\arunres.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\cmisetup.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\compatprovider.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\dism.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\dismcore.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\dismprov.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\folderprovider.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\input.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\logprovider.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\msxml6r.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\nlsbres.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\pnpibs.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\rollback.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\setup.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\smiengine.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\spwizres.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\upgloader.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\uxlibres.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\w32uires.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\wdsclient.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\wdsimage.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\en-US\winsetup.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\folderprovider.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\hwcompat.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\input.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\logprovider.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\msxml6.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\msxml6r.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\ndiscompl.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\nlsbres.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\ntdsupg.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\pidgenx.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\pnpibs.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\recovery\en-US\RecEnv.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\recovery\en-US\StartRep.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\recovery\RecEnv.exe
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\recovery\StartRep.exe
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\rollback.exe
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\sdbapiu.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\setup.exe
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\SmiEngine.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\spflvrnt.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\spprgrss.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\spwizeng.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\spwizres.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\sqmapi.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\ssshim.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\testplugin.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\unattend.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\unbcl.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\upgloader.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\upgreport.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\uxlib.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\uxlibres.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\w32uiimg.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\w32uires.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\wdsclient.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\wdsclientapi.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\wdscore.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\wdscsl.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\wdsimage.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\wdstptc.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\wdsutil.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\win32ui.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\winsetup.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\sources\xmllite.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\bmrui.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\BootRec.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\cscript.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\dskquota.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\hhctrl.ocx.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\ICacls.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\jscript.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\MdSched.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\msscript.ocx.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\netman.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\reagent.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\recdisc.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\rstrui.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\scrobj.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\scrrun.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\spp.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\srcore.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\sxproxy.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\vbscript.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\VSSVC.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\wdscapture.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\WdsImage.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\wer.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\werui.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\wscript.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\en-US\wshom.ocx.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\cimwin32.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\cimwin32.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\KrnlProv.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\mofcomp.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\mofd.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\NCProv.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\scrcons.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\vdswmi.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\wbemcore.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\wbemtest.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\win32_tpm.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\WinMgmt.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\WinMgmtR.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\WmiApRes.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\WmiApRpl.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\WmiApSrv.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\WMIC.exe.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\WMIPICMP.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\WMIsvc.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\en-US\wmiutils.dll.mui
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\esscli.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\fastprox.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\KrnlProv.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\mofcomp.exe
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\mofd.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\mofinstall.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\NCProv.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\PolicMan.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\repdrvfs.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\scrcons.exe
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\SMTPCons.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\stdprov.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\unsecapp.exe
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\vdswmi.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\wbemcons.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\wbemcore.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\wbemdisp.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\wbemdisp.tlb
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\wbemess.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\wbemprox.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\wbemsvc.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\wbemtest.exe
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\Win32_EncryptableVolume.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\Win32_Tpm.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\WinMgmt.exe
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\WinMgmtR.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\WMIADAP.exe
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\WmiApRes.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\WmiApRpl.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\WmiApSrv.exe
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\WMIC.exe
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\WMICOOKR.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\WmiDcPrv.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\wmipcima.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\wmipdfs.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\wmipdskq.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\WMIPICMP.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\wmiprov.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\WmiPrvSD.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\WmiPrvSE.exe
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\WMIPSESS.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\WMIsvc.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\wmiutils.dll
c:\users\terry\AppData\Local\Temp\_MountForREUpdate\Windows\System32\wbem\xml\wmi2xml.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-29 22:06 . 2012-08-29 22:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-29 22:06 . 2012-08-29 22:06 -------- d-----w- c:\users\jeff\AppData\Local\temp
2012-08-29 18:28 . 2012-08-29 18:28 -------- d-----w- c:\program files\Common Files\Java
2012-08-29 18:27 . 2012-08-29 18:26 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-28 13:50 . 2012-08-29 15:48 -------- d-----w- c:\program files\Google
2012-08-15 19:30 . 2012-08-15 19:31 -------- d-----w- c:\program files\Common Files\Adobe
2012-08-15 18:31 . 2012-07-06 19:31 393216 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 18:24 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 18:24 . 2012-07-04 21:23 41472 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 18:24 . 2012-07-04 21:23 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 18:24 . 2012-05-05 07:44 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 18:23 . 2012-02-11 05:44 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 18:23 . 2012-02-11 05:41 316928 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 18:23 . 2012-07-18 17:10 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-08-10 17:57 . 2012-08-10 17:57 -------- d-----w- c:\programdata\Oberon Media
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 22:03 . 2011-10-20 15:10 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-08-29 18:26 . 2012-04-30 19:04 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 18:26 . 2011-05-20 22:35 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 13:50 . 2012-04-02 19:22 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 13:50 . 2011-05-26 18:40 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 01:07 . 2011-05-20 18:50 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-12 01:07 . 2011-05-20 18:50 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-07-12 01:07 . 2011-05-20 18:50 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-07-12 01:07 . 2011-05-20 18:50 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-03 17:46 . 2011-05-20 22:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 14:44 . 2011-10-25 15:19 6221896 ----a-w- c:\program files\Common Files\lpuninstall.exe
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:09 . 2012-07-10 19:18 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-10 19:18 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-21 14:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:39 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:38 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:38 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 14:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 14:39 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 14:38 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 14:38 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 14:38 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:51 . 2012-07-10 19:18 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:51 . 2012-07-10 19:18 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:50 . 2012-07-10 19:18 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-10 19:18 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-10 19:18 219136 ----a-w- c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-05-04 237568]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-10-25 6221896]
.
c:\users\terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files\Stickies\stickies.exe [2011-5-23 1122304]
TouchpadPal.lnk - c:\program files\TouchpadPal\TouchpadPal.exe [2011-7-26 380416]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP]
2009-07-14 10:54 589104 ----a-w- c:\program files\Hewlett-Packard\HP QuickSync\QuickSync.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\DRIVERS\qcfilterhp.sys [x]
R3 qcusbnethp;HP USB-NDIS miniport;c:\windows\system32\DRIVERS\qcusbnethp.sys [x]
R3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbserhp.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:50]
.
2011-06-07 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-06-06 12:25]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-28 13:51]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-28 13:51]
.
2011-06-21 c:\windows\Tasks\HPCeeScheduleForterry.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-17 21:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\users\terry\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\terry\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Facebook Update - c:\users\terry\AppData\Local\Facebook\Update\FacebookUpdate.exe
SafeBoot-Wdf01000.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-29 18:19:13
ComboFix-quarantined-files.txt 2012-08-29 22:19
.
Pre-Run: 112,329,596,928 bytes free
Post-Run: 111,908,253,696 bytes free
.
