Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacked : goog1e_auto_?


  • This topic is locked This topic is locked
26 replies to this topic

#1 Welephant

Welephant

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 01 November 2012 - 12:07 PM

Hello. Iíve picked up a browser redirect virus which is affecting both Chrome and Explorer. I am running Windows XP Professional. Iíve run various software products to find and destroy this virus, but none of them have located it although they did individually throw up some other bits and pieces. My anti virus is McAfee. As a note Malwarebytes would not run by any means. Manually entering a URL direct into the browser address bar by-passes the problem but if you click on a Yahoo or Google link post running a search then you get re-directed to gamezone et al. This maybe a red herring but I remember getting a request whilst in Chrome a week ago to download google.zip, usually Iím very cautious to do any unsolicited such thing however stupidly I did although I did not open it. Subsequently found the file was actually named goog1e_auto_ (394KB) so maybe this is the source of the problem. Iíve followed the tutorial ď4 Simple Steps for removing Spyware, Hijackers, Viruses, and other MalwareĒ together with a run through using ďHijackThisĒ but nothing obvious although Iím no in depth expert hence the call for help.

I am providing below the DDS.txt log that I ran, and attaching the DDS Attach.txt log. In addition, I have copied the GMER ark.txt log that resulted from running GMER. Not quite the expected output from GMER compared to the guide so I hope this is ok. The xxxx yyyy in the file entries are where I have replaced the user name from the directory listing to retain name privacy.

Both the DDS attach.txt and Ark.txt are 800K each and busting the attachment limit so would appreciate some guidance with these also - I followed the tutorial so don't understand why the output is excessive.

Thanks in advance for your help.

DDS.txt

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by xxxxxx yyyyyyy at 9:03:36 on 2012-11-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.296 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\xxxxxx yyyyyyy\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Documents and Settings\xxxxxx yyyyyyy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\xxxxxx yyyyyyy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\xxxxxx yyyyyyy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\xxxxxx yyyyyyy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\xxxxxx yyyyyyy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\xxxxxx yyyyyyy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\xxxxxx yyyyyyy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\xxxxxx yyyyyyy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\xxxxxx yyyyyyy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\xxxxxx yyyyyyy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://uk.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120626073602.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
EB: &Research: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program files\microsoft office\office11\REFIEBAR.DLL
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [F.lux] "c:\documents and settings\xxxxxx yyyyyyy\local settings\apps\f.lux\flux.exe" /noshow
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "c:\documents and settings\xxxxxx yyyyyyy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe
mRun: [iSkysoft Helper Compact.exe] c:\program files\common files\iskysoft\iskysoft helper compact\ISHelper.exe
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|12.0"
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x0825 -f video -m logitech -d 13.31.1044.0
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: %SYSTEMROOT%\system32\biolsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148999058893
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349198133919
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9DDC96FE-582D-416F-BA4D-3124A916D4B0} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-2-22 464304]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-6-10 89792]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-29 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-29 676936]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-6-10 95232]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-10 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-10 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-10 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-6-10 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-6-10 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-6-10 151880]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-6-10 57600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-29 22856]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-6-10 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-6-10 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-6-10 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-6-10 83856]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-27 135664]
S2 LogWatch;Event Log Watch;"c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe" --> c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250808]
S3 CA_LIC_CLNT;CA License Client;"c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe" --> c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe [?]
S3 CA_LIC_SRVR;CA License Server;"c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe" --> c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-27 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-10-29 40776]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-6-10 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-6-10 87656]
S3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\drivers\UCharger.sys [2007-5-15 13765]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-7-6 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-7-6 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-7-6 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-7-6 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-7-6 25704]
.
=============== Created Last 30 ================
.
2012-10-31 14:33:17 -------- d-----w- c:\windows\system32\NtmsData
2012-10-31 08:55:40 388096 ------r- c:\documents and settings\xxxxxx yyyyyyy\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-10-31 08:55:15 -------- d-----w- c:\program files\Trend Micro
2012-10-30 08:08:41 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-10-30 08:08:36 -------- d-----w- c:\documents and settings\xxxxxx yyyyyyy\application data\TestApp
2012-10-29 17:19:24 40776 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-10-29 14:25:07 -------- d-----w- c:\documents and settings\xxxxxx yyyyyyy\application data\SUPERAntiSpyware.com
2012-10-29 14:22:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-29 14:22:27 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-10-29 13:59:47 -------- d-----w- c:\documents and settings\xxxxxx yyyyyyy\application data\Malwarebytes
2012-10-29 13:55:47 22856 ------w- c:\windows\system32\drivers\mbam.sys
2012-10-29 13:55:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-29 13:09:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-10-28 13:39:00 -------- d-----w- c:\documents and settings\xxxxxx yyyyyyy\DoctorWeb
2012-10-26 09:55:32 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-10-26 09:55:32 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-25 12:50:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-25 12:50:16 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-10-23 16:26:16 -------- d-----w- c:\documents and settings\all users\application data\MapFactor
2012-10-23 09:06:15 -------- d-----w- c:\documents and settings\xxxxxx yyyyyyy\New Folder
2012-10-23 09:06:08 -------- d-----w- c:\documents and settings\all users\application data\New Folder
2012-10-23 09:05:17 -------- d-----w- c:\documents and settings\xxxxxx yyyyyyy\application data\MapFactor
2012-10-23 08:53:19 94208 --sh--r- c:\windows\system32\wshtcpipr.dll
2012-10-17 22:21:49 6918632 ------w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{cb2b8af2-af8f-4b92-a120-f94e31813f87}\mpengine.dll
2012-10-09 09:29:42 -------- d-----w- c:\documents and settings\xxxxxx yyyyyyy\local settings\application data\WMTools Downloaded Files
2012-10-02 16:32:02 -------- d-----w- c:\program files\common files\xing shared
.
==================== Find3M ====================
.
2012-10-08 20:51:48 696760 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 20:51:47 73656 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 9:06:43.64 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 01 November 2012 - 12:08 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Welephant

Welephant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 01 November 2012 - 04:07 PM

Hi Gringo and thanks for your help. I've seen the good work you have recently done for others.

Completed the runs you requested. Problem still persists although this time I got two correct hyper links before I got redirected and then I could not step back to the search page.

Logs as requested:

Security Check:

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
M
c
A
f
e
ECHO is off.
A
n
t
i
V
i
r
u
s
ECHO is off.
a
n
d
ECHO is off.
A
n
t
i
S
p
y
w
a
r
e
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
Windows Defender
Malwarebytes Anti-Malware version 1.65.1.1000
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
McAfee VirusScan mcods.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

AdwCleaner:

# AdwCleaner v2.006 - Logfile created 11/01/2012 at 18:37:38
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : xxxx yyyy - MHLAPTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\xxxx yyyy\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\DOCUME~1\MAGGIE~1\LOCALS~1\Temp\TempDir
Folder Deleted : C:\Documents and Settings\xxxx yyyy\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\xxxx yyyy\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3208938
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Documents and Settings\xxxx yyyy\Application Data\Mozilla\Firefox\Profiles\mpq9yeby.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.96

File : C:\Documents and Settings\xxxx yyyy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2365 octets] - [01/11/2012 18:37:38]

########## EOF - C:\AdwCleaner[S1].txt - [2425 octets] ##########

RougeKiller:

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : xxxx yyyy [Admin rights]
Mode : Remove -- Date : 11/01/2012 20:39:26

§§§ Bad processes : 0 §§§

§§§ Registry Entries : 6 §§§
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKCU\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKCU\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKCU\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

§§§ Particular Files / Folders: §§§

§§§ Driver : [LOADED] §§§

§§§ HOSTS File: §§§
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


§§§ MBR Check: §§§

+++++ PhysicalDrive0: Hitachi HTS541040G9SA00 +++++
--- User ---
[MBR] 2d0e55bed69f12bbe39ba4ff53ad055e
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 160650 | Size: 38068 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



Thanks Again!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 01 November 2012 - 09:00 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Welephant

Welephant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 02 November 2012 - 04:49 AM

Good morning Gringo

Ran Combofix as directed. Problem no longer present. Searches through Google and Yahoo via Chrome and IE all working ok. One thing I forgot to mention is the Windows Security Centre is "unavailable" which is what I found in the begining. I have Firewall etc active. I read that this maybe because McAfee has taken responsibility however on another XP machine also running McAfee the security centre is available and active so not sure if this is a real issue still or not.

Here is the Log from Combofix:

ComboFix 12-10-31.03 - xxxx yyyy 02/11/2012 8:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.210 [GMT 0:00]
Running from: c:\documents and settings\xxxx yyyy\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\xxxx yyyy\Cookies\xaxexazyty.sys
c:\documents and settings\xxxx yyyy\Local Settings\Temporary Internet Files\ikamahuj.bat
c:\documents and settings\xxxx yyyy\Local Settings\Temporary Internet Files\japohydy.pif
c:\documents and settings\xxxx yyyy\Local Settings\Temporary Internet Files\sepen.dll
c:\documents and settings\xxxx yyyy\Local Settings\Temporary Internet Files\wujuvi.pif
c:\documents and settings\xxxx yyyy\Local Settings\Temporary Internet Files\yzaz.bat
c:\documents and settings\xxxx yyyy\WINDOWS
c:\program files\Common Files\ugelave.db
c:\program files\Common Files\ykegon.dl
c:\windows\EventSystem.log
c:\windows\Fonts\HandelGotDOT-Bol.otf
c:\windows\g32.txt
c:\windows\gs32.txt
c:\windows\system32\SET5C2.tmp
c:\windows\system32\SET5C5.tmp
c:\windows\system32\SET5D3.tmp
c:\windows\system32\SETCA.tmp
c:\windows\system32\SETCE.tmp
c:\windows\system32\SETD6.tmp
c:\windows\system32\test
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-02 to 2012-11-02 )))))))))))))))))))))))))))))))
.
.
2012-10-31 14:33 . 2012-11-01 08:09 -------- d-----w- c:\windows\system32\NtmsData
2012-10-31 08:55 . 2012-10-31 08:55 388096 ------r- c:\documents and settings\xxxx yyyy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-31 08:55 . 2012-10-31 08:55 -------- d-----w- c:\program files\Trend Micro
2012-10-30 08:48 . 2012-10-30 08:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-10-30 08:08 . 2012-10-30 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-10-30 08:08 . 2012-10-30 08:08 -------- d-----w- c:\documents and settings\xxxx yyyy\Application Data\TestApp
2012-10-29 14:25 . 2012-10-29 14:25 -------- d-----w- c:\documents and settings\xxxx yyyy\Application Data\SUPERAntiSpyware.com
2012-10-29 14:22 . 2012-10-29 14:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-29 14:22 . 2012-10-29 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-10-29 13:59 . 2012-10-29 13:59 -------- d-----w- c:\documents and settings\xxxx yyyy\Application Data\Malwarebytes
2012-10-29 13:55 . 2012-09-29 19:54 22856 ------w- c:\windows\system32\drivers\mbam.sys
2012-10-29 13:55 . 2012-10-29 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-29 13:09 . 2012-10-29 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-29 08:12 . 2012-10-29 08:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-10-28 13:39 . 2012-10-28 14:52 -------- d-----w- c:\documents and settings\xxxx yyyy\DoctorWeb
2012-10-27 10:26 . 2012-10-27 10:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-10-27 10:25 . 2012-10-27 10:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-10-26 09:55 . 2012-10-26 09:55 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-25 16:53 . 2012-10-25 16:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-10-25 12:50 . 2012-10-26 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-10-25 12:50 . 2012-10-26 09:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-23 16:26 . 2012-10-23 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\MapFactor
2012-10-23 09:06 . 2012-10-23 09:06 -------- d-----w- c:\documents and settings\xxxx yyyy\New Folder
2012-10-23 09:06 . 2012-10-23 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\New Folder
2012-10-23 09:05 . 2012-10-23 09:05 -------- d-----w- c:\documents and settings\xxxx yyyy\Application Data\MapFactor
2012-10-23 08:53 . 2012-10-23 08:53 94208 --sh--r- c:\windows\system32\wshtcpipr.dll
2012-10-17 22:21 . 2012-10-12 05:56 6918632 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{CB2B8AF2-AF8F-4B92-A120-F94E31813F87}\mpengine.dll
2012-10-09 09:29 . 2012-10-09 11:59 -------- d-----w- c:\documents and settings\xxxx yyyy\Local Settings\Application Data\WMTools Downloaded Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 20:51 . 2012-03-30 07:32 696760 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 20:51 . 2011-07-13 17:38 73656 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 08:17 . 2008-06-19 18:52 6980552 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-08-28 15:14 . 2004-08-11 16:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-11 16:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-11 16:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-11 16:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-11 16:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2012-05-04 13:16 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2012-05-04 12:32 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"F.lux"="c:\documents and settings\xxxx yyyy\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 98304]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-10-02 296096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2012-01-18 465944]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-19 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/06/2012 19:46 89792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 18:54 116608]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [29/10/2012 13:56 399432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [10/06/2012 19:49 95232]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/06/2012 19:46 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/06/2012 19:46 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [10/06/2012 19:47 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/06/2012 15:51 151880]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [19/08/2011 09:26 450848]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/06/2012 19:46 57600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29/10/2012 13:55 22856]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/06/2012 19:46 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [10/06/2012 19:46 83856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/11/2009 20:37 135664]
S2 LogWatch;Event Log Watch;"c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe" --> c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29/10/2012 13:56 676936]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [02/10/2012 12:13 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 12:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/03/2012 07:32 250808]
S3 CA_LIC_CLNT;CA License Client;"c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe" --> c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [?]
S3 CA_LIC_SRVR;CA License Server;"c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" --> c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27/11/2009 20:37 135664]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10/06/2012 19:46 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/06/2012 19:46 87656]
S3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\drivers\UCharger.sys [15/05/2007 06:43 13765]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [06/07/2012 18:16 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [06/07/2012 18:18 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [06/07/2012 18:18 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [06/07/2012 18:18 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [06/07/2012 18:19 25704]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 20:51]
.
2012-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-11-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-08 10:34]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 20:37]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 20:37]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-996813125-380476456-4039978111-1005Core.job
- c:\documents and settings\xxxx yyyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-06 11:10]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-996813125-380476456-4039978111-1005UA.job
- c:\documents and settings\xxxx yyyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-06 11:10]
.
2012-11-02 c:\windows\Tasks\MGWSQ.job
- c:\windows\system32\wshtcpipr.dll [2012-10-23 08:53]
.
2012-10-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2012-11-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-996813125-380476456-4039978111-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 13:27]
.
2012-11-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-996813125-380476456-4039978111-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 13:27]
.
2012-11-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3224f27d-850c-498a-87b7-9f2d569d2974.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 804f26a2-186e-42d8-b2d8-3b1ef62dac2c.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-01 c:\windows\Tasks\{16B06239-A427-4B50-9626-76042E8ABA8B}_MHLAPTOP_xxxx yyyy.job
- c:\windows\system32\mobsync.exe [2004-08-11 00:12]
.
2012-11-01 c:\windows\Tasks\{444B2ABE-284C-4ED2-83A1-3CB9E2D470D8}_MHLAPTOP_xxxx yyyy.job
- c:\windows\system32\mobsync.exe [2004-08-11 00:12]
.
2012-10-26 c:\windows\Tasks\{473EF218-6E93-48C8-9A54-FDB51316DF63}_MHLAPTOP_xxxx yyyy.job
- c:\windows\system32\mobsync.exe [2004-08-11 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\biolsp.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Aimersoft Helper Compact.exe - c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKLM-Run-iSkysoft Helper Compact.exe - c:\program files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKU-Default-RunOnce-RealUpgradeHelper - c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe
AddRemove-MSNINST - c:\program files\MSN\MsnInstaller\msninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-02 08:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\MAGGIE~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1364)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
.
- - - - - - - > 'lsass.exe'(1420)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2012-11-02 09:06:03
ComboFix-quarantined-files.txt 2012-11-02 09:05
.
Pre-Run: 16,021,495,808 bytes free
Post-Run: 16,881,934,336 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8B9E6DAF77BA7A52542FABAD08728AD7

Again thanks for your help and support - much appreciated.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 03 November 2012 - 05:53 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Welephant

Welephant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 04 November 2012 - 07:09 AM

Hi Gringo

Everything seems to be OK - no redirections.

