Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine redirect (fake Adobe virus?)


  • This topic is locked This topic is locked
29 replies to this topic

#1 Ruggr88

Ruggr88

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 11 November 2012 - 09:02 AM

Hi,

Hoping someone can help me ...

A couple of months ago I had an Adobe flash player popup inviting me to install the latest version, which I did. I'm pretty sure it was a fake, because since then my google search results have been redirecting (not all ... but approx. 25% of the time). I have tried using Malwarebytes several times to get rid of - and it periodically finds something (always different), which it seems to deal with. However, it's not reporting anything at the moment and I'm still experiencing the search redirects.

Another thing to note, that may be connected, is that Flashplayer doesn't seem to work anymore. When looking at Youtube I see the following message, despite having been directly to the Adobe site and installing Flashplayer 11 without any reported errors:
"The Adobe Flash Player is required for video playback. Get the latest Flash Player"

When I visit the Adobe site and go to the Flash help section, the box that is supposed to tell me which version I'm running remains blank.

Some details that may be useful. Happy to provide more information - let me know. Thanks in advance!

- Windows Vista Home Premium, Service Pack 2
- IE 9.0.8112.16421 (also have Firefox, experiencing exactly the same problems)
- Running McAfee Internet Security

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:39 AM

Posted 11 November 2012 - 09:55 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Ruggr88

Ruggr88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 13 November 2012 - 02:32 AM

Thanks for the instructions. No problems encountered. Google still redirecting and Flashplayer still not working.

Here is the information you requested:

Checkup.txt
===========
Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 31
Java™ 6 Update 6
Java version out of Date!
Mozilla Firefox (16.0.2)
Google Chrome 21.0.1180.89
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````


DDS.txt
=======
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 9.0.8112.16447
Run by Mark at 7:17:19 on 2012-11-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3038.1424 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\RtkAudioService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\PC Suite\JoinMEAssistantServices.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\leansoft\Hc\servemp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\PC Suite\JoinMEUIExec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.club-vaio.com
mDefault_Page_URL = hxxp://www.club-vaio.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uURLSearchHooks: {32b29df0-2237-4370-9a29-37cebb730e9b} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\google bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [nfqq8q0] c:\users\mark\appdata\roaming\21737rs9.exe
uRun: [iathal] "c:\windows\system32\rundll32.exe" "c:\users\mark\appdata\roaming\iathal.dll",_flags
uRun: [LoadWatcher] Test
uRun: [kuudxbkbbumyooj] c:\programdata\kuudxbkb.exe
mRun: [HCEmployee] c:\program files\leansoft\hc\servemp.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [JoinMEUIExec] "c:\program files\pc suite\JoinMEUIExec.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
LSP: mswsock.dll
Trusted Zone: corel.com
Trusted Zone: intervideo.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{55752B8E-CF2D-4B9B-812C-1DAB006D73EB} : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{A0BCE985-A0FB-4272-99D8-76C75DFFB3FE} : DHCPNameServer = 192.168.2.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Notification Packages = scecli psqlpwd
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\rbuwk4kq.default\
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitroie.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\mark\program files\dna\plugins\npbtdna.dll
FF - ExtSQL: 2012-10-29 00:25; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files\mcafee\SiteAdvisor
FF - ExtSQL: !HIDDEN! 1970-01-16 15:29; {6B3A7147-F509-11E1-8270-B8AC6F996F26}; c:\users\mark\appdata\local\{6B3A7147-F509-11E1-8270-B8AC6F996F26}
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-24 554048]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-1-17 65584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-4-24 206784]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-2-7 822624]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 JoinMEUI Assistant Service;JoinMEUI Assistant Service;c:\program files\pc suite\JoinMEAssistantServices.exe [2012-10-7 242688]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-11 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-11 676936]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-1-1 95232]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-24 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-24 167784]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-24 167784]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-24 200816]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-24 168368]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-24 166320]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-8-22 184848]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-8-19 299008]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-25 98304]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-25 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-3-5 5189992]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-7-25 29736]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-24 60480]
R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1-15 15360]
R3 JMCR_CFS;JMCR_CFS;c:\windows\system32\drivers\jmcr_cfs.sys [2008-7-2 52752]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-11 22856]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-8 230224]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-24 360792]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-25 9344]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 VUAgent;VUAgent;c:\program files\sony\vaio update common\VUAgent.exe [2012-1-13 939624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-10 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-10-27 146872]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2012-10-7 9728]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-24 61912]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-24 92192]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-3-26 18432]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2012-4-28 122008]
S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\common files\sony shared\sohlib\SOHDBSvr.exe [2012-4-28 72856]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2012-4-28 392344]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2012-4-28 76952]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\common files\sony shared\sohlib\SOHPlMgr.exe [2012-4-28 93336]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-8-5 155320]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2012-6-8 480624]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2012-6-8 83312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [2012-10-7 106752]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [2012-10-7 106752]
S3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\drivers\zgwhsnmea.sys [2012-10-7 106752]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
2012-11-12 21:06:17 -------- d-----w- c:\users\mark\appdata\local\{D670F15D-DA38-4242-B2DE-2408B3EE98D7}
2012-11-12 09:04:33 -------- d-----w- c:\users\mark\appdata\local\{C9365791-76B9-41B6-B3E2-039F2B4D1D90}
2012-11-11 18:22:22 -------- d-----w- c:\users\mark\appdata\local\{E19107B9-C102-4E29-BD87-86A5DC537F8F}
2012-11-11 13:33:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-11 13:33:49 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-11 12:57:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-11 12:57:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-11 08:34:38 161185 ----a-w- c:\windows\Expstudio Audio Editor FREE Uninstaller.exe
2012-11-11 08:33:53 -------- d-----w- c:\windows\system32\EXP
2012-11-11 08:33:53 -------- d-----w- c:\program files\Expstudio
2012-11-11 07:36:56 -------- d-----w- c:\users\mark\appdata\local\Sony Corporation
2012-11-11 07:27:47 -------- d-----w- C:\New Folder
2012-11-11 06:04:21 -------- d-----w- c:\users\mark\appdata\local\{27392D50-E9F6-4B28-A1D5-320C81A8F224}
2012-11-10 09:09:52 -------- d-----w- c:\users\mark\appdata\local\{496203C8-8FE7-41C6-B010-35224C9EBED7}
2012-11-09 20:11:49 -------- d-----w- c:\program files\iPod
2012-11-09 20:11:45 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-09 20:11:45 -------- d-----w- c:\program files\iTunes
2012-11-09 20:07:40 -------- d-----w- c:\program files\Bonjour
2012-11-09 09:31:29 -------- d-----w- c:\users\mark\appdata\local\{F792901F-990F-4C07-8B61-9E582F633D22}
2012-11-08 17:49:31 -------- d-----w- c:\users\mark\appdata\local\{1E8FBC63-6CC9-44A2-B452-960A630C4D95}
2012-11-08 17:47:01 -------- d-----w- C:\The Cure - Complete Discography
2012-11-08 12:20:04 -------- d-----w- c:\users\mark\appdata\local\{11E71769-F191-4508-95B5-9A40D2CC5688}
2012-11-07 10:46:17 -------- d-----w- c:\users\mark\appdata\local\{AABB80AB-D5C3-4BBF-992E-EF820A994FE6}
2012-11-07 09:24:07 -------- d-----w- c:\users\mark\appdata\local\{141860BD-8FF4-4EA5-8624-25A163C805F2}
2012-11-06 09:59:36 -------- d-----w- c:\users\mark\appdata\local\{D89A673D-1977-4B41-BA24-2C89A2B1A568}
2012-11-05 07:07:05 -------- d-----w- c:\users\mark\appdata\local\{DD6ED762-2FD2-4C51-9682-95CB03318A57}
2012-11-02 10:41:35 -------- d-----w- c:\users\mark\appdata\local\{4D771996-32A6-424B-BC5B-6E88485FD819}
2012-11-01 12:14:59 -------- d-----w- c:\users\mark\appdata\local\{6B3A7147-F509-11E1-8270-B8AC6F996F26}
2012-10-30 10:00:05 -------- d-----w- c:\users\mark\appdata\local\{2260241D-2E91-476A-899A-0D4562C22154}
2012-10-29 08:28:12 -------- d-----w- c:\users\mark\appdata\local\{B1082429-BF25-4EFB-B448-74006B21EA54}
2012-10-28 19:39:25 -------- d-----w- c:\users\mark\appdata\local\{C09C3FAC-F90F-40E9-B3E5-70D1C45C2BFD}
2012-10-27 07:30:30 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-10-27 06:42:11 -------- d-----w- c:\users\mark\appdata\local\{F12C1437-35F6-4937-A406-1D1DD610AA49}
2012-10-26 21:38:27 -------- d-----w- c:\users\mark\Podcasts
2012-10-26 21:37:31 -------- d-----w- c:\users\mark\appdata\local\Sony
2012-10-26 21:36:35 -------- d-----w- c:\users\mark\appdata\local\Downloaded Installations
2012-10-26 21:34:52 -------- d-----w- c:\users\mark\appdata\roaming\MyPhoneExplorer
2012-10-26 21:33:07 -------- d-----w- c:\program files\Sony Media Go Install
2012-10-26 08:13:30 -------- d-----w- c:\users\mark\appdata\local\{A8F683E0-58C1-4F9A-B610-FC074D2172C9}
2012-10-25 07:42:23 -------- d-----w- c:\users\mark\appdata\local\{DBD2E698-FA9D-431E-890F-136F775ED0BA}
2012-10-24 07:07:36 -------- d-----w- c:\users\mark\appdata\local\{B6D8B271-2EEE-4E13-A0A6-0233BB785055}
2012-10-23 18:59:47 -------- d-----w- c:\users\mark\appdata\local\{8353FAEE-7482-42DB-AEC0-2DD8F3570C30}
2012-10-23 06:58:34 -------- d-----w- c:\users\mark\appdata\local\{BE797AA1-F8DF-447D-A6CC-B2E4AD1D4C72}
2012-10-22 18:57:06 -------- d-----w- c:\users\mark\appdata\local\{65929D51-D440-4D5A-A396-8CD66CFD2E18}
2012-10-22 06:55:49 -------- d-----w- c:\users\mark\appdata\local\{4D84DFA9-C95F-4254-90CB-C1E9F8944739}
2012-10-21 06:39:28 -------- d-----w- c:\users\mark\appdata\local\{D7D12A51-3D4B-4E6A-8E2E-7E9DB9C8A3BB}
2012-10-19 21:07:04 -------- d-----w- c:\users\mark\appdata\local\{25F34D49-9ECE-4CB3-814A-76FCE9ED9EA4}
2012-10-19 19:21:16 -------- d-----w- c:\users\mark\appdata\local\{5100E240-2C75-48B6-AD03-5C4D41C6C4D1}
2012-10-19 06:50:26 -------- d-----w- c:\users\mark\appdata\local\{0477BEA0-81AE-43A9-9E6C-496BF851866E}
2012-10-18 14:14:36 -------- d-----w- c:\users\mark\appdata\local\{17554E73-D6BF-487E-A214-095CEB7FBA4B}
2012-10-18 10:42:15 -------- d-----w- c:\users\mark\appdata\local\{AD69491B-B721-4306-B503-B9DE505C8E41}
2012-10-17 04:55:40 -------- d-----w- c:\users\mark\appdata\local\{AFB12A82-3B48-4A13-938C-FD6B3D0B3D40}
2012-10-16 13:02:31 -------- d-----w- c:\users\mark\appdata\local\{08E70127-6DF8-433E-9FF1-9C306DA77001}
2012-10-16 00:27:28 -------- d-----w- c:\users\mark\appdata\local\{6905D392-4A93-4950-AB54-941AB6C21621}
2012-10-15 12:26:16 -------- d-----w- c:\users\mark\appdata\local\{8C09DC78-B4B8-4A65-8ACC-76CD9BD41803}
2012-10-15 10:54:02 -------- d-----w- c:\users\mark\appdata\local\{B6BDEAB0-0887-494D-B139-D72CD59C176D}
2012-10-14 07:41:32 -------- d-----w- c:\users\mark\appdata\local\{A77EF37E-4D43-455B-A95B-0C17D0EBE1D9}
.
==================== Find3M ====================
.
2012-11-13 06:58:46 3645 ----a-w- c:\windows\memgprep.dll
2012-11-13 06:58:42 58 ----a-w- c:\windows\stdensrv.dll
2012-11-13 06:58:42 304 ----a-w- c:\windows\km32hlpr.dll
2012-11-13 06:58:42 0 ----a-w- c:\windows\wnsperf32.dll
2012-11-13 06:58:42 0 ----a-w- c:\windows\javexisb.dll
2012-11-13 06:58:42 0 ----a-w- c:\windows\javexisa.dll
2012-11-13 06:58:42 0 ----a-w- c:\windows\cr2gui32.dll
2012-09-02 14:20:47 1635840 ----a-w- c:\users\mark\appdata\roaming\iathal.dll
2012-09-02 14:19:57 138 ----a-w- c:\users\mark\appdata\roaming\cvcigvo.bat
2012-09-02 14:19:56 210051234 --sha-w- c:\users\mark\appdata\roaming\21737rs9.exe
2012-08-22 16:31:38 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-08-22 16:31:38 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-08-21 13:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 12:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.
============= FINISH: 7:19:13.74 ===============