- - End Of File - - 20E7D85C930738C05FBCE1E439146CBF

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 29 August 2012 - 06:24 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo




Code:
Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 30 August 2012 - 08:19 AM

09:13:04.0660 3068 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
09:13:06.0142 3068 ============================================================
09:13:06.0142 3068 Current date / time: 2012/08/30 09:13:06.0142
09:13:06.0142 3068 SystemInfo:
09:13:06.0142 3068
09:13:06.0142 3068 OS Version: 6.1.7600 ServicePack: 0.0
09:13:06.0142 3068 Product type: Workstation
09:13:06.0142 3068 ComputerName: TERRY
09:13:06.0142 3068 UserName: terry
09:13:06.0142 3068 Windows directory: C:\Windows
09:13:06.0142 3068 System windows directory: C:\Windows
09:13:06.0142 3068 Processor architecture: Intel x86
09:13:06.0142 3068 Number of processors: 2
09:13:06.0142 3068 Page size: 0x1000
09:13:06.0142 3068 Boot type: Normal boot
09:13:06.0142 3068 ============================================================
09:13:10.0198 3068 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:13:10.0198 3068 ============================================================
09:13:10.0198 3068 \Device\Harddisk0\DR0:
09:13:10.0198 3068 MBR partitions:
09:13:10.0198 3068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
09:13:10.0198 3068 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1141E000
09:13:10.0198 3068 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11482000, BlocksNum 0x1597000
09:13:10.0198 3068 ============================================================
09:13:10.0229 3068 C: <-> \Device\Harddisk0\DR0\Partition2
09:13:10.0292 3068 D: <-> \Device\Harddisk0\DR0\Partition3
09:13:10.0292 3068 ============================================================
09:13:10.0292 3068 Initialize success
09:13:10.0292 3068 ============================================================
09:13:17.0592 7996 ============================================================
09:13:17.0592 7996 Scan started
09:13:17.0592 7996 Mode: Manual;
09:13:17.0592 7996 ============================================================
09:13:19.0199 7996 ================ Scan system memory ========================
09:13:19.0199 7996 System memory - ok
09:13:19.0199 7996 ================ Scan services =============================
09:13:19.0464 7996 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
09:13:19.0480 7996 1394ohci - ok
09:13:19.0636 7996 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:13:20.0120 7996 ACDaemon - ok
09:13:20.0198 7996 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
09:13:20.0229 7996 ACPI - ok
09:13:20.0276 7996 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
09:13:20.0291 7996 AcpiPmi - ok
09:13:20.0416 7996 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:13:20.0416 7996 AdobeARMservice - ok
09:13:20.0510 7996 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:13:20.0884 7996 AdobeFlashPlayerUpdateSvc - ok
09:13:20.0993 7996 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:13:21.0040 7996 adp94xx - ok
09:13:21.0102 7996 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:13:21.0118 7996 adpahci - ok
09:13:21.0180 7996 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:13:21.0212 7996 adpu320 - ok
09:13:21.0274 7996 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:13:21.0274 7996 AeLookupSvc - ok
09:13:21.0399 7996 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
09:13:21.0399 7996 AESTFilters - ok
09:13:21.0461 7996 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
09:13:21.0477 7996 AFD - ok
09:13:21.0524 7996 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
09:13:21.0524 7996 agp440 - ok
09:13:21.0602 7996 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
09:13:21.0617 7996 aic78xx - ok
09:13:21.0680 7996 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
09:13:21.0711 7996 ALG - ok
09:13:21.0773 7996 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
09:13:21.0804 7996 aliide - ok
09:13:21.0851 7996 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
09:13:21.0882 7996 amdagp - ok
09:13:21.0914 7996 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
09:13:21.0929 7996 amdide - ok
09:13:21.0992 7996 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:13:21.0992 7996 AmdK8 - ok
09:13:22.0023 7996 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:13:22.0054 7996 AmdPPM - ok
09:13:22.0101 7996 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:13:22.0787 7996 amdsata - ok
09:13:22.0896 7996 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:13:22.0912 7996 amdsbs - ok
09:13:22.0959 7996 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:13:23.0614 7996 amdxata - ok
09:13:23.0676 7996 [ 11246B43E2FD8318EF5F45DE3A74FBAE ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
09:13:24.0035 7996 ApfiltrService - ok
09:13:24.0098 7996 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
09:13:24.0113 7996 AppID - ok
09:13:24.0160 7996 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:13:24.0176 7996 AppIDSvc - ok
09:13:24.0207 7996 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
09:13:24.0238 7996 Appinfo - ok
09:13:24.0300 7996 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:13:24.0316 7996 arc - ok
09:13:24.0347 7996 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:13:24.0394 7996 arcsas - ok
09:13:24.0456 7996 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:13:24.0456 7996 AsyncMac - ok
09:13:24.0534 7996 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
09:13:24.0534 7996 atapi - ok
09:13:24.0644 7996 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:13:24.0690 7996 AudioEndpointBuilder - ok
09:13:24.0722 7996 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:13:24.0737 7996 Audiosrv - ok
09:13:24.0768 7996 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:13:24.0815 7996 AxInstSV - ok
09:13:24.0893 7996 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
09:13:24.0924 7996 b06bdrv - ok
09:13:25.0002 7996 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:13:25.0018 7996 b57nd60x - ok
09:13:25.0221 7996 [ 3DA1C04EA8C09A9F77A951D5AE4F8CFC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
09:13:25.0642 7996 BCM43XX - ok
09:13:25.0704 7996 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
09:13:25.0736 7996 BDESVC - ok
09:13:25.0782 7996 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
09:13:25.0782 7996 Beep - ok
09:13:25.0829 7996 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
09:13:25.0860 7996 BFE - ok
09:13:25.0923 7996 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll
09:13:25.0938 7996 BITS - ok
09:13:25.0985 7996 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:13:26.0016 7996 blbdrive - ok
09:13:26.0094 7996 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:13:26.0438 7996 bowser - ok
09:13:26.0500 7996 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:13:26.0547 7996 BrFiltLo - ok
09:13:26.0640 7996 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:13:26.0672 7996 BrFiltUp - ok
09:13:26.0781 7996 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:13:26.0812 7996 BridgeMP - ok
09:13:26.0874 7996 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
09:13:26.0874 7996 Browser - ok
09:13:26.0921 7996 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:13:26.0952 7996 Brserid - ok
09:13:26.0984 7996 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:13:27.0015 7996 BrSerWdm - ok
09:13:27.0046 7996 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:13:27.0062 7996 BrUsbMdm - ok
09:13:27.0108 7996 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:13:27.0140 7996 BrUsbSer - ok
09:13:27.0218 7996 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
09:13:27.0233 7996 BthEnum - ok
09:13:27.0280 7996 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:13:27.0311 7996 BTHMODEM - ok
09:13:27.0358 7996 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:13:27.0389 7996 BthPan - ok
09:13:27.0467 7996 [ 04CEDA17A195924070B01174CB1F9AF8 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
09:13:27.0732 7996 BTHPORT - ok
09:13:27.0810 7996 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
09:13:27.0826 7996 bthserv - ok
09:13:27.0873 7996 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
09:13:28.0544 7996 BTHUSB - ok