Here are the logs as requested.

TDSS:
11:15:23.0406 6612 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:15:25.0406 6612 ============================================================
11:15:25.0406 6612 Current date / time: 2012/11/04 11:15:25.0406
11:15:25.0406 6612 SystemInfo:
11:15:25.0406 6612
11:15:25.0406 6612 OS Version: 5.1.2600 ServicePack: 3.0
11:15:25.0406 6612 Product type: Workstation
11:15:25.0406 6612 ComputerName: MHLAPTOP
11:15:25.0406 6612 UserName: XXXX YYYY
11:15:25.0406 6612 Windows directory: C:\WINDOWS
11:15:25.0406 6612 System windows directory: C:\WINDOWS
11:15:25.0406 6612 Processor architecture: Intel x86
11:15:25.0406 6612 Number of processors: 2
11:15:25.0406 6612 Page size: 0x1000
11:15:25.0406 6612 Boot type: Normal boot
11:15:25.0406 6612 ============================================================
11:15:32.0843 6612 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200,

Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:15:32.0859 6612 ============================================================
11:15:32.0859 6612 \Device\Harddisk0\DR0:
11:15:32.0859 6612 MBR partitions:
11:15:32.0859 6612 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum

0x4A5A0B5
11:15:32.0859 6612 ============================================================
11:15:33.0062 6612 C: <-> \Device\Harddisk0\DR0\Partition1
11:15:33.0125 6612 ============================================================
11:15:33.0125 6612 Initialize success
11:15:33.0125 6612 ============================================================
11:16:11.0156 6496 ============================================================
11:16:11.0156 6496 Scan started
11:16:11.0156 6496 Mode: Manual;
11:16:11.0156 6496 ============================================================
11:16:12.0078 6496 ================ Scan system memory ========================
11:16:27.0265 6496 System memory - ok
11:16:27.0265 6496 ================ Scan services =============================
11:16:27.0531 6496 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program

Files\SUPERAntiSpyware\SASCORE.EXE
11:16:27.0593 6496 !SASCORE - ok
11:16:28.0406 6496 Abiosdsk - ok
11:16:28.0453 6496 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5

C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:16:28.0468 6496 abp480n5 - ok
11:16:28.0625 6496 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI

C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:16:28.0812 6496 ACPI - ok
11:16:28.0906 6496 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC

C:\WINDOWS\system32\drivers\ACPIEC.sys
11:16:28.0953 6496 ACPIEC - ok
11:16:29.0156 6496 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc

C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:16:29.0312 6496 AdobeFlashPlayerUpdateSvc - ok
11:16:29.0390 6496 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m

C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:16:29.0437 6496 adpu160m - ok
11:16:29.0546 6496 [ 8BED39E3C35D6A489438B8141717A557 ] aec

C:\WINDOWS\system32\drivers\aec.sys
11:16:29.0625 6496 aec - ok
11:16:29.0796 6496 [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP

C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:16:29.0859 6496 AegisP - ok
11:16:30.0015 6496 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD

C:\WINDOWS\System32\drivers\afd.sys
11:16:30.0093 6496 AFD - ok
11:16:30.0156 6496 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440

C:\WINDOWS\system32\DRIVERS\agp440.sys
11:16:30.0171 6496 agp440 - ok
11:16:30.0203 6496 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ

C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:16:30.0234 6496 agpCPQ - ok
11:16:30.0328 6496 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x

C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:16:30.0343 6496 Aha154x - ok
11:16:30.0437 6496 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2

C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:16:30.0468 6496 aic78u2 - ok
11:16:30.0515 6496 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx

C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:16:30.0546 6496 aic78xx - ok
11:16:30.0593 6496 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:16:30.0609 6496 Alerter - ok
11:16:30.0671 6496 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:16:30.0750 6496 ALG - ok
11:16:30.0906 6496 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde

C:\WINDOWS\system32\DRIVERS\aliide.sys
11:16:30.0937 6496 AliIde - ok
11:16:30.0984 6496 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541

C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:16:31.0015 6496 alim1541 - ok
11:16:31.0046 6496 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp

C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:16:31.0062 6496 amdagp - ok
11:16:31.0093 6496 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint

C:\WINDOWS\system32\DRIVERS\amsint.sys
11:16:31.0093 6496 amsint - ok
11:16:31.0187 6496 [ 090880E9BF20F928BC341F96D27C019E ] ApfiltrService

C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
11:16:31.0250 6496 ApfiltrService - ok
11:16:31.0312 6496 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV

C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
11:16:31.0328 6496 APPDRV - ok
11:16:31.0656 6496 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common

Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:16:31.0953 6496 Apple Mobile Device - ok
11:16:32.0109 6496 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt

C:\WINDOWS\System32\appmgmts.dll
11:16:32.0203 6496 AppMgmt - ok
11:16:32.0375 6496 [ 62D318E9A0C8FC9B780008E724283707 ] asc

C:\WINDOWS\system32\DRIVERS\asc.sys
11:16:32.0468 6496 asc - ok
11:16:32.0531 6496 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p

C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:16:32.0562 6496 asc3350p - ok
11:16:32.0609 6496 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550

C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:16:32.0609 6496 asc3550 - ok
11:16:33.0359 6496 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:16:33.0781 6496 aspnet_state - ok
11:16:33.0968 6496 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac

C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:16:34.0031 6496 AsyncMac - ok
11:16:34.0140 6496 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi

C:\WINDOWS\system32\DRIVERS\atapi.sys
11:16:34.0156 6496 atapi - ok
11:16:34.0203 6496 Atdisk - ok
11:16:34.0281 6496 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc

C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:16:34.0390 6496 Atmarpc - ok
11:16:34.0500 6496 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv

C:\WINDOWS\System32\audiosrv.dll
11:16:34.0531 6496 AudioSrv - ok
11:16:34.0671 6496 [ D9F724AA26C010A217C97606B160ED68 ] audstub

C:\WINDOWS\system32\DRIVERS\audstub.sys
11:16:34.0750 6496 audstub - ok
11:16:36.0500 6496 [ B825F25B8FC988F18C2EAA6737E83512 ] Automatic LiveUpdate Scheduler C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
11:16:36.0578 6496 Automatic LiveUpdate Scheduler - ok
11:16:36.0703 6496 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k

C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:16:36.0968 6496 b57w2k - ok
11:16:37.0156 6496 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep

C:\WINDOWS\system32\drivers\Beep.sys
11:16:37.0203 6496 Beep - ok
11:16:37.0609 6496 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:16:38.0250 6496 BITS - ok
11:16:38.0781 6496 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program

Files\Bonjour\mDNSResponder.exe
11:16:39.0171 6496 Bonjour Service - ok
11:16:39.0468 6496 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser

C:\WINDOWS\System32\browser.dll
11:16:39.0562 6496 Browser - ok
11:16:39.0843 6496 catchme - ok
11:16:39.0843 6496 CA_LIC_CLNT - ok
11:16:39.0843 6496 CA_LIC_SRVR - ok
11:16:40.0031 6496 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf

C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:16:40.0109 6496 cbidf - ok
11:16:40.0125 6496 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k

C:\WINDOWS\system32\drivers\cbidf2k.sys
11:16:40.0125 6496 cbidf2k - ok
11:16:40.0218 6496 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE

C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:16:40.0234 6496 CCDECODE - ok
11:16:40.0265 6496 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt

C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:16:40.0312 6496 cd20xrnt - ok
11:16:40.0359 6496 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio

C:\WINDOWS\system32\drivers\Cdaudio.sys
11:16:40.0359 6496 Cdaudio - ok
11:16:40.0453 6496 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs

C:\WINDOWS\system32\drivers\Cdfs.sys
11:16:40.0484 6496 Cdfs - ok
11:16:40.0531 6496 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom

C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:16:40.0562 6496 Cdrom - ok
11:16:40.0640 6496 [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids

C:\WINDOWS\system32\drivers\cfwids.sys
11:16:40.0671 6496 cfwids - ok
11:16:40.0671 6496 Changer - ok
11:16:40.0781 6496 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:16:40.0781 6496 CiSvc - ok
11:16:40.0859 6496 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv

C:\WINDOWS\system32\clipsrv.exe
11:16:40.0953 6496 ClipSrv - ok
11:16:41.0171 6496 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:16:43.0203 6496 clr_optimization_v2.0.50727_32 - ok
11:16:43.0250 6496 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt

C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:16:43.0296 6496 CmBatt - ok
11:16:43.0359 6496 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde

C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:16:43.0406 6496 CmdIde - ok
11:16:43.0437 6496 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt

C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:16:43.0468 6496 Compbatt - ok
11:16:43.0484 6496 COMSysApp - ok
11:16:43.0625 6496 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray

C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:16:43.0640 6496 Cpqarray - ok
11:16:43.0734 6496 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc

C:\WINDOWS\System32\cryptsvc.dll
11:16:43.0859 6496 CryptSvc - ok
11:16:44.0312 6496 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k

C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:16:44.0437 6496 dac2w2k - ok
11:16:44.0468 6496 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt

C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:16:44.0500 6496 dac960nt - ok
11:16:45.0187 6496 [ CE718654AFE0F877328E2A0662BB7A94 ] DataSvr2 C:\Program Files\Wave Systems

Corp\Common\DataServer.exe
11:16:45.0593 6496 DataSvr2 - ok
11:16:45.0890 6496 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:16:46.0421 6496 DcomLaunch - ok
11:16:46.0578 6496 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp

C:\WINDOWS\System32\dhcpcsvc.dll
11:16:46.0640 6496 Dhcp - ok
11:16:46.0718 6496 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk

C:\WINDOWS\system32\DRIVERS\disk.sys
11:16:46.0750 6496 Disk - ok
11:16:46.0765 6496 dmadmin - ok
11:16:47.0546 6496 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot

C:\WINDOWS\system32\drivers\dmboot.sys
11:16:48.0203 6496 dmboot - ok
11:16:48.0328 6496 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio

C:\WINDOWS\system32\drivers\dmio.sys
11:16:48.0421 6496 dmio - ok
11:16:48.0656 6496 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload

C:\WINDOWS\system32\drivers\dmload.sys
11:16:48.0671 6496 dmload - ok
11:16:48.0796 6496 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver

C:\WINDOWS\System32\dmserver.dll
11:16:48.0937 6496 dmserver - ok
11:16:49.0203 6496 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic

C:\WINDOWS\system32\drivers\DMusic.sys
11:16:49.0250 6496 DMusic - ok
11:16:49.0406 6496 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache

C:\WINDOWS\System32\dnsrslvr.dll
11:16:49.0437 6496 Dnscache - ok
11:16:49.0640 6496 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc

C:\WINDOWS\System32\dot3svc.dll
11:16:49.0718 6496 Dot3svc - ok
11:16:49.0812 6496 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o

C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:16:49.0906 6496 dpti2o - ok
11:16:50.0234 6496 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud

C:\WINDOWS\system32\drivers\drmkaud.sys
11:16:50.0234 6496 drmkaud - ok
11:16:50.0375 6496 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B

C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:16:50.0437 6496 E100B - ok
11:16:54.0171 6496 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:16:54.0250 6496 EapHost - ok
11:16:54.0312 6496 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:16:54.0328 6496 ERSvc - ok
11:16:54.0531 6496 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog

C:\WINDOWS\system32\services.exe
11:16:54.0593 6496 Eventlog - ok
11:16:54.0781 6496 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:16:54.0921 6496 EventSystem - ok
11:16:55.0109 6496 [ ED9C755312F29D55B8C815EEC7115635 ] EvtEng C:\Program

Files\Intel\Wireless\Bin\EvtEng.exe
11:16:55.0234 6496 EvtEng - ok
11:16:55.0515 6496 [ 38D332A6D56AF32635675F132548343E ] Fastfat

C:\WINDOWS\system32\drivers\Fastfat.sys
11:16:55.0718 6496 Fastfat - ok
11:16:55.0875 6496 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility

C:\WINDOWS\System32\shsvcs.dll
11:16:55.0953 6496 FastUserSwitchingCompatibility - ok
11:16:56.0203 6496 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
11:16:56.0359 6496 Fax - ok
11:16:56.0437 6496 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc

C:\WINDOWS\system32\DRIVERS\fdc.sys
11:16:56.0453 6496 Fdc - ok
11:16:56.0515 6496 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips

C:\WINDOWS\system32\drivers\Fips.sys
11:16:56.0546 6496 Fips - ok
11:16:56.0578 6496 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk

C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:16:56.0593 6496 Flpydisk - ok
11:16:56.0703 6496 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr

C:\WINDOWS\system32\drivers\fltmgr.sys
11:16:56.0781 6496 FltMgr - ok
11:16:56.0890 6496 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0

C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:16:56.0921 6496 FontCache3.0.0.0 - ok
11:16:56.0968 6496 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec

C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:16:56.0968 6496 Fs_Rec - ok
11:16:57.0062 6496 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk

C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:16:57.0125 6496 Ftdisk - ok
11:16:57.0203 6496 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM

C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
11:16:57.0218 6496 GEARAspiWDM - ok
11:16:57.0281 6496 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc

C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:16:57.0312 6496 Gpc - ok
11:16:57.0593 6496 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program

Files\Google\Update\GoogleUpdate.exe
11:16:57.0687 6496 gupdate - ok
11:16:57.0781 6496 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program

Files\Google\Update\GoogleUpdate.exe
11:16:57.0781 6496 gupdatem - ok
11:16:57.0937 6496 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:16:58.0046 6496 gusvc - ok
11:16:58.0140 6496 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus

C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:16:58.0218 6496 HDAudBus - ok
11:16:58.0359 6496 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:16:58.0406 6496 helpsvc - ok
11:16:58.0406 6496 HidServ - ok
11:16:58.0453 6496 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb

C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:16:58.0453 6496 HidUsb - ok
11:16:58.0515 6496 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:16:58.0562 6496 hkmsvc - ok
11:16:58.0593 6496 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn

C:\WINDOWS\system32\DRIVERS\hpn.sys
11:16:58.0609 6496 hpn - ok
11:16:59.0140 6496 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV

C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
11:17:00.0187 6496 HSF_DPV - ok
11:17:00.0531 6496 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL

C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
11:17:00.0640 6496 HSXHWAZL - ok
11:17:00.0843 6496 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP

C:\WINDOWS\system32\Drivers\HTTP.sys
11:17:00.0984 6496 HTTP - ok
11:17:01.0046 6496 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:17:01.0078 6496 HTTPFilter - ok
11:17:01.0125 6496 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt

C:\WINDOWS\system32\drivers\i2omgmt.sys
11:17:01.0125 6496 i2omgmt - ok
11:17:01.0187 6496 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp

C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:17:01.0203 6496 i2omp - ok
11:17:01.0250 6496 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt

C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:17:01.0281 6496 i8042prt - ok
11:17:02.0250 6496 [ CC449157474D5E43DAEA7E20F52C635A ] ialm

C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:17:03.0140 6496 ialm - ok
11:17:03.0515 6496 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:17:03.0656 6496 IDriverT - ok
11:17:04.0593 6496 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:17:05.0593 6496 idsvc - ok
11:17:05.0859 6496 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi

C:\WINDOWS\system32\DRIVERS\imapi.sys
11:17:05.0890 6496 Imapi - ok
11:17:06.0109 6496 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:17:06.0343 6496 ImapiService - ok
11:17:06.0468 6496 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u

C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:17:06.0531 6496 ini910u - ok
11:17:06.0609 6496 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde

C:\WINDOWS\system32\DRIVERS\intelide.sys
11:17:06.0625 6496 IntelIde - ok
11:17:06.0718 6496 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm

C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:17:06.0765 6496 intelppm - ok
11:17:06.0875 6496 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw

C:\WINDOWS\system32\drivers\ip6fw.sys
11:17:07.0031 6496 Ip6Fw - ok
11:17:07.0140 6496 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver

C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:17:07.0171 6496 IpFilterDriver - ok
11:17:07.0234 6496 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp

C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:17:07.0343 6496 IpInIp - ok
11:17:07.0484 6496 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat

C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:17:07.0562 6496 IpNat - ok
11:17:07.0656 6496 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec

C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:17:07.0718 6496 IPSec - ok
11:17:07.0750 6496 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM

C:\WINDOWS\system32\DRIVERS\irenum.sys
11:17:07.0765 6496 IRENUM - ok
11:17:07.0843 6496 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp

C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:17:07.0859 6496 isapnp - ok
11:17:07.0921 6496 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass

C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:17:07.0937 6496 Kbdclass - ok
11:17:08.0078 6496 [ 692BCF44383D056AED41B045A323D378 ] kmixer

C:\WINDOWS\system32\drivers\kmixer.sys
11:17:08.0171 6496 kmixer - ok
11:17:08.0406 6496 [ B467646C54CC746128904E1654C750C1 ] KSecDD

C:\WINDOWS\system32\drivers\KSecDD.sys
11:17:08.0468 6496 KSecDD - ok
11:17:08.0593 6496 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:17:08.0656 6496 lanmanserver - ok
11:17:08.0812 6496 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation

C:\WINDOWS\System32\wkssvc.dll
11:17:09.0015 6496 lanmanworkstation - ok
11:17:09.0015 6496 lbrtfdc - ok
11:17:10.0593 6496 [ 7570EC7CC3E3E13379037FDE7EF282B3 ] LiveUpdate

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
11:17:12.0390 6496 LiveUpdate - ok
11:17:12.0531 6496 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:17:12.0578 6496 LmHosts - ok
11:17:12.0593 6496 LogWatch - ok
11:17:13.0000 6496 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS

C:\WINDOWS\system32\DRIVERS\lvrs.sys
11:17:13.0234 6496 LVRS - ok
11:17:17.0515 6496 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC

C:\WINDOWS\system32\DRIVERS\lvuvc.sys
11:17:21.0000 6496 LVUVC - ok
11:17:21.0312 6496 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector

C:\WINDOWS\system32\drivers\mbam.sys
11:17:21.0437 6496 MBAMProtector - ok
11:17:22.0125 6496 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes'

Anti-Malware\mbamscheduler.exe
11:17:22.0437 6496 MBAMScheduler - ok
11:17:23.0406 6496 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes'

Anti-Malware\mbamservice.exe
11:17:24.0140 6496 MBAMService - ok
11:17:24.0484 6496 [ C226CE46CD17FCE6261A9DE406F01C8B ] McAfee SiteAdvisor Service

c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
11:17:24.0687 6496 McAfee SiteAdvisor Service - ok
11:17:24.0968 6496 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McMPFSvc C:\Program Files\Common

Files\Mcafee\McSvcHost\McSvHost.exe
11:17:25.0125 6496 McMPFSvc - ok
11:17:25.0265 6496 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc C:\Program Files\Common

Files\Mcafee\McSvcHost\McSvHost.exe
11:17:25.0265 6496 mcmscsvc - ok
11:17:25.0375 6496 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn C:\Program Files\Common

Files\Mcafee\McSvcHost\McSvHost.exe
11:17:25.0375 6496 McNaiAnn - ok
11:17:25.0500 6496 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc C:\Program Files\Common

Files\Mcafee\McSvcHost\McSvHost.exe
11:17:25.0500 6496 McNASvc - ok
11:17:25.0843 6496 [ B3CD9ADE1C2665124CA34125B331B0B4 ] McODS C:\Program

Files\McAfee\VirusScan\mcods.exe
11:17:26.0031 6496 McODS - ok
11:17:26.0156 6496 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy C:\Program Files\Common

Files\Mcafee\McSvcHost\McSvHost.exe
11:17:26.0156 6496 McProxy - ok
11:17:26.0343 6496 [ 593FA4C378818ECE76BA64A11AD56CF2 ] McShield C:\Program Files\Common

Files\McAfee\SystemCore\\mcshield.exe
11:17:26.0437 6496 McShield - ok
11:17:26.0734 6496 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common

Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:17:26.0906 6496 MDM - ok
11:17:26.0968 6496 [ E246A32C445056996074A397DA56E815 ] mdmxsdk

C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:17:26.0968 6496 mdmxsdk - ok
11:17:27.0046 6496 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:17:27.0062 6496 Messenger - ok
11:17:27.0171 6496 [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk

C:\WINDOWS\system32\drivers\mfeapfk.sys
11:17:27.0250 6496 mfeapfk - ok
11:17:27.0375 6496 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk

C:\WINDOWS\system32\drivers\mfeavfk.sys
11:17:27.0468 6496 mfeavfk - ok
11:17:27.0468 6496 mfeavfk01 - ok
11:17:27.0609 6496 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk

C:\WINDOWS\system32\drivers\mfebopk.sys
11:17:27.0640 6496 mfebopk - ok
11:17:27.0765 6496 [ 7E1F8B1BDC8240F08BD358B3A466C005 ] mfefire C:\Program Files\Common

Files\McAfee\SystemCore\\mfefire.exe
11:17:27.0859 6496 mfefire - ok
11:17:28.0062 6496 [ 4EA6FF90015424517843E931448E00F1 ] mfefirek

C:\WINDOWS\system32\drivers\mfefirek.sys
11:17:28.0234 6496 mfefirek - ok
11:17:28.0531 6496 [ D1E998748BA24A731106611D535C6BBF ] mfehidk

C:\WINDOWS\system32\drivers\mfehidk.sys
11:17:28.0765 6496 mfehidk - ok
11:17:28.0859 6496 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendisk

C:\WINDOWS\system32\DRIVERS\mfendisk.sys
11:17:28.0906 6496 mfendisk - ok
11:17:28.0953 6496 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendiskmp

C:\WINDOWS\system32\DRIVERS\mfendisk.sys
11:17:28.0953 6496 mfendiskmp - ok
11:17:29.0046 6496 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet

C:\WINDOWS\system32\drivers\mferkdet.sys
11:17:29.0093 6496 mferkdet - ok
11:17:29.0203 6496 [ 070D3FAF2EAC417C59D8674A8752F7A6 ] mfetdi2k

C:\WINDOWS\system32\drivers\mfetdi2k.sys
11:17:29.0312 6496 mfetdi2k - ok
11:17:29.0453 6496 [ B10C4EFD40810C08F4B44DF2EFCB54F7 ] mfevtp

C:\WINDOWS\system32\mfevtps.exe
11:17:29.0531 6496 mfevtp - ok
11:17:29.0593 6496 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd

C:\WINDOWS\system32\drivers\mnmdd.sys
11:17:29.0593 6496 mnmdd - ok
11:17:29.0671 6496 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc

C:\WINDOWS\system32\mnmsrvc.exe
11:17:29.0703 6496 mnmsrvc - ok
11:17:29.0750 6496 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem

C:\WINDOWS\system32\drivers\Modem.sys
11:17:29.0781 6496 Modem - ok
11:17:29.0796 6496 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass

C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:17:29.0812 6496 Mouclass - ok
11:17:29.0875 6496 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid

C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:17:29.0890 6496 mouhid - ok
11:17:29.0921 6496 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr

C:\WINDOWS\system32\drivers\MountMgr.sys
11:17:29.0937 6496 MountMgr - ok
11:17:29.0968 6496 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x

C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:17:29.0984 6496 mraid35x - ok
11:17:30.0140 6496 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV

C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:17:30.0250 6496 MRxDAV - ok
11:17:30.0609 6496 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb

C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:17:30.0859 6496 MRxSmb - ok
11:17:30.0921 6496 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:17:30.0953 6496 MSDTC - ok
11:17:31.0046 6496 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs

C:\WINDOWS\system32\drivers\Msfs.sys
11:17:31.0046 6496 Msfs - ok
11:17:31.0062 6496 MSIServer - ok
11:17:31.0093 6496 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV

C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:17:31.0093 6496 MSKSSRV - ok
11:17:31.0125 6496 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK

C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:17:31.0140 6496 MSPCLOCK - ok
11:17:31.0140 6496 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM

C:\WINDOWS\system32\drivers\MSPQM.sys
11:17:31.0156 6496 MSPQM - ok
11:17:31.0218 6496 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios

C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:17:31.0234 6496 mssmbios - ok
11:17:31.0265 6496 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE

C:\WINDOWS\system32\drivers\MSTEE.sys
11:17:31.0265 6496 MSTEE - ok
11:17:31.0343 6496 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup

C:\WINDOWS\system32\drivers\Mup.sys
11:17:31.0406 6496 Mup - ok
11:17:31.0500 6496 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC

C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:17:31.0546 6496 NABTSFEC - ok
11:17:31.0781 6496 [ 0102140028FAD045756796E1C685D695 ] napagent

C:\WINDOWS\System32\qagentrt.dll
11:17:31.0937 6496 napagent - ok
11:17:32.0031 6496 [ 1DF7F42665C94B825322FAE71721130D ] NDIS

C:\WINDOWS\system32\drivers\NDIS.sys
11:17:32.0125 6496 NDIS - ok
11:17:32.0171 6496 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP

C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:17:32.0187 6496 NdisIP - ok
11:17:32.0234 6496 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi

C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:17:32.0234 6496 NdisTapi - ok
11:17:32.0265 6496 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio

C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:17:32.0265 6496 Ndisuio - ok
11:17:32.0328 6496 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan

C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:17:32.0375 6496 NdisWan - ok
11:17:32.0421 6496 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy

C:\WINDOWS\system32\drivers\NDProxy.sys
11:17:32.0437 6496 NDProxy - ok
11:17:32.0468 6496 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS

C:\WINDOWS\system32\DRIVERS\netbios.sys
11:17:32.0484 6496 NetBIOS - ok
11:17:32.0609 6496 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT

C:\WINDOWS\system32\DRIVERS\netbt.sys
11:17:32.0687 6496 NetBT - ok
11:17:32.0796 6496 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:17:32.0843 6496 NetDDE - ok
11:17:32.0906 6496 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:17:32.0921 6496 NetDDEdsdm - ok
11:17:32.0968 6496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:17:32.0984 6496 Netlogon - ok
11:17:33.0109 6496 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:17:33.0203 6496 Netman - ok
11:17:33.0312 6496 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:17:33.0390 6496 NetTcpPortSharing - ok
11:17:33.0687 6496 [ 11D8A00C7EFF1AAEC8E8464769C84A3D ] NICCONFIGSVC C:\Program

Files\Dell\QuickSet\NICCONFIGSVC.exe
11:17:33.0890 6496 NICCONFIGSVC - ok
11:17:34.0046 6496 [ 943337D786A56729263071623BBB9DE5 ] Nla

C:\WINDOWS\System32\mswsock.dll
11:17:34.0156 6496 Nla - ok
11:17:34.0250 6496 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs

C:\WINDOWS\system32\drivers\Npfs.sys
11:17:34.0265 6496 Npfs - ok
11:17:34.0578 6496 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs

C:\WINDOWS\system32\drivers\Ntfs.sys
11:17:34.0859 6496 Ntfs - ok
11:17:34.0875 6496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:17:34.0875 6496 NtLmSsp - ok
11:17:35.0140 6496 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc

C:\WINDOWS\system32\ntmssvc.dll
11:17:35.0390 6496 NtmsSvc - ok
11:17:35.0406 6496 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null

C:\WINDOWS\system32\drivers\Null.sys
11:17:35.0421 6496 Null - ok
11:17:36.0500 6496 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv

C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:17:37.0453 6496 nv - ok
11:17:37.0484 6496 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt

C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:17:37.0484 6496 NwlnkFlt - ok
11:17:37.0546 6496 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd

C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:17:37.0562 6496 NwlnkFwd - ok
11:17:37.0609 6496 [ B17228142CEC9B3C222239FD935A37CA ] omci

C:\WINDOWS\system32\DRIVERS\omci.sys
11:17:37.0625 6496 omci - ok
11:17:37.0718 6496 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common

Files\Microsoft Shared\Source Engine\OSE.EXE
11:17:37.0781 6496 ose - ok
11:17:37.0875 6496 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport

C:\WINDOWS\system32\DRIVERS\parport.sys
11:17:37.0921 6496 Parport - ok
11:17:37.0953 6496 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr

C:\WINDOWS\system32\drivers\PartMgr.sys
11:17:37.0968 6496 PartMgr - ok
11:17:38.0000 6496 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm

C:\WINDOWS\system32\drivers\ParVdm.sys
11:17:38.0000 6496 ParVdm - ok
11:17:38.0031 6496 [ 6EF25FB20CD269E3E51D8CA54935FFF2 ] PBADRV

C:\WINDOWS\system32\drivers\pbadrv.sys
11:17:38.0046 6496 PBADRV - ok
11:17:38.0109 6496 [ A219903CCF74233761D92BEF471A07B1 ] PCI

C:\WINDOWS\system32\DRIVERS\pci.sys
11:17:38.0156 6496 PCI - ok
11:17:38.0156 6496 PCIDump - ok
11:17:38.0171 6496 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde

C:\WINDOWS\system32\DRIVERS\pciide.sys
11:17:38.0171 6496 PCIIde - ok
11:17:38.0234 6496 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia

C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:17:38.0296 6496 Pcmcia - ok
11:17:38.0312 6496 PDCOMP - ok
11:17:38.0312 6496 PDFRAME - ok
11:17:38.0328 6496 PDRELI - ok
11:17:38.0328 6496 PDRFRAME - ok
11:17:38.0375 6496 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2

C:\WINDOWS\system32\DRIVERS\perc2.sys
11:17:38.0390 6496 perc2 - ok
11:17:38.0421 6496 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib

C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:17:38.0421 6496 perc2hib - ok
11:17:38.0515 6496 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay

C:\WINDOWS\system32\services.exe
11:17:38.0515 6496 PlugPlay - ok
11:17:38.0531 6496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:17:38.0531 6496 PolicyAgent - ok
11:17:38.0578 6496 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport

C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:17:38.0593 6496 PptpMiniport - ok
11:17:38.0609 6496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:17:38.0609 6496 ProtectedStorage - ok
11:17:38.0656 6496 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched

C:\WINDOWS\system32\DRIVERS\psched.sys
11:17:38.0687 6496 PSched - ok
11:17:38.0718 6496 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink

C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:17:38.0734 6496 Ptilink - ok
11:17:38.0859 6496 [ D86B4A68565E444D76457F14172C875A ] PxHelp20

C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:17:38.0890 6496 PxHelp20 - ok
11:17:38.0968 6496 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080

C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:17:38.0984 6496 ql1080 - ok
11:17:39.0015 6496 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt

C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:17:39.0046 6496 Ql10wnt - ok
11:17:39.0093 6496 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160

C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:17:39.0109 6496 ql12160 - ok
11:17:39.0156 6496 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240

C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:17:39.0171 6496 ql1240 - ok
11:17:39.0218 6496 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280

C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:17:39.0250 6496 ql1280 - ok
11:17:39.0296 6496 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd

C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:17:39.0296 6496 RasAcd - ok
11:17:39.0375 6496 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto

C:\WINDOWS\System32\rasauto.dll
11:17:39.0421 6496 RasAuto - ok
11:17:39.0484 6496 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp

C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:17:39.0515 6496 Rasl2tp - ok
11:17:39.0656 6496 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan

C:\WINDOWS\System32\rasmans.dll
11:17:39.0750 6496 RasMan - ok
11:17:39.0796 6496 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe

C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:17:39.0812 6496 RasPppoe - ok
11:17:39.0843 6496 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti

C:\WINDOWS\system32\DRIVERS\raspti.sys
11:17:39.0843 6496 Raspti - ok
11:17:39.0953 6496 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss

C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:17:40.0046 6496 Rdbss - ok
11:17:40.0062 6496 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD

C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:17:40.0062 6496 RDPCDD - ok
11:17:40.0171 6496 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr

C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:17:40.0281 6496 rdpdr - ok
11:17:40.0390 6496 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD

C:\WINDOWS\system32\drivers\RDPWD.sys
11:17:40.0468 6496 RDPWD - ok
11:17:40.0562 6496 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr

C:\WINDOWS\system32\sessmgr.exe
11:17:40.0640 6496 RDSessMgr - ok
11:17:40.0703 6496 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook

C:\WINDOWS\system32\DRIVERS\redbook.sys
11:17:40.0734 6496 redbook - ok
11:17:40.0921 6496 [ 6F81C8A63FB824EB8A2401AB45795553 ] RegSrvc C:\Program

Files\Intel\Wireless\Bin\RegSrvc.exe
11:17:41.0046 6496 RegSrvc - ok
11:17:41.0125 6496 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:17:41.0156 6496 RemoteAccess - ok
11:17:41.0218 6496 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:17:41.0250 6496 RemoteRegistry - ok
11:17:41.0328 6496 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator

C:\WINDOWS\system32\locator.exe
11:17:41.0359 6496 RpcLocator - ok
11:17:41.0593 6496 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:17:41.0609 6496 RpcSs - ok
11:17:41.0703 6496 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:17:41.0796 6496 RSVP - ok
11:17:42.0125 6496 [ B792F2C647B1FC3E4987DE582EE00FE3 ] S24EventMonitor C:\Program

Files\Intel\Wireless\Bin\S24EvMon.exe
11:17:42.0406 6496 S24EventMonitor - ok
11:17:42.0453 6496 [ 2E4E912CE95F5EF4D4A5079F6CE367FC ] s24trans

C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:17:42.0468 6496 s24trans - ok
11:17:42.0500 6496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:17:42.0500 6496 SamSs - ok
11:17:42.0562 6496 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program

Files\SUPERAntiSpyware\SASDIFSV.SYS
11:17:42.0578 6496 SASDIFSV - ok
11:17:42.0625 6496 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program

Files\SUPERAntiSpyware\SASKUTIL.SYS
11:17:42.0656 6496 SASKUTIL - ok
11:17:42.0765 6496 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr

C:\WINDOWS\System32\SCardSvr.exe
11:17:42.0828 6496 SCardSvr - ok
11:17:43.0031 6496 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule

C:\WINDOWS\system32\schedsvc.dll
11:17:43.0125 6496 Schedule - ok
11:17:43.0171 6496 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv

C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:17:43.0187 6496 Secdrv - ok
11:17:43.0234 6496 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon

C:\WINDOWS\System32\seclogon.dll
11:17:43.0250 6496 seclogon - ok
11:17:43.0265 6496 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:17:43.0296 6496 SENS - ok
11:17:43.0359 6496 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum

C:\WINDOWS\system32\DRIVERS\serenum.sys
11:17:43.0375 6496 serenum - ok
11:17:43.0406 6496 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial

C:\WINDOWS\system32\DRIVERS\serial.sys
11:17:43.0453 6496 Serial - ok
11:17:43.0625 6496 [ 65114D59850CA4D7785C22F922CC6942 ] ServiceLayer C:\Program Files\PC

Connectivity Solution\ServiceLayer.exe
11:17:43.0750 6496 ServiceLayer - ok
11:17:43.0796 6496 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy

C:\WINDOWS\system32\DRIVERS\sfloppy.sys
11:17:43.0812 6496 Sfloppy - ok
11:17:44.0062 6496 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess

C:\WINDOWS\System32\ipnathlp.dll
11:17:44.0234 6496 SharedAccess - ok
11:17:44.0343 6496 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection

C:\WINDOWS\System32\shsvcs.dll
11:17:44.0343 6496 ShellHWDetection - ok
11:17:44.0359 6496 Simbad - ok
11:17:44.0421 6496 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp

C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:17:44.0437 6496 sisagp - ok
11:17:46.0218 6496 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\Documents and

Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:17:47.0765 6496 Skype C2C Service - ok
11:17:47.0906 6496 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program

Files\Skype\Updater\Updater.exe
11:17:48.0000 6496 SkypeUpdate - ok
11:17:48.0046 6496 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP

C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:17:48.0062 6496 SLIP - ok
11:17:48.0203 6496 [ 443E397643965E08C5AB6A6CAA732B97 ] SNDSrvc C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
11:17:48.0312 6496 SNDSrvc - ok
11:17:48.0390 6496 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow

C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:17:48.0406 6496 Sparrow - ok
11:17:48.0453 6496 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter

C:\WINDOWS\system32\drivers\splitter.sys
11:17:48.0453 6496 splitter - ok
11:17:48.0531 6496 [ 60784F891563FB1B767F70117FC2428F ] Spooler

C:\WINDOWS\system32\spoolsv.exe
11:17:48.0546 6496 Spooler - ok
11:17:48.0593 6496 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr

C:\WINDOWS\system32\DRIVERS\sr.sys
11:17:48.0625 6496 sr - ok
11:17:48.0765 6496 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:17:48.0875 6496 srservice - ok
11:17:49.0156 6496 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv

C:\WINDOWS\system32\DRIVERS\srv.sys
11:17:49.0343 6496 Srv - ok
11:17:49.0390 6496 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV

C:\WINDOWS\System32\ssdpsrv.dll
11:17:49.0437 6496 SSDPSRV - ok
11:17:50.0125 6496 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA

C:\WINDOWS\system32\drivers\sthda.sys
11:17:50.0781 6496 STHDA - ok
11:17:51.0000 6496 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc

C:\WINDOWS\system32\wiaservc.dll
11:17:51.0171 6496 stisvc - ok
11:17:51.0218 6496 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip

C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:17:51.0234 6496 streamip - ok
11:17:51.0281 6496 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum

C:\WINDOWS\system32\DRIVERS\swenum.sys
11:17:51.0281 6496 swenum - ok
11:17:51.0328 6496 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi

C:\WINDOWS\system32\drivers\swmidi.sys
11:17:51.0359 6496 swmidi - ok
11:17:51.0375 6496 SwPrv - ok
11:17:51.0406 6496 [ 1FF3217614018630D0A6758630FC698C ] symc810

C:\WINDOWS\system32\DRIVERS\symc810.sys
11:17:51.0421 6496 symc810 - ok
11:17:51.0437 6496 [ 070E001D95CF725186EF8B20335F933C ] symc8xx

C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:17:51.0468 6496 symc8xx - ok
11:17:51.0546 6496 [ 9351E17B2C6055CB0DF442E54E5C1961 ] SymEvent C:\Program

Files\Symantec\SYMEVENT.SYS
11:17:51.0609 6496 SymEvent - ok
11:17:51.0671 6496 [ 7C73B65F1BDFAB9052A5076C0CA622DE ] SYMREDRV

C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
11:17:51.0671 6496 SYMREDRV - ok
11:17:51.0843 6496 [ B4562798891DCA27ED67CA07ACBADBD9 ] SYMTDI

C:\WINDOWS\System32\Drivers\SYMTDI.SYS
11:17:52.0000 6496 SYMTDI - ok
11:17:52.0031 6496 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi

C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:17:52.0046 6496 sym_hi - ok
11:17:52.0093 6496 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3

C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:17:52.0109 6496 sym_u3 - ok
11:17:52.0171 6496 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio

C:\WINDOWS\system32\drivers\sysaudio.sys
11:17:52.0203 6496 sysaudio - ok
11:17:52.0296 6496 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog

C:\WINDOWS\system32\smlogsvc.exe
11:17:52.0343 6496 SysmonLog - ok
11:17:52.0468 6496 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv

C:\WINDOWS\System32\tapisrv.dll
11:17:52.0609 6496 TapiSrv - ok
11:17:52.0812 6496 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip

C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:17:53.0000 6496 Tcpip - ok
11:17:53.0156 6496 [ BA5F68EA3995842C67F0E1E419B2A68F ] tcsd_win32.exe C:\Program Files\NTRU

Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
11:17:53.0250 6496 tcsd_win32.exe - ok
11:17:53.0281 6496 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE

C:\WINDOWS\system32\drivers\TDPIPE.sys
11:17:53.0296 6496 TDPIPE - ok
11:17:53.0343 6496 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP

C:\WINDOWS\system32\drivers\TDTCP.sys
11:17:53.0359 6496 TDTCP - ok
11:17:53.0421 6496 [ 88155247177638048422893737429D9E ] TermDD

C:\WINDOWS\system32\DRIVERS\termdd.sys
11:17:53.0437 6496 TermDD - ok
11:17:53.0609 6496 [ FF3477C03BE7201C294C35F684B3479F ] TermService

C:\WINDOWS\System32\termsrv.dll
11:17:53.0765 6496 TermService - ok
11:17:53.0843 6496 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:17:53.0843 6496 Themes - ok
11:17:53.0937 6496 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr

C:\WINDOWS\system32\tlntsvr.exe
11:17:54.0015 6496 TlntSvr - ok
11:17:54.0093 6496 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde

C:\WINDOWS\system32\DRIVERS\toside.sys
11:17:54.0109 6496 TosIde - ok
11:17:54.0156 6496 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:17:54.0203 6496 TrkWks - ok
11:17:54.0265 6496 [ E0529F7B6E1ACE01EBB58E5642582C92 ] UCharger

C:\WINDOWS\system32\Drivers\UCharger.sys
11:17:54.0281 6496 UCharger - ok
11:17:54.0343 6496 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs

C:\WINDOWS\system32\drivers\Udfs.sys
11:17:54.0375 6496 Udfs - ok
11:17:54.0406 6496 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra

C:\WINDOWS\system32\DRIVERS\ultra.sys
11:17:54.0437 6496 ultra - ok
11:17:54.0750 6496 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common

Files\logishrd\LVMVFM\UMVPFSrv.exe
11:17:54.0984 6496 UMVPFSrv - ok
11:17:55.0328 6496 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update

C:\WINDOWS\system32\DRIVERS\update.sys
11:17:55.0546 6496 Update - ok
11:17:55.0671 6496 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost

C:\WINDOWS\System32\upnphost.dll
11:17:55.0765 6496 upnphost - ok
11:17:55.0765 6496 upperdev - ok
11:17:55.0796 6496 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:17:55.0812 6496 UPS - ok
11:17:55.0906 6496 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL

C:\WINDOWS\system32\Drivers\usbaapl.sys
11:17:55.0921 6496 USBAAPL - ok
11:17:55.0984 6496 [ E919708DB44ED8543A7C017953148330 ] usbaudio

C:\WINDOWS\system32\drivers\usbaudio.sys
11:17:56.0031 6496 usbaudio - ok
11:17:56.0140 6496 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp

C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:17:56.0156 6496 usbccgp - ok
11:17:56.0187 6496 [ 6B5E4D5E6E5ECD6ACD14AED59768CE5C ] USBCCID

C:\WINDOWS\system32\DRIVERS\usbccid.sys
11:17:56.0203 6496 USBCCID - ok
11:17:56.0234 6496 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci

C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:17:56.0250 6496 usbehci - ok
11:17:56.0328 6496 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub

C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:17:56.0359 6496 usbhub - ok
11:17:56.0421 6496 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan

C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:17:56.0437 6496 usbscan - ok
11:17:56.0468 6496 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR

C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:17:56.0484 6496 USBSTOR - ok
11:17:56.0515 6496 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci

C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:17:56.0531 6496 usbuhci - ok
11:17:56.0625 6496 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo

C:\WINDOWS\system32\Drivers\usbvideo.sys
11:17:56.0687 6496 usbvideo - ok
11:17:56.0718 6496 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx

C:\WINDOWS\system32\DRIVERS\usb8023x.sys
11:17:56.0734 6496 usb_rndisx - ok
11:17:56.0750 6496 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave

C:\WINDOWS\System32\drivers\vga.sys
11:17:56.0765 6496 VgaSave - ok
11:17:56.0828 6496 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp

C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:17:56.0859 6496 viaagp - ok
11:17:56.0890 6496 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde

C:\WINDOWS\system32\DRIVERS\viaide.sys
11:17:56.0890 6496 ViaIde - ok
11:17:56.0953 6496 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap

C:\WINDOWS\system32\drivers\VolSnap.sys
11:17:56.0984 6496 VolSnap - ok
11:17:57.0250 6496 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:17:57.0406 6496 VSS - ok
11:17:57.0531 6496 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time

C:\WINDOWS\system32\w32time.dll
11:17:57.0609 6496 w32time - ok
11:17:58.0406 6496 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51

C:\WINDOWS\system32\DRIVERS\w39n51.sys
11:17:59.0156 6496 w39n51 - ok
11:17:59.0250 6496 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp

C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:17:59.0265 6496 Wanarp - ok
11:17:59.0343 6496 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh

C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
11:17:59.0375 6496 wceusbsh - ok
11:17:59.0734 6496 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000

C:\WINDOWS\system32\Drivers\wdf01000.sys
11:18:00.0000 6496 Wdf01000 - ok
11:18:00.0015 6496 WDICA - ok
11:18:00.0093 6496 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud

C:\WINDOWS\system32\drivers\wdmaud.sys
11:18:00.0156 6496 wdmaud - ok
11:18:00.0328 6496 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient

C:\WINDOWS\System32\webclnt.dll
11:18:00.0375 6496 WebClient - ok
11:18:00.0812 6496 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf

C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
11:18:01.0203 6496 winachsf - ok
11:18:01.0359 6496 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows

Defender\MsMpEng.exe
11:18:01.0421 6496 WinDefend - ok
11:18:01.0734 6496 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt

C:\WINDOWS\system32\wbem\WMIsvc.dll
11:18:01.0843 6496 winmgmt - ok
11:18:02.0062 6496 [ AFB5A2A79BB01699A269C316D8B9BEF1 ] WLANKEEPER C:\Program

Files\Intel\Wireless\Bin\WLKeeper.exe
11:18:02.0203 6496 WLANKEEPER - ok
11:18:02.0359 6496 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN

C:\WINDOWS\system32\MsPMSNSv.dll
11:18:02.0375 6496 WmdmPmSN - ok
11:18:02.0828 6496 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi

C:\WINDOWS\System32\advapi32.dll
11:18:03.0203 6496 Wmi - ok
11:18:03.0328 6496 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi

C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:18:03.0359 6496 WmiAcpi - ok
11:18:03.0468 6496 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv

C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:18:03.0578 6496 WmiApSrv - ok
11:18:04.0265 6496 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media

Player\WMPNetwk.exe
11:18:04.0781 6496 WMPNetworkSvc - ok
11:18:04.0859 6496 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb

C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:18:04.0875 6496 WpdUsb - ok
11:18:04.0937 6496 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL

C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:18:04.0937 6496 WS2IFSL - ok
11:18:05.0000 6496 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1)

C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
11:18:05.0015 6496 WsAudio_DeviceS(1) - ok
11:18:05.0062 6496 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2)

C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
11:18:05.0093 6496 WsAudio_DeviceS(2) - ok
11:18:05.0171 6496 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3)

C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
11:18:05.0187 6496 WsAudio_DeviceS(3) - ok
11:18:05.0234 6496 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4)

C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
11:18:05.0250 6496 WsAudio_DeviceS(4) - ok
11:18:05.0328 6496 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5)

C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
11:18:05.0343 6496 WsAudio_DeviceS(5) - ok
11:18:05.0468 6496 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:18:05.0515 6496 wscsvc - ok
11:18:05.0578 6496 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC

C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:18:05.0593 6496 WSTCODEC - ok
11:18:05.0625 6496 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv

C:\WINDOWS\system32\wuauserv.dll
11:18:05.0671 6496 wuauserv - ok
11:18:05.0750 6496 [ 50EB9E21963B4F06FD010D007D54351B ] WudfPf

C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:18:05.0781 6496 WudfPf - ok
11:18:05.0859 6496 [ 6E209664BDEA8A15B5E8E480D6C607C2 ] WudfRd

C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:18:05.0906 6496 WudfRd - ok
11:18:05.0953 6496 [ AE93084D2D236887BA56467AE42B4955 ] WudfSvc

C:\WINDOWS\System32\WUDFSvc.dll
11:18:06.0000 6496 WudfSvc - ok
11:18:06.0453 6496 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:18:06.0734 6496 WZCSVC - ok
11:18:06.0875 6496 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov

C:\WINDOWS\System32\xmlprov.dll
11:18:06.0953 6496 xmlprov - ok
11:18:07.0359 6496 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program

Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:18:07.0671 6496 YahooAUService - ok
11:18:07.0687 6496 ================ Scan global ===============================
11:18:07.0765 6496 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:18:08.0000 6496 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:18:08.0312 6496 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:18:08.0406 6496 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:18:08.0406 6496 [Global] - ok
11:18:08.0406 6496 ================ Scan MBR ==================================
11:18:08.0437 6496 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:18:08.0812 6496 \Device\Harddisk0\DR0 - ok
11:18:08.0812 6496 ================ Scan VBR ==================================
11:18:08.0828 6496 [ A6F2C6ECD70B0F11F972E9D164CA603C ] \Device\Harddisk0\DR0\Partition1
11:18:08.0828 6496 \Device\Harddisk0\DR0\Partition1 - ok
11:18:08.0828 6496 ============================================================
11:18:08.0828 6496 Scan finished
11:18:08.0828 6496 ============================================================
11:18:08.0843 7772 Detected object count: 0
11:18:08.0843 7772 Actual detected object count: 0

asw:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-04 11:23:26
-----------------------------
11:23:26.125 OS Version: Windows 5.1.2600 Service Pack 3
11:23:26.125 Number of processors: 2 586 0xE08
11:23:26.125 ComputerName: MHLAPTOP UserName:
11:23:27.765 Initialize success
11:44:10.593 AVAST engine defs: 12110400
11:49:59.921 The log file has been saved successfully to "C:\Documents and Settings\xxxx

yyyy\Desktop\Gringo response 3\aswMBR.txt"

Thanks.

#8 Welephant

Welephant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 04 November 2012 - 07:36 AM

Doh! Quick update - hijack back again.

#9 Welephant

Welephant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 04 November 2012 - 05:35 PM

Hi Gringo

Went back and re-ran from previous instructions. RogueKiller found registry issue. Ran tdsskiller and aswMBR which this time around ran longer and stronger. Tried running Malwarerbytes which ran ok (Previously would not run) which found an issue. However redirection still there.

Updated logs below.

RougeKiller:

Started in : Normal mode
User : XXXX YYYY [Admin rights]
Mode : Remove -- Date : 11/04/2012 14:21:47

§§§ Bad processes : 0 §§§

§§§ Registry Entries : 1 §§§
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

§§§ Particular Files / Folders: §§§

§§§ Driver : [LOADED] §§§

§§§ HOSTS File: §§§
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


§§§ MBR Check: §§§

+++++ PhysicalDrive0: Hitachi HTS541040G9SA00 +++++
--- User ---
[MBR] 2d0e55bed69f12bbe39ba4ff53ad055e
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 160650 | Size: 38068 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt


Combofix:

ComboFix 12-10-31.03 - xxxx yyyy 04/11/2012 14:34:29.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.394 [GMT 0:00]
Running from: c:\documents and settings\xxxx yyyy\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-04 to 2012-11-04 )))))))))))))))))))))))))))))))
.
.
2012-10-31 14:33 . 2012-11-01 08:09 -------- d-----w- c:\windows\system32\NtmsData
2012-10-31 08:55 . 2012-10-31 08:55 388096 ------r- c:\documents and settings\xxxx yyyy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-31 08:55 . 2012-10-31 08:55 -------- d-----w- c:\program files\Trend Micro
2012-10-30 08:48 . 2012-10-30 08:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-10-30 08:08 . 2012-10-30 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-10-30 08:08 . 2012-10-30 08:08 -------- d-----w- c:\documents and settings\xxxx yyyy\Application Data\TestApp
2012-10-29 14:25 . 2012-10-29 14:25 -------- d-----w- c:\documents and settings\xxxx yyyy\Application Data\SUPERAntiSpyware.com
2012-10-29 14:22 . 2012-10-29 14:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-29 14:22 . 2012-10-29 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-10-29 13:59 . 2012-10-29 13:59 -------- d-----w- c:\documents and settings\xxxx yyyy\Application Data\Malwarebytes
2012-10-29 13:55 . 2012-09-29 19:54 22856 ------w- c:\windows\system32\drivers\mbam.sys
2012-10-29 13:55 . 2012-10-29 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-29 13:09 . 2012-10-29 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-29 08:12 . 2012-10-29 08:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-10-28 13:39 . 2012-10-28 14:52 -------- d-----w- c:\documents and settings\xxxx yyyy\DoctorWeb
2012-10-27 10:26 . 2012-10-27 10:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-10-27 10:25 . 2012-10-27 10:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-10-26 09:55 . 2012-10-26 09:55 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-25 16:53 . 2012-10-25 16:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-10-25 12:50 . 2012-10-26 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-10-25 12:50 . 2012-10-26 09:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-23 16:26 . 2012-10-23 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\MapFactor
2012-10-23 09:06 . 2012-10-23 09:06 -------- d-----w- c:\documents and settings\xxxx yyyy\New Folder
2012-10-23 09:06 . 2012-10-23 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\New Folder
2012-10-23 09:05 . 2012-10-23 09:05 -------- d-----w- c:\documents and settings\xxxx yyyy\Application Data\MapFactor
2012-10-23 08:53 . 2012-10-23 08:53 94208 --sh--r- c:\windows\system32\wshtcpipr.dll
2012-10-17 22:21 . 2012-10-12 05:56 6918632 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{CB2B8AF2-AF8F-4B92-A120-F94E31813F87}\mpengine.dll
2012-10-09 09:29 . 2012-10-09 11:59 -------- d-----w- c:\documents and settings\xxxx yyyy\Local Settings\Application Data\WMTools Downloaded Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 20:51 . 2012-03-30 07:32 696760 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 20:51 . 2011-07-13 17:38 73656 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 08:17 . 2008-06-19 18:52 6980552 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-08-28 15:14 . 2004-08-11 16:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-11 16:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-11 16:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-11 16:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-11 16:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2012-05-04 13:16 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2012-05-04 12:32 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"F.lux"="c:\documents and settings\xxxx yyyy\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 98304]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-10-02 296096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2012-01-18 465944]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-19 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/06/2012 19:46 89792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 18:54 116608]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/06/2012 19:46 57600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29/10/2012 13:55 22856]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/06/2012 19:46 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [10/06/2012 19:46 83856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/11/2009 20:37 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/03/2012 07:32 250808]
S3 CA_LIC_CLNT;CA License Client;"c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe" --> c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [?]
S3 CA_LIC_SRVR;CA License Server;"c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" --> c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27/11/2009 20:37 135664]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10/06/2012 19:46 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/06/2012 19:46 87656]
S3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\drivers\UCharger.sys [15/05/2007 06:43 13765]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [06/07/2012 18:16 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [06/07/2012 18:18 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [06/07/2012 18:18 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [06/07/2012 18:18 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [06/07/2012 18:19 25704]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 20:51]
.
2012-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-11-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-08 10:34]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 20:37]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 20:37]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-996813125-380476456-4039978111-1005Core.job
- c:\documents and settings\xxxx yyyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-06 11:10]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-996813125-380476456-4039978111-1005UA.job
- c:\documents and settings\xxxx yyyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-06 11:10]
.
2012-11-04 c:\windows\Tasks\MGWSQ.job
- c:\windows\system32\wshtcpipr.dll [2012-10-23 08:53]
.
2012-10-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2012-11-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-996813125-380476456-4039978111-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 13:27]
.
2012-11-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-996813125-380476456-4039978111-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 13:27]
.
2012-11-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3224f27d-850c-498a-87b7-9f2d569d2974.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 804f26a2-186e-42d8-b2d8-3b1ef62dac2c.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-01 c:\windows\Tasks\{16B06239-A427-4B50-9626-76042E8ABA8B}_MHLAPTOP_xxxx yyyy.job
- c:\windows\system32\mobsync.exe [2004-08-11 00:12]
.
2012-11-01 c:\windows\Tasks\{444B2ABE-284C-4ED2-83A1-3CB9E2D470D8}_MHLAPTOP_xxxx yyyy.job
- c:\windows\system32\mobsync.exe [2004-08-11 00:12]
.
2012-10-26 c:\windows\Tasks\{473EF218-6E93-48C8-9A54-FDB51316DF63}_MHLAPTOP_xxxx yyyy.job
- c:\windows\system32\mobsync.exe [2004-08-11 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\biolsp.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-04 15:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1368)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
.
- - - - - - - > 'lsass.exe'(1424)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(1336)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-11-04 15:08:18
ComboFix-quarantined-files.txt 2012-11-04 15:08
ComboFix2.txt 2012-11-02 09:06
.
Pre-Run: 16,613,859,328 bytes free
Post-Run: 16,764,604,416 bytes free
.
- - End Of File - - 7148646B7AE93BF40A0A7D8B3C311419

tdsskiller:

15:41:18.0000 3256 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:41:18.0046 3256 ============================================================
15:41:18.0046 3256 Current date / time: 2012/11/04 15:41:18.0046
15:41:18.0046 3256 SystemInfo:
15:41:18.0046 3256
15:41:18.0046 3256 OS Version: 5.1.2600 ServicePack: 3.0
15:41:18.0046 3256 Product type: Workstation
15:41:18.0046 3256 ComputerName: MHLAPTOP
15:41:18.0046 3256 UserName: xxxx yyyy
15:41:18.0046 3256 Windows directory: C:\WINDOWS
15:41:18.0046 3256 System windows directory: C:\WINDOWS
15:41:18.0046 3256 Processor architecture: Intel x86
15:41:18.0046 3256 Number of processors: 2
15:41:18.0046 3256 Page size: 0x1000
15:41:18.0046 3256 Boot type: Normal boot
15:41:18.0046 3256 ============================================================
15:41:20.0609 3256 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:41:20.0640 3256 ============================================================
15:41:20.0640 3256 \Device\Harddisk0\DR0:
15:41:20.0640 3256 MBR partitions:
15:41:20.0640 3256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x4A5A0B5
15:41:20.0640 3256 ============================================================
15:41:20.0906 3256 C: <-> \Device\Harddisk0\DR0\Partition1
15:41:20.0921 3256 ============================================================
15:41:20.0921 3256 Initialize success
15:41:20.0921 3256 ============================================================
15:41:23.0781 2380 ============================================================
15:41:23.0781 2380 Scan started
15:41:23.0781 2380 Mode: Manual;
15:41:23.0781 2380 ============================================================
15:41:25.0921 2380 ================ Scan system memory ========================
15:41:33.0625 2380 System memory - ok
15:41:33.0625 2380 ================ Scan services =============================
15:41:34.0015 2380 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:41:34.0015 2380 !SASCORE - ok
15:41:34.0625 2380 Abiosdsk - ok
15:41:34.0687 2380 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:41:34.0687 2380 abp480n5 - ok
15:41:34.0906 2380 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:41:34.0906 2380 ACPI - ok
15:41:35.0015 2380 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:41:35.0015 2380 ACPIEC - ok
15:41:35.0390 2380 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:41:35.0390 2380 AdobeFlashPlayerUpdateSvc - ok
15:41:35.0484 2380 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:41:35.0484 2380 adpu160m - ok
15:41:35.0625 2380 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:41:35.0625 2380 aec - ok
15:41:35.0703 2380 [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:41:35.0703 2380 AegisP - ok
15:41:36.0093 2380 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:41:36.0109 2380 AFD - ok
15:41:36.0218 2380 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:41:36.0218 2380 agp440 - ok
15:41:36.0359 2380 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:41:36.0359 2380 agpCPQ - ok
15:41:36.0500 2380 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:41:36.0500 2380 Aha154x - ok
15:41:36.0578 2380 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:41:36.0578 2380 aic78u2 - ok
15:41:36.0671 2380 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:41:36.0671 2380 aic78xx - ok
15:41:36.0750 2380 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:41:36.0750 2380 Alerter - ok
15:41:36.0843 2380 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:41:36.0859 2380 ALG - ok
15:41:37.0078 2380 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
15:41:37.0078 2380 AliIde - ok
15:41:37.0156 2380 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:41:37.0156 2380 alim1541 - ok
15:41:37.0234 2380 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:41:37.0234 2380 amdagp - ok
15:41:37.0328 2380 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
15:41:37.0328 2380 amsint - ok
15:41:37.0515 2380 [ 090880E9BF20F928BC341F96D27C019E ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
15:41:37.0515 2380 ApfiltrService - ok
15:41:37.0546 2380 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
15:41:37.0546 2380 APPDRV - ok
15:41:38.0093 2380 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:41:38.0109 2380 Apple Mobile Device - ok
15:41:38.0312 2380 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:41:38.0312 2380 AppMgmt - ok
15:41:38.0375 2380 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
15:41:38.0375 2380 asc - ok
15:41:38.0515 2380 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:41:38.0515 2380 asc3350p - ok
15:41:38.0625 2380 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:41:38.0625 2380 asc3550 - ok
15:41:39.0140 2380 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:41:39.0140 2380 aspnet_state - ok
15:41:39.0187 2380 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:41:39.0187 2380 AsyncMac - ok
15:41:39.0281 2380 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:41:39.0281 2380 atapi - ok
15:41:39.0296 2380 Atdisk - ok
15:41:39.0390 2380 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:41:39.0406 2380 Atmarpc - ok
15:41:39.0468 2380 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:41:39.0468 2380 AudioSrv - ok
15:41:39.0531 2380 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:41:39.0531 2380 audstub - ok
15:41:39.0687 2380 [ B825F25B8FC988F18C2EAA6737E83512 ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
15:41:39.0687 2380 Automatic LiveUpdate Scheduler - ok
15:41:39.0812 2380 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:41:39.0812 2380 b57w2k - ok
15:41:39.0921 2380 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:41:39.0921 2380 Beep - ok
15:41:40.0296 2380 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:41:40.0312 2380 BITS - ok
15:41:40.0656 2380 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:41:40.0671 2380 Bonjour Service - ok
15:41:40.0765 2380 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:41:40.0765 2380 Browser - ok
15:41:41.0062 2380 catchme - ok
15:41:41.0062 2380 CA_LIC_CLNT - ok
15:41:41.0078 2380 CA_LIC_SRVR - ok
15:41:41.0109 2380 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:41:41.0109 2380 cbidf - ok
15:41:41.0125 2380 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:41:41.0125 2380 cbidf2k - ok
15:41:41.0187 2380 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:41:41.0187 2380 CCDECODE - ok
15:41:41.0218 2380 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:41:41.0218 2380 cd20xrnt - ok
15:41:41.0234 2380 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:41:41.0234 2380 Cdaudio - ok
15:41:41.0328 2380 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:41:41.0328 2380 Cdfs - ok
15:41:41.0390 2380 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:41:41.0390 2380 Cdrom - ok
15:41:41.0468 2380 [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
15:41:41.0468 2380 cfwids - ok
15:41:41.0484 2380 Changer - ok
15:41:41.0531 2380 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:41:41.0531 2380 CiSvc - ok
15:41:41.0593 2380 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:41:41.0593 2380 ClipSrv - ok
15:41:41.0671 2380 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:41:41.0671 2380 clr_optimization_v2.0.50727_32 - ok
15:41:41.0718 2380 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:41:41.0718 2380 CmBatt - ok
15:41:41.0765 2380 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:41:41.0765 2380 CmdIde - ok
15:41:41.0781 2380 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:41:41.0781 2380 Compbatt - ok
15:41:41.0781 2380 COMSysApp - ok
15:41:41.0812 2380 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:41:41.0812 2380 Cpqarray - ok
15:41:41.0937 2380 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:41:41.0937 2380 CryptSvc - ok
15:41:42.0171 2380 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:41:42.0171 2380 dac2w2k - ok
15:41:42.0187 2380 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:41:42.0203 2380 dac960nt - ok
15:41:42.0546 2380 [ CE718654AFE0F877328E2A0662BB7A94 ] DataSvr2 C:\Program Files\Wave Systems Corp\Common\DataServer.exe
15:41:42.0546 2380 DataSvr2 - ok
15:41:42.0812 2380 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:41:42.0812 2380 DcomLaunch - ok
15:41:43.0015 2380 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:41:43.0015 2380 Dhcp - ok
15:41:43.0171 2380 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:41:43.0171 2380 Disk - ok
15:41:43.0187 2380 dmadmin - ok
15:41:43.0625 2380 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:41:43.0640 2380 dmboot - ok
15:41:43.0718 2380 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:41:43.0718 2380 dmio - ok
15:41:43.0765 2380 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:41:43.0765 2380 dmload - ok
15:41:43.0828 2380 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:41:43.0828 2380 dmserver - ok
15:41:43.0937 2380 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:41:43.0953 2380 DMusic - ok
15:41:44.0125 2380 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:41:44.0125 2380 Dnscache - ok
15:41:44.0250 2380 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:41:44.0265 2380 Dot3svc - ok
15:41:44.0296 2380 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:41:44.0296 2380 dpti2o - ok
15:41:44.0328 2380 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:41:44.0328 2380 drmkaud - ok
15:41:44.0421 2380 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:41:44.0421 2380 E100B - ok
15:41:44.0500 2380 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:41:44.0515 2380 EapHost - ok
15:41:44.0562 2380 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:41:44.0562 2380 ERSvc - ok
15:41:44.0671 2380 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:41:44.0671 2380 Eventlog - ok
15:41:44.0812 2380 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
15:41:44.0828 2380 EventSystem - ok
15:41:45.0187 2380 [ ED9C755312F29D55B8C815EEC7115635 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
15:41:45.0187 2380 EvtEng - ok
15:41:45.0312 2380 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:41:45.0312 2380 Fastfat - ok
15:41:45.0515 2380 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:41:45.0515 2380 FastUserSwitchingCompatibility - ok
15:41:45.0718 2380 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
15:41:45.0718 2380 Fax - ok
15:41:45.0765 2380 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:41:45.0765 2380 Fdc - ok
15:41:45.0828 2380 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:41:45.0828 2380 Fips - ok
15:41:45.0906 2380 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:41:45.0906 2380 Flpydisk - ok
15:41:46.0171 2380 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:41:46.0171 2380 FltMgr - ok
15:41:46.0281 2380 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:41:46.0281 2380 FontCache3.0.0.0 - ok
15:41:46.0312 2380 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:41:46.0312 2380 Fs_Rec - ok
15:41:46.0421 2380 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:41:46.0421 2380 Ftdisk - ok
15:41:46.0484 2380 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
15:41:46.0484 2380 GEARAspiWDM - ok
15:41:46.0515 2380 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:41:46.0515 2380 Gpc - ok
15:41:46.0687 2380 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:41:46.0687 2380 gupdate - ok
15:41:46.0781 2380 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:41:46.0781 2380 gupdatem - ok
15:41:47.0000 2380 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:41:47.0015 2380 gusvc - ok
15:41:47.0203 2380 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:41:47.0203 2380 HDAudBus - ok
15:41:47.0421 2380 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:41:47.0421 2380 helpsvc - ok
15:41:47.0421 2380 HidServ - ok
15:41:47.0531 2380 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:41:47.0531 2380 HidUsb - ok
15:41:47.0609 2380 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:41:47.0609 2380 hkmsvc - ok
15:41:47.0640 2380 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
15:41:47.0640 2380 hpn - ok
15:41:48.0312 2380 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
15:41:48.0312 2380 HSF_DPV - ok
15:41:48.0500 2380 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
15:41:48.0500 2380 HSXHWAZL - ok
15:41:48.0687 2380 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:41:48.0703 2380 HTTP - ok
15:41:48.0734 2380 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:41:48.0734 2380 HTTPFilter - ok
15:41:48.0750 2380 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
15:41:48.0750 2380 i2omgmt - ok
15:41:48.0781 2380 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:41:48.0781 2380 i2omp - ok
15:41:48.0843 2380 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:41:48.0843 2380 i8042prt - ok
15:41:49.0796 2380 [ CC449157474D5E43DAEA7E20F52C635A ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:41:49.0812 2380 ialm - ok
15:41:50.0000 2380 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:41:50.0000 2380 IDriverT - ok
15:41:50.0687 2380 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:41:50.0703 2380 idsvc - ok
15:41:50.0750 2380 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:41:50.0750 2380 Imapi - ok
15:41:50.0875 2380 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:41:50.0890 2380 ImapiService - ok
15:41:50.0953 2380 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:41:50.0953 2380 ini910u - ok
15:41:51.0046 2380 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:41:51.0046 2380 IntelIde - ok
15:41:51.0203 2380 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:41:51.0203 2380 intelppm - ok
15:41:51.0250 2380 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:41:51.0250 2380 Ip6Fw - ok
15:41:51.0328 2380 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:41:51.0328 2380 IpFilterDriver - ok
15:41:51.0359 2380 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:41:51.0375 2380 IpInIp - ok
15:41:51.0500 2380 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:41:51.0500 2380 IpNat - ok
15:41:51.0593 2380 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:41:51.0593 2380 IPSec - ok
15:41:51.0640 2380 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:41:51.0640 2380 IRENUM - ok
15:41:51.0718 2380 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:41:51.0718 2380 isapnp - ok
15:41:51.0765 2380 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:41:51.0765 2380 Kbdclass - ok
15:41:51.0906 2380 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:41:51.0906 2380 kmixer - ok
15:41:52.0093 2380 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:41:52.0109 2380 KSecDD - ok
15:41:52.0296 2380 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:41:52.0312 2380 lanmanserver - ok
15:41:52.0515 2380 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:41:52.0546 2380 lanmanworkstation - ok
15:41:52.0562 2380 lbrtfdc - ok
15:41:53.0937 2380 [ 7570EC7CC3E3E13379037FDE7EF282B3 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
15:41:53.0953 2380 LiveUpdate - ok
15:41:54.0109 2380 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:41:54.0109 2380 LmHosts - ok
15:41:54.0125 2380 LogWatch - ok
15:41:54.0390 2380 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
15:41:54.0390 2380 LVRS - ok
15:41:57.0062 2380 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
15:41:57.0093 2380 LVUVC - ok
15:41:57.0265 2380 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
15:41:57.0265 2380 MBAMProtector - ok
15:41:57.0671 2380 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:41:57.0687 2380 MBAMScheduler - ok
15:41:58.0062 2380 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:41:58.0062 2380 MBAMService - ok
15:41:58.0437 2380 [ C226CE46CD17FCE6261A9DE406F01C8B ] McAfee SiteAdvisor Service c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
15:41:58.0437 2380 McAfee SiteAdvisor Service - ok
15:41:58.0609 2380 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:41:58.0609 2380 McMPFSvc - ok
15:41:58.0734 2380 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:41:58.0734 2380 mcmscsvc - ok
15:41:58.0843 2380 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:41:58.0843 2380 McNaiAnn - ok
15:41:58.0953 2380 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:41:58.0968 2380 McNASvc - ok
15:41:59.0234 2380 [ B3CD9ADE1C2665124CA34125B331B0B4 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
15:41:59.0234 2380 McODS - ok
15:41:59.0375 2380 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:41:59.0390 2380 McProxy - ok
15:41:59.0765 2380 [ 593FA4C378818ECE76BA64A11AD56CF2 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:41:59.0765 2380 McShield - ok
15:42:00.0015 2380 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:42:00.0031 2380 MDM - ok
15:42:00.0078 2380 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:42:00.0078 2380 mdmxsdk - ok
15:42:00.0156 2380 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:42:00.0156 2380 Messenger - ok
15:42:00.0406 2380 [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
15:42:00.0406 2380 mfeapfk - ok
15:42:00.0593 2380 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
15:42:00.0609 2380 mfeavfk - ok
15:42:00.0609 2380 mfeavfk01 - ok
15:42:00.0703 2380 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
15:42:00.0718 2380 mfebopk - ok
15:42:00.0828 2380 [ 7E1F8B1BDC8240F08BD358B3A466C005 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:42:00.0828 2380 mfefire - ok
15:42:01.0046 2380 [ 4EA6FF90015424517843E931448E00F1 ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
15:42:01.0046 2380 mfefirek - ok
15:42:01.0343 2380 [ D1E998748BA24A731106611D535C6BBF ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
15:42:01.0359 2380 mfehidk - ok
15:42:01.0578 2380 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
15:42:01.0578 2380 mfendisk - ok
15:42:01.0687 2380 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
15:42:01.0687 2380 mfendiskmp - ok
15:42:01.0781 2380 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
15:42:01.0796 2380 mferkdet - ok
15:42:01.0890 2380 [ 070D3FAF2EAC417C59D8674A8752F7A6 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
15:42:01.0890 2380 mfetdi2k - ok
15:42:02.0015 2380 [ B10C4EFD40810C08F4B44DF2EFCB54F7 ] mfevtp C:\WINDOWS\system32\mfevtps.exe
15:42:02.0031 2380 mfevtp - ok
15:42:02.0046 2380 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:42:02.0046 2380 mnmdd - ok
15:42:02.0109 2380 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:42:02.0109 2380 mnmsrvc - ok
15:42:02.0171 2380 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:42:02.0171 2380 Modem - ok
15:42:02.0203 2380 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:42:02.0203 2380 Mouclass - ok
15:42:02.0468 2380 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:42:02.0484 2380 mouhid - ok
15:42:02.0515 2380 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:42:02.0515 2380 MountMgr - ok
15:42:02.0546 2380 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:42:02.0546 2380 mraid35x - ok
15:42:02.0703 2380 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:42:02.0703 2380 MRxDAV - ok
15:42:03.0000 2380 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:42:03.0000 2380 MRxSmb - ok
15:42:03.0031 2380 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:42:03.0031 2380 MSDTC - ok
15:42:03.0062 2380 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:42:03.0062 2380 Msfs - ok
15:42:03.0062 2380 MSIServer - ok
15:42:03.0078 2380 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:42:03.0078 2380 MSKSSRV - ok
15:42:03.0125 2380 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:42:03.0125 2380 MSPCLOCK - ok
15:42:03.0140 2380 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:42:03.0140 2380 MSPQM - ok
15:42:03.0203 2380 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:42:03.0203 2380 mssmbios - ok
15:42:03.0359 2380 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:42:03.0359 2380 MSTEE - ok
15:42:03.0500 2380 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:42:03.0500 2380 Mup - ok
15:42:03.0609 2380 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:42:03.0609 2380 NABTSFEC - ok
15:42:03.0796 2380 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:42:03.0812 2380 napagent - ok
15:42:03.0937 2380 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:42:03.0937 2380 NDIS - ok
15:42:03.0984 2380 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:42:03.0984 2380 NdisIP - ok
15:42:04.0046 2380 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:42:04.0046 2380 NdisTapi - ok
15:42:04.0062 2380 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:42:04.0062 2380 Ndisuio - ok
15:42:04.0125 2380 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:42:04.0125 2380 NdisWan - ok
15:42:04.0156 2380 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:42:04.0171 2380 NDProxy - ok
15:42:04.0203 2380 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:42:04.0218 2380 NetBIOS - ok
15:42:04.0453 2380 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:42:04.0453 2380 NetBT - ok
15:42:04.0609 2380 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:42:04.0625 2380 NetDDE - ok
15:42:04.0687 2380 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:42:04.0687 2380 NetDDEdsdm - ok
15:42:04.0796 2380 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:42:04.0796 2380 Netlogon - ok
15:42:04.0921 2380 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:42:04.0921 2380 Netman - ok
15:42:05.0031 2380 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:42:05.0031 2380 NetTcpPortSharing - ok
15:42:05.0328 2380 [ 11D8A00C7EFF1AAEC8E8464769C84A3D ] NICCONFIGSVC C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
15:42:05.0343 2380 NICCONFIGSVC - ok
15:42:05.0656 2380 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:42:05.0656 2380 Nla - ok
15:42:05.0812 2380 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:42:05.0812 2380 Npfs - ok
15:42:06.0140 2380 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:42:06.0140 2380 Ntfs - ok
15:42:06.0156 2380 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:42:06.0156 2380 NtLmSsp - ok
15:42:06.0453 2380 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:42:06.0453 2380 NtmsSvc - ok
15:42:06.0515 2380 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:42:06.0515 2380 Null - ok
15:42:07.0703 2380 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:42:07.0718 2380 nv - ok
15:42:07.0812 2380 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:42:07.0812 2380 NwlnkFlt - ok
15:42:08.0000 2380 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:42:08.0000 2380 NwlnkFwd - ok
15:42:08.0062 2380 [ B17228142CEC9B3C222239FD935A37CA ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
15:42:08.0062 2380 omci - ok
15:42:08.0171 2380 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:42:08.0171 2380 ose - ok
15:42:08.0265 2380 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:42:08.0265 2380 Parport - ok
15:42:08.0312 2380 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:42:08.0312 2380 PartMgr - ok
15:42:08.0343 2380 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:42:08.0343 2380 ParVdm - ok
15:42:08.0375 2380 [ 6EF25FB20CD269E3E51D8CA54935FFF2 ] PBADRV C:\WINDOWS\system32\drivers\pbadrv.sys
15:42:08.0375 2380 PBADRV - ok
15:42:08.0421 2380 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:42:08.0421 2380 PCI - ok
15:42:08.0437 2380 PCIDump - ok
15:42:08.0437 2380 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:42:08.0437 2380 PCIIde - ok
15:42:08.0515 2380 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:42:08.0515 2380 Pcmcia - ok
15:42:08.0515 2380 PDCOMP - ok
15:42:08.0531 2380 PDFRAME - ok
15:42:08.0531 2380 PDRELI - ok
15:42:08.0546 2380 PDRFRAME - ok
15:42:08.0578 2380 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
15:42:08.0578 2380 perc2 - ok
15:42:08.0609 2380 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:42:08.0609 2380 perc2hib - ok
15:42:08.0687 2380 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:42:08.0703 2380 PlugPlay - ok
15:42:08.0718 2380 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:42:08.0718 2380 PolicyAgent - ok
15:42:08.0765 2380 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:42:08.0765 2380 PptpMiniport - ok
15:42:08.0781 2380 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:42:08.0781 2380 ProtectedStorage - ok
15:42:08.0828 2380 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:42:08.0828 2380 PSched - ok
15:42:08.0875 2380 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:42:08.0875 2380 Ptilink - ok
15:42:08.0953 2380 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:42:08.0953 2380 PxHelp20 - ok
15:42:09.0000 2380 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:42:09.0000 2380 ql1080 - ok
15:42:09.0031 2380 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:42:09.0031 2380 Ql10wnt - ok
15:42:09.0078 2380 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:42:09.0078 2380 ql12160 - ok
15:42:09.0125 2380 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:42:09.0125 2380 ql1240 - ok
15:42:09.0171 2380 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:42:09.0171 2380 ql1280 - ok
15:42:09.0203 2380 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:42:09.0218 2380 RasAcd - ok
15:42:09.0281 2380 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:42:09.0296 2380 RasAuto - ok
15:42:09.0343 2380 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:42:09.0343 2380 Rasl2tp - ok
15:42:09.0500 2380 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:42:09.0500 2380 RasMan - ok
15:42:09.0531 2380 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:42:09.0531 2380 RasPppoe - ok
15:42:09.0546 2380 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:42:09.0546 2380 Raspti - ok
15:42:09.0656 2380 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:42:09.0656 2380 Rdbss - ok
15:42:09.0671 2380 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:42:09.0671 2380 RDPCDD - ok
15:42:09.0781 2380 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:42:09.0781 2380 rdpdr - ok
15:42:09.0906 2380 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:42:09.0906 2380 RDPWD - ok
15:42:10.0000 2380 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:42:10.0000 2380 RDSessMgr - ok
15:42:10.0062 2380 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:42:10.0062 2380 redbook - ok
15:42:10.0234 2380 [ 6F81C8A63FB824EB8A2401AB45795553 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
15:42:10.0234 2380 RegSrvc - ok
15:42:10.0312 2380 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:42:10.0312 2380 RemoteAccess - ok
15:42:10.0375 2380 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:42:10.0375 2380 RemoteRegistry - ok
15:42:10.0453 2380 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
15:42:10.0453 2380 RpcLocator - ok
15:42:10.0687 2380 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:42:10.0703 2380 RpcSs - ok
15:42:10.0843 2380 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:42:10.0843 2380 RSVP - ok
15:42:11.0171 2380 [ B792F2C647B1FC3E4987DE582EE00FE3 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
15:42:11.0171 2380 S24EventMonitor - ok
15:42:11.0234 2380 [ 2E4E912CE95F5EF4D4A5079F6CE367FC ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
15:42:11.0234 2380 s24trans - ok
15:42:11.0250 2380 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:42:11.0250 2380 SamSs - ok
15:42:11.0328 2380 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:42:11.0328 2380 SASDIFSV - ok
15:42:11.0375 2380 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:42:11.0375 2380 SASKUTIL - ok
15:42:11.0484 2380 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:42:11.0500 2380 SCardSvr - ok
15:42:11.0640 2380 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:42:11.0640 2380 Schedule - ok
15:42:11.0703 2380 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:42:11.0703 2380 Secdrv - ok
15:42:11.0765 2380 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:42:11.0765 2380 seclogon - ok
15:42:11.0812 2380 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:42:11.0812 2380 SENS - ok
15:42:11.0875 2380 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:42:11.0875 2380 serenum - ok
15:42:11.0921 2380 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:42:11.0921 2380 Serial - ok
15:42:12.0140 2380 [ 65114D59850CA4D7785C22F922CC6942 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
15:42:12.0140 2380 ServiceLayer - ok
15:42:12.0203 2380 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:42:12.0203 2380 Sfloppy - ok
15:42:12.0546 2380 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:42:12.0546 2380 SharedAccess - ok
15:42:12.0640 2380 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:42:12.0640 2380 ShellHWDetection - ok
15:42:12.0640 2380 Simbad - ok
15:42:12.0703 2380 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:42:12.0703 2380 sisagp - ok
15:42:14.0531 2380 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:42:14.0562 2380 Skype C2C Service - ok
15:42:14.0718 2380 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:42:14.0718 2380 SkypeUpdate - ok
15:42:14.0765 2380 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:42:14.0765 2380 SLIP - ok
15:42:14.0984 2380 [ 443E397643965E08C5AB6A6CAA732B97 ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
15:42:14.0984 2380 SNDSrvc - ok
15:42:15.0015 2380 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:42:15.0031 2380 Sparrow - ok
15:42:15.0062 2380 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:42:15.0062 2380 splitter - ok
15:42:15.0156 2380 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:42:15.0156 2380 Spooler - ok
15:42:15.0203 2380 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:42:15.0203 2380 sr - ok
15:42:15.0343 2380 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:42:15.0359 2380 srservice - ok
15:42:15.0578 2380 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:42:15.0578 2380 Srv - ok
15:42:15.0640 2380 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:42:15.0656 2380 SSDPSRV - ok
15:42:16.0343 2380 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
15:42:16.0343 2380 STHDA - ok
15:42:16.0531 2380 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:42:16.0546 2380 stisvc - ok
15:42:16.0593 2380 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:42:16.0593 2380 streamip - ok
15:42:16.0625 2380 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:42:16.0625 2380 swenum - ok
15:42:16.0703 2380 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:42:16.0703 2380 swmidi - ok
15:42:16.0718 2380 SwPrv - ok
15:42:16.0750 2380 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
15:42:16.0750 2380 symc810 - ok
15:42:16.0781 2380 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:42:16.0781 2380 symc8xx - ok
15:42:16.0875 2380 [ 9351E17B2C6055CB0DF442E54E5C1961 ] SymEvent C:\Program Files\Symantec\SYMEVENT.SYS
15:42:16.0906 2380 SymEvent - ok
15:42:16.0984 2380 [ 7C73B65F1BDFAB9052A5076C0CA622DE ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
15:42:16.0984 2380 SYMREDRV - ok
15:42:17.0171 2380 [ B4562798891DCA27ED67CA07ACBADBD9 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
15:42:17.0187 2380 SYMTDI - ok
15:42:17.0234 2380 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:42:17.0234 2380 sym_hi - ok
15:42:17.0265 2380 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:42:17.0265 2380 sym_u3 - ok
15:42:17.0328 2380 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:42:17.0328 2380 sysaudio - ok
15:42:17.0421 2380 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:42:17.0421 2380 SysmonLog - ok
15:42:17.0578 2380 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:42:17.0578 2380 TapiSrv - ok
15:42:17.0812 2380 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:42:17.0812 2380 Tcpip - ok
15:42:17.0937 2380 [ BA5F68EA3995842C67F0E1E419B2A68F ] tcsd_win32.exe C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
15:42:17.0937 2380 tcsd_win32.exe - ok
15:42:18.0000 2380 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:42:18.0000 2380 TDPIPE - ok
15:42:18.0031 2380 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:42:18.0031 2380 TDTCP - ok
15:42:18.0093 2380 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:42:18.0093 2380 TermDD - ok
15:42:18.0265 2380 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:42:18.0265 2380 TermService - ok
15:42:18.0359 2380 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:42:18.0359 2380 Themes - ok
15:42:18.0437 2380 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:42:18.0437 2380 TlntSvr - ok
15:42:18.0593 2380 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
15:42:18.0593 2380 TosIde - ok
15:42:18.0765 2380 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:42:18.0765 2380 TrkWks - ok
15:42:18.0843 2380 [ E0529F7B6E1ACE01EBB58E5642582C92 ] UCharger C:\WINDOWS\system32\Drivers\UCharger.sys
15:42:18.0843 2380 UCharger - ok
15:42:18.0906 2380 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:42:18.0906 2380 Udfs - ok
15:42:18.0953 2380 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
15:42:18.0953 2380 ultra - ok
15:42:19.0281 2380 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
15:42:19.0281 2380 UMVPFSrv - ok
15:42:19.0531 2380 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:42:19.0531 2380 Update - ok
15:42:19.0640 2380 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:42:19.0656 2380 upnphost - ok
15:42:19.0656 2380 upperdev - ok
15:42:19.0687 2380 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:42:19.0687 2380 UPS - ok
15:42:19.0781 2380 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
15:42:19.0781 2380 USBAAPL - ok
15:42:19.0843 2380 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
15:42:19.0843 2380 usbaudio - ok
15:42:19.0875 2380 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:42:19.0890 2380 usbccgp - ok
15:42:19.0921 2380 [ 6B5E4D5E6E5ECD6ACD14AED59768CE5C ] USBCCID C:\WINDOWS\system32\DRIVERS\usbccid.sys
15:42:19.0921 2380 USBCCID - ok
15:42:19.0953 2380 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:42:19.0953 2380 usbehci - ok
15:42:20.0062 2380 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:42:20.0062 2380 usbhub - ok
15:42:20.0093 2380 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:42:20.0093 2380 usbscan - ok
15:42:20.0140 2380 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:42:20.0140 2380 USBSTOR - ok
15:42:20.0171 2380 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:42:20.0171 2380 usbuhci - ok
15:42:20.0265 2380 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
15:42:20.0265 2380 usbvideo - ok
15:42:20.0296 2380 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
15:42:20.0296 2380 usb_rndisx - ok
15:42:20.0312 2380 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:42:20.0312 2380 VgaSave - ok
15:42:20.0359 2380 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:42:20.0359 2380 viaagp - ok
15:42:20.0390 2380 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
15:42:20.0390 2380 ViaIde - ok
15:42:20.0437 2380 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:42:20.0437 2380 VolSnap - ok
15:42:20.0625 2380 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:42:20.0640 2380 VSS - ok
15:42:20.0750 2380 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
15:42:20.0750 2380 w32time - ok
15:42:21.0562 2380 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
15:42:21.0578 2380 w39n51 - ok
15:42:21.0640 2380 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:42:21.0640 2380 Wanarp - ok
15:42:21.0718 2380 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
15:42:21.0718 2380 wceusbsh - ok
15:42:22.0031 2380 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
15:42:22.0046 2380 Wdf01000 - ok
15:42:22.0046 2380 WDICA - ok
15:42:22.0156 2380 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:42:22.0156 2380 wdmaud - ok
15:42:22.0203 2380 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:42:22.0203 2380 WebClient - ok
15:42:22.0562 2380 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
15:42:22.0562 2380 winachsf - ok
15:42:22.0687 2380 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
15:42:22.0687 2380 WinDefend - ok
15:42:22.0937 2380 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:42:22.0937 2380 winmgmt - ok
15:42:23.0109 2380 [ AFB5A2A79BB01699A269C316D8B9BEF1 ] WLANKEEPER C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
15:42:23.0125 2380 WLANKEEPER - ok
15:42:23.0171 2380 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:42:23.0187 2380 WmdmPmSN - ok
15:42:23.0546 2380 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:42:23.0546 2380 Wmi - ok
15:42:23.0625 2380 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:42:23.0625 2380 WmiAcpi - ok
15:42:23.0718 2380 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:42:23.0718 2380 WmiApSrv - ok
15:42:24.0359 2380 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:42:24.0359 2380 WMPNetworkSvc - ok
15:42:24.0421 2380 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:42:24.0421 2380 WpdUsb - ok
15:42:24.0484 2380 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:42:24.0484 2380 WS2IFSL - ok
15:42:24.0531 2380 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
15:42:24.0531 2380 WsAudio_DeviceS(1) - ok
15:42:24.0578 2380 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
15:42:24.0578 2380 WsAudio_DeviceS(2) - ok
15:42:24.0625 2380 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
15:42:24.0625 2380 WsAudio_DeviceS(3) - ok
15:42:24.0671 2380 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
15:42:24.0671 2380 WsAudio_DeviceS(4) - ok
15:42:24.0703 2380 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
15:42:24.0703 2380 WsAudio_DeviceS(5) - ok
15:42:24.0781 2380 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:42:24.0781 2380 wscsvc - ok
15:42:24.0843 2380 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:42:24.0843 2380 WSTCODEC - ok
15:42:24.0875 2380 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:42:24.0875 2380 wuauserv - ok
15:42:24.0968 2380 [ 50EB9E21963B4F06FD010D007D54351B ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:42:24.0968 2380 WudfPf - ok
15:42:25.0046 2380 [ 6E209664BDEA8A15B5E8E480D6C607C2 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:42:25.0046 2380 WudfRd - ok
15:42:25.0109 2380 [ AE93084D2D236887BA56467AE42B4955 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:42:25.0109 2380 WudfSvc - ok
15:42:25.0437 2380 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:42:25.0437 2380 WZCSVC - ok
15:42:25.0546 2380 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:42:25.0546 2380 xmlprov - ok
15:42:25.0968 2380 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
15:42:25.0968 2380 YahooAUService - ok
15:42:25.0984 2380 ================ Scan global ===============================
15:42:26.0140 2380 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:42:26.0546 2380 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:42:26.0875 2380 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:42:26.0984 2380 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:42:26.0984 2380 [Global] - ok
15:42:26.0984 2380 ================ Scan MBR ==================================
15:42:27.0062 2380 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:42:27.0484 2380 \Device\Harddisk0\DR0 - ok
15:42:27.0484 2380 ================ Scan VBR ==================================
15:42:27.0500 2380 [ A6F2C6ECD70B0F11F972E9D164CA603C ] \Device\Harddisk0\DR0\Partition1
15:42:27.0500 2380 \Device\Harddisk0\DR0\Partition1 - ok
15:42:27.0500 2380 ============================================================
15:42:27.0500 2380 Scan finished
15:42:27.0500 2380 ============================================================
15:42:27.0515 3240 Detected object count: 0
15:42:27.0515 3240 Actual detected object count: 0
16:06:54.0984 3488 Deinitialize success