Attach.txt
==========
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 21/10/2008 20:25:09
System Uptime: 13/11/2012 06:48:10 (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 Duo CPU T9400 @ 2.53GHz | N/A | 2534/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 25.06 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 10.377 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
I: is FIXED (NTFS) - 932 GiB total, 704.992 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0003
Manufacturer: Microsoft
Name: isatap.{A0BCE985-A0FB-4272-99D8-76C75DFFB3FE}
PNP Device ID: ROOT\*ISATAP\0003
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
7-Zip 4.65
Activation Assistant for the 2007 Microsoft Office suites
Active@ ISO Burner
Adobe Acrobat 8 Standard - English, Français, Deutsch
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Standard
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 2
Audacity 2.0
AviSynth 2.5
BBC iPlayer Desktop
BBC iPlayer Download Manager
Belkin N1 Wireless USB Network Adapter Setup
Big Fish Games Game Suite
BitTorrent
Bonjour
BookSmart® 3.3.2 3.3.2
Browser Address Error Redirector
Canon Utilities PhotoStitch
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Click to Disc
Click to Disc Editor
Compatibility Pack for the 2007 Office system
Corel WinDVD
Coupon Printer
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DNA
Dolby Control Center
Dramatica Pro 4.0
Dramatica Pro Story Wizard
DSD Direct
DSD Direct Player
DSD Playback Plug-in
Epson Print CD
EPSON Printer Software
Expstudio Audio Editor FREE
Free Easy Burner V 4.1
Free M4a to MP3 Converter 7.1
Garmin Training Center
Garmin Training Center 3.4.3
Garmin USB Drivers
GIMP 2.6.11
GoGear Spark Device Manager
Google Update Helper
GoToMeeting 5.1.0.880
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Inkscape 0.48.2
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java™ 6 Update 31
Java™ 6 Update 6
JMicron JMB368 ExpressCard CF Adapter
Junk Mail filter update
Kernel Outlook PST Viewer ver 11.05.01
Line Speed Meter
LockHunter version 1.0 beta 3, 32 bit edition
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee Internet Security
MediaMonkey 3.2
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft IntelliPoint 6.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2010
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
Nitro Reader 2
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenMG Secure Module 5.4.00
PC Connectivity Solution
PC Suite
PDF FLY v8.5
Picasa 2
PixRecovery
Primo
Protector Suite QL 5.6
PVSonyDll
RealPlayer
Realtek High Definition Audio Driver
Recuva
Roadkil's Unstoppable Copier Version 5.2
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Scrivener
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Segoe UI
Setting Utility Series
Shared C Run-time for x86
SimpleMind desktop Pro 1.5.5d
Skype Click to Call
Skype™ 5.10
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Home Network Library
Sony PC Companion 2.10.094
Sony Picture Utility
Sony Video Shared Library
Synaptics Pointing Device Driver
System Requirements Lab
The Photographer's Ephemeris
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
TweetDeck
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VAIO BD Menu Data
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Settings
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Edit Components
VAIO Edit Components 6.6
VAIO Entertainment Platform
VAIO Event Service
VAIO Guide 
VAIO Launcher
VAIO Marketing Tools
VAIO Media plus
VAIO Movie Story
VAIO Movie Story 1.5 Upgrade
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO Original Function Settings
VAIO Power Management
VAIO Presentation Support
VAIO Smart Network
VAIO Update
VAIO Update Merge Module x86
VAIO Wallpaper Contents
VC80CRTRedist - 8.0.50727.6195
Videora iPad Converter 6
Videora iPhone 3GS Converter 6
VLC media player 1.0.3
VU5x86
WIDCOMM Bluetooth Software 6.2.0.4100
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - Nokia Modem (02/25/2011 4.7)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Warcraft
Zero Assumption Recovery Version 8.5
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:39 AM

Posted 13 November 2012 - 04:20 AM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Ruggr88

Ruggr88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 13 November 2012 - 02:16 PM

AdwCleaner (RogueKiller coming next)

# AdwCleaner v2.007 - Logfile created 11/13/2012 at 10:25:41
# Updated 06/11/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Mark - MARK-PC
# Boot Mode : Normal
# Running from : C:\New Folder\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\Mark\AppData\Local\Conduit
Folder Deleted : C:\Users\Mark\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Mark\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Mark\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Key Deleted : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\rbuwk4kq.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\4xfizpny.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Administrator.Mark-PC\AppData\Roaming\Mozilla\Firefox\Profiles\tu7wolx2.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2013 octets] - [13/11/2012 10:25:41]

########## EOF - C:\AdwCleaner[S1].txt - [2073 octets] ##########

#6 Ruggr88

Ruggr88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 13 November 2012 - 02:50 PM

Roguekiller:

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Mark [Admin rights]
Mode : Remove -- Date : 11/13/2012 19:43:58

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : nfqq8q0 (C:\Users\Mark\AppData\Roaming\21737rs9.exe) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : iathal ("C:\Windows\System32\rundll32.exe" "C:\Users\Mark\AppData\Roaming\iathal.dll",_flags) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : kuudxbkbbumyooj (C:\ProgramData\kuudxbkb.exe) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{511dcabc-d08c-367a-f017-b139667f67d4}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{511dcabc-d08c-367a-f017-b139667f67d4}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{511dcabc-d08c-367a-f017-b139667f67d4}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{511dcabc-d08c-367a-f017-b139667f67d4}\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Mark\AppData\Local\{511dcabc-d08c-367a-f017-b139667f67d4}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Mark\AppData\Local\{511dcabc-d08c-367a-f017-b139667f67d4}\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1399382030-4151968905-611638521-1000\$511dcabcd08c367af017b139667f67d4\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1399382030-4151968905-611638521-1000\$511dcabcd08c367af017b139667f67d4\L --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2320BH G1 +++++
--- User ---
[MBR] 094e1379a4effbf85689003883b1917a
[BSP] 19dcf40bf7046e953d7c8b7e31f09a2d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11555 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 23666688 | Size: 293688 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: FUJITSU MHZ2320BH G1 +++++
--- User ---
[MBR] efe11220f2c04dddd5e77ce853f902e4
[BSP] 9d6bee871aac64916bbc3ebfd67f7e24 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 305235 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11132012_02d1943.txt >>
RKreport[1]_S_11132012_02d1921.txt ; RKreport[2]_D_11132012_02d1943.txt

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:39 AM

Posted 13 November 2012 - 05:40 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Ruggr88

Ruggr88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 14 November 2012 - 09:17 AM