09:13:28.0606 7996 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
09:13:28.0887 7996 btwaudio - ok
09:13:28.0980 7996 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
09:13:29.0745 7996 btwavdt - ok
09:13:29.0901 7996 [ 7D2DD14E60CE4FF3308D66FDA7990546 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
09:13:29.0901 7996 btwdins - ok
09:13:29.0948 7996 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
09:13:30.0634 7996 btwl2cap - ok
09:13:30.0696 7996 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
09:13:31.0352 7996 btwrchid - ok
09:13:31.0570 7996 catchme - ok
09:13:31.0632 7996 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:13:31.0664 7996 cdfs - ok
09:13:31.0757 7996 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:13:31.0804 7996 cdrom - ok
09:13:31.0851 7996 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
09:13:31.0882 7996 CertPropSvc - ok
09:13:31.0944 7996 [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids C:\Windows\system32\drivers\cfwids.sys
09:13:32.0303 7996 cfwids - ok
09:13:32.0350 7996 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:13:32.0366 7996 circlass - ok
09:13:32.0412 7996 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
09:13:32.0428 7996 CLFS - ok
09:13:32.0553 7996 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:13:32.0568 7996 clr_optimization_v2.0.50727_32 - ok
09:13:32.0678 7996 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:13:33.0021 7996 clr_optimization_v4.0.30319_32 - ok
09:13:33.0068 7996 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:13:33.0083 7996 CmBatt - ok
09:13:33.0146 7996 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
09:13:33.0161 7996 cmdide - ok
09:13:33.0208 7996 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
09:13:33.0738 7996 CNG - ok
09:13:33.0816 7996 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:13:33.0848 7996 Compbatt - ok
09:13:33.0941 7996 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:13:33.0972 7996 CompositeBus - ok
09:13:33.0988 7996 COMSysApp - ok
09:13:34.0066 7996 [ 75FA19142531CBF490770C2988A7DB64 ] cpuz134 C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys
09:13:34.0706 7996 cpuz134 - ok
09:13:34.0737 7996 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:13:34.0768 7996 crcdisk - ok
09:13:34.0893 7996 [ 63A7739AC9C1E38589B3EDB1DAEB9DF5 ] CronService C:\Prey\platform\windows\cronsvc.exe
09:13:34.0893 7996 CronService - ok
09:13:34.0986 7996 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:13:34.0986 7996 CryptSvc - ok
09:13:35.0049 7996 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
09:13:35.0064 7996 DcomLaunch - ok
09:13:35.0111 7996 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
09:13:35.0142 7996 defragsvc - ok
09:13:35.0189 7996 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:13:35.0501 7996 DfsC - ok
09:13:35.0595 7996 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:13:35.0642 7996 Dhcp - ok
09:13:35.0688 7996 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
09:13:35.0688 7996 discache - ok
09:13:35.0735 7996 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:13:35.0751 7996 Disk - ok
09:13:35.0829 7996 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:13:36.0141 7996 Dnscache - ok
09:13:36.0219 7996 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
09:13:36.0266 7996 dot3svc - ok
09:13:36.0297 7996 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
09:13:36.0328 7996 DPS - ok
09:13:36.0390 7996 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:13:36.0406 7996 drmkaud - ok
09:13:36.0453 7996 [ 555E54AC2F601A8821CEF58961653991 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
09:13:36.0796 7996 dtsoftbus01 - ok
09:13:36.0921 7996 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:13:37.0311 7996 DXGKrnl - ok
09:13:37.0373 7996 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
09:13:37.0389 7996 EapHost - ok
09:13:37.0560 7996 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
09:13:37.0701 7996 ebdrv - ok
09:13:37.0748 7996 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
09:13:37.0748 7996 EFS - ok
09:13:37.0826 7996 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:13:37.0872 7996 elxstor - ok
09:13:37.0919 7996 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
09:13:37.0935 7996 ErrDev - ok
09:13:38.0044 7996 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
09:13:38.0060 7996 EventSystem - ok
09:13:38.0106 7996 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
09:13:38.0122 7996 exfat - ok
09:13:38.0169 7996 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:13:38.0200 7996 fastfat - ok
09:13:38.0262 7996 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
09:13:38.0278 7996 Fax - ok
09:13:38.0325 7996 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:13:38.0340 7996 fdc - ok
09:13:38.0387 7996 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
09:13:38.0403 7996 fdPHost - ok
09:13:38.0450 7996 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
09:13:38.0465 7996 FDResPub - ok
09:13:38.0528 7996 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:13:38.0559 7996 FileInfo - ok
09:13:38.0590 7996 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:13:38.0621 7996 Filetrace - ok
09:13:38.0652 7996 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:13:38.0668 7996 flpydisk - ok
09:13:38.0730 7996 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:13:38.0762 7996 FltMgr - ok
09:13:38.0840 7996 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
09:13:39.0120 7996 FontCache - ok
09:13:39.0230 7996 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:13:39.0245 7996 FontCache3.0.0.0 - ok
09:13:39.0370 7996 [ B53D64A7BA4BC661B0BAF6453F6FC743 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
09:13:39.0386 7996 ForceWare Intelligent Application Manager (IAM) - ok
09:13:39.0432 7996 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:13:39.0448 7996 FsDepends - ok
09:13:39.0479 7996 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:13:39.0822 7996 Fs_Rec - ok
09:13:39.0885 7996 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:13:39.0900 7996 fvevol - ok
09:13:39.0947 7996 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:13:39.0978 7996 gagp30kx - ok
09:13:40.0072 7996 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
09:13:40.0478 7996 GameConsoleService - ok
09:13:40.0571 7996 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
09:13:40.0587 7996 gpsvc - ok
09:13:40.0743 7996 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:13:41.0117 7996 gupdate - ok
09:13:41.0180 7996 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:13:41.0195 7996 gupdatem - ok
09:13:41.0226 7996 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:13:41.0258 7996 hcw85cir - ok
09:13:41.0304 7996 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:13:41.0336 7996 HdAudAddService - ok
09:13:41.0382 7996 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:13:41.0398 7996 HDAudBus - ok
09:13:41.0429 7996 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:13:41.0445 7996 HidBatt - ok
09:13:41.0523 7996 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:13:41.0538 7996 HidBth - ok
09:13:41.0601 7996 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:13:41.0616 7996 HidIr - ok
09:13:41.0694 7996 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
09:13:41.0710 7996 hidserv - ok
09:13:41.0772 7996 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:13:41.0804 7996 HidUsb - ok
09:13:41.0850 7996 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:13:41.0866 7996 hkmsvc - ok
09:13:41.0975 7996 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:13:42.0006 7996 HomeGroupListener - ok
09:13:42.0084 7996 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:13:42.0100 7996 HomeGroupProvider - ok
09:13:42.0209 7996 [ 0141816A095A3F5A83FFA5B4A47B8023 ] HP Health Check Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
09:13:42.0209 7996 HP Health Check Service - ok
09:13:42.0287 7996 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
09:13:42.0287 7996 hpqwmiex - ok
09:13:42.0334 7996 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
09:13:42.0350 7996 HpSAMD - ok
09:13:42.0459 7996 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:13:42.0474 7996 HTTP - ok
09:13:42.0568 7996 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:13:42.0568 7996 hwpolicy - ok