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-04 16:08:51
-----------------------------
16:08:51.140 OS Version: Windows 5.1.2600 Service Pack 3
16:08:51.140 Number of processors: 2 586 0xE08
16:08:51.140 ComputerName: MHLAPTOP UserName:
16:08:52.390 Initialize success
16:20:10.265 AVAST engine defs: 12110400
16:24:50.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:24:50.609 Disk 0 Vendor: Hitachi_HTS541040G9SA00 MB2OC60G Size: 38154MB BusType: 3
16:24:50.640 Disk 0 MBR read successfully
16:24:50.640 Disk 0 MBR scan
16:24:51.031 Disk 0 Windows XP default MBR code
16:24:51.031 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
16:24:51.062 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38068 MB offset 160650
16:24:51.125 Disk 0 scanning sectors +78124095
16:24:51.390 Disk 0 scanning C:\WINDOWS\system32\drivers
16:25:48.531 Service scanning
16:27:16.031 Modules scanning
16:27:40.015 Disk 0 trace - called modules:
16:27:40.046 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
16:27:40.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86edfab8]
16:27:40.093 3 CLASSPNP.SYS[f763efd7] -> nt!IofCallDriver -> \Device\00000091[0x86f5ff18]
16:27:40.093 5 ACPI.sys[f74d5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f41d98]
16:27:41.343 AVAST engine scan C:\WINDOWS
16:28:39.156 AVAST engine scan C:\WINDOWS\system32
16:43:26.328 AVAST engine scan C:\WINDOWS\system32\drivers
16:44:23.500 AVAST engine scan C:\Documents and Settings\xxxx yyyy
17:17:48.937 AVAST engine scan C:\Documents and Settings\All Users
17:23:51.078 Scan finished successfully
17:50:07.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\xxxx yyyy\Desktop\Gringo response 3\MBR.dat"
17:50:07.921 The log file has been saved successfully to "C:\Documents and Settings\xxxx yyyy\Desktop\Gringo response 3\aswMBR2.txt"

MalwareBytes Log:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.04.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Maggie Hillier :: MHLAPTOP [administrator]

Protection: Disabled

04/11/2012 18:00:54
mbam-log-2012-11-04 (22-04-19).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 282128
Time elapsed: 3 hour(s), 12 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\XPSecurityCenter (Rogue.XPSecurityCenter) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I instructed Malwarebytes to remove security centre rouge.