1. Log from Combofix:
=====================
ComboFix 12-11-13.03 - Mark 14/11/2012 13:07:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3038.1589 [GMT 0:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\programdata\ssrsc.pad
c:\users\Mark\AppData\Roaming\21737rs9.exe
c:\users\Mark\AppData\Roaming\iathal.dll
c:\users\Mark\AppData\Roaming\msconfig.ini
c:\users\Mark\g2mdlhlpx.exe
c:\windows\cr2gui32.dll
c:\windows\javexisa.dll
c:\windows\javexisb.dll
c:\windows\km32hlpr.dll
c:\windows\stdensrv.dll
c:\windows\wnsperf32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))))))
.
.
2012-11-14 13:21 . 2012-11-14 13:24 -------- d-----w- c:\users\Administrator.Mark-PC\AppData\Local\temp
2012-11-14 13:21 . 2012-11-14 13:21 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-11-14 13:21 . 2012-11-14 13:21 -------- d-----w- c:\users\Mark\AppData\Local\temp
2012-11-11 13:33 . 2012-11-11 13:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-11 13:33 . 2012-11-11 13:33 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-11 12:57 . 2012-11-11 12:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-11 12:57 . 2012-09-29 19:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-11 08:34 . 2012-11-11 08:34 161185 ----a-w- c:\windows\Expstudio Audio Editor FREE Uninstaller.exe
2012-11-11 08:33 . 2012-11-11 08:34 -------- d-----w- c:\windows\system32\EXP
2012-11-11 08:33 . 2012-11-11 08:33 -------- d-----w- c:\program files\Expstudio
2012-11-11 07:36 . 2012-11-11 07:36 -------- d-----w- c:\users\Mark\AppData\Local\Sony Corporation
2012-11-11 07:27 . 2012-11-13 19:48 -------- d-----w- C:\New Folder
2012-11-09 20:14 . 2012-11-09 20:14 -------- d-----w- c:\users\Administrator.Mark-PC\AppData\Local\Apple Computer
2012-11-09 20:11 . 2012-11-09 20:11 -------- d-----w- c:\program files\iPod
2012-11-09 20:11 . 2012-11-09 20:14 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-09 20:11 . 2012-11-09 20:14 -------- d-----w- c:\program files\iTunes
2012-11-09 20:10 . 2012-11-09 20:10 -------- d-----w- c:\program files\Apple Software Update
2012-11-09 20:07 . 2012-11-09 20:07 -------- d-----w- c:\program files\Bonjour
2012-11-09 20:07 . 2012-11-09 20:11 -------- d-----w- c:\program files\Common Files\Apple
2012-11-09 20:01 . 2012-11-09 20:01 -------- d-----w- c:\users\Administrator.Mark-PC\AppData\Local\Mozilla
2012-11-09 18:45 . 2012-11-09 18:45 -------- d-----w- c:\users\Administrator.Mark-PC\AppData\Local\Apple
2012-11-08 17:47 . 2012-11-08 19:38 -------- d-----w- C:\The Cure - Complete Discography
2012-11-01 12:14 . 2012-11-01 12:14 -------- d-----w- c:\users\Mark\AppData\Local\{6B3A7147-F509-11E1-8270-B8AC6F996F26}
2012-10-27 07:30 . 2012-04-20 15:40 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-10-26 21:38 . 2012-10-26 21:38 -------- d-----w- c:\users\Mark\Podcasts
2012-10-26 21:37 . 2012-10-26 21:38 -------- d-----w- c:\users\Mark\AppData\Local\Sony
2012-10-26 21:36 . 2012-10-26 21:36 -------- d-----w- c:\users\Mark\AppData\Local\Downloaded Installations
2012-10-26 21:34 . 2012-10-26 21:34 -------- d-----w- c:\users\Mark\AppData\Roaming\MyPhoneExplorer
2012-10-26 21:33 . 2012-10-26 21:38 -------- d-----w- c:\users\Mark\AppData\Roaming\Sony
2012-10-26 21:33 . 2012-10-26 21:36 -------- d-----w- c:\program files\Sony Media Go Install
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-02 14:19 . 2012-09-02 14:19 138 ----a-w- c:\users\Mark\AppData\Roaming\cvcigvo.bat
2012-08-22 16:31 . 2012-09-03 19:45 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-08-22 16:31 . 2012-09-03 19:45 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-08-21 13:01 . 2009-09-10 16:02 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 12:01 . 2012-09-19 16:26 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-24 17:50 . 2012-10-29 05:33 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-06-19 19:04 2957312 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-06-19 19:04 2957312 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HCEmployee"="c:\program files\leansoft\Hc\servemp.exe" [2012-03-15 1768960]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
"JoinMEUIExec"="c:\program files\PC Suite\JoinMEUIExec.exe" [2009-03-10 131072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-06-19 18:51 90112 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Belkin Wireless Networking Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk
backup=c:\windows\pss\Belkin Wireless Networking Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear Spark Device Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear Spark Device Manager.lnk
backup=c:\windows\pss\Philips GoGear Spark Device Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Chatter Desktop.lnk]
path=c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chatter Desktop.lnk
backup=c:\windows\pss\Chatter Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-08-30 12:24 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AML]
2008-06-13 22:07 1097728 ----a-w- c:\program files\Sony\VAIO Launcher\AML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 21:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-01-02 18:59 323392 ----a-w- c:\users\Mark\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2011-04-12 06:27 305088 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoreChipTiManager]
2012-07-30 21:58 3339264 ----a-w- c:\windows\diskediag.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-16 00:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-08-31 19:01 1037736 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2008-04-04 03:03 317280 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 23:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
2008-08-19 14:41 24576 ----a-w- c:\program files\Sony\Marketing Tools\MarketingTools.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2012-09-12 11:21 1278648 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2012-03-08 17:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
2008-07-30 23:05 262144 ----a-w- c:\program files\Sony\Network Utility\LANUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-07-24 22:28 13548064 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-07-24 22:28 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2008-06-19 18:29 48904 ----a-w- c:\program files\Protector Suite QL\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-11 11:45 6244896 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-03 12:23 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 14:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-03-10 02:43 835584 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-01 15:07 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMpTtray.exe]
2012-03-06 16:29 101512 ----a-w- c:\program files\Sony\VAIO Media plus\VMpTtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{552ad1a0-9fa5-11dd-8213-806e6f6e6963}]
\shell\AutoRun\command - H:\Setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 08:31]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Administrator.Mark-PC\AppData\Roaming\Mozilla\Firefox\Profiles\tu7wolx2.default\
FF - ExtSQL: 2012-11-09 14:23; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Google Update - c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-IMC - c:\program files\FriendFinder\FriendFinder Messenger 4\imc.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-14 13:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1399382030-4151968905-611638521-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,3b,1b,58,a1,aa,
1e,ea,ea,2b,04,92,52,13,2a,ba,88,a0,79
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,3b,1b,93,fe,e4,
9f,e0,fb,8c,09,ac,96,90,ea,bd,1e,eb,fe
"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,3b,1b,3d,57,d7,
10,3c,95,af,0b,98,01,be,a5,4e,9b,82,15
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,3b,1b,8f,81,95,
16,e9,98,3e,02,a4,75,3a,0b,79,29,a0,ae
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,ce,
08,93,b8,e4,0d,b9,9e,b8,17,88,6c,fd,de
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,3b,1b,0a,9a,a5,
37,39,62,c5,0a,a5,4f,fc,ca,fa,23,23,b6
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f9,dc,58,
20,5f,e4,a2,04,94,78,0e,49,10,23,d2,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,3b,1b,9d,69,7f,
22,bc,11,9a,09,80,1e,56,09,a0,d5,d5,e9
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,05,
66,ce,86,4b,09,aa,e3,96,9a,f5,9b,6d,5e
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,21,
80,3c,1c,d8,05,92,c4,13,24,72,4a,23,db
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,3b,1b,7b,fe,cc,
8f,51,d3,61,07,b7,17,56,15,cf,ad,b2,94
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,47,91,
be,62,7e,b3,01,93,73,b3,b7,81,58,04,8a
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,39,f6,75,
a1,88,f1,61,05,ad,0c,6e,90,ed,48,c8,e2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e2,
a4,1f,5e,3e,06,a6,2a,00,f3,04,cc,42,e2
"{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,3b,1b,d0,06,72,
da,89,61,79,0f,b9,10,e2,3c,39,fa,b7,6a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d9,
cb,7b,f4,3c,0c,a0,7c,de,65,c5,87,c8,b4
.
[HKEY_USERS\S-1-5-21-1399382030-4151968905-611638521-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:ee,16,41,03,0e,85,cd,01
.
[HKEY_USERS\S-1-5-21-1399382030-4151968905-611638521-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b5,be,69,9c,7c,d6,9b,4c,8d,7f,a4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b5,be,69,9c,7c,d6,9b,4c,8d,7f,a4,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
- - - - - - - > 'Explorer.exe'(1748)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\RtkAudioService.exe
c:\windows\system32\rundll32.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\PC Suite\JoinMEAssistantServices.exe
c:\program files\Kontiki\KService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe
c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
c:\windows\system32\rundll32.exe
c:\program files\Sony\Network Utility\NSUService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft Application Virtualization Client\sftvsa.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\Sony\VAIO Power Management\SPMService.exe
c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Microsoft Application Virtualization Client\sftlist.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Sony\VAIO Update Common\VUAgent.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-11-14 13:34:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-14 13:34
.
Pre-Run: 32,870,162,432 bytes free
Post-Run: 34,890,313,728 bytes free
.
- - End Of File - - 644417A6428D70FA66BBC499B2659877



2. Problems encountered:
========================
Combofix reported that McAfee Internet Secrity was still running ... However, I'm certain I switched it off ... At least, it was reporting that it was off.


3. How is the computer doing now?
=================================
Couple of things:

1. I haven't seen any more redirects on Google but Google searches do appear to get stuck occasionally. Dunno whether that's relevant.
2. When checking Flashplayer at http://helpx.adobe.com/flash-player.html the box appeared grey and did not have either an error message or any indication of Flash running (which is same as before).
I tried installing Flashplayer and noticed that when opening the download page McAfee security very briefly popped up a message about not being protected (with a ! over its system tray icon) - but it seemed to sort itself out and revert to normal almost immediately, without me doing anything. Not sure whether that's relevant or not, but I thought I'd mention.
Flashplayer install appeared to be successful but it's definitely not working (checked here and all grey boxes: http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html)

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:39 AM

Posted 14 November 2012 - 01:08 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Ruggr88

Ruggr88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 15 November 2012 - 01:54 AM