09:13:42.0630 7996 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:13:42.0646 7996 i8042prt - ok
09:13:42.0693 7996 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:13:43.0457 7996 iaStorV - ok
09:13:43.0582 7996 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:13:43.0644 7996 idsvc - ok
09:13:43.0691 7996 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:13:43.0722 7996 iirsp - ok
09:13:43.0785 7996 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
09:13:43.0847 7996 IKEEXT - ok
09:13:43.0910 7996 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
09:13:43.0925 7996 intelide - ok
09:13:43.0972 7996 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:13:43.0988 7996 intelppm - ok
09:13:44.0034 7996 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:13:44.0066 7996 IPBusEnum - ok
09:13:44.0144 7996 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:13:44.0175 7996 IpFilterDriver - ok
09:13:44.0237 7996 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:13:44.0253 7996 iphlpsvc - ok
09:13:44.0284 7996 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:13:44.0300 7996 IPMIDRV - ok
09:13:44.0346 7996 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:13:44.0346 7996 IPNAT - ok
09:13:44.0393 7996 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:13:44.0409 7996 IRENUM - ok
09:13:44.0440 7996 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
09:13:44.0471 7996 isapnp - ok
09:13:44.0502 7996 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
09:13:44.0549 7996 iScsiPrt - ok
09:13:44.0612 7996 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:13:44.0612 7996 kbdclass - ok
09:13:44.0658 7996 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:13:44.0690 7996 kbdhid - ok
09:13:44.0705 7996 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
09:13:44.0721 7996 KeyIso - ok
09:13:44.0783 7996 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:13:45.0298 7996 KSecDD - ok
09:13:45.0376 7996 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:13:46.0094 7996 KSecPkg - ok
09:13:46.0218 7996 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
09:13:46.0608 7996 KtmRm - ok
09:13:46.0749 7996 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll
09:13:47.0108 7996 LanmanServer - ok
09:13:47.0201 7996 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:13:47.0248 7996 LanmanWorkstation - ok
09:13:47.0373 7996 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:13:47.0388 7996 lltdio - ok
09:13:47.0482 7996 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:13:47.0529 7996 lltdsvc - ok
09:13:47.0560 7996 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
09:13:47.0591 7996 lmhosts - ok
09:13:47.0654 7996 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
09:13:47.0669 7996 LMIGuardianSvc - ok
09:13:47.0732 7996 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
09:13:48.0434 7996 LMIInfo - ok
09:13:48.0574 7996 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
09:13:48.0574 7996 LMIMaint - ok
09:13:48.0636 7996 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
09:13:49.0307 7996 lmimirr - ok
09:13:49.0370 7996 LMIRfsClientNP - ok
09:13:49.0416 7996 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
09:13:49.0822 7996 LMIRfsDriver - ok
09:13:49.0931 7996 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
09:13:49.0947 7996 LogMeIn - ok
09:13:49.0994 7996 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:13:50.0040 7996 LSI_FC - ok
09:13:50.0087 7996 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:13:50.0118 7996 LSI_SAS - ok
09:13:50.0181 7996 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:13:50.0243 7996 LSI_SAS2 - ok
09:13:50.0306 7996 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:13:50.0321 7996 LSI_SCSI - ok
09:13:50.0368 7996 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
09:13:50.0415 7996 luafv - ok
09:13:50.0602 7996 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
09:13:50.0602 7996 McAfee SiteAdvisor Service - ok
09:13:50.0633 7996 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
09:13:50.0649 7996 McMPFSvc - ok
09:13:50.0664 7996 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
09:13:50.0680 7996 mcmscsvc - ok
09:13:50.0696 7996 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
09:13:50.0696 7996 McNaiAnn - ok
09:13:50.0805 7996 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
09:13:50.0805 7996 McNASvc - ok
09:13:50.0992 7996 [ B3CD9ADE1C2665124CA34125B331B0B4 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
09:13:51.0413 7996 McODS - ok
09:13:51.0476 7996 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
09:13:51.0476 7996 McProxy - ok
09:13:51.0585 7996 [ 593FA4C378818ECE76BA64A11AD56CF2 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
09:13:51.0585 7996 McShield - ok
09:13:51.0647 7996 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:13:51.0678 7996 megasas - ok
09:13:51.0756 7996 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:13:51.0788 7996 MegaSR - ok
09:13:51.0866 7996 [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
09:13:51.0866 7996 mfeapfk - ok
09:13:51.0944 7996 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
09:13:52.0334 7996 mfeavfk - ok
09:13:52.0443 7996 mfeavfk01 - ok
09:13:52.0505 7996 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
09:13:52.0505 7996 mfebopk - ok
09:13:52.0630 7996 [ 7E1F8B1BDC8240F08BD358B3A466C005 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
09:13:53.0067 7996 mfefire - ok
09:13:53.0145 7996 [ 4EA6FF90015424517843E931448E00F1 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
09:13:53.0550 7996 mfefirek - ok
09:13:53.0628 7996 [ D1E998748BA24A731106611D535C6BBF ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
09:13:54.0362 7996 mfehidk - ok
09:13:54.0455 7996 [ AC04A618AEF3DE0FCE91C766F9E069DA ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
09:13:54.0830 7996 mfenlfk - ok
09:13:54.0939 7996 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
09:13:55.0313 7996 mferkdet - ok
09:13:55.0422 7996 [ B10C4EFD40810C08F4B44DF2EFCB54F7 ] mfevtp C:\Windows\system32\mfevtps.exe
09:13:55.0422 7996 mfevtp - ok
09:13:55.0485 7996 [ F284337AEDB7483DF8A5FA840647E2B0 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
09:13:55.0890 7996 mfewfpk - ok
09:13:55.0968 7996 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
09:13:55.0984 7996 MMCSS - ok
09:13:56.0015 7996 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
09:13:56.0046 7996 Modem - ok
09:13:56.0109 7996 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:13:56.0140 7996 monitor - ok
09:13:56.0171 7996 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:13:56.0187 7996 mouclass - ok
09:13:56.0234 7996 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:13:56.0234 7996 mouhid - ok
09:13:56.0265 7996 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:13:56.0280 7996 mountmgr - ok
09:13:56.0327 7996 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
09:13:56.0358 7996 mpio - ok
09:13:56.0421 7996 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:13:56.0436 7996 mpsdrv - ok
09:13:56.0499 7996 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
09:13:56.0561 7996 MpsSvc - ok
09:13:56.0624 7996 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:13:56.0639 7996 MRxDAV - ok
09:13:56.0702 7996 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:13:57.0404 7996 mrxsmb - ok
09:13:57.0466 7996 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:13:58.0168 7996 mrxsmb10 - ok
09:13:58.0246 7996 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:13:58.0964 7996 mrxsmb20 - ok
09:13:58.0995 7996 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
09:13:59.0010 7996 msahci - ok
09:13:59.0073 7996 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
09:13:59.0088 7996 msdsm - ok
09:13:59.0151 7996 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
09:13:59.0182 7996 MSDTC - ok
09:13:59.0276 7996 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:13:59.0307 7996 Msfs - ok
09:13:59.0338 7996 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:13:59.0354 7996 mshidkmdf - ok
09:13:59.0385 7996 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
09:13:59.0416 7996 msisadrv - ok
09:13:59.0463 7996 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:13:59.0494 7996 MSiSCSI - ok
09:13:59.0525 7996 msiserver - ok