Thanks for your continued support.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 04 November 2012 - 09:09 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\windows\Tasks\MGWSQ.job
c:\windows\system32\wshtcpipr.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Welephant

Welephant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 05 November 2012 - 08:09 AM

Hi Gringo

Re ran Combofix as advised using script.

Got one search without redirection then after that redirection every time.

Combofix log as requested:

ComboFix 12-11-04.01 - xxxx yyyy 05/11/2012 11:57:51.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.455 [GMT 0:00]
Running from: c:\documents and settings\xxxx yyyy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\xxxx yyyy\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\windows\system32\wshtcpipr.dll"
"c:\windows\Tasks\MGWSQ.job"
.
.
((((((((((((((((((((((((( Files Created from 2012-10-05 to 2012-11-05 )))))))))))))))))))))))))))))))
.
.
2012-10-31 14:33 . 2012-11-01 08:09 -------- d-----w- c:\windows\system32\NtmsData
2012-10-31 08:55 . 2012-10-31 08:55 388096 ------r- c:\documents and settings\xxxx yyyy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-31 08:55 . 2012-10-31 08:55 -------- d-----w- c:\program files\Trend Micro
2012-10-30 08:48 . 2012-10-30 08:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-10-30 08:08 . 2012-10-30 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-10-30 08:08 . 2012-10-30 08:08 -------- d-----w- c:\documents and settings\xxxx yyyy\Application Data\TestApp
2012-10-29 14:25 . 2012-10-29 14:25 -------- d-----w- c:\documents and settings\xxxx yyyy\Application Data\SUPERAntiSpyware.com
2012-10-29 14:22 . 2012-10-29 14:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-29 14:22 . 2012-10-29 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-10-29 13:59 . 2012-10-29 13:59 -------- d-----w- c:\documents and settings\xxxx yyyy\Application Data\Malwarebytes
2012-10-29 13:55 . 2012-09-29 19:54 22856 ------w- c:\windows\system32\drivers\mbam.sys
2012-10-29 13:55 . 2012-10-29 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-29 13:09 . 2012-10-29 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-29 08:12 . 2012-10-29 08:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-10-28 13:39 . 2012-10-28 14:52 -------- d-----w- c:\documents and settings\xxxx yyyy\DoctorWeb
2012-10-27 10:26 . 2012-10-27 10:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-10-27 10:25 . 2012-10-27 10:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-10-26 09:55 . 2012-10-26 09:55 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-25 16:53 . 2012-10-25 16:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-10-25 12:50 . 2012-10-26 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-10-25 12:50 . 2012-10-26 09:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-23 16:26 . 2012-10-23 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\MapFactor
2012-10-23 09:06 . 2012-10-23 09:06 -------- d-----w- c:\documents and settings\xxxx yyyy\New Folder
2012-10-23 09:06 . 2012-10-23 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\New Folder
2012-10-23 09:05 . 2012-10-23 09:05 -------- d-----w- c:\documents and settings\xxxx yyyy\Application Data\MapFactor
2012-10-23 08:53 . 2012-10-23 08:53 94208 --sh--r- c:\windows\system32\wshtcpipr.dll
2012-10-17 22:21 . 2012-10-12 05:56 6918632 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{CB2B8AF2-AF8F-4B92-A120-F94E31813F87}\mpengine.dll
2012-10-09 09:29 . 2012-10-09 11:59 -------- d-----w- c:\documents and settings\xxxx yyyy\Local Settings\Application Data\WMTools Downloaded Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 20:51 . 2012-03-30 07:32 696760 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 20:51 . 2011-07-13 17:38 73656 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 08:17 . 2008-06-19 18:52 6980552 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-08-28 15:14 . 2004-08-11 16:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-11 16:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-11 16:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-11 16:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-11 16:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2012-05-04 13:16 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2012-05-04 12:32 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"F.lux"="c:\documents and settings\xxxx yyyy\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 98304]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-10-02 296096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2012-01-18 465944]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-19 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/06/2012 19:46 89792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 18:54 116608]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [29/10/2012 13:56 399432]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/06/2012 19:46 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/06/2012 19:46 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [10/06/2012 19:47 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/06/2012 15:51 151880]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [19/08/2011 09:26 450848]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/06/2012 19:46 57600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29/10/2012 13:55 22856]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/06/2012 19:46 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [10/06/2012 19:46 83856]
S2 LogWatch;Event Log Watch;"c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe" --> c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29/10/2012 13:56 676936]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [10/06/2012 19:49 95232]
S3 CA_LIC_CLNT;CA License Client;"c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe" --> c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [?]
S3 CA_LIC_SRVR;CA License Server;"c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" --> c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10/06/2012 19:46 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/06/2012 19:46 87656]
S3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\drivers\UCharger.sys [15/05/2007 06:43 13765]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [06/07/2012 18:16 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [06/07/2012 18:18 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [06/07/2012 18:18 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [06/07/2012 18:18 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [06/07/2012 18:19 25704]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24832212
*Deregistered* - 24832212
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 20:51]
.
2012-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-11-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-08 10:34]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 20:37]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 20:37]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-996813125-380476456-4039978111-1005Core.job
- c:\documents and settings\xxxx yyyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-06 11:10]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-996813125-380476456-4039978111-1005UA.job
- c:\documents and settings\xxxx yyyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-06 11:10]
.
2012-11-04 c:\windows\Tasks\MGWSQ.job
- c:\windows\system32\wshtcpipr.dll [2012-10-23 08:53]
.
2012-10-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2012-11-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-996813125-380476456-4039978111-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 13:27]
.
2012-11-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-996813125-380476456-4039978111-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 13:27]
.
2012-11-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3224f27d-850c-498a-87b7-9f2d569d2974.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 804f26a2-186e-42d8-b2d8-3b1ef62dac2c.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-05 c:\windows\Tasks\{16B06239-A427-4B50-9626-76042E8ABA8B}_MHLAPTOP_xxxx yyyy.job
- c:\windows\system32\mobsync.exe [2004-08-11 00:12]
.
2012-11-01 c:\windows\Tasks\{444B2ABE-284C-4ED2-83A1-3CB9E2D470D8}_MHLAPTOP_xxxx yyyy.job
- c:\windows\system32\mobsync.exe [2004-08-11 00:12]
.
2012-10-26 c:\windows\Tasks\{473EF218-6E93-48C8-9A54-FDB51316DF63}_MHLAPTOP_xxxx yyyy.job
- c:\windows\system32\mobsync.exe [2004-08-11 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\biolsp.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-05 12:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1368)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
.
- - - - - - - > 'lsass.exe'(1424)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(7564)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-11-05 12:21:05
ComboFix-quarantined-files.txt 2012-11-05 12:21
ComboFix2.txt 2012-11-04 15:08
ComboFix3.txt 2012-11-02 09:06
.
Pre-Run: 16,559,484,928 bytes free
Post-Run: 16,716,853,248 bytes free
.
- - End Of File - - 2A170FE8B38C51B7905CCF66AA43C3C2

Thanks

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 05 November 2012 - 03:05 PM

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
DeleteFile:
c:\windows\system32\wshtcpipr.dll
c:\windows\Tasks\MGWSQ.job
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Welephant

Welephant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 06 November 2012 - 05:30 AM

Hi Gringo and thanks for your continued support.

Here is the BlitzBank report as requested.


BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
MoveFileOnReboot: sourceFile = "\??\c:\windows\system32\wshtcpipr.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\windows\tasks\mgwsq.job", destinationFile = "(null)", replaceWithDummy = 0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 06 November 2012 - 11:35 AM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Welephant

Welephant
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 06 November 2012 - 01:31 PM

Hi Gringo

Ran new ComboFix version as requested and browser not re-directing all seems to be working normally now.

ComboFix Log:

ComboFix 12-11-06.03 - xxxx yyyy 06/11/2012 17:18:44.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.457 [GMT 0:00]
Running from: c:\documents and settings\xxxx yyyy\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-10-31 14:33 . 2012-11-01 08:09 -------- d-----w- c:\windows\system32\NtmsData
2012-10-31 08:55 . 2012-10-31 08:55 388096 ------r- c:\documents and settings\xxxx yyyy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-31 08:55 . 2012-10-31 08:55 -------- d-----w- c:\program files\Trend Micro
2012-10-30 08:48 . 2012-10-30 08:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-10-30 08:08 . 2012-10-30 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-10-30 08:08 . 2012-10-30 08:08 -------- d-----w- c:\documents and settings\xxxx yyyy\Application Data\TestApp
2012-10-29 14:25 . 2012-10-29 14:25 -------- d-----w- c:\documents and settings\xxxx yyyy\Application Data\SUPERAntiSpyware.com
2012-10-29 14:22 . 2012-10-29 14:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-29 14:22 . 2012-10-29 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-10-29 13:59 . 2012-10-29 13:59 -------- d-----w- c:\documents and settings\xxxx yyyy\Application Data\Malwarebytes
2012-10-29 13:55 . 2012-09-29 19:54 22856 ------w- c:\windows\system32\drivers\mbam.sys
2012-10-29 13:55 . 2012-10-29 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-29 13:09 . 2012-10-29 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-29 08:12 . 2012-10-29 08:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-10-28 13:39 . 2012-10-28 14:52 -------- d-----w- c:\documents and settings\xxxx yyyy\DoctorWeb
2012-10-27 10:26 . 2012-10-27 10:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-10-27 10:25 . 2012-10-27 10:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-10-26 09:55 . 2012-10-26 09:55 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-25 16:53 . 2012-10-25 16:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-10-25 12:50 . 2012-10-26 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-10-25 12:50 . 2012-10-26 09:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-23 16:26 . 2012-10-23 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\MapFactor
2012-10-23 09:06 . 2012-10-23 09:06 -------- d-----w- c:\documents and settings\xxxx yyyy\New Folder
2012-10-23 09:06 . 2012-10-23 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\New Folder
2012-10-23 09:05 . 2012-10-23 09:05 -------- d-----w- c:\documents and settings\xxxx yyyy\Application Data\MapFactor
2012-10-17 22:21 . 2012-10-12 05:56 6918632 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{CB2B8AF2-AF8F-4B92-A120-F94E31813F87}\mpengine.dll
2012-10-09 09:29 . 2012-10-09 11:59 -------- d-----w- c:\documents and settings\xxxx yyyy\Local Settings\Application Data\WMTools Downloaded Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 20:51 . 2012-03-30 07:32 696760 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 20:51 . 2011-07-13 17:38 73656 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 08:17 . 2008-06-19 18:52 6980552 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-08-28 15:14 . 2004-08-11 16:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-11 16:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-11 16:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-11 16:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-11 16:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2012-05-04 13:16 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2012-05-04 12:32 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"F.lux"="c:\documents and settings\xxxx yyyy\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 98304]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-10-02 296096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2012-01-18 465944]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-19 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/06/2012 19:46 89792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 18:54 116608]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [29/10/2012 13:56 399432]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/06/2012 19:46 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/06/2012 19:46 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [10/06/2012 19:47 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/06/2012 15:51 151880]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [19/08/2011 09:26 450848]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/06/2012 19:46 57600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29/10/2012 13:55 22856]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/06/2012 19:46 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [10/06/2012 19:46 83856]
S2 LogWatch;Event Log Watch;"c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe" --> c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29/10/2012 13:56 676936]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [10/06/2012 19:49 95232]
S3 CA_LIC_CLNT;CA License Client;"c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe" --> c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [?]
S3 CA_LIC_SRVR;CA License Server;"c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" --> c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10/06/2012 19:46 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/06/2012 19:46 87656]
S3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\drivers\UCharger.sys [15/05/2007 06:43 13765]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [06/07/2012 18:16 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [06/07/2012 18:18 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [06/07/2012 18:18 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [06/07/2012 18:18 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [06/07/2012 18:19 25704]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 20:51]
.
2012-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-11-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-08 10:34]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 20:37]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 20:37]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-996813125-380476456-4039978111-1005Core.job
- c:\documents and settings\xxxx yyyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-06 11:10]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-996813125-380476456-4039978111-1005UA.job
- c:\documents and settings\xxxx yyyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-06 11:10]
.
2012-10-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2012-11-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-996813125-380476456-4039978111-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 13:27]
.
2012-11-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-996813125-380476456-4039978111-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 13:27]
.
2012-11-06 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3224f27d-850c-498a-87b7-9f2d569d2974.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-06 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 804f26a2-186e-42d8-b2d8-3b1ef62dac2c.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-05 c:\windows\Tasks\{16B06239-A427-4B50-9626-76042E8ABA8B}_MHLAPTOP_xxxx yyyy.job
- c:\windows\system32\mobsync.exe [2004-08-11 00:12]
.
2012-11-06 c:\windows\Tasks\{444B2ABE-284C-4ED2-83A1-3CB9E2D470D8}_MHLAPTOP_xxxx yyyy.job
- c:\windows\system32\mobsync.exe [2004-08-11 00:12]
.
2012-10-26 c:\windows\Tasks\{473EF218-6E93-48C8-9A54-FDB51316DF63}_MHLAPTOP_xxxx yyyy.job
- c:\windows\system32\mobsync.exe [2004-08-11 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\biolsp.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-06 17:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1368)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
.
- - - - - - - > 'lsass.exe'(1424)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(6096)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-11-06 17:43:42
ComboFix-quarantined-files.txt 2012-11-06 17:43
ComboFix2.txt 2012-11-05 12:21
ComboFix3.txt 2012-11-04 15:08
ComboFix4.txt 2012-11-02 09:06
.
Pre-Run: 16,417,431,552 bytes free
Post-Run: 16,613,597,184 bytes free
.
- - End Of File - - F3513939600F08AD51BF96809FA43519

Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users