19:27:37.0751 4520 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:27:38.0578 4520 ============================================================
19:27:38.0578 4520 Current date / time: 2012/11/14 19:27:38.0578
19:27:38.0578 4520 SystemInfo:
19:27:38.0578 4520
19:27:38.0578 4520 OS Version: 6.0.6002 ServicePack: 2.0
19:27:38.0578 4520 Product type: Workstation
19:27:38.0578 4520 ComputerName: MARK-PC
19:27:38.0578 4520 UserName: Mark
19:27:38.0578 4520 Windows directory: C:\Windows
19:27:38.0578 4520 System windows directory: C:\Windows
19:27:38.0578 4520 Processor architecture: Intel x86
19:27:38.0578 4520 Number of processors: 2
19:27:38.0578 4520 Page size: 0x1000
19:27:38.0578 4520 Boot type: Normal boot
19:27:38.0578 4520 ============================================================
19:27:39.0451 4520 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:27:39.0779 4520 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:27:39.0857 4520 ============================================================
19:27:39.0857 4520 \Device\Harddisk0\DR0:
19:27:39.0857 4520 MBR partitions:
19:27:39.0857 4520 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1692000, BlocksNum 0x23D9C2B0
19:27:39.0857 4520 \Device\Harddisk1\DR1:
19:27:39.0857 4520 MBR partitions:
19:27:39.0872 4520 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x254297C1
19:27:39.0872 4520 ============================================================
19:27:39.0919 4520 C: <-> \Device\Harddisk0\DR0\Partition1
19:27:39.0950 4520 D: <-> \Device\Harddisk1\DR1\Partition1
19:27:39.0950 4520 ============================================================
19:27:39.0950 4520 Initialize success
19:27:39.0950 4520 ============================================================
19:27:47.0860 7320 ============================================================
19:27:47.0860 7320 Scan started
19:27:47.0860 7320 Mode: Manual;
19:27:47.0860 7320 ============================================================
19:27:48.0468 7320 ================ Scan system memory ========================
19:27:48.0468 7320 System memory - ok
19:27:48.0468 7320 ================ Scan services =============================
19:27:49.0778 7320 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:27:49.0794 7320 ACPI - ok
19:27:49.0888 7320 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
19:27:49.0888 7320 AdobeActiveFileMonitor6.0 - ok
19:27:49.0950 7320 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:27:49.0966 7320 adp94xx - ok
19:27:49.0997 7320 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:27:49.0997 7320 adpahci - ok
19:27:50.0028 7320 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:27:50.0044 7320 adpu160m - ok
19:27:50.0059 7320 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:27:50.0059 7320 adpu320 - ok
19:27:50.0090 7320 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:27:50.0090 7320 AeLookupSvc - ok
19:27:50.0153 7320 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
19:27:55.0379 7320 AFD - ok
19:27:55.0426 7320 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:27:55.0441 7320 agp440 - ok
19:27:55.0457 7320 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:27:55.0457 7320 aic78xx - ok
19:27:55.0488 7320 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:27:55.0488 7320 ALG - ok
19:27:55.0504 7320 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
19:27:55.0504 7320 aliide - ok
19:27:55.0519 7320 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:27:55.0519 7320 amdagp - ok
19:27:55.0535 7320 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
19:27:55.0535 7320 amdide - ok
19:27:55.0550 7320 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:27:55.0550 7320 AmdK7 - ok
19:27:55.0566 7320 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:27:55.0566 7320 AmdK8 - ok
19:27:55.0597 7320 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:27:55.0597 7320 Appinfo - ok
19:27:55.0769 7320 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:27:55.0769 7320 Apple Mobile Device - ok
19:27:55.0800 7320 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
19:27:55.0800 7320 arc - ok
19:27:55.0831 7320 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:27:55.0831 7320 arcsas - ok
19:27:55.0956 7320 [ B979979AB8027F7F53FB16EC4229B7DB ] Aspi32 C:\Windows\system32\drivers\Aspi32.sys
19:27:56.0034 7320 Aspi32 - ok
19:27:56.0159 7320 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:27:56.0299 7320 aspnet_state - ok
19:27:56.0346 7320 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:27:56.0346 7320 AsyncMac - ok
19:27:56.0689 7320 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
19:27:56.0689 7320 atapi - ok
19:27:56.0752 7320 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:27:56.0767 7320 AudioEndpointBuilder - ok
19:27:56.0767 7320 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:27:56.0767 7320 Audiosrv - ok
19:27:56.0798 7320 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:27:56.0814 7320 Beep - ok
19:27:56.0845 7320 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
19:27:56.0861 7320 BFE - ok
19:27:56.0923 7320 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
19:27:56.0954 7320 BITS - ok
19:27:56.0970 7320 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:27:56.0970 7320 blbdrive - ok
19:27:57.0095 7320 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:27:57.0095 7320 Bonjour Service - ok
19:27:57.0157 7320 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:27:57.0157 7320 bowser - ok
19:27:57.0188 7320 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:27:57.0188 7320 BrFiltLo - ok
19:27:57.0220 7320 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:27:57.0220 7320 BrFiltUp - ok
19:27:57.0251 7320 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:27:57.0251 7320 Browser - ok
19:27:57.0282 7320 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:27:57.0282 7320 Brserid - ok
19:27:57.0298 7320 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:27:57.0313 7320 BrSerWdm - ok
19:27:57.0313 7320 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:27:57.0344 7320 BrUsbMdm - ok
19:27:57.0360 7320 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:27:57.0376 7320 BrUsbSer - ok
19:27:57.0438 7320 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
19:27:57.0438 7320 BthEnum - ok
19:27:57.0485 7320 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:27:57.0485 7320 BTHMODEM - ok
19:27:57.0547 7320 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:27:57.0547 7320 BthPan - ok
19:27:57.0656 7320 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
19:27:57.0656 7320 BTHPORT - ok
19:27:57.0688 7320 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
19:27:57.0688 7320 BthServ - ok
19:27:57.0719 7320 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
19:27:57.0719 7320 BTHUSB - ok
19:27:57.0750 7320 [ ED97CD06EF748004B8AAC56C2D0AA5DB ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
19:27:57.0750 7320 btwaudio - ok
19:27:57.0781 7320 [ 4871B5ED4757197135FF65BE61DA44B3 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
19:27:57.0781 7320 btwavdt - ok
19:27:57.0859 7320 [ 346B62198C40D6CF12A3FA8804247ADF ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
19:27:57.0859 7320 btwdins - ok
19:27:57.0875 7320 [ 6AF9FD2AEEBDC16A98D3E30E68440C5C ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
19:27:57.0875 7320 btwl2cap - ok
19:27:57.0890 7320 [ F5DA7DF99CF11FCB68E2BEA12002F63A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
19:27:57.0890 7320 btwrchid - ok
19:27:57.0890 7320 catchme - ok
19:27:57.0906 7320 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:27:57.0906 7320 cdfs - ok
19:27:57.0968 7320 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:27:57.0984 7320 cdrom - ok
19:27:58.0031 7320 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
19:27:58.0031 7320 CertPropSvc - ok
19:27:58.0093 7320 [ 958C33D0715D1496684D2E5E329748E8 ] cfwids C:\Windows\system32\drivers\cfwids.sys
19:27:58.0093 7320 cfwids - ok
19:27:58.0093 7320 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:27:58.0109 7320 circlass - ok
19:27:58.0156 7320 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
19:27:58.0156 7320 CLFS - ok
19:27:58.0249 7320 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:27:58.0249 7320 clr_optimization_v2.0.50727_32 - ok
19:27:58.0312 7320 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:27:58.0327 7320 clr_optimization_v4.0.30319_32 - ok
19:27:58.0358 7320 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:27:58.0374 7320 CmBatt - ok
19:27:58.0390 7320 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:27:58.0390 7320 cmdide - ok
19:27:58.0390 7320 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:27:58.0390 7320 Compbatt - ok
19:27:58.0405 7320 COMSysApp - ok
19:27:58.0421 7320 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:27:58.0421 7320 crcdisk - ok
19:27:58.0436 7320 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:27:58.0436 7320 Crusoe - ok
19:27:58.0468 7320 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:27:58.0483 7320 CryptSvc - ok
19:27:58.0530 7320 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
19:27:58.0608 7320 ctxusbm - ok
19:27:58.0811 7320 [ DDAC7684F4BC3F655ED31D8AA494E9AB ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:27:58.0811 7320 cvhsvc - ok
19:27:58.0889 7320 [ 6B62F5F9A987D08F67FC1302E4B67AED ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
19:27:58.0889 7320 dc3d - ok
19:27:58.0967 7320 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:27:58.0982 7320 DcomLaunch - ok
19:27:59.0029 7320 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:27:59.0045 7320 DfsC - ok
19:27:59.0107 7320 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
19:27:59.0170 7320 DFSR - ok
19:27:59.0232 7320 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:27:59.0248 7320 Dhcp - ok
19:27:59.0279 7320 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
19:27:59.0279 7320 disk - ok
19:27:59.0294 7320 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
19:27:59.0404 7320 DMICall - ok
19:27:59.0482 7320 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:27:59.0482 7320 Dnscache - ok
19:27:59.0528 7320 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:27:59.0528 7320 dot3svc - ok
19:27:59.0560 7320 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:27:59.0560 7320 DPS - ok
19:27:59.0591 7320 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:27:59.0591 7320 drmkaud - ok
19:27:59.0653 7320 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:27:59.0684 7320 DXGKrnl - ok
19:27:59.0700 7320 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:27:59.0716 7320 E1G60 - ok
19:27:59.0731 7320 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:27:59.0731 7320 EapHost - ok
19:27:59.0825 7320 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:27:59.0840 7320 Ecache - ok
19:27:59.0903 7320 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:27:59.0918 7320 ehRecvr - ok
19:27:59.0950 7320 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
19:27:59.0950 7320 ehSched - ok
19:27:59.0950 7320 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
19:27:59.0950 7320 ehstart - ok
19:27:59.0996 7320 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:27:59.0996 7320 elxstor - ok
19:28:00.0059 7320 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:28:00.0090 7320 EMDMgmt - ok
19:28:00.0106 7320 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:28:00.0106 7320 ErrDev - ok
19:28:00.0168 7320 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
19:28:00.0168 7320 EventSystem - ok
19:28:00.0246 7320 [ 791464A9E9ADE063327A29F1B3F1A86C ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:28:00.0246 7320 EvtEng - ok
19:28:00.0308 7320 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
19:28:00.0308 7320 exfat - ok
19:28:00.0355 7320 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:28:00.0355 7320 fastfat - ok
19:28:00.0386 7320 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:28:00.0402 7320 fdc - ok
19:28:00.0418 7320 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:28:00.0418 7320 fdPHost - ok
19:28:00.0433 7320 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:28:00.0449 7320 FDResPub - ok
19:28:00.0464 7320 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:28:00.0464 7320 FileInfo - ok
19:28:00.0464 7320 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:28:00.0464 7320 Filetrace - ok
19:28:00.0511 7320 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:28:00.0542 7320 FLEXnet Licensing Service - ok
19:28:00.0542 7320 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:28:00.0558 7320 flpydisk - ok
19:28:00.0605 7320 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:28:00.0620 7320 FltMgr - ok
19:28:00.0698 7320 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
19:28:00.0714 7320 FontCache - ok
19:28:00.0823 7320 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:28:00.0839 7320 FontCache3.0.0.0 - ok
19:28:00.0964 7320 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:28:01.0073 7320 fssfltr - ok
19:28:01.0213 7320 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:28:01.0322 7320 fsssvc - ok
19:28:01.0354 7320 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:28:01.0400 7320 Fs_Rec - ok
19:28:01.0432 7320 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:28:01.0432 7320 gagp30kx - ok
19:28:01.0494 7320 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:28:01.0510 7320 GEARAspiWDM - ok
19:28:01.0556 7320 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
19:28:01.0572 7320 gpsvc - ok
19:28:01.0619 7320 [ 6003BC70F1A8307262BD3C941BDA0B7E ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
19:28:01.0681 7320 grmnusb - ok
19:28:01.0790 7320 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:28:01.0790 7320 gupdate - ok
19:28:01.0790 7320 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:28:01.0790 7320 gupdatem - ok
19:28:01.0806 7320 [ 1BF044E23206FDDC16891A32922D571B ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:28:01.0884 7320 gusvc - ok
19:28:01.0962 7320 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:28:01.0993 7320 HdAudAddService - ok
19:28:02.0056 7320 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:28:02.0071 7320 HDAudBus - ok
19:28:02.0087 7320 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:28:02.0087 7320 HidBth - ok
19:28:02.0102 7320 [ 5A87127718873BD7F3BD7AC42B951D8E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:28:02.0165 7320 HidIr - ok
19:28:02.0212 7320 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
19:28:02.0212 7320 hidserv - ok
19:28:02.0274 7320 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:28:02.0274 7320 HidUsb - ok
19:28:02.0321 7320 [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
19:28:02.0430 7320 HipShieldK - ok
19:28:02.0477 7320 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:28:02.0477 7320 hkmsvc - ok
19:28:02.0492 7320 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:28:02.0508 7320 HpCISSs - ok
19:28:02.0539 7320 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:28:02.0539 7320 HSFHWAZL - ok
19:28:02.0586 7320 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:28:02.0742 7320 HSF_DPV - ok
19:28:02.0773 7320 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:28:02.0914 7320 HSXHWAZL - ok
19:28:02.0992 7320 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:28:03.0038 7320 HTTP - ok
19:28:03.0054 7320 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:28:03.0070 7320 i2omp - ok
19:28:03.0101 7320 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:28:03.0116 7320 i8042prt - ok
19:28:03.0148 7320 [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:28:03.0148 7320 IAANTMON - ok
19:28:03.0179 7320 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\drivers\iastor.sys
19:28:03.0179 7320 iaStor - ok
19:28:03.0194 7320 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:28:03.0210 7320 iaStorV - ok
19:28:03.0272 7320 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:28:03.0304 7320 idsvc - ok
19:28:03.0319 7320 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:28:03.0319 7320 iirsp - ok
19:28:03.0382 7320 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
19:28:03.0397 7320 IKEEXT - ok
19:28:03.0475 7320 [ CF2219A2FED4F8F2E0817A2BF1658799 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:28:03.0600 7320 IntcAzAudAddService - ok
19:28:03.0616 7320 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
19:28:03.0631 7320 intelide - ok
19:28:03.0662 7320 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:28:03.0662 7320 intelppm - ok
19:28:03.0694 7320 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:28:03.0694 7320 IPBusEnum - ok
19:28:03.0709 7320 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:28:03.0709 7320 IpFilterDriver - ok
19:28:03.0756 7320 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:28:03.0756 7320 iphlpsvc - ok
19:28:03.0756 7320 IpInIp - ok
19:28:03.0787 7320 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:28:03.0787 7320 IPMIDRV - ok
19:28:03.0803 7320 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:28:03.0803 7320 IPNAT - ok
19:28:03.0881 7320 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:28:03.0881 7320 iPod Service - ok
19:28:03.0912 7320 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:28:03.0912 7320 IRENUM - ok
19:28:03.0928 7320 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:28:03.0928 7320 isapnp - ok
19:28:04.0021 7320 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:28:04.0068 7320 iScsiPrt - ok
19:28:04.0099 7320 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:28:04.0130 7320 iteatapi - ok
19:28:04.0162 7320 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:28:04.0162 7320 iteraid - ok
19:28:04.0193 7320 [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
19:28:04.0193 7320 IviRegMgr - ok
19:28:04.0224 7320 [ 9D3824E189EE26C0AD54DB8A76985B39 ] JMCR_CFS C:\Windows\system32\DRIVERS\jmcr_cfs.sys
19:28:04.0224 7320 JMCR_CFS - ok
19:28:04.0318 7320 [ 928034ECCE50DC6AB6C4CD575B78BD10 ] JoinMEUI Assistant Service C:\Program Files\PC Suite\JoinMEAssistantServices.exe
19:28:04.0318 7320 JoinMEUI Assistant Service - ok