09:13:59.0603 7996 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:13:59.0634 7996 MSKSSRV - ok
09:13:59.0666 7996 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:13:59.0697 7996 MSPCLOCK - ok
09:13:59.0744 7996 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:13:59.0775 7996 MSPQM - ok
09:13:59.0806 7996 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:13:59.0837 7996 MsRPC - ok
09:13:59.0884 7996 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:13:59.0900 7996 mssmbios - ok
09:13:59.0946 7996 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:13:59.0978 7996 MSTEE - ok
09:14:00.0024 7996 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:14:00.0196 7996 MTConfig - ok
09:14:00.0290 7996 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
09:14:00.0321 7996 Mup - ok
09:14:00.0368 7996 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
09:14:00.0570 7996 napagent - ok
09:14:00.0664 7996 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:14:01.0132 7996 NativeWifiP - ok
09:14:01.0179 7996 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:14:01.0241 7996 NDIS - ok
09:14:01.0288 7996 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:14:01.0319 7996 NdisCap - ok
09:14:01.0366 7996 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:14:01.0397 7996 NdisTapi - ok
09:14:01.0491 7996 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:14:01.0522 7996 Ndisuio - ok
09:14:01.0569 7996 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:14:01.0600 7996 NdisWan - ok
09:14:01.0647 7996 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:14:01.0662 7996 NDProxy - ok
09:14:01.0756 7996 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:14:01.0787 7996 NetBIOS - ok
09:14:02.0037 7996 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:14:02.0037 7996 NetBT - ok
09:14:02.0068 7996 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
09:14:02.0068 7996 Netlogon - ok
09:14:02.0146 7996 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
09:14:02.0177 7996 Netman - ok
09:14:02.0224 7996 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
09:14:02.0240 7996 netprofm - ok
09:14:02.0286 7996 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:14:02.0318 7996 NetTcpPortSharing - ok
09:14:02.0364 7996 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:14:02.0396 7996 nfrd960 - ok
09:14:02.0442 7996 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
09:14:02.0458 7996 NlaSvc - ok
09:14:02.0505 7996 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:14:02.0552 7996 Npfs - ok
09:14:02.0583 7996 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
09:14:02.0614 7996 nsi - ok
09:14:02.0739 7996 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:14:02.0739 7996 nsiproxy - ok
09:14:02.0817 7996 [ 168437A522D178DF6A372F09782B084F ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
09:14:02.0817 7996 nSvcIp - ok
09:14:02.0988 7996 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:14:03.0020 7996 Ntfs - ok
09:14:03.0066 7996 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
09:14:03.0066 7996 Null - ok
09:14:03.0113 7996 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
09:14:03.0176 7996 NVENETFD - ok
09:14:03.0238 7996 [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
09:14:03.0597 7996 NVHDA - ok
09:14:04.0065 7996 [ 9DAC05D828E56801FD6CE5FDFCED64AF ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:14:04.0938 7996 nvlddmkm - ok
09:14:05.0032 7996 [ C9C82E1A08955FDBDF92AAC55BC3A4E4 ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
09:14:05.0750 7996 NVNET - ok
09:14:05.0843 7996 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:14:06.0202 7996 nvraid - ok
09:14:06.0296 7996 [ F13618F0CB1E95232F4C2401592A59E9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
09:14:06.0998 7996 nvsmu - ok
09:14:07.0044 7996 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:14:07.0778 7996 nvstor - ok
09:14:07.0856 7996 [ 032EF66DD96692AD3A9D36160F467F67 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
09:14:07.0871 7996 nvstor32 - ok
09:14:07.0918 7996 [ 51E7F2C26B6ECE61C5241F1F731EAB2B ] nvsvc C:\Windows\system32\nvvsvc.exe
09:14:07.0918 7996 nvsvc - ok
09:14:07.0965 7996 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
09:14:07.0980 7996 nv_agp - ok
09:14:08.0090 7996 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:14:08.0464 7996 odserv - ok
09:14:08.0526 7996 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
09:14:08.0558 7996 ohci1394 - ok
09:14:08.0651 7996 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:14:09.0026 7996 ose - ok
09:14:09.0088 7996 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:14:09.0119 7996 p2pimsvc - ok
09:14:09.0166 7996 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
09:14:09.0213 7996 p2psvc - ok
09:14:09.0228 7996 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:14:09.0275 7996 Parport - ok
09:14:09.0322 7996 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:14:10.0040 7996 partmgr - ok
09:14:10.0102 7996 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:14:10.0102 7996 Parvdm - ok
09:14:10.0164 7996 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:14:10.0164 7996 PcaSvc - ok
09:14:10.0211 7996 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
09:14:10.0242 7996 pci - ok
09:14:10.0289 7996 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
09:14:10.0305 7996 pciide - ok
09:14:10.0336 7996 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:14:10.0383 7996 pcmcia - ok
09:14:10.0445 7996 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
09:14:10.0476 7996 pcw - ok
09:14:10.0726 7996 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:14:10.0757 7996 PEAUTH - ok
09:14:10.0898 7996 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
09:14:10.0976 7996 pla - ok
09:14:11.0069 7996 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:14:11.0334 7996 PlugPlay - ok
09:14:11.0397 7996 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:14:11.0412 7996 PNRPAutoReg - ok
09:14:11.0444 7996 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:14:11.0459 7996 PNRPsvc - ok
09:14:11.0522 7996 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:14:11.0553 7996 PolicyAgent - ok
09:14:11.0615 7996 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
09:14:11.0631 7996 Power - ok
09:14:11.0693 7996 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:14:11.0709 7996 PptpMiniport - ok
09:14:11.0756 7996 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:14:11.0787 7996 Processor - ok
09:14:11.0849 7996 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
09:14:11.0865 7996 ProfSvc - ok
09:14:11.0896 7996 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:14:11.0896 7996 ProtectedStorage - ok
09:14:11.0958 7996 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:14:11.0958 7996 Psched - ok
09:14:12.0068 7996 [ 0CD1962F0577D96A076C499DBF9FEE84 ] QCFilterhp C:\Windows\system32\DRIVERS\qcfilterhp.sys
09:14:12.0380 7996 QCFilterhp - ok
09:14:12.0442 7996 [ F6F7657639F8A5831E8E8D8CB4480A6C ] qcusbnethp C:\Windows\system32\DRIVERS\qcusbnethp.sys
09:14:13.0222 7996 qcusbnethp - ok
09:14:13.0300 7996 [ B8030AEECDBDF68894810C6910291035 ] qcusbserhp C:\Windows\system32\DRIVERS\qcusbserhp.sys
09:14:13.0940 7996 qcusbserhp - ok
09:14:14.0033 7996 [ BDE17B4E5B2096CC63776D8AFC53496E ] QDLService C:\QUALCOMM\QDLService\QDLService.exe
09:14:14.0033 7996 QDLService - ok
09:14:14.0142 7996 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:14:14.0205 7996 ql2300 - ok
09:14:14.0283 7996 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:14:14.0298 7996 ql40xx - ok
09:14:14.0345 7996 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
09:14:14.0376 7996 QWAVE - ok
09:14:14.0408 7996 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:14:14.0439 7996 QWAVEdrv - ok
09:14:14.0579 7996 [ B953369C5EF43615F1BFA9CEA69FC9AA ] radpms C:\Windows\system32\DRIVERS\radpms.sys
09:14:15.0266 7996 radpms - ok
09:14:15.0297 7996 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:14:15.0344 7996 RasAcd - ok
09:14:15.0406 7996 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:14:15.0437 7996 RasAgileVpn - ok
09:14:15.0531 7996 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
09:14:15.0562 7996 RasAuto - ok
09:14:15.0624 7996 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:14:15.0656 7996 Rasl2tp - ok
09:14:15.0734 7996 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
09:14:15.0765 7996 RasMan - ok
09:14:15.0812 7996 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:14:15.0843 7996 RasPppoe - ok
09:14:15.0858 7996 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:14:15.0890 7996 RasSstp - ok
09:14:15.0905 7996 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:14:15.0936 7996 rdbss - ok
09:14:15.0968 7996 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:14:15.0983 7996 rdpbus - ok
09:14:16.0030 7996 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:14:16.0046 7996 RDPCDD - ok
09:14:16.0077 7996 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:14:16.0092 7996 RDPENCDD - ok
09:14:16.0124 7996 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:14:16.0124 7996 RDPREFMP - ok
09:14:16.0170 7996 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:14:16.0888 7996 RDPWD - ok
09:14:16.0966 7996 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:14:16.0997 7996 rdyboost - ok
09:14:17.0044 7996 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
09:14:17.0075 7996 RemoteAccess - ok
09:14:17.0122 7996 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:14:17.0138 7996 RemoteRegistry - ok
09:14:17.0184 7996 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
09:14:17.0216 7996 RFCOMM - ok
09:14:17.0231 7996 RimUsb - ok
09:14:17.0294 7996 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
09:14:17.0964 7996 RimVSerPort - ok
09:14:18.0027 7996 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
09:14:18.0074 7996 ROOTMODEM - ok
09:14:18.0120 7996 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:14:18.0152 7996 RpcEptMapper - ok
09:14:18.0198 7996 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
09:14:18.0230 7996 RpcLocator - ok
09:14:18.0276 7996 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
09:14:18.0292 7996 RpcSs - ok
09:14:18.0339 7996 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:14:18.0370 7996 rspndr - ok
09:14:18.0432 7996 [ 07F66CA7DB9608806CA2EF1970DABA58 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
09:14:19.0150 7996 RSUSBSTOR - ok
09:14:19.0212 7996 RtsUIR - ok
09:14:19.0259 7996 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
09:14:19.0259 7996 SamSs - ok
09:14:19.0337 7996 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
09:14:19.0368 7996 sbp2port - ok
09:14:19.0431 7996 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:14:19.0462 7996 SCardSvr - ok
09:14:19.0493 7996 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:14:19.0493 7996 scfilter - ok
09:14:19.0602 7996 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
09:14:19.0634 7996 Schedule - ok
09:14:19.0665 7996 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:14:19.0680 7996 SCPolicySvc - ok
09:14:19.0743 7996 [ AA826E35F6D28A8E5D1EFEB337F24BA2 ] sdbus C:\Windows\system32\drivers\sdbus.sys
09:14:20.0382 7996 sdbus - ok
09:14:20.0476 7996 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:14:20.0523 7996 SDRSVC - ok
09:14:20.0601 7996 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:14:20.0616 7996 secdrv - ok
09:14:20.0694 7996 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
09:14:20.0726 7996 seclogon - ok
09:14:20.0757 7996 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
09:14:20.0772 7996 SENS - ok
09:14:20.0850 7996 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:14:20.0882 7996 SensrSvc - ok
09:14:20.0913 7996 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:14:20.0928 7996 Serenum - ok
09:14:20.0975 7996 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:14:20.0991 7996 Serial - ok
09:14:21.0022 7996 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:14:21.0038 7996 sermouse - ok
09:14:21.0131 7996 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
09:14:21.0178 7996 SessionEnv - ok
09:14:21.0209 7996 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:14:21.0225 7996 sffdisk - ok
09:14:21.0256 7996 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:14:21.0287 7996 sffp_mmc - ok
09:14:21.0350 7996 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:14:21.0677 7996 sffp_sd - ok
09:14:21.0708 7996 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:14:21.0740 7996 sfloppy - ok
09:14:21.0802 7996 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:14:21.0849 7996 SharedAccess - ok
09:14:21.0896 7996 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:14:21.0911 7996 ShellHWDetection - ok
09:14:22.0020 7996 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
09:14:22.0036 7996 sisagp - ok
09:14:22.0083 7996 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:14:22.0098 7996 SiSRaid2 - ok
09:14:22.0145 7996 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:14:22.0176 7996 SiSRaid4 - ok
09:14:22.0239 7996 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:14:22.0254 7996 Smb - ok
09:14:22.0332 7996 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:14:22.0364 7996 SNMPTRAP - ok
09:14:22.0410 7996 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
09:14:22.0426 7996 spldr - ok
09:14:22.0488 7996 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
09:14:22.0504 7996 Spooler - ok
09:14:22.0847 7996 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
09:14:22.0925 7996 sppsvc - ok
09:14:23.0003 7996 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:14:23.0019 7996 sppuinotify - ok
09:14:23.0112 7996 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:14:23.0736 7996 srv - ok
09:14:23.0830 7996 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:14:24.0267 7996 srv2 - ok
09:14:24.0314 7996 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:14:24.0360 7996 SrvHsfHDA - ok
09:14:24.0470 7996 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
09:14:24.0610 7996 SrvHsfV92 - ok
09:14:24.0688 7996 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
09:14:24.0750 7996 SrvHsfWinac - ok
09:14:24.0797 7996 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:14:25.0499 7996 srvnet - ok
09:14:25.0593 7996 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:14:25.0608 7996 SSDPSRV - ok
09:14:25.0640 7996 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:14:25.0671 7996 SstpSvc - ok
09:14:25.0796 7996 [ 05AE358CD777BF8857F512A18E1DE7AA ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
09:14:25.0796 7996 STacSV - ok
09:14:25.0842 7996 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:14:25.0874 7996 stexstor - ok
09:14:25.0967 7996 [ E69A606872650B46DE54EC15DCC93529 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
09:14:26.0654 7996 STHDA - ok
09:14:26.0732 7996 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
09:14:26.0747 7996 StiSvc - ok
09:14:26.0778 7996 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:14:26.0810 7996 swenum - ok
09:14:26.0856 7996 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
09:14:26.0872 7996 swprv - ok
09:14:26.0934 7996 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
09:14:26.0981 7996 SysMain - ok
09:14:27.0012 7996 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:14:27.0044 7996 TabletInputService - ok
09:14:27.0090 7996 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
09:14:27.0106 7996 TapiSrv - ok
09:14:27.0137 7996 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
09:14:27.0153 7996 TBS - ok
09:14:27.0371 7996 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:14:27.0402 7996 Tcpip - ok
09:14:27.0465 7996 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:14:27.0480 7996 TCPIP6 - ok
09:14:27.0543 7996 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:14:27.0558 7996 tcpipreg - ok
09:14:27.0605 7996 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:14:27.0605 7996 TDPIPE - ok
09:14:27.0652 7996 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:14:28.0323 7996 TDTCP - ok
09:14:28.0385 7996 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:14:28.0401 7996 tdx - ok
09:14:28.0416 7996 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:14:28.0432 7996 TermDD - ok
09:14:28.0510 7996 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
09:14:28.0541 7996 TermService - ok
09:14:28.0572 7996 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
09:14:28.0666 7996 Themes - ok
09:14:28.0760 7996 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
09:14:28.0760 7996 THREADORDER - ok
09:14:28.0822 7996 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