19:28:04.0349 7320 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:28:04.0349 7320 kbdclass - ok
19:28:04.0349 7320 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:28:04.0364 7320 kbdhid - ok
19:28:04.0396 7320 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
19:28:04.0396 7320 KeyIso - ok
19:28:04.0458 7320 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:28:04.0474 7320 KSecDD - ok
19:28:04.0583 7320 [ 70CEEFE43CB746DD04A884C84A7EBAA3 ] KService C:\Program Files\Kontiki\KService.exe
19:28:04.0598 7320 KService - ok
19:28:04.0630 7320 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:28:04.0645 7320 KtmRm - ok
19:28:04.0708 7320 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
19:28:04.0708 7320 LanmanServer - ok
19:28:04.0786 7320 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:28:04.0786 7320 LanmanWorkstation - ok
19:28:04.0817 7320 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:28:04.0817 7320 lltdio - ok
19:28:04.0832 7320 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:28:04.0832 7320 lltdsvc - ok
19:28:04.0864 7320 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:28:04.0864 7320 lmhosts - ok
19:28:04.0879 7320 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:28:04.0879 7320 LSI_FC - ok
19:28:04.0895 7320 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:28:04.0895 7320 LSI_SAS - ok
19:28:04.0926 7320 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:28:04.0926 7320 LSI_SCSI - ok
19:28:04.0957 7320 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:28:04.0957 7320 luafv - ok
19:28:05.0020 7320 [ 38BFA8FA6D838CBAB58A1C2B49EBF96B ] massfilter_hs C:\Windows\system32\drivers\massfilter_hs.sys
19:28:05.0191 7320 massfilter_hs - ok
19:28:05.0269 7320 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:28:05.0269 7320 MBAMProtector - ok
19:28:05.0300 7320 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:28:05.0300 7320 MBAMScheduler - ok
19:28:05.0316 7320 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:28:05.0316 7320 MBAMService - ok
19:28:05.0410 7320 [ C226CE46CD17FCE6261A9DE406F01C8B ] McAfee SiteAdvisor Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
19:28:05.0410 7320 McAfee SiteAdvisor Service - ok
19:28:05.0488 7320 [ ECAB006AC6136F1307E140B633CDB8C2 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:28:05.0488 7320 McMPFSvc - ok
19:28:05.0519 7320 [ ECAB006AC6136F1307E140B633CDB8C2 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:28:05.0519 7320 mcmscsvc - ok
19:28:05.0519 7320 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:28:05.0519 7320 McNaiAnn - ok
19:28:05.0534 7320 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:28:05.0534 7320 McNASvc - ok
19:28:05.0597 7320 [ E63BF12007702D6AC5037AF1E0C6B1C9 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
19:28:05.0597 7320 McODS - ok
19:28:05.0628 7320 [ ECAB006AC6136F1307E140B633CDB8C2 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:28:05.0628 7320 McProxy - ok
19:28:05.0706 7320 [ 6A78931E71218F38B2B4665D2BA79789 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
19:28:05.0706 7320 McShield - ok
19:28:05.0753 7320 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:28:05.0753 7320 Mcx2Svc - ok
19:28:05.0784 7320 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:28:05.0800 7320 mdmxsdk - ok
19:28:05.0846 7320 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
19:28:05.0846 7320 megasas - ok
19:28:05.0862 7320 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:28:05.0878 7320 MegaSR - ok
19:28:05.0909 7320 [ 38995E33939DCA02BEED384C37A0BABB ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
19:28:05.0909 7320 mfeapfk - ok
19:28:05.0956 7320 [ ACB64C134E0FA7124FE67A8CC5F02833 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
19:28:06.0002 7320 mfeavfk - ok
19:28:06.0002 7320 mfeavfk01 - ok
19:28:06.0034 7320 [ FB331E460DBAE41B7CBDD72E690D6DA3 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
19:28:06.0049 7320 mfebopk - ok
19:28:06.0096 7320 [ 8421EF9F71E0595BE68B5D913ED0FE78 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:28:06.0096 7320 mfefire - ok
19:28:06.0143 7320 [ 53891A53ACF0D43088E899DDD7209ACC ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
19:28:06.0143 7320 mfefirek - ok
19:28:06.0174 7320 [ 2F70286021B917F6D69C32C5DB8CD288 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
19:28:06.0205 7320 mfehidk - ok
19:28:06.0236 7320 [ 9171F3CA5DDD1D6A590B295F90E1E3BB ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
19:28:06.0314 7320 mferkdet - ok
19:28:06.0392 7320 [ 958E4A10C7C2C80714882542934C6912 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
19:28:06.0392 7320 mfevtp - ok
19:28:06.0439 7320 [ 07A474725D2DC08759496F58164795CB ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
19:28:06.0517 7320 mfewfpk - ok
19:28:06.0548 7320 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:28:06.0548 7320 MMCSS - ok
19:28:06.0564 7320 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:28:06.0580 7320 Modem - ok
19:28:06.0611 7320 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:28:06.0611 7320 monitor - ok
19:28:06.0611 7320 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:28:06.0611 7320 mouclass - ok
19:28:06.0673 7320 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:28:06.0673 7320 mouhid - ok
19:28:06.0689 7320 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:28:06.0689 7320 MountMgr - ok
19:28:06.0782 7320 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:28:06.0860 7320 MozillaMaintenance - ok
19:28:06.0876 7320 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
19:28:06.0892 7320 mpio - ok
19:28:06.0907 7320 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:28:06.0907 7320 mpsdrv - ok
19:28:06.0954 7320 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
19:28:06.0970 7320 MpsSvc - ok
19:28:07.0001 7320 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:28:07.0016 7320 Mraid35x - ok
19:28:07.0063 7320 [ BE92F1EEFDB3D9D231F3496B3CF007CC ] MRVW245 C:\Windows\system32\DRIVERS\MRVW245.sys
19:28:07.0157 7320 MRVW245 - ok
19:28:07.0204 7320 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:28:07.0204 7320 MRxDAV - ok
19:28:07.0266 7320 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:28:07.0266 7320 mrxsmb - ok
19:28:07.0328 7320 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:28:07.0328 7320 mrxsmb10 - ok
19:28:07.0360 7320 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:28:07.0484 7320 mrxsmb20 - ok
19:28:07.0562 7320 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
19:28:07.0578 7320 msahci - ok
19:28:07.0656 7320 MSCSPTISRV - ok
19:28:07.0687 7320 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:28:07.0687 7320 msdsm - ok
19:28:07.0718 7320 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:28:07.0718 7320 MSDTC - ok
19:28:07.0750 7320 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:28:07.0750 7320 Msfs - ok
19:28:07.0765 7320 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:28:07.0765 7320 msisadrv - ok
19:28:07.0796 7320 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:28:07.0812 7320 MSiSCSI - ok
19:28:07.0812 7320 msiserver - ok
19:28:07.0828 7320 [ ECAB006AC6136F1307E140B633CDB8C2 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
19:28:07.0828 7320 MSK80Service - ok
19:28:07.0859 7320 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:28:07.0859 7320 MSKSSRV - ok
19:28:07.0874 7320 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:28:07.0874 7320 MSPCLOCK - ok
19:28:07.0874 7320 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:28:07.0906 7320 MSPQM - ok
19:28:07.0952 7320 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:28:07.0968 7320 MsRPC - ok
19:28:07.0968 7320 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:28:07.0968 7320 mssmbios - ok
19:28:07.0984 7320 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:28:07.0984 7320 MSTEE - ok
19:28:08.0030 7320 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
19:28:08.0030 7320 Mup - ok
19:28:08.0093 7320 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
19:28:08.0093 7320 napagent - ok
19:28:08.0155 7320 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:28:08.0155 7320 NativeWifiP - ok
19:28:08.0171 7320 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:28:08.0202 7320 NDIS - ok
19:28:08.0218 7320 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:28:08.0218 7320 NdisTapi - ok
19:28:08.0233 7320 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:28:08.0249 7320 Ndisuio - ok
19:28:08.0311 7320 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:28:08.0327 7320 NdisWan - ok
19:28:08.0327 7320 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:28:08.0342 7320 NDProxy - ok
19:28:08.0389 7320 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
19:28:08.0452 7320 Netaapl - ok
19:28:08.0483 7320 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:28:08.0483 7320 NetBIOS - ok
19:28:08.0530 7320 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:28:08.0530 7320 netbt - ok
19:28:08.0545 7320 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
19:28:08.0545 7320 Netlogon - ok
19:28:08.0561 7320 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:28:08.0561 7320 Netman - ok
19:28:08.0639 7320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:28:08.0764 7320 NetMsmqActivator - ok
19:28:08.0764 7320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:28:08.0764 7320 NetPipeActivator - ok
19:28:08.0842 7320 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:28:08.0842 7320 netprofm - ok
19:28:08.0842 7320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:28:08.0842 7320 NetTcpActivator - ok
19:28:08.0842 7320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:28:08.0842 7320 NetTcpPortSharing - ok
19:28:08.0998 7320 [ F0C42E0CDCE558D658FA53A222B4CCB1 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
19:28:09.0169 7320 NETw5v32 - ok
19:28:09.0200 7320 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:28:09.0200 7320 nfrd960 - ok
19:28:09.0278 7320 [ 29E94278179A56581A4961894E1A5F98 ] NitroReaderDriverReadSpool2 C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
19:28:09.0278 7320 NitroReaderDriverReadSpool2 - ok
19:28:09.0310 7320 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:28:09.0325 7320 NlaSvc - ok
19:28:09.0372 7320 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:28:09.0372 7320 Npfs - ok
19:28:09.0388 7320 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:28:09.0388 7320 nsi - ok
19:28:09.0403 7320 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:28:09.0403 7320 nsiproxy - ok
19:28:09.0450 7320 [ 080FC237D26F860E8996550566C8EBBF ] NSUService C:\Program Files\Sony\Network Utility\NSUService.exe
19:28:09.0450 7320 NSUService - ok
19:28:09.0528 7320 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:28:09.0559 7320 Ntfs - ok
19:28:09.0575 7320 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:28:09.0575 7320 ntrigdigi - ok
19:28:09.0590 7320 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:28:09.0606 7320 Null - ok
19:28:09.0668 7320 [ 2C7AC27710E8D41C1EB7D1599187D237 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
19:28:09.0762 7320 NVHDA - ok
19:28:10.0105 7320 [ 4438854B8E097523326E1FF821D375E4 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:28:10.0230 7320 nvlddmkm - ok
19:28:10.0261 7320 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:28:10.0261 7320 nvraid - ok
19:28:10.0277 7320 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:28:10.0277 7320 nvstor - ok
19:28:10.0339 7320 [ 5F29DFD822597918B65CE63AE111A277 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:28:10.0355 7320 nvsvc - ok
19:28:10.0370 7320 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:28:10.0386 7320 nv_agp - ok
19:28:10.0386 7320 NwlnkFlt - ok
19:28:10.0386 7320 NwlnkFwd - ok
19:28:10.0448 7320 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:28:10.0448 7320 ohci1394 - ok
19:28:10.0511 7320 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:28:10.0589 7320 ose - ok
19:28:10.0776 7320 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:28:10.0792 7320 osppsvc - ok
19:28:10.0870 7320 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:28:10.0885 7320 p2pimsvc - ok
19:28:10.0916 7320 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
19:28:10.0916 7320 p2psvc - ok
19:28:10.0963 7320 [ 5D43D0BA9E0C2F8782077F660DFE916F ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
19:28:11.0041 7320 PACSPTISVR - ok
19:28:11.0072 7320 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
19:28:11.0088 7320 Parport - ok
19:28:11.0119 7320 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:28:11.0135 7320 partmgr - ok
19:28:11.0135 7320 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:28:11.0135 7320 Parvdm - ok
19:28:11.0166 7320 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:28:11.0166 7320 PcaSvc - ok
19:28:11.0228 7320 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
19:28:11.0291 7320 pccsmcfd - ok
19:28:11.0338 7320 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
19:28:11.0338 7320 pci - ok
19:28:11.0540 7320 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
19:28:11.0540 7320 pciide - ok
19:28:11.0556 7320 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:28:11.0572 7320 pcmcia - ok
19:28:11.0618 7320 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:28:11.0634 7320 PEAUTH - ok
19:28:11.0696 7320 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:28:11.0728 7320 pla - ok
19:28:11.0774 7320 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:28:11.0790 7320 PlugPlay - ok
19:28:11.0821 7320 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:28:11.0821 7320 PNRPAutoReg - ok
19:28:11.0837 7320 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:28:11.0852 7320 PNRPsvc - ok
19:28:11.0868 7320 [ 437827D69040C0C2565D47B024ED5372 ] Point32 C:\Windows\system32\DRIVERS\point32k.sys
19:28:11.0868 7320 Point32 - ok
19:28:11.0884 7320 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:28:11.0899 7320 PolicyAgent - ok
19:28:11.0930 7320 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:28:11.0930 7320 PptpMiniport - ok
19:28:11.0946 7320 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
19:28:11.0946 7320 Processor - ok
19:28:12.0008 7320 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
19:28:12.0008 7320 ProfSvc - ok
19:28:12.0008 7320 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:28:12.0008 7320 ProtectedStorage - ok
19:28:12.0071 7320 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:28:12.0086 7320 PSched - ok
19:28:12.0149 7320 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
19:28:12.0149 7320 PSI_SVC_2 - ok
19:28:12.0180 7320 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
19:28:12.0180 7320 PxHelp20 - ok
19:28:12.0227 7320 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:28:12.0274 7320 ql2300 - ok
19:28:12.0274 7320 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:28:12.0289 7320 ql40xx - ok
19:28:12.0305 7320 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:28:12.0320 7320 QWAVE - ok
19:28:12.0336 7320 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:28:12.0336 7320 QWAVEdrv - ok
19:28:12.0352 7320 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:28:12.0352 7320 RasAcd - ok
19:28:12.0367 7320 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:28:12.0367 7320 RasAuto - ok
19:28:12.0398 7320 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:28:12.0398 7320 Rasl2tp - ok
19:28:12.0445 7320 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
19:28:12.0461 7320 RasMan - ok
19:28:12.0508 7320 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:28:12.0523 7320 RasPppoe - ok
19:28:12.0539 7320 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:28:12.0554 7320 RasSstp - ok
19:28:12.0586 7320 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:28:12.0586 7320 rdbss - ok
19:28:12.0601 7320 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:28:12.0601 7320 RDPCDD - ok
19:28:12.0632 7320 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:28:12.0632 7320 rdpdr - ok
19:28:12.0648 7320 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:28:12.0648 7320 RDPENCDD - ok
19:28:12.0679 7320 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:28:12.0804 7320 RDPWD - ok
19:28:12.0851 7320 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
19:28:12.0929 7320 regi - ok
19:28:12.0991 7320 [ 636AAFAD77BEABE192D01E7E74F4A45B ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:28:12.0991 7320 RegSrvc - ok
19:28:13.0022 7320 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:28:13.0022 7320 RemoteAccess - ok
19:28:13.0085 7320 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:28:13.0100 7320 RemoteRegistry - ok
19:28:13.0147 7320 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:28:13.0147 7320 RFCOMM - ok
19:28:13.0163 7320 [ D0C2A0CE1091E08EFB7CCBA6CEA4C3F9 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
19:28:13.0288 7320 rimsptsk - ok
19:28:13.0319 7320 [ C22E4E27CCDF9AA5FE8143104F28CDE3 ] risdptsk C:\Windows\system32\DRIVERS\risdptsk.sys
19:28:13.0444 7320 risdptsk - ok
19:28:13.0459 7320 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:28:13.0459 7320 RpcLocator - ok
19:28:13.0537 7320 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
19:28:13.0537 7320 RpcSs - ok
19:28:13.0553 7320 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:28:13.0568 7320 rspndr - ok
19:28:13.0600 7320 [ 93EB7F2F895952AC8FE100B5DFC3FE39 ] RtkAudioService C:\Windows\RtkAudioService.exe
19:28:13.0600 7320 RtkAudioService - ok
19:28:13.0600 7320 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
19:28:13.0600 7320 SamSs - ok
19:28:13.0615 7320 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:28:13.0615 7320 sbp2port - ok
19:28:13.0662 7320 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:28:13.0662 7320 SCardSvr - ok
19:28:13.0709 7320 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
19:28:13.0724 7320 Schedule - ok
19:28:13.0771 7320 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:28:13.0771 7320 SCPolicySvc - ok
19:28:13.0802 7320 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
19:28:13.0802 7320 sdbus - ok
19:28:13.0834 7320 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:28:13.0834 7320 SDRSVC - ok