09:14:28.0853 7996 TrkWks - ok
09:14:28.0916 7996 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:14:28.0916 7996 TrustedInstaller - ok
09:14:28.0978 7996 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:14:28.0994 7996 tssecsrv - ok
09:14:29.0056 7996 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:14:29.0087 7996 tunnel - ok
09:14:29.0118 7996 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:14:29.0134 7996 uagp35 - ok
09:14:29.0212 7996 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:14:29.0259 7996 udfs - ok
09:14:29.0306 7996 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:14:29.0337 7996 UI0Detect - ok
09:14:29.0399 7996 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
09:14:29.0430 7996 uliagpkx - ok
09:14:29.0493 7996 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:14:29.0540 7996 umbus - ok
09:14:29.0571 7996 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:14:29.0586 7996 UmPass - ok
09:14:29.0633 7996 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
09:14:29.0649 7996 upnphost - ok
09:14:29.0696 7996 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:14:30.0023 7996 usbccgp - ok
09:14:30.0086 7996 USBCCID - ok
09:14:30.0132 7996 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
09:14:30.0164 7996 usbcir - ok
09:14:30.0195 7996 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:14:30.0866 7996 usbehci - ok
09:14:31.0178 7996 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:14:31.0880 7996 usbhub - ok
09:14:31.0942 7996 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:14:32.0628 7996 usbohci - ok
09:14:32.0675 7996 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:14:32.0706 7996 usbprint - ok
09:14:32.0769 7996 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:14:33.0486 7996 USBSTOR - ok
09:14:33.0564 7996 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:14:34.0204 7996 usbuhci - ok
09:14:34.0298 7996 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:14:35.0000 7996 usbvideo - ok
09:14:35.0062 7996 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
09:14:35.0109 7996 UxSms - ok
09:14:35.0140 7996 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
09:14:35.0140 7996 VaultSvc - ok
09:14:35.0202 7996 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
09:14:35.0218 7996 vdrvroot - ok
09:14:35.0296 7996 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
09:14:35.0358 7996 vds - ok
09:14:35.0421 7996 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:14:35.0436 7996 vga - ok
09:14:35.0468 7996 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:14:35.0499 7996 VgaSave - ok
09:14:35.0577 7996 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
09:14:35.0608 7996 vhdmp - ok
09:14:35.0655 7996 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
09:14:35.0686 7996 viaagp - ok
09:14:35.0733 7996 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
09:14:35.0733 7996 ViaC7 - ok
09:14:35.0764 7996 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
09:14:35.0780 7996 viaide - ok
09:14:35.0842 7996 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
09:14:35.0858 7996 volmgr - ok
09:14:35.0920 7996 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:14:35.0920 7996 volmgrx - ok
09:14:35.0982 7996 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
09:14:36.0029 7996 volsnap - ok
09:14:36.0076 7996 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:14:36.0107 7996 vsmraid - ok
09:14:36.0185 7996 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
09:14:36.0216 7996 VSS - ok
09:14:36.0248 7996 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:14:36.0279 7996 vwifibus - ok
09:14:36.0341 7996 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:14:36.0372 7996 vwififlt - ok
09:14:36.0419 7996 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:14:36.0435 7996 vwifimp - ok
09:14:36.0513 7996 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
09:14:36.0528 7996 W32Time - ok
09:14:36.0591 7996 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:14:36.0606 7996 WacomPen - ok
09:14:36.0669 7996 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:14:36.0684 7996 WANARP - ok
09:14:36.0700 7996 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:14:36.0700 7996 Wanarpv6 - ok
09:14:36.0825 7996 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:14:37.0215 7996 WatAdminSvc - ok
09:14:37.0324 7996 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
09:14:37.0418 7996 wbengine - ok
09:14:37.0449 7996 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:14:37.0480 7996 WbioSrvc - ok
09:14:37.0527 7996 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:14:37.0808 7996 wcncsvc - ok
09:14:37.0870 7996 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:14:37.0901 7996 WcsPlugInService - ok
09:14:37.0932 7996 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:14:37.0948 7996 Wd - ok
09:14:37.0995 7996 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:14:38.0042 7996 Wdf01000 - ok
09:14:38.0088 7996 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:14:38.0120 7996 WdiServiceHost - ok
09:14:38.0135 7996 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:14:38.0166 7996 WdiSystemHost - ok
09:14:38.0260 7996 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
09:14:38.0541 7996 WebClient - ok
09:14:38.0588 7996 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:14:38.0650 7996 Wecsvc - ok
09:14:38.0697 7996 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:14:38.0697 7996 wercplsupport - ok
09:14:38.0775 7996 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
09:14:38.0790 7996 WerSvc - ok
09:14:38.0837 7996 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:14:38.0837 7996 WfpLwf - ok
09:14:38.0900 7996 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:14:38.0915 7996 WIMMount - ok
09:14:38.0993 7996 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:14:39.0056 7996 WinDefend - ok
09:14:39.0087 7996 WinHttpAutoProxySvc - ok
09:14:39.0165 7996 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:14:39.0180 7996 Winmgmt - ok
09:14:39.0274 7996 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
09:14:39.0352 7996 WinRM - ok
09:14:39.0461 7996 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:14:39.0508 7996 Wlansvc - ok
09:14:39.0570 7996 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:14:39.0617 7996 WmiAcpi - ok
09:14:39.0773 7996 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:14:39.0789 7996 wmiApSrv - ok
09:14:39.0867 7996 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:14:39.0914 7996 WPCSvc - ok
09:14:40.0007 7996 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:14:40.0054 7996 WPDBusEnum - ok
09:14:40.0148 7996 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:14:40.0163 7996 ws2ifsl - ok
09:14:40.0210 7996 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\system32\wscsvc.dll
09:14:40.0491 7996 wscsvc - ok
09:14:40.0553 7996 WSearch - ok
09:14:40.0787 7996 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:14:40.0850 7996 wuauserv - ok
09:14:40.0865 7996 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:14:40.0912 7996 WudfPf - ok
09:14:40.0974 7996 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:14:40.0990 7996 WUDFRd - ok
09:14:41.0099 7996 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:14:41.0146 7996 wudfsvc - ok
09:14:41.0177 7996 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:14:41.0208 7996 WwanSvc - ok
09:14:41.0302 7996 ================ Scan global ===============================
09:14:41.0333 7996 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
09:14:41.0396 7996 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
09:14:41.0427 7996 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
09:14:41.0474 7996 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:14:41.0536 7996 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:14:41.0552 7996 [Global] - ok
09:14:41.0552 7996 ================ Scan MBR ==================================
09:14:41.0567 7996 [ 9CD52EF8547F36BF366F6168151ED403 ] \Device\Harddisk0\DR0
09:14:41.0864 7996 \Device\Harddisk0\DR0 - ok
09:14:41.0864 7996 ================ Scan VBR ==================================
09:14:41.0895 7996 [ 477A0C11BF56397B0CD6504D00911FA0 ] \Device\Harddisk0\DR0\Partition1
09:14:41.0895 7996 \Device\Harddisk0\DR0\Partition1 - ok
09:14:41.0926 7996 [ 987461DB06CE3E3333219C486F8E174C ] \Device\Harddisk0\DR0\Partition2
09:14:41.0926 7996 \Device\Harddisk0\DR0\Partition2 - ok
09:14:41.0973 7996 [ C912FBDD54864CCE4ED7438616147E63 ] \Device\Harddisk0\DR0\Partition3
09:14:41.0988 7996 \Device\Harddisk0\DR0\Partition3 - ok
09:14:41.0988 7996 ============================================================
09:14:41.0988 7996 Scan finished
09:14:41.0988 7996 ============================================================
09:14:42.0051 7228 Detected object count: 0
09:14:42.0051 7228 Actual detected object count: 0

#8 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 30 August 2012 - 09:06 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-30 09:22:32
-----------------------------
09:22:32.488 OS Version: Windows 6.1.7600
09:22:32.488 Number of processors: 2 586 0x1C02
09:22:32.498 ComputerName: TERRY UserName: terry
09:23:09.810 Initialize success
09:25:45.140 AVAST engine defs: 12083000
09:27:31.344 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006f
09:27:31.376 Disk 0 Vendor: TOSHIBA_ FG01 Size: 152627MB BusType: 3
09:27:31.438 Disk 0 MBR read successfully
09:27:31.454 Disk 0 MBR scan
09:27:31.485 Disk 0 unknown MBR code
09:27:31.516 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
09:27:31.563 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 141372 MB offset 409600
09:27:31.625 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11054 MB offset 289939456
09:27:31.719 Disk 0 scanning sectors +312578048
09:27:31.953 Disk 0 scanning C:\Windows\system32\drivers
09:28:09.514 Service scanning
09:29:16.547 Modules scanning
09:29:39.370 Disk 0 trace - called modules:
09:29:39.463 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys
09:29:39.495 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85fef648]
09:29:39.541 3 CLASSPNP.SYS[8913859e] -> nt!IofCallDriver -> [0x85e67f08]
09:29:39.588 5 ACPI.sys[888a33b2] -> nt!IofCallDriver -> \Device\0000006f[0x85dae868]
09:29:40.914 AVAST engine scan C:\Windows
09:29:59.307 AVAST engine scan C:\Windows\system32
09:39:38.599 AVAST engine scan C:\Windows\system32\drivers
09:40:17.755 AVAST engine scan C:\Users\terry
09:44:38.634 AVAST engine scan C:\ProgramData
09:51:35.660 Scan finished successfully
09:57:50.285 Disk 0 MBR has been saved successfully to "C:\Users\terry\Desktop\MBR.dat"
09:57:50.441 The log file has been saved successfully to "C:\Users\terry\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 30 August 2012 - 01:05 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 31 August 2012 - 10:32 AM

ComboFix 12-08-30.05 - terry 08/31/2012 10:42:36.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.1089 [GMT -4:00]
Running from: c:\users\terry\Desktop\ComboFix.exe
Command switches used :: c:\users\terry\Desktop\CFScript.txt.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-31 14:59 . 2012-08-31 14:59 -------- d-----w- c:\users\jeff\AppData\Local\temp
2012-08-31 14:59 . 2012-08-31 14:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-29 18:28 . 2012-08-29 18:28 -------- d-----w- c:\program files\Common Files\Java
2012-08-29 18:27 . 2012-08-29 18:26 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-28 13:50 . 2012-08-29 15:48 -------- d-----w- c:\program files\Google
2012-08-15 19:30 . 2012-08-15 19:31 -------- d-----w- c:\program files\Common Files\Adobe
2012-08-15 18:31 . 2012-07-06 19:31 393216 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 18:24 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 18:24 . 2012-07-04 21:23 41472 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 18:24 . 2012-07-04 21:23 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 18:24 . 2012-05-05 07:44 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 18:23 . 2012-02-11 05:44 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 18:23 . 2012-02-11 05:41 316928 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 18:23 . 2012-07-18 17:10 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-08-10 17:57 . 2012-08-10 17:57 -------- d-----w- c:\programdata\Oberon Media
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 14:50 . 2011-10-20 15:10 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-08-29 18:26 . 2012-04-30 19:04 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 18:26 . 2011-05-20 22:35 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 13:50 . 2012-04-02 19:22 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 13:50 . 2011-05-26 18:40 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 01:07 . 2011-05-20 18:50 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-12 01:07 . 2011-05-20 18:50 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-07-12 01:07 . 2011-05-20 18:50 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-07-12 01:07 . 2011-05-20 18:50 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-03 17:46 . 2011-05-20 22:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 14:44 . 2011-10-25 15:19 6221896 ----a-w- c:\program files\Common Files\lpuninstall.exe
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:09 . 2012-07-10 19:18 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-10 19:18 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-21 14:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:39 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:38 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:38 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 14:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 14:39 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 14:38 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 14:38 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 14:38 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-05-04 237568]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-10-25 6221896]
.
c:\users\terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files\Stickies\stickies.exe [2011-5-23 1122304]
TouchpadPal.lnk - c:\program files\TouchpadPal\TouchpadPal.exe [2011-7-26 380416]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP]
2009-07-14 10:54 589104 ----a-w- c:\program files\Hewlett-Packard\HP QuickSync\QuickSync.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\DRIVERS\qcfilterhp.sys [x]
R3 qcusbnethp;HP USB-NDIS miniport;c:\windows\system32\DRIVERS\qcusbnethp.sys [x]
R3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbserhp.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:50]
.
2011-06-07 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-06-06 12:25]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-28 13:51]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-28 13:51]
.
2011-06-21 c:\windows\Tasks\HPCeeScheduleForterry.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-17 21:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\users\terry\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\terry\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 216.144.187.101 204.186.80.251 216.144.187.199
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1816)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-08-31 11:08:44
ComboFix-quarantined-files.txt 2012-08-31 15:08
ComboFix2.txt 2012-08-29 22:19
.
Pre-Run: 112,405,880,832 bytes free
Post-Run: 112,271,945,728 bytes free
.
- - End Of File - - 215541476971DF6DDEE56C09888D7C21

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 31 August 2012 - 10:37 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 33 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 31 August 2012 - 10:38 AM

2 tiny issues:

1) During combofix, pop up said the recycling bin was corrupt and do you want to empty so I clicked Yes.
2) After combofix finished, I had to restart PC because everything I double-clicked opened an Cannot Find with something about system32. No error after PC restart.

#13 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 31 August 2012 - 10:44 AM

Let me do the steps from your 10:37 post & post logs asap.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 31 August 2012 - 11:15 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 31 August 2012 - 12:16 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.31.09

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
terry :: TERRY [administrator]

8/31/2012 12:52:38 PM
mbam-log-2012-08-31 (12-52-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205931
Time elapsed: 18 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users