19:28:13.0849 7320 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:28:13.0849 7320 secdrv - ok
19:28:13.0849 7320 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:28:13.0865 7320 seclogon - ok
19:28:13.0880 7320 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
19:28:13.0880 7320 SENS - ok
19:28:13.0896 7320 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:28:13.0896 7320 Serenum - ok
19:28:13.0912 7320 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
19:28:13.0912 7320 Serial - ok
19:28:13.0943 7320 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:28:13.0943 7320 sermouse - ok
19:28:14.0021 7320 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:28:14.0114 7320 ServiceLayer - ok
19:28:14.0161 7320 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:28:14.0161 7320 SessionEnv - ok
19:28:14.0224 7320 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
19:28:14.0395 7320 SFEP - ok
19:28:14.0442 7320 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:28:14.0442 7320 sffdisk - ok
19:28:14.0458 7320 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:28:14.0458 7320 sffp_mmc - ok
19:28:14.0473 7320 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:28:14.0473 7320 sffp_sd - ok
19:28:14.0504 7320 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:28:14.0504 7320 sfloppy - ok
19:28:14.0567 7320 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:28:14.0723 7320 Sftfs - ok
19:28:14.0848 7320 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
19:28:14.0848 7320 sftlist - ok
19:28:14.0863 7320 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:28:15.0050 7320 Sftplay - ok
19:28:15.0097 7320 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:28:15.0097 7320 Sftredir - ok
19:28:15.0160 7320 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:28:15.0269 7320 Sftvol - ok
19:28:15.0316 7320 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
19:28:15.0316 7320 sftvsa - ok
19:28:15.0394 7320 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:28:15.0394 7320 SharedAccess - ok
19:28:15.0456 7320 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:28:15.0456 7320 ShellHWDetection - ok
19:28:15.0472 7320 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:28:15.0487 7320 sisagp - ok
19:28:15.0503 7320 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:28:15.0503 7320 SiSRaid2 - ok
19:28:15.0518 7320 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:28:15.0518 7320 SiSRaid4 - ok
19:28:15.0690 7320 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:28:15.0706 7320 Skype C2C Service - ok
19:28:15.0784 7320 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:28:31.0681 7320 SkypeUpdate - ok
19:28:31.0806 7320 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
19:28:31.0821 7320 slsvc - ok
19:28:31.0884 7320 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:28:31.0884 7320 SLUINotify - ok
19:28:31.0931 7320 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:28:31.0931 7320 Smb - ok
19:28:31.0962 7320 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:28:31.0962 7320 SNMPTRAP - ok
19:28:31.0993 7320 [ C5E963A6DE462E356B4660B8E24AC0F2 ] SOHCImp C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
19:28:32.0071 7320 SOHCImp - ok
19:28:32.0087 7320 [ 9E02AE43BCE13B1CF3AC19B01E32651F ] SOHDBSvr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
19:28:32.0149 7320 SOHDBSvr - ok
19:28:32.0180 7320 [ EDC81F43FBC4B26DC8E7CA257EB6D739 ] SOHDms C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
19:28:32.0289 7320 SOHDms - ok
19:28:32.0321 7320 [ CC1468D4D5BE30A8F0607450A11E2C3C ] SOHDs C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
19:28:32.0430 7320 SOHDs - ok
19:28:32.0477 7320 [ 30D9C22156E35687C36500947C72DB26 ] SOHPlMgr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
19:28:32.0539 7320 SOHPlMgr - ok
19:28:32.0617 7320 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
19:28:32.0679 7320 Sony PC Companion - ok
19:28:32.0711 7320 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:28:32.0711 7320 spldr - ok
19:28:32.0757 7320 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
19:28:32.0773 7320 Spooler - ok
19:28:32.0835 7320 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\System32\Drivers\sptd.sys
19:28:32.0991 7320 sptd - ok
19:28:32.0991 7320 SPTISRV - ok
19:28:33.0038 7320 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:28:33.0179 7320 srv - ok
19:28:33.0257 7320 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:28:33.0257 7320 srv2 - ok
19:28:33.0319 7320 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:28:33.0319 7320 srvnet - ok
19:28:33.0335 7320 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:28:33.0335 7320 SSDPSRV - ok
19:28:33.0366 7320 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:28:33.0366 7320 SstpSvc - ok
19:28:33.0491 7320 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
19:28:33.0491 7320 stisvc - ok
19:28:33.0522 7320 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:28:33.0537 7320 swenum - ok
19:28:33.0600 7320 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
19:28:33.0600 7320 swprv - ok
19:28:33.0631 7320 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:28:33.0631 7320 Symc8xx - ok
19:28:33.0647 7320 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:28:33.0647 7320 Sym_hi - ok
19:28:33.0647 7320 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:28:33.0662 7320 Sym_u3 - ok
19:28:33.0693 7320 [ 99DA94793332AADBB17BBB521AE56E21 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:28:33.0771 7320 SynTP - ok
19:28:33.0818 7320 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
19:28:33.0849 7320 SysMain - ok
19:28:33.0881 7320 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:28:33.0881 7320 TabletInputService - ok
19:28:33.0927 7320 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:28:33.0927 7320 TapiSrv - ok
19:28:33.0943 7320 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:28:33.0959 7320 TBS - ok
19:28:34.0021 7320 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:28:34.0115 7320 Tcpip - ok
19:28:34.0146 7320 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:28:34.0161 7320 Tcpip6 - ok
19:28:34.0193 7320 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:28:34.0224 7320 tcpipreg - ok
19:28:34.0255 7320 [ 72B9E77565DA5FA564581976E000D29B ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
19:28:34.0380 7320 TcUsb - ok
19:28:34.0427 7320 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:28:34.0427 7320 TDPIPE - ok
19:28:34.0442 7320 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:28:34.0442 7320 TDTCP - ok
19:28:34.0489 7320 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:28:34.0489 7320 tdx - ok
19:28:34.0551 7320 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:28:34.0551 7320 TermDD - ok
19:28:34.0567 7320 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
19:28:34.0583 7320 TermService - ok
19:28:34.0598 7320 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
19:28:34.0598 7320 Themes - ok
19:28:34.0598 7320 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:28:34.0614 7320 THREADORDER - ok
19:28:34.0692 7320 [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
19:28:34.0692 7320 TomTomHOMEService - ok
19:28:34.0723 7320 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:28:34.0723 7320 TrkWks - ok
19:28:34.0801 7320 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:28:34.0801 7320 TrustedInstaller - ok
19:28:34.0832 7320 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:28:34.0832 7320 tssecsrv - ok
19:28:34.0863 7320 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:28:34.0863 7320 tunmp - ok
19:28:34.0910 7320 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:28:34.0910 7320 tunnel - ok
19:28:34.0926 7320 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:28:34.0926 7320 uagp35 - ok
19:28:34.0957 7320 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:28:34.0957 7320 udfs - ok
19:28:34.0973 7320 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:28:34.0973 7320 UI0Detect - ok
19:28:34.0988 7320 UIUSys - ok
19:28:34.0988 7320 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:28:34.0988 7320 uliagpkx - ok
19:28:35.0004 7320 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:28:35.0019 7320 uliahci - ok
19:28:35.0019 7320 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:28:35.0035 7320 UlSata - ok
19:28:35.0051 7320 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:28:35.0051 7320 ulsata2 - ok
19:28:35.0066 7320 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:28:35.0082 7320 umbus - ok
19:28:35.0113 7320 [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
19:28:35.0113 7320 UMPass - ok
19:28:35.0129 7320 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:28:35.0144 7320 upnphost - ok
19:28:35.0175 7320 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:28:35.0347 7320 USBAAPL - ok
19:28:35.0425 7320 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:28:35.0441 7320 usbaudio - ok
19:28:35.0487 7320 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:28:35.0487 7320 usbccgp - ok
19:28:35.0519 7320 [ 47B9770EA21436DE4AD5AEA7926E0900 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
19:28:35.0519 7320 usbcir - ok
19:28:35.0581 7320 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:28:35.0597 7320 usbehci - ok
19:28:35.0597 7320 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:28:35.0612 7320 usbhub - ok
19:28:35.0612 7320 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:28:35.0612 7320 usbohci - ok
19:28:35.0643 7320 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:28:35.0659 7320 usbprint - ok
19:28:35.0706 7320 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:28:35.0706 7320 USBSTOR - ok
19:28:35.0753 7320 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:28:35.0753 7320 usbuhci - ok
19:28:35.0768 7320 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:28:35.0768 7320 usbvideo - ok
19:28:35.0815 7320 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
19:28:35.0831 7320 UxSms - ok
19:28:35.0862 7320 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
19:28:35.0924 7320 VAIO Entertainment TV Device Arbitration Service - ok
19:28:36.0002 7320 [ 693A3FDD279C345105FFF9DDE277849B ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
19:28:36.0080 7320 VAIO Event Service - ok
19:28:36.0111 7320 [ 43CEC9BF5A4F2917982AD01D92E0F44D ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
19:28:36.0111 7320 VAIO Power Management - ok
19:28:36.0252 7320 [ 721A1677FD204AB065238504D9268D92 ] VCFw C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
19:28:36.0283 7320 VCFw - ok
19:28:36.0377 7320 [ FD03AC6CD1571AA8B2FF56D3C600E26E ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
19:28:36.0392 7320 VcmIAlzMgr - ok
19:28:36.0439 7320 [ B56CD01F36EEF2967EF18D8DF0E5C285 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
19:28:36.0501 7320 VcmXmlIfHelper - ok
19:28:36.0517 7320 Vcsw - ok
19:28:36.0564 7320 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
19:28:36.0564 7320 vds - ok
19:28:36.0595 7320 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:28:36.0595 7320 vga - ok
19:28:36.0611 7320 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:28:36.0611 7320 VgaSave - ok
19:28:36.0626 7320 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:28:36.0626 7320 viaagp - ok
19:28:36.0642 7320 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:28:36.0642 7320 ViaC7 - ok
19:28:36.0673 7320 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
19:28:36.0673 7320 viaide - ok
19:28:36.0689 7320 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:28:36.0689 7320 volmgr - ok
19:28:36.0735 7320 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:28:36.0735 7320 volmgrx - ok
19:28:36.0798 7320 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:28:36.0798 7320 volsnap - ok
19:28:36.0829 7320 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:28:36.0845 7320 vsmraid - ok
19:28:36.0907 7320 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
19:28:36.0938 7320 VSS - ok
19:28:37.0016 7320 [ BDB755F9B3E01BF33993C10C007202DF ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
19:28:37.0032 7320 VUAgent - ok
19:28:37.0063 7320 [ 79EB419F4A694B4514249E0D3DB16ECF ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
19:28:37.0063 7320 VzCdbSvc - ok
19:28:37.0079 7320 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
19:28:37.0094 7320 W32Time - ok
19:28:37.0110 7320 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:28:37.0110 7320 WacomPen - ok
19:28:37.0125 7320 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:28:37.0141 7320 Wanarp - ok
19:28:37.0141 7320 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:28:37.0141 7320 Wanarpv6 - ok
19:28:37.0188 7320 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:28:37.0203 7320 wcncsvc - ok
19:28:37.0219 7320 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:28:37.0219 7320 WcsPlugInService - ok
19:28:37.0235 7320 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
19:28:37.0235 7320 Wd - ok
19:28:37.0281 7320 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:28:37.0328 7320 Wdf01000 - ok
19:28:37.0344 7320 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:28:37.0344 7320 WdiServiceHost - ok
19:28:37.0344 7320 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:28:37.0344 7320 WdiSystemHost - ok
19:28:37.0437 7320 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
19:28:37.0437 7320 WebClient - ok
19:28:37.0500 7320 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:28:37.0531 7320 Wecsvc - ok
19:28:37.0547 7320 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:28:37.0547 7320 wercplsupport - ok
19:28:37.0609 7320 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
19:28:37.0609 7320 WerSvc - ok
19:28:37.0656 7320 [ 090A2B8F055343815556A01F725F6C35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:28:37.0781 7320 WimFltr - ok
19:28:37.0827 7320 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:28:37.0968 7320 winachsf - ok
19:28:38.0030 7320 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:28:38.0030 7320 WinDefend - ok
19:28:38.0046 7320 WinHttpAutoProxySvc - ok
19:28:38.0124 7320 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:28:38.0139 7320 Winmgmt - ok
19:28:38.0202 7320 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:28:38.0264 7320 WinRM - ok
19:28:38.0327 7320 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:28:38.0342 7320 Wlansvc - ok
19:28:38.0405 7320 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:28:38.0514 7320 wlcrasvc - ok
19:28:38.0685 7320 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:28:38.0701 7320 wlidsvc - ok
19:28:38.0732 7320 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:28:38.0748 7320 WmiAcpi - ok
19:28:38.0795 7320 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:28:38.0795 7320 wmiApSrv - ok
19:28:38.0826 7320 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:28:38.0857 7320 WMPNetworkSvc - ok
19:28:38.0919 7320 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:28:38.0919 7320 WPCSvc - ok
19:28:38.0951 7320 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:28:38.0951 7320 WPDBusEnum - ok
19:28:38.0997 7320 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:28:38.0997 7320 WpdUsb - ok
19:28:39.0153 7320 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:28:39.0263 7320 WPFFontCache_v0400 - ok
19:28:39.0309 7320 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:28:39.0309 7320 ws2ifsl - ok
19:28:39.0372 7320 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
19:28:39.0372 7320 wscsvc - ok
19:28:39.0372 7320 WSearch - ok
19:28:39.0465 7320 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:28:39.0512 7320 wuauserv - ok
19:28:39.0575 7320 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:28:39.0575 7320 WudfPf - ok
19:28:39.0637 7320 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:28:39.0637 7320 WUDFRd - ok
19:28:39.0653 7320 [ 2C0206FF8D2C75AC027D1096FA2FAFDA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:28:39.0668 7320 wudfsvc - ok
19:28:39.0684 7320 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
19:28:39.0731 7320 XAudio - ok
19:28:39.0762 7320 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
19:28:39.0762 7320 XAudioService - ok
19:28:39.0824 7320 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
19:28:39.0824 7320 yukonwlh - ok
19:28:39.0887 7320 [ C98EED5B5DE0E4D09C6C999CD6C5F492 ] zgwhsdiag C:\Windows\system32\DRIVERS\zgwhsdiag.sys
19:28:39.0996 7320 zgwhsdiag - ok
19:28:40.0027 7320 [ C98EED5B5DE0E4D09C6C999CD6C5F492 ] zgwhsmdm C:\Windows\system32\DRIVERS\zgwhsmdm.sys
19:28:40.0105 7320 zgwhsmdm - ok
19:28:40.0136 7320 [ C98EED5B5DE0E4D09C6C999CD6C5F492 ] zgwhsnmea C:\Windows\system32\DRIVERS\zgwhsnmea.sys
19:28:40.0230 7320 zgwhsnmea - ok
19:28:40.0261 7320 ================ Scan global ===============================
19:28:40.0292 7320 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:28:40.0448 7320 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:28:40.0511 7320 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:28:40.0573 7320 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
19:28:40.0573 7320 [Global] - ok
19:28:40.0573 7320 ================ Scan MBR ==================================
19:28:40.0589 7320 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:28:40.0947 7320 \Device\Harddisk0\DR0 - ok
19:28:41.0275 7320 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:28:41.0322 7320 \Device\Harddisk1\DR1 - ok
19:28:41.0322 7320 ================ Scan VBR ==================================
19:28:41.0322 7320 [ FD56B8035277ABA82B0FC0ADE11E2BE4 ] \Device\Harddisk0\DR0\Partition1
19:28:41.0322 7320 \Device\Harddisk0\DR0\Partition1 - ok
19:28:41.0337 7320 [ 630B2A8B6DDBE40B97EDCEBA5D8949C2 ] \Device\Harddisk1\DR1\Partition1
19:28:41.0337 7320 \Device\Harddisk1\DR1\Partition1 - ok
19:28:41.0337 7320 ============================================================
19:28:41.0337 7320 Scan finished
19:28:41.0337 7320 ============================================================
19:28:41.0337 7596 Detected object count: 0
19:28:41.0337 7596 Actual detected object count: 0




aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-14 19:33:51
-----------------------------
19:33:51.795 OS Version: Windows 6.0.6002 Service Pack 2
19:33:51.795 Number of processors: 2 586 0x1706
19:33:51.810 ComputerName: MARK-PC UserName: Mark
19:34:33.634 Initialize success
19:35:32.313 AVAST engine defs: 12111400
19:38:13.929 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:38:13.944 Disk 0 Vendor: FUJITSU_ 0041 Size: 305245MB BusType: 3
19:38:13.944 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
19:38:13.944 Disk 1 Vendor: FUJITSU_ 0041 Size: 305245MB BusType: 3
19:38:13.944 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000075
19:38:13.944 Disk 2 Vendor: RICOH 01 Size: 305245MB BusType: 0
19:38:13.944 Disk 3 \Device\Harddisk3\DR3 -> \Device\00000076
19:38:13.944 Disk 3 Vendor: RICOH 02 Size: 305245MB BusType: 0
19:38:13.960 Disk 4 \Device\Harddisk4\DR4 -> \Device\Scsi\JMCR_CFS1Port1Path0Target0Lun0
19:38:13.960 Disk 4 Vendor: JMCR Size: 305245MB BusType: 0
19:38:13.991 Disk 0 MBR read successfully
19:38:14.007 Disk 0 MBR scan
19:38:14.007 Disk 0 Windows VISTA default MBR code
19:38:14.038 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 11555 MB offset 2048
19:38:14.038 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 293688 MB offset 23666688
19:38:14.069 Disk 0 scanning sectors +625140400
19:38:14.178 Disk 0 scanning C:\Windows\system32\drivers
19:38:32.274 Service scanning
19:39:10.182 Modules scanning
19:39:19.137 Disk 0 trace - called modules:
19:39:19.152 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iastor.sys
19:39:19.168 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87180940]
19:39:19.168 3 CLASSPNP.SYS[8b1a18b3] -> nt!IofCallDriver -> [0x8610d878]
19:39:19.168 5 acpi.sys[8068c6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x866c7028]
19:39:21.118 AVAST engine scan C:\Windows
19:39:33.270 AVAST engine scan C:\Windows\system32
19:47:52.286 AVAST engine scan C:\Windows\system32\drivers
19:48:22.035 AVAST engine scan C:\Users\Mark
21:24:25.144 AVAST engine scan C:\ProgramData
22:20:17.771 Scan finished successfully
06:48:07.265 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
06:48:07.280 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:39 AM

Posted 15 November 2012 - 03:02 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Ruggr88

Ruggr88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 15 November 2012 - 05:00 AM

1. Report:

ComboFix 12-11-14.01 - Mark 15/11/2012 8:50.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3038.1994 [GMT 0:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
Command switches used :: c:\users\Mark\Desktop\cfscript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 )))))))))))))))))))))))))))))))
.
.
2012-11-15 09:02 . 2012-11-15 09:02 -------- d-----w- c:\users\Mark\AppData\Local\temp
2012-11-15 09:02 . 2012-11-15 09:02 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-11-15 09:02 . 2012-11-15 09:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-15 09:02 . 2012-11-15 09:02 -------- d-----w- c:\users\Charlie\AppData\Local\temp
2012-11-15 09:02 . 2012-11-15 09:02 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-15 09:02 . 2012-11-15 09:02 -------- d-----w- c:\users\Administrator.Mark-PC\AppData\Local\temp
2012-11-11 13:33 . 2012-11-14 14:08 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-11 13:33 . 2012-11-14 14:08 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-11 12:57 . 2012-11-11 12:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-11 12:57 . 2012-09-29 19:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-11 08:34 . 2012-11-11 08:34 161185 ----a-w- c:\windows\Expstudio Audio Editor FREE Uninstaller.exe
2012-11-11 08:33 . 2012-11-11 08:34 -------- d-----w- c:\windows\system32\EXP
2012-11-11 08:33 . 2012-11-11 08:33 -------- d-----w- c:\program files\Expstudio
2012-11-11 07:36 . 2012-11-11 07:36 -------- d-----w- c:\users\Mark\AppData\Local\Sony Corporation
2012-11-11 07:27 . 2012-11-13 19:48 -------- d-----w- C:\New Folder
2012-11-09 20:14 . 2012-11-09 20:14 -------- d-----w- c:\users\Administrator.Mark-PC\AppData\Local\Apple Computer
2012-11-09 20:11 . 2012-11-09 20:11 -------- d-----w- c:\program files\iPod
2012-11-09 20:11 . 2012-11-09 20:14 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-09 20:11 . 2012-11-09 20:14 -------- d-----w- c:\program files\iTunes
2012-11-09 20:10 . 2012-11-09 20:10 -------- d-----w- c:\program files\Apple Software Update
2012-11-09 20:07 . 2012-11-09 20:07 -------- d-----w- c:\program files\Bonjour
2012-11-09 20:07 . 2012-11-09 20:11 -------- d-----w- c:\program files\Common Files\Apple
2012-11-09 20:01 . 2012-11-09 20:01 -------- d-----w- c:\users\Administrator.Mark-PC\AppData\Local\Mozilla
2012-11-09 18:45 . 2012-11-09 18:45 -------- d-----w- c:\users\Administrator.Mark-PC\AppData\Local\Apple
2012-11-08 17:47 . 2012-11-08 19:38 -------- d-----w- C:\The Cure - Complete Discography
2012-11-01 12:14 . 2012-11-01 12:14 -------- d-----w- c:\users\Mark\AppData\Local\{6B3A7147-F509-11E1-8270-B8AC6F996F26}
2012-10-27 07:30 . 2012-04-20 15:40 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-10-26 21:38 . 2012-10-26 21:38 -------- d-----w- c:\users\Mark\Podcasts
2012-10-26 21:37 . 2012-10-26 21:38 -------- d-----w- c:\users\Mark\AppData\Local\Sony
2012-10-26 21:36 . 2012-10-26 21:36 -------- d-----w- c:\users\Mark\AppData\Local\Downloaded Installations
2012-10-26 21:34 . 2012-10-26 21:34 -------- d-----w- c:\users\Mark\AppData\Roaming\MyPhoneExplorer
2012-10-26 21:33 . 2012-10-26 21:38 -------- d-----w- c:\users\Mark\AppData\Roaming\Sony
2012-10-26 21:33 . 2012-10-26 21:36 -------- d-----w- c:\program files\Sony Media Go Install
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-02 14:19 . 2012-09-02 14:19 138 ----a-w- c:\users\Mark\AppData\Roaming\cvcigvo.bat
2012-08-22 16:31 . 2012-09-03 19:45 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-08-22 16:31 . 2012-09-03 19:45 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-08-21 13:01 . 2009-09-10 16:02 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 12:01 . 2012-09-19 16:26 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-24 17:50 . 2012-10-29 05:33 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-06-19 19:04 2957312 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-06-19 19:04 2957312 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadWatcher"="Test" [X]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HCEmployee"="c:\program files\leansoft\Hc\servemp.exe" [2012-03-15 1768960]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
"JoinMEUIExec"="c:\program files\PC Suite\JoinMEUIExec.exe" [2009-03-10 131072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-06-19 18:51 90112 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Belkin Wireless Networking Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk
backup=c:\windows\pss\Belkin Wireless Networking Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear Spark Device Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear Spark Device Manager.lnk
backup=c:\windows\pss\Philips GoGear Spark Device Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Chatter Desktop.lnk]
path=c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chatter Desktop.lnk
backup=c:\windows\pss\Chatter Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-08-30 12:24 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AML]
2008-06-13 22:07 1097728 ----a-w- c:\program files\Sony\VAIO Launcher\AML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 21:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-01-02 18:59 323392 ----a-w- c:\users\Mark\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2011-04-12 06:27 305088 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoreChipTiManager]
2012-07-30 21:58 3339264 ----a-w- c:\windows\diskediag.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-16 00:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-08-31 19:01 1037736 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2008-04-04 03:03 317280 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 23:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
2008-08-19 14:41 24576 ----a-w- c:\program files\Sony\Marketing Tools\MarketingTools.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2012-09-12 11:21 1278648 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2012-03-08 17:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
2008-07-30 23:05 262144 ----a-w- c:\program files\Sony\Network Utility\LANUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-07-24 22:28 13548064 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-07-24 22:28 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2008-06-19 18:29 48904 ----a-w- c:\program files\Protector Suite QL\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-11 11:45 6244896 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-03 12:23 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 14:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-03-10 02:43 835584 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-01 15:07 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMpTtray.exe]
2012-03-06 16:29 101512 ----a-w- c:\program files\Sony\VAIO Media plus\VMpTtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
2006-11-02 12:35 176128 ----a-w- c:\windows\System32\wpcumi.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 08:31]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: corel.com
Trusted Zone: corel.com\www
Trusted Zone: intervideo.com
Trusted Zone: intervideo.com\www
Trusted Zone: quintiles.com\connect
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Administrator.Mark-PC\AppData\Roaming\Mozilla\Firefox\Profiles\tu7wolx2.default\
FF - ExtSQL: 2012-11-09 14:23; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{32b29df0-2237-4370-9a29-37cebb730e9b} - (no file)
WebBrowser-{32B29DF0-2237-4370-9A29-37CEBB730E9B} - (no file)
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
HKCU-Run-iCloudServices - c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-15 09:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
- - - - - - - > 'Explorer.exe'(6636)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
Completion time: 2012-11-15 09:05:22
ComboFix-quarantined-files.txt 2012-11-15 09:05
ComboFix2.txt 2012-11-14 13:34
.
Pre-Run: 43,740,004,352 bytes free
Post-Run: 43,852,922,880 bytes free
.
- - End Of File - - E75226F65F1DB39B2EE0DC56D69FA1B6


2. No problems

3. Still getting Google redirect (though possibly less frequent?) and Flashplayer still not working.

Thanks

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:39 AM

Posted 15 November 2012 - 07:17 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Flash Player 11 ActiveX
BitTorrent
Browser Address Error Redirector
Coupon Printer
DNA
Java™ 6 Update 31
Java™ 6 Update 6
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:39 AM

Posted 18 November 2012 - 02:50 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Ruggr88

Ruggr88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 19 November 2012 - 08:52 AM

1. MBAM log

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.17.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mark :: MARK-PC [administrator]

17/11/2012 08:31:21
mbam-log-2012-11-17 (08-31-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288733
Time elapsed: 11 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


2. Hijack this log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:51:48, on 17/11/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\leansoft\Hc\servemp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\PC Suite\JoinMEUIExec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Mark\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [HCEmployee] C:\Program Files\leansoft\Hc\servemp.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [JoinMEUIExec] "C:\Program Files\PC Suite\JoinMEUIExec.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LoadWatcher] Test
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.corel.com
O15 - Trusted Zone: http://*.corel.com
O15 - Trusted Zone: www.intervideo.com
O15 - Trusted Zone: http://*.intervideo.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: JoinMEUI Assistant Service - Unknown owner - C:\Program Files\PC Suite\JoinMEAssistantServices.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 19337 bytes


3. No problems with the programs I ran.


4. Occasional Google redirect (both IE and Mozilla). Haven't tried Flashplayer, as I wasn't sure whether I should try installing again or not?

